From c3f15578537e80c47b7370f3fe8a4c1f8851ffac Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Fri, 2 Dec 2011 13:57:12 +0900 Subject: [PATCH] Fix pinpad input support for passphrase modification. * apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0. (pcsc_keypad_modify): Likewise. (pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA. bConfirmPIN value is determined by the parameter p0. * app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when reset_mode is on, or resetcode is on. use_keypad only makes sense for iso7816_change_reference_data_kp. * iso7816.h (iso7816_put_data_kp): Remove. (iso7816_reset_retry_counter_kp): Remove. (iso7816_reset_retry_counter_with_rc_kp): Remove. (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE. * iso7816.c (iso7816_put_data_kp): Remove. (iso7816_reset_retry_counter_kp): Remove. (iso7816_reset_retry_counter_with_rc_kp): Remove. (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE. --- scd/apdu.c | 44 ++++------- scd/app-openpgp.c | 182 +++++++++++++++++----------------------------- scd/iso7816.c | 51 ++----------- scd/iso7816.h | 6 +- 4 files changed, 89 insertions(+), 194 deletions(-) diff --git a/scd/apdu.c b/scd/apdu.c index 161b63493..e4ebc3586 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -2045,7 +2045,7 @@ check_pcsc_keypad (int slot, int command, int pin_mode, } -#define PIN_VERIFY_STRUCTURE_SIZE 23 +#define PIN_VERIFY_STRUCTURE_SIZE 24 static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, struct pininfo_s *pininfo) @@ -2098,7 +2098,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pin_verify[12] = 0x00; /* bTeoPrologue[0] */ pin_verify[13] = 0x00; /* bTeoPrologue[1] */ pin_verify[14] = 0x00; /* bTeoPrologue[2] */ - pin_verify[15] = 0x04; /* ulDataLength */ + pin_verify[15] = 0x05; /* ulDataLength */ pin_verify[16] = 0x00; /* ulDataLength */ pin_verify[17] = 0x00; /* ulDataLength */ pin_verify[18] = 0x00; /* ulDataLength */ @@ -2106,6 +2106,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pin_verify[20] = ins; /* abData[1] */ pin_verify[21] = p0; /* abData[2] */ pin_verify[22] = p1; /* abData[3] */ + pin_verify[23] = 0x00; /* abData[4] */ sw = control_pcsc (slot, reader_table[slot].pcsc.verify_ioctl, pin_verify, len, result, &resultlen); @@ -2117,7 +2118,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, } -#define PIN_MODIFY_STRUCTURE_SIZE 28 +#define PIN_MODIFY_STRUCTURE_SIZE 29 static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, struct pininfo_s *pininfo) @@ -2127,32 +2128,6 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, unsigned long len = PIN_MODIFY_STRUCTURE_SIZE; unsigned char result[2]; size_t resultlen = 2; - unsigned char confirm_pin; - - /* bConfirmPIN - * 0x00: new PIN once - * 0x01: new PIN twice (confirmation) - * 0x02: old PIN and new PIN once - * 0x03: old PIN and new PIN twice (confirmation) - */ - switch (ins) - { - case ISO7816_CHANGE_REFERENCE_DATA: - confirm_pin = 0x03; - break; - case 0xDA: /* PUT_DATA */ - confirm_pin = 0x01; - break; - case ISO7816_RESET_RETRY_COUNTER: - if (p0 == 0) - confirm_pin = 0x03; - else - confirm_pin = 0x01; - break; - default: - confirm_pin = 0x00; - break; - } if (!reader_table[slot].atrlen && (sw = reset_pcsc_reader (slot))) @@ -2188,7 +2163,13 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[6] = 0x00; /* bInsertionOffsetNew */ pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */ pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */ - pin_modify[9] = confirm_pin; + pin_modify[9] = (p0 == 0 ? 0x03 : 0x01); + /* bConfirmPIN + * 0x00: new PIN once + * 0x01: new PIN twice (confirmation) + * 0x02: old PIN and new PIN once + * 0x03: old PIN and new PIN twice (confirmation) + */ pin_modify[10] = 0x02; /* bEntryValidationCondition: Validation key pressed */ if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen) pin_modify[10] |= 0x01; /* Max size reached. */ @@ -2201,7 +2182,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[17] = 0x00; /* bTeoPrologue[0] */ pin_modify[18] = 0x00; /* bTeoPrologue[1] */ pin_modify[19] = 0x00; /* bTeoPrologue[2] */ - pin_modify[20] = 0x04; /* ulDataLength */ + pin_modify[20] = 0x05; /* ulDataLength */ pin_modify[21] = 0x00; /* ulDataLength */ pin_modify[22] = 0x00; /* ulDataLength */ pin_modify[23] = 0x00; /* ulDataLength */ @@ -2209,6 +2190,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pin_modify[25] = ins; /* abData[1] */ pin_modify[26] = p0; /* abData[2] */ pin_modify[27] = p1; /* abData[3] */ + pin_modify[28] = 0x00; /* abData[4] */ sw = control_pcsc (slot, reader_table[slot].pcsc.modify_ioctl, pin_modify, len, result, &resultlen); diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index b51eb5be1..e3a448413 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1915,7 +1915,6 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, char *pinvalue = NULL; int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET); int set_resetcode = 0; - int with_resetcode = 0; iso7816_pininfo_t pininfo; int use_keypad = 0; int minlen = 6; @@ -1975,6 +1974,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, if (reset_mode) { /* To reset a PIN the Admin PIN is required. */ + use_keypad = 0; app->did_chv3 = 0; rc = verify_chv3 (app, pincb, pincb_arg); if (rc) @@ -1983,37 +1983,40 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, if (chvno == 2) set_resetcode = 1; } - else if (!use_keypad && (chvno == 1 || chvno == 3)) + else if (chvno == 1 || chvno == 3) { - char *promptbuf = NULL; - const char *prompt; - - if (chvno == 3) + if (!use_keypad) { - minlen = 8; - rc = build_enter_admin_pin_prompt (app, &promptbuf); + char *promptbuf = NULL; + const char *prompt; + + if (chvno == 3) + { + minlen = 8; + rc = build_enter_admin_pin_prompt (app, &promptbuf); + if (rc) + goto leave; + prompt = promptbuf; + } + else + prompt = _("||Please enter the PIN"); + rc = pincb (pincb_arg, prompt, &oldpinvalue); + xfree (promptbuf); + promptbuf = NULL; if (rc) - goto leave; - prompt = promptbuf; - } - else - prompt = _("||Please enter the PIN"); - rc = pincb (pincb_arg, prompt, &oldpinvalue); - xfree (promptbuf); - promptbuf = NULL; - if (rc) - { - log_info (_("PIN callback returned error: %s\n"), - gpg_strerror (rc)); - goto leave; - } + { + log_info (_("PIN callback returned error: %s\n"), + gpg_strerror (rc)); + goto leave; + } - if (strlen (oldpinvalue) < minlen) - { - log_info (_("PIN for CHV%d is too short;" - " minimum length is %d\n"), chvno, minlen); - rc = gpg_error (GPG_ERR_BAD_PIN); - goto leave; + if (strlen (oldpinvalue) < minlen) + { + log_info (_("PIN for CHV%d is too short;" + " minimum length is %d\n"), chvno, minlen); + rc = gpg_error (GPG_ERR_BAD_PIN); + goto leave; + } } } else if (chvno == 2) @@ -2025,7 +2028,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, size_t valuelen; int remaining; - with_resetcode = 1; + use_keypad = 0; minlen = 8; relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL); if (!relptr || valuelen < 7) @@ -2044,24 +2047,21 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, goto leave; } - if (!use_keypad) + rc = pincb (pincb_arg, + _("||Please enter the Reset Code for the card"), + &resetcode); + if (rc) { - rc = pincb (pincb_arg, - _("||Please enter the Reset Code for the card"), - &resetcode); - if (rc) - { - log_info (_("PIN callback returned error: %s\n"), - gpg_strerror (rc)); - goto leave; - } - if (strlen (resetcode) < minlen) - { - log_info (_("Reset Code is too short; minimum length is %d\n"), - minlen); - rc = gpg_error (GPG_ERR_BAD_PIN); - goto leave; - } + log_info (_("PIN callback returned error: %s\n"), + gpg_strerror (rc)); + goto leave; + } + if (strlen (resetcode) < minlen) + { + log_info (_("Reset Code is too short; minimum length is %d\n"), + minlen); + rc = gpg_error (GPG_ERR_BAD_PIN); + goto leave; } } else @@ -2093,86 +2093,40 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, } - if (with_resetcode) + if (resetcode) { - if (use_keypad) - { - rc = pincb (pincb_arg, - _("||Please enter the Reset Code for the card and New PIN"), - NULL); - if (rc) - { - log_info (_("PIN callback returned error: %s\n"), - gpg_strerror (rc)); - goto leave; - } - rc = iso7816_reset_retry_counter_with_rc_kp (app->slot, 0x81, - &pininfo); - pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ - } + char *buffer; + + buffer = xtrymalloc (strlen (resetcode) + strlen (pinvalue) + 1); + if (!buffer) + rc = gpg_error_from_syserror (); else { - char *buffer; - - buffer = xtrymalloc (strlen (resetcode) + strlen (pinvalue) + 1); - if (!buffer) - rc = gpg_error_from_syserror (); - else - { - strcpy (stpcpy (buffer, resetcode), pinvalue); - rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81, - buffer, strlen (buffer)); - wipememory (buffer, strlen (buffer)); - xfree (buffer); - } + strcpy (stpcpy (buffer, resetcode), pinvalue); + rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81, + buffer, strlen (buffer)); + wipememory (buffer, strlen (buffer)); + xfree (buffer); } } else if (set_resetcode) { - if (use_keypad) + if (strlen (pinvalue) < 8) { - rc = pincb (pincb_arg, _("|RN|New Reset Code"), NULL); - if (rc) - { - log_info (_("PIN callback returned error: %s\n"), - gpg_strerror (rc)); - goto leave; - } - rc = iso7816_put_data_kp (app->slot, 0xD3, &pininfo); - pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ + log_error (_("Reset Code is too short; minimum length is %d\n"), 8); + rc = gpg_error (GPG_ERR_BAD_PIN); } else - if (strlen (pinvalue) < 8) - { - log_error (_("Reset Code is too short; minimum length is %d\n"), 8); - rc = gpg_error (GPG_ERR_BAD_PIN); - } - else - rc = iso7816_put_data (app->slot, 0, 0xD3, - pinvalue, strlen (pinvalue)); + rc = iso7816_put_data (app->slot, 0, 0xD3, + pinvalue, strlen (pinvalue)); } else if (reset_mode) { - if (use_keypad) - { - rc = pincb (pincb_arg, _("|N|New PIN"), NULL); - if (rc) - { - log_info (_("PIN callback returned error: %s\n"), - gpg_strerror (rc)); - goto leave; - } - rc = iso7816_reset_retry_counter_kp (app->slot, 0x81, &pininfo); - pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ - } - else - { - rc = iso7816_reset_retry_counter (app->slot, 0x81, - pinvalue, strlen (pinvalue)); - if (!rc && !app->app_local->extcap.is_v2) - rc = iso7816_reset_retry_counter (app->slot, 0x82, - pinvalue, strlen (pinvalue)); - } + rc = iso7816_reset_retry_counter (app->slot, 0x81, + pinvalue, strlen (pinvalue)); + if (!rc && !app->app_local->extcap.is_v2) + rc = iso7816_reset_retry_counter (app->slot, 0x82, + pinvalue, strlen (pinvalue)); } else if (!app->app_local->extcap.is_v2) { @@ -2208,7 +2162,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr, gpg_strerror (rc)); goto leave; } - rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, + rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, 0, &pininfo); pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ } diff --git a/scd/iso7816.c b/scd/iso7816.c index 8876b931a..45f5e08bf 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -307,16 +307,18 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen) /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder verification vector CHVNO. With PININFO non-NULL the keypad of the - reader will be used. */ + reader will be used. If IS_EXCHANGE is 0, a "change reference + data" is done, otherwise an "exchange reference data". */ gpg_error_t -iso7816_change_reference_data_kp (int slot, int chvno, +iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange, iso7816_pininfo_t *pininfo) { int sw; - sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, 0, chvno, - pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen); + sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, + is_exchange ? 1 : 0, + chvno, pininfo->mode, pininfo->minlen, + pininfo->maxlen, pininfo->padlen); return map_sw (sw); } @@ -353,19 +355,6 @@ iso7816_change_reference_data (int slot, int chvno, } -gpg_error_t -iso7816_reset_retry_counter_with_rc_kp (int slot, int chvno, - iso7816_pininfo_t *pininfo) -{ - int sw; - - sw = apdu_keypad_modify (slot, 0x00, CMD_RESET_RETRY_COUNTER, 0, chvno, - pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen); - return map_sw (sw); -} - - gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno, const char *data, size_t datalen) @@ -381,19 +370,6 @@ iso7816_reset_retry_counter_with_rc (int slot, int chvno, } -gpg_error_t -iso7816_reset_retry_counter_kp (int slot, int chvno, - iso7816_pininfo_t *pininfo) -{ - int sw; - - sw = apdu_keypad_modify (slot, 0x00, CMD_RESET_RETRY_COUNTER, 2, chvno, - pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen); - return map_sw (sw); -} - - gpg_error_t iso7816_reset_retry_counter (int slot, int chvno, const char *newchv, size_t newchvlen) @@ -445,19 +421,6 @@ iso7816_get_data (int slot, int extended_mode, int tag, } -gpg_error_t -iso7816_put_data_kp (int slot, int tag, iso7816_pininfo_t *pininfo) -{ - int sw; - - sw = apdu_keypad_modify (slot, 0x00, CMD_PUT_DATA, - ((tag >> 8) & 0xff), (tag & 0xff), - pininfo->mode, pininfo->minlen, pininfo->maxlen, - pininfo->padlen); - return map_sw (sw); -} - - /* Perform a PUT DATA command on card in SLOT. Write DATA of length DATALEN to TAG. EXTENDED_MODE controls whether extended length headers or command chaining is used instead of single length diff --git a/scd/iso7816.h b/scd/iso7816.h index 9ed7b219f..336208aba 100644 --- a/scd/iso7816.h +++ b/scd/iso7816.h @@ -68,19 +68,15 @@ gpg_error_t iso7816_change_reference_data (int slot, int chvno, const char *oldchv, size_t oldchvlen, const char *newchv, size_t newchvlen); gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno, + int is_exchange, iso7816_pininfo_t *pininfo); gpg_error_t iso7816_reset_retry_counter (int slot, int chvno, const char *newchv, size_t newchvlen); -gpg_error_t iso7816_reset_retry_counter_kp (int slot, int chvno, - iso7816_pininfo_t *pininfo); gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno, const char *data, size_t datalen); -gpg_error_t iso7816_reset_retry_counter_with_rc_kp (int slot, int chvno, - iso7816_pininfo_t *pininfo); gpg_error_t iso7816_get_data (int slot, int extended_mode, int tag, unsigned char **result, size_t *resultlen); -gpg_error_t iso7816_put_data_kp (int slot, int tag, iso7816_pininfo_t *pininfo); gpg_error_t iso7816_put_data (int slot, int extended_mode, int tag, const void *data, size_t datalen); gpg_error_t iso7816_put_data_odd (int slot, int extended_mode, int tag,