security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-07-06 03:19:21 +02:00
Code Activity

Fix pinpad input support for passphrase modification.

Browse Source 
* apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
(pcsc_keypad_modify): Likewise.
(pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
bConfirmPIN value is determined by the parameter p0.

* app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
reset_mode is on, or resetcode is on.  use_keypad only makes sense for
iso7816_change_reference_data_kp.

* iso7816.h (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.

* iso7816.c (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
This commit is contained in:
NIIBE Yutaka 2011-12-02 13:57:12 +09:00 committed by Werner Koch
parent 80d7359c3f
commit c3f1557853
4 changed files with 89 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
scd/apdu.c
View File

@ -2045,7 +2045,7 @@ check_pcsc_keypad (int slot, int command, int pin_mode,
} }
#define PIN_VERIFY_STRUCTURE_SIZE 23 #define PIN_VERIFY_STRUCTURE_SIZE 24
static int static int
pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1, pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
struct pininfo_s *pininfo) struct pininfo_s *pininfo)
@ -2098,7 +2098,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
pin_verify[12] = 0x00; /* bTeoPrologue[0] */ pin_verify[12] = 0x00; /* bTeoPrologue[0] */
pin_verify[13] = 0x00; /* bTeoPrologue[1] */ pin_verify[13] = 0x00; /* bTeoPrologue[1] */
pin_verify[14] = 0x00; /* bTeoPrologue[2] */ pin_verify[14] = 0x00; /* bTeoPrologue[2] */
pin_verify[15] = 0x04; /* ulDataLength */ pin_verify[15] = 0x05; /* ulDataLength */
pin_verify[16] = 0x00; /* ulDataLength */ pin_verify[16] = 0x00; /* ulDataLength */
pin_verify[17] = 0x00; /* ulDataLength */ pin_verify[17] = 0x00; /* ulDataLength */
pin_verify[18] = 0x00; /* ulDataLength */ pin_verify[18] = 0x00; /* ulDataLength */
@ -2106,6 +2106,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
pin_verify[20] = ins; /* abData[1] */ pin_verify[20] = ins; /* abData[1] */
pin_verify[21] = p0; /* abData[2] */ pin_verify[21] = p0; /* abData[2] */
pin_verify[22] = p1; /* abData[3] */ pin_verify[22] = p1; /* abData[3] */
pin_verify[23] = 0x00; /* abData[4] */
sw = control_pcsc (slot, reader_table[slot].pcsc.verify_ioctl, sw = control_pcsc (slot, reader_table[slot].pcsc.verify_ioctl,
pin_verify, len, result, &resultlen); pin_verify, len, result, &resultlen);
@ -2117,7 +2118,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
} }
#define PIN_MODIFY_STRUCTURE_SIZE 28 #define PIN_MODIFY_STRUCTURE_SIZE 29
static int static int
pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1, pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
struct pininfo_s *pininfo) struct pininfo_s *pininfo)
@ -2127,32 +2128,6 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
unsigned long len = PIN_MODIFY_STRUCTURE_SIZE; unsigned long len = PIN_MODIFY_STRUCTURE_SIZE;
unsigned char result[2]; unsigned char result[2];
size_t resultlen = 2; size_t resultlen = 2;
unsigned char confirm_pin;
/* bConfirmPIN
* 0x00: new PIN once
* 0x01: new PIN twice (confirmation)
* 0x02: old PIN and new PIN once
* 0x03: old PIN and new PIN twice (confirmation)
*/
switch (ins)
{
case ISO7816_CHANGE_REFERENCE_DATA:
confirm_pin = 0x03;
break;
case 0xDA: /* PUT_DATA */
confirm_pin = 0x01;
break;
case ISO7816_RESET_RETRY_COUNTER:
if (p0 == 0)
confirm_pin = 0x03;
else
confirm_pin = 0x01;
break;
default:
confirm_pin = 0x00;
break;
}
if (!reader_table[slot].atrlen if (!reader_table[slot].atrlen
&& (sw = reset_pcsc_reader (slot))) && (sw = reset_pcsc_reader (slot)))
@ -2188,7 +2163,13 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
pin_modify[6] = 0x00; /* bInsertionOffsetNew */ pin_modify[6] = 0x00; /* bInsertionOffsetNew */
pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */ pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */
pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */ pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */
pin_modify[9] = confirm_pin; pin_modify[9] = (p0 == 0 ? 0x03 : 0x01);
/* bConfirmPIN
* 0x00: new PIN once
* 0x01: new PIN twice (confirmation)
* 0x02: old PIN and new PIN once
* 0x03: old PIN and new PIN twice (confirmation)
*/
pin_modify[10] = 0x02; /* bEntryValidationCondition: Validation key pressed */ pin_modify[10] = 0x02; /* bEntryValidationCondition: Validation key pressed */
if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen) if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen)
pin_modify[10] |= 0x01; /* Max size reached. */ pin_modify[10] |= 0x01; /* Max size reached. */
@ -2201,7 +2182,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
pin_modify[17] = 0x00; /* bTeoPrologue[0] */ pin_modify[17] = 0x00; /* bTeoPrologue[0] */
pin_modify[18] = 0x00; /* bTeoPrologue[1] */ pin_modify[18] = 0x00; /* bTeoPrologue[1] */
pin_modify[19] = 0x00; /* bTeoPrologue[2] */ pin_modify[19] = 0x00; /* bTeoPrologue[2] */
pin_modify[20] = 0x04; /* ulDataLength */ pin_modify[20] = 0x05; /* ulDataLength */
pin_modify[21] = 0x00; /* ulDataLength */ pin_modify[21] = 0x00; /* ulDataLength */
pin_modify[22] = 0x00; /* ulDataLength */ pin_modify[22] = 0x00; /* ulDataLength */
pin_modify[23] = 0x00; /* ulDataLength */ pin_modify[23] = 0x00; /* ulDataLength */
@ -2209,6 +2190,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
pin_modify[25] = ins; /* abData[1] */ pin_modify[25] = ins; /* abData[1] */
pin_modify[26] = p0; /* abData[2] */ pin_modify[26] = p0; /* abData[2] */
pin_modify[27] = p1; /* abData[3] */ pin_modify[27] = p1; /* abData[3] */
pin_modify[28] = 0x00; /* abData[4] */
sw = control_pcsc (slot, reader_table[slot].pcsc.modify_ioctl, sw = control_pcsc (slot, reader_table[slot].pcsc.modify_ioctl,
pin_modify, len, result, &resultlen); pin_modify, len, result, &resultlen);

182
scd/app-openpgp.c
View File

@ -1915,7 +1915,6 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
char *pinvalue = NULL; char *pinvalue = NULL;
int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET); int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET);
int set_resetcode = 0; int set_resetcode = 0;
int with_resetcode = 0;
iso7816_pininfo_t pininfo; iso7816_pininfo_t pininfo;
int use_keypad = 0; int use_keypad = 0;
int minlen = 6; int minlen = 6;
@ -1975,6 +1974,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
if (reset_mode) if (reset_mode)
{ {
/* To reset a PIN the Admin PIN is required. */ /* To reset a PIN the Admin PIN is required. */
use_keypad = 0;
app->did_chv3 = 0; app->did_chv3 = 0;
rc = verify_chv3 (app, pincb, pincb_arg); rc = verify_chv3 (app, pincb, pincb_arg);
if (rc) if (rc)
@ -1983,37 +1983,40 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
if (chvno == 2) if (chvno == 2)
set_resetcode = 1; set_resetcode = 1;
} }
else if (!use_keypad && (chvno == 1 || chvno == 3)) else if (chvno == 1 || chvno == 3)
{ {
char *promptbuf = NULL; if (!use_keypad)
const char *prompt;
if (chvno == 3)
{ {
minlen = 8; char *promptbuf = NULL;
rc = build_enter_admin_pin_prompt (app, &promptbuf); const char *prompt;
if (chvno == 3)
{
minlen = 8;
rc = build_enter_admin_pin_prompt (app, &promptbuf);
if (rc)
goto leave;
prompt = promptbuf;
}
else
prompt = _("||Please enter the PIN");
rc = pincb (pincb_arg, prompt, &oldpinvalue);
xfree (promptbuf);
promptbuf = NULL;
if (rc) if (rc)
goto leave; {
prompt = promptbuf; log_info (_("PIN callback returned error: %s\n"),
} gpg_strerror (rc));
else goto leave;
prompt = _("||Please enter the PIN"); }
rc = pincb (pincb_arg, prompt, &oldpinvalue);
xfree (promptbuf);
promptbuf = NULL;
if (rc)
{
log_info (_("PIN callback returned error: %s\n"),
gpg_strerror (rc));
goto leave;
}
if (strlen (oldpinvalue) < minlen) if (strlen (oldpinvalue) < minlen)
{ {
log_info (_("PIN for CHV%d is too short;" log_info (_("PIN for CHV%d is too short;"
" minimum length is %d\n"), chvno, minlen); " minimum length is %d\n"), chvno, minlen);
rc = gpg_error (GPG_ERR_BAD_PIN); rc = gpg_error (GPG_ERR_BAD_PIN);
goto leave; goto leave;
}
} }
} }
else if (chvno == 2) else if (chvno == 2)
@ -2025,7 +2028,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
size_t valuelen; size_t valuelen;
int remaining; int remaining;
with_resetcode = 1; use_keypad = 0;
minlen = 8; minlen = 8;
relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL); relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
if (!relptr || valuelen < 7) if (!relptr || valuelen < 7)
@ -2044,24 +2047,21 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
goto leave; goto leave;
} }
if (!use_keypad) rc = pincb (pincb_arg,
_("||Please enter the Reset Code for the card"),
&resetcode);
if (rc)
{ {
rc = pincb (pincb_arg, log_info (_("PIN callback returned error: %s\n"),
_("||Please enter the Reset Code for the card"), gpg_strerror (rc));
&resetcode); goto leave;
if (rc) }
{ if (strlen (resetcode) < minlen)
log_info (_("PIN callback returned error: %s\n"), {
gpg_strerror (rc)); log_info (_("Reset Code is too short; minimum length is %d\n"),
goto leave; minlen);
} rc = gpg_error (GPG_ERR_BAD_PIN);
if (strlen (resetcode) < minlen) goto leave;
{
log_info (_("Reset Code is too short; minimum length is %d\n"),
minlen);
rc = gpg_error (GPG_ERR_BAD_PIN);
goto leave;
}
} }
} }
else else
@ -2093,86 +2093,40 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
} }
if (with_resetcode) if (resetcode)
{ {
if (use_keypad) char *buffer;
{
rc = pincb (pincb_arg, buffer = xtrymalloc (strlen (resetcode) + strlen (pinvalue) + 1);
_("||Please enter the Reset Code for the card and New PIN"), if (!buffer)
NULL); rc = gpg_error_from_syserror ();
if (rc)
{
log_info (_("PIN callback returned error: %s\n"),
gpg_strerror (rc));
goto leave;
}
rc = iso7816_reset_retry_counter_with_rc_kp (app->slot, 0x81,
&pininfo);
pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
}
else else
{ {
char *buffer; strcpy (stpcpy (buffer, resetcode), pinvalue);
rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81,
buffer = xtrymalloc (strlen (resetcode) + strlen (pinvalue) + 1); buffer, strlen (buffer));
if (!buffer) wipememory (buffer, strlen (buffer));
rc = gpg_error_from_syserror (); xfree (buffer);
else
{
strcpy (stpcpy (buffer, resetcode), pinvalue);
rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81,
buffer, strlen (buffer));
wipememory (buffer, strlen (buffer));
xfree (buffer);
}
} }
} }
else if (set_resetcode) else if (set_resetcode)
{ {
if (use_keypad) if (strlen (pinvalue) < 8)
{ {
rc = pincb (pincb_arg, _("|RN|New Reset Code"), NULL); log_error (_("Reset Code is too short; minimum length is %d\n"), 8);
if (rc) rc = gpg_error (GPG_ERR_BAD_PIN);
{
log_info (_("PIN callback returned error: %s\n"),
gpg_strerror (rc));
goto leave;
}
rc = iso7816_put_data_kp (app->slot, 0xD3, &pininfo);
pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
} }
else else
if (strlen (pinvalue) < 8) rc = iso7816_put_data (app->slot, 0, 0xD3,
{ pinvalue, strlen (pinvalue));
log_error (_("Reset Code is too short; minimum length is %d\n"), 8);
rc = gpg_error (GPG_ERR_BAD_PIN);
}
else
rc = iso7816_put_data (app->slot, 0, 0xD3,
pinvalue, strlen (pinvalue));
} }
else if (reset_mode) else if (reset_mode)
{ {
if (use_keypad) rc = iso7816_reset_retry_counter (app->slot, 0x81,
{ pinvalue, strlen (pinvalue));
rc = pincb (pincb_arg, _("|N|New PIN"), NULL); if (!rc && !app->app_local->extcap.is_v2)
if (rc) rc = iso7816_reset_retry_counter (app->slot, 0x82,
{ pinvalue, strlen (pinvalue));
log_info (_("PIN callback returned error: %s\n"),
gpg_strerror (rc));
goto leave;
}
rc = iso7816_reset_retry_counter_kp (app->slot, 0x81, &pininfo);
pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
}
else
{
rc = iso7816_reset_retry_counter (app->slot, 0x81,
pinvalue, strlen (pinvalue));
if (!rc && !app->app_local->extcap.is_v2)
rc = iso7816_reset_retry_counter (app->slot, 0x82,
pinvalue, strlen (pinvalue));
}
} }
else if (!app->app_local->extcap.is_v2) else if (!app->app_local->extcap.is_v2)
{ {
@ -2208,7 +2162,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
gpg_strerror (rc)); gpg_strerror (rc));
goto leave; goto leave;
} }
rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, 0,
&pininfo); &pininfo);
pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */ pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
} }

51
scd/iso7816.c
View File

@ -307,16 +307,18 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen)
/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
verification vector CHVNO. With PININFO non-NULL the keypad of the verification vector CHVNO. With PININFO non-NULL the keypad of the
reader will be used. */ reader will be used. If IS_EXCHANGE is 0, a "change reference
data" is done, otherwise an "exchange reference data". */
gpg_error_t gpg_error_t
iso7816_change_reference_data_kp (int slot, int chvno, iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange,
iso7816_pininfo_t *pininfo) iso7816_pininfo_t *pininfo)
{ {
int sw; int sw;
sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, 0, chvno, sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA,
pininfo->mode, pininfo->minlen, pininfo->maxlen, is_exchange ? 1 : 0,
pininfo->padlen); chvno, pininfo->mode, pininfo->minlen,
pininfo->maxlen, pininfo->padlen);
return map_sw (sw); return map_sw (sw);
} }
@ -353,19 +355,6 @@ iso7816_change_reference_data (int slot, int chvno,
} }
gpg_error_t
iso7816_reset_retry_counter_with_rc_kp (int slot, int chvno,
iso7816_pininfo_t *pininfo)
{
int sw;
sw = apdu_keypad_modify (slot, 0x00, CMD_RESET_RETRY_COUNTER, 0, chvno,
pininfo->mode, pininfo->minlen, pininfo->maxlen,
pininfo->padlen);
return map_sw (sw);
}
gpg_error_t gpg_error_t
iso7816_reset_retry_counter_with_rc (int slot, int chvno, iso7816_reset_retry_counter_with_rc (int slot, int chvno,
const char *data, size_t datalen) const char *data, size_t datalen)
@ -381,19 +370,6 @@ iso7816_reset_retry_counter_with_rc (int slot, int chvno,
} }
gpg_error_t
iso7816_reset_retry_counter_kp (int slot, int chvno,
iso7816_pininfo_t *pininfo)
{
int sw;
sw = apdu_keypad_modify (slot, 0x00, CMD_RESET_RETRY_COUNTER, 2, chvno,
pininfo->mode, pininfo->minlen, pininfo->maxlen,
pininfo->padlen);
return map_sw (sw);
}
gpg_error_t gpg_error_t
iso7816_reset_retry_counter (int slot, int chvno, iso7816_reset_retry_counter (int slot, int chvno,
const char *newchv, size_t newchvlen) const char *newchv, size_t newchvlen)
@ -445,19 +421,6 @@ iso7816_get_data (int slot, int extended_mode, int tag,
} }
gpg_error_t
iso7816_put_data_kp (int slot, int tag, iso7816_pininfo_t *pininfo)
{
int sw;
sw = apdu_keypad_modify (slot, 0x00, CMD_PUT_DATA,
((tag >> 8) & 0xff), (tag & 0xff),
pininfo->mode, pininfo->minlen, pininfo->maxlen,
pininfo->padlen);
return map_sw (sw);
}
/* Perform a PUT DATA command on card in SLOT. Write DATA of length /* Perform a PUT DATA command on card in SLOT. Write DATA of length
DATALEN to TAG. EXTENDED_MODE controls whether extended length DATALEN to TAG. EXTENDED_MODE controls whether extended length
headers or command chaining is used instead of single length headers or command chaining is used instead of single length

6
scd/iso7816.h
View File

@ -68,19 +68,15 @@ gpg_error_t iso7816_change_reference_data (int slot, int chvno,
const char *oldchv, size_t oldchvlen, const char *oldchv, size_t oldchvlen,
const char *newchv, size_t newchvlen); const char *newchv, size_t newchvlen);
gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno, gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno,
int is_exchange,
iso7816_pininfo_t *pininfo); iso7816_pininfo_t *pininfo);
gpg_error_t iso7816_reset_retry_counter (int slot, int chvno, gpg_error_t iso7816_reset_retry_counter (int slot, int chvno,
const char *newchv, size_t newchvlen); const char *newchv, size_t newchvlen);
gpg_error_t iso7816_reset_retry_counter_kp (int slot, int chvno,
iso7816_pininfo_t *pininfo);
gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno, gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno,
const char *data, const char *data,
size_t datalen); size_t datalen);
gpg_error_t iso7816_reset_retry_counter_with_rc_kp (int slot, int chvno,
iso7816_pininfo_t *pininfo);
gpg_error_t iso7816_get_data (int slot, int extended_mode, int tag, gpg_error_t iso7816_get_data (int slot, int extended_mode, int tag,
unsigned char **result, size_t *resultlen); unsigned char **result, size_t *resultlen);
gpg_error_t iso7816_put_data_kp (int slot, int tag, iso7816_pininfo_t *pininfo);
gpg_error_t iso7816_put_data (int slot, int extended_mode, int tag, gpg_error_t iso7816_put_data (int slot, int extended_mode, int tag,
const void *data, size_t datalen); const void *data, size_t datalen);
gpg_error_t iso7816_put_data_odd (int slot, int extended_mode, int tag, gpg_error_t iso7816_put_data_odd (int slot, int extended_mode, int tag,