scd: New option --debug-allow-pin-logging.

* scd/scdaemon.c (oDebugAllowPINLogging): New. (opts): Add option. (main): Set option. * scd/scdaemon.h (opt): Add debug_allow_pin_logging. * scd/apdu.c (pcsc_send_apdu): Do not hide the PIN dat in the debug output if the option is set. (send_apdu_ccid): Ditto. -- This option is only required during development.
2025-07-02 22:46:30 +02:00 · 2023-11-17 14:40:38 +01:00 · 2023-11-17 14:40:38 +01:00 · e43bd2a7a7
commit e43bd2a7a7
parent 2fa916ebff
3 changed files with 10 additions and 4 deletions
--- a/scd/apdu.c
+++ b/scd/apdu.c
@ -775,8 +775,8 @@ pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen,
  if (DBG_CARD_IO)
    {
      /* Do not dump the PIN in a VERIFY command.  */
-      if (apdulen > 5 && apdu[1] == 0x20)
-        log_debug ("PCSC_data: %02X %02X %02X %02X %02X [redacted]\n",
+      if (apdulen > 5 && apdu[1] == 0x20 && !opt.debug_allow_pin_logging)
+        log_debug ("PCSC_data: %02X %02X %02X %02X %02X [hidden]\n",
                   apdu[0], apdu[1], apdu[2], apdu[3], apdu[4]);
      else
        log_printhex (apdu, apdulen, "PCSC_data:");
@ -1564,8 +1564,8 @@ send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen,
  if (DBG_CARD_IO)
    {
      /* Do not dump the PIN in a VERIFY command.  */
-      if (apdulen > 5 && apdu[1] == 0x20)
-        log_debug (" raw apdu: %02x%02x%02x%02x%02x [redacted]\n",
+      if (apdulen > 5 && apdu[1] == 0x20 && !opt.debug_allow_pin_logging)
+        log_debug (" raw apdu: %02x%02x%02x%02x%02x [hidden]\n",
                   apdu[0], apdu[1], apdu[2], apdu[3], apdu[4]);
      else
        log_printhex (apdu, apdulen, " raw apdu:");