scd: First changes to implement a PIN cache.

* scd/command.c (pincache_put): New. Uses a dummy key for now. (pincache_get): New. * scd/app.c (select_application): Flush the PIN cache. (scd_update_reader_status_file): Ditto. (maybe_switch_app): Call the new prep_reselect function. (app_write_learn_status): Ditto. * scd/app-openpgp.c (cache_pin): New helper to cache a PIN. (verify_chv2): Call it. (verify_chv3): Call it. (clear_chv_status): Call it. (do_change_pin): Call it. * scd/app-common.h (struct app_ctx_s): Add function 'prep_select'. * scd/app-openpgp.c (do_prep_reselect): New stub function. (app_select_openpgp): Set new stub function. * scd/app-piv.c (do_prep_reselect): New stub function. (app_select_piv): Set new stub function. * scd/app-common.h (struct app_ctx_s): Add parameter ctrl to setattr, sign, auth, decipher, and check_pin. Change all implementations and callers to pass such a parameter. -- This is work in progress. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2020-01-07 18:45:33 +01:00 · 2020-01-07 18:45:33 +01:00 · fbf97a7856
commit fbf97a7856
parent d5c00354bb
11 changed files with 418 additions and 85 deletions
--- a/scd/app-sc-hsm.c
+++ b/scd/app-sc-hsm.c
@ -1773,7 +1773,7 @@ verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
   the ECDSA signature in X9.62 format (SEQ/INT(r)/INT(s))
 */
 static gpg_error_t
-do_sign (app_t app, const char *keyidstr, int hashalgo,
+do_sign (app_t app, ctrl_t ctrl, const char *keyidstr, int hashalgo,
         gpg_error_t (*pincb)(void*, const char *, char **),
         void *pincb_arg,
         const void *indata, size_t indatalen,
@ -1810,6 +1810,8 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
  unsigned char algoid;
  int sw;

+  (void)ctrl;
+
  if (!keyidstr || !*keyidstr)
    return gpg_error (GPG_ERR_INV_VALUE);

@ -1901,7 +1903,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
   must match the criteria used for the attribute $AUTHKEYID.  See
   do_sign for calling conventions; there is no HASHALGO, though. */
 static gpg_error_t
-do_auth (app_t app, const char *keyidstr,
+do_auth (app_t app, ctrl_t ctrl, const char *keyidstr,
         gpg_error_t (*pincb)(void*, const char *, char **),
         void *pincb_arg,
         const void *indata, size_t indatalen,
@ -1924,7 +1926,7 @@ do_auth (app_t app, const char *keyidstr,
    }

  algo = indatalen == 36? MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1;
-  return do_sign (app, keyidstr, algo, pincb, pincb_arg,
+  return do_sign (app, ctrl, keyidstr, algo, pincb, pincb_arg,
                  indata, indatalen, outdata, outdatalen);
 }

@ -1973,7 +1975,7 @@ strip_PKCS15_padding(unsigned char *src, int srclen, unsigned char **dst,
 /* Decrypt a PKCS#1 V1.5 formatted cryptogram using the referenced
   key.  */
 static gpg_error_t
-do_decipher (app_t app, const char *keyidstr,
+do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr,
             gpg_error_t (*pincb)(void*, const char *, char **),
             void *pincb_arg,
             const void *indata, size_t indatalen,
@ -1988,6 +1990,8 @@ do_decipher (app_t app, const char *keyidstr,
  size_t p1blklen;
  int sw;

+  (void)ctrl;
+
  if (!keyidstr || !*keyidstr || !indatalen)
    return gpg_error (GPG_ERR_INV_VALUE);

@ -2069,6 +2073,7 @@ app_select_sc_hsm (app_t app)
        goto leave;

      app->fnc.deinit = do_deinit;
+      app->fnc.prep_reselect = NULL;
      app->fnc.reselect = NULL;
      app->fnc.learn_status = do_learn_status;
      app->fnc.readcert = do_readcert;