scd: Support PASSWD --clear for OpenPGP card.

* scd/app-openpgp.c (do_change_pin): Implement handling APP_CHANGE_FLAG_CLEAR. -- It is specified in the specification version 3.1 or later. Some version 2 cards (including Gnuk) support this feature. Any version 1 card has no support for this feature. For CHVNO = 1, it clears for both of 81 and 82; That is, user's key usages for signing and others (decryption and auth). For CHVNO = 3, it clears for 83, admin key. For CHVNO = 2, it clears 82; That is, user's key usages others (decryption and auth). Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-01-23 12:01:51 +09:00 · 2019-01-23 12:01:51 +09:00 · fec75a3868
parent f97dc55ff1
commit fec75a3868
1 changed files with 32 additions and 1 deletions
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -2608,7 +2608,38 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
  pininfo.minlen = minlen;

  if ((flags & APP_CHANGE_FLAG_CLEAR))
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+    {
+      unsigned char apdu[4];
+
+      if (!app->app_local->extcap.is_v2)
+        return GPG_ERR_UNSUPPORTED_OPERATION;
+
+      apdu[0] = 0x00;
+      apdu[1] = ISO7816_VERIFY;
+      apdu[2] = 0xff;
+      apdu[3] = 0x80+chvno;
+
+      rc = iso7816_apdu_direct (app->slot, apdu, 4, 0, NULL, NULL, NULL);
+      if (rc)
+        {
+          if (rc == GPG_ERR_INV_VALUE)
+            rc = GPG_ERR_UNSUPPORTED_OPERATION;
+          return rc;
+        }
+
+      if (chvno == 1)
+        {
+          apdu[3]++;
+          rc = iso7816_apdu_direct (app->slot, apdu, 4, 0, NULL, NULL, NULL);
+          app->did_chv1 = app->did_chv2 = 0;
+        }
+      else if (chvno == 2)
+        app->did_chv2 = 0;
+      else if (chvno == 3)
+        app->did_chv3 = 0;
+
+      return rc;
+    }

  if (reset_mode && chvno == 3)
    {