scd: Support PASSWD --clear for OpenPGP card.

* scd/app-openpgp.c (do_change_pin): Implement handling
APP_CHANGE_FLAG_CLEAR.

--

It is specified in the specification version 3.1 or later.  Some
version 2 cards (including Gnuk) support this feature.  Any version 1
card has no support for this feature.

For CHVNO = 1, it clears for both of 81 and 82; That is, user's key
usages for signing and others (decryption and auth).
For CHVNO = 3, it clears for 83, admin key.

For CHVNO = 2, it clears 82; That is, user's key usages
others (decryption and auth).

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

scd/app-openpgp.c

@@ -2608,7 +2608,38 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
   pininfo.minlen = minlen;
 
   if ((flags & APP_CHANGE_FLAG_CLEAR))
-    return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
+    {
+      unsigned char apdu[4];
+
+      if (!app->app_local->extcap.is_v2)
+        return GPG_ERR_UNSUPPORTED_OPERATION;
+
+      apdu[0] = 0x00;
+      apdu[1] = ISO7816_VERIFY;
+      apdu[2] = 0xff;
+      apdu[3] = 0x80+chvno;
+
+      rc = iso7816_apdu_direct (app->slot, apdu, 4, 0, NULL, NULL, NULL);
+      if (rc)
+        {
+          if (rc == GPG_ERR_INV_VALUE)
+            rc = GPG_ERR_UNSUPPORTED_OPERATION;
+          return rc;
+        }
+
+      if (chvno == 1)
+        {
+          apdu[3]++;
+          rc = iso7816_apdu_direct (app->slot, apdu, 4, 0, NULL, NULL, NULL);
+          app->did_chv1 = app->did_chv2 = 0;
+        }
+      else if (chvno == 2)
+        app->did_chv2 = 0;
+      else if (chvno == 3)
+        app->did_chv3 = 0;
+
+      return rc;
+    }
 
   if (reset_mode && chvno == 3)
     {