aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNIIBE Yutaka <[email protected]>2011-12-02 04:57:12 +0000
committerNIIBE Yutaka <[email protected]>2012-06-15 07:27:02 +0000
commit1b0968ce9a642671f902ceddbafb5af4fe51535b (patch)
treea97fc5f931512e68662c2a6ba957c6537e710624
parentscd: Fix pinpad input support (backport from master) (diff)
downloadgnupg-1b0968ce9a642671f902ceddbafb5af4fe51535b.tar.gz
gnupg-1b0968ce9a642671f902ceddbafb5af4fe51535b.zip
Fix pinpad input support for passphrase modification. (backport)
* apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0. (pcsc_keypad_modify): Likewise. (pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA. bConfirmPIN value is determined by the parameter p0. * app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when reset_mode is on, or resetcode is on. use_keypad only makes sense for iso7816_change_reference_data_kp. * iso7816.h (iso7816_put_data_kp): Remove. (iso7816_reset_retry_counter_kp): Remove. (iso7816_reset_retry_counter_with_rc_kp): Remove. (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE. * iso7816.c (iso7816_put_data_kp): Remove. (iso7816_reset_retry_counter_kp): Remove. (iso7816_reset_retry_counter_with_rc_kp): Remove. (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
Diffstat
-rw-r--r--scd/apdu.c23
-rw-r--r--scd/app-openpgp.c178
-rw-r--r--scd/iso7816.c37
-rw-r--r--scd/iso7816.h5
4 files changed, 87 insertions, 156 deletions
diff --git a/scd/apdu.c b/scd/apdu.c
index 4062b1e66..38097c0c3 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -2028,7 +2028,7 @@ check_pcsc_keypad (int slot, int command, int pin_mode,
}
-#define PIN_VERIFY_STRUCTURE_SIZE 23
+#define PIN_VERIFY_STRUCTURE_SIZE 24
static int
pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
struct pininfo_s *pininfo)
@@ -2081,7 +2081,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
pin_verify[12] = 0x00; /* bTeoPrologue[0] */
pin_verify[13] = 0x00; /* bTeoPrologue[1] */
pin_verify[14] = 0x00; /* bTeoPrologue[2] */
- pin_verify[15] = 0x04; /* ulDataLength */
+ pin_verify[15] = 0x05; /* ulDataLength */
pin_verify[16] = 0x00; /* ulDataLength */
pin_verify[17] = 0x00; /* ulDataLength */
pin_verify[18] = 0x00; /* ulDataLength */
@@ -2089,6 +2089,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
pin_verify[20] = ins; /* abData[1] */
pin_verify[21] = p0; /* abData[2] */
pin_verify[22] = p1; /* abData[3] */
+ pin_verify[23] = 0x00; /* abData[4] */
sw = control_pcsc (slot, reader_table[slot].pcsc.verify_ioctl,
pin_verify, len, result, &resultlen);
@@ -2100,7 +2101,7 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
}
-#define PIN_MODIFY_STRUCTURE_SIZE 28
+#define PIN_MODIFY_STRUCTURE_SIZE 29
static int
pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
struct pininfo_s *pininfo)
@@ -2145,12 +2146,13 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
pin_modify[6] = 0x00; /* bInsertionOffsetNew */
pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */
pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */
- pin_modify[9] = 0x03; /* bConfirmPIN
- * 0x00: new PIN once
- * 0x01: new PIN twice (confirmation)
- * 0x02: old PIN and new PIN once
- * 0x03: old PIN and new PIN twice (confirmation)
- */
+ pin_modify[9] = (p0 == 0 ? 0x03 : 0x01);
+ /* bConfirmPIN
+ * 0x00: new PIN once
+ * 0x01: new PIN twice (confirmation)
+ * 0x02: old PIN and new PIN once
+ * 0x03: old PIN and new PIN twice (confirmation)
+ */
pin_modify[10] = 0x02; /* bEntryValidationCondition: Validation key pressed */
if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen)
pin_modify[10] |= 0x01; /* Max size reached. */
@@ -2163,7 +2165,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
pin_modify[17] = 0x00; /* bTeoPrologue[0] */
pin_modify[18] = 0x00; /* bTeoPrologue[1] */
pin_modify[19] = 0x00; /* bTeoPrologue[2] */
- pin_modify[20] = 0x04; /* ulDataLength */
+ pin_modify[20] = 0x05; /* ulDataLength */
pin_modify[21] = 0x00; /* ulDataLength */
pin_modify[22] = 0x00; /* ulDataLength */
pin_modify[23] = 0x00; /* ulDataLength */
@@ -2171,6 +2173,7 @@ pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
pin_modify[25] = ins; /* abData[1] */
pin_modify[26] = p0; /* abData[2] */
pin_modify[27] = p1; /* abData[3] */
+ pin_modify[28] = 0x00; /* abData[4] */
sw = control_pcsc (slot, reader_table[slot].pcsc.modify_ioctl,
pin_modify, len, result, &resultlen);
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 4bae87543..e50297dee 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -1974,6 +1974,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
if (reset_mode)
{
/* To reset a PIN the Admin PIN is required. */
+ use_keypad = 0;
app->did_chv3 = 0;
rc = verify_chv3 (app, pincb, pincb_arg);
if (rc)
@@ -1982,37 +1983,40 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
if (chvno == 2)
set_resetcode = 1;
}
- else if (!use_keypad && (chvno == 1 || chvno == 3))
+ else if (chvno == 1 || chvno == 3)
{
- char *promptbuf = NULL;
- const char *prompt;
-
- if (chvno == 3)
+ if (!use_keypad)
{
- minlen = 8;
- rc = build_enter_admin_pin_prompt (app, &promptbuf);
+ char *promptbuf = NULL;
+ const char *prompt;
+
+ if (chvno == 3)
+ {
+ minlen = 8;
+ rc = build_enter_admin_pin_prompt (app, &promptbuf);
+ if (rc)
+ goto leave;
+ prompt = promptbuf;
+ }
+ else
+ prompt = _("||Please enter the PIN");
+ rc = pincb (pincb_arg, prompt, &oldpinvalue);
+ xfree (promptbuf);
+ promptbuf = NULL;
if (rc)
- goto leave;
- prompt = promptbuf;
- }
- else
- prompt = _("||Please enter the PIN");
- rc = pincb (pincb_arg, prompt, &oldpinvalue);
- xfree (promptbuf);
- promptbuf = NULL;
- if (rc)
- {
- log_info (_("PIN callback returned error: %s\n"),
- gpg_strerror (rc));
- goto leave;
- }
+ {
+ log_info (_("PIN callback returned error: %s\n"),
+ gpg_strerror (rc));
+ goto leave;
+ }
- if (strlen (oldpinvalue) < minlen)
- {
- log_info (_("PIN for CHV%d is too short;"
- " minimum length is %d\n"), chvno, minlen);
- rc = gpg_error (GPG_ERR_BAD_PIN);
- goto leave;
+ if (strlen (oldpinvalue) < minlen)
+ {
+ log_info (_("PIN for CHV%d is too short;"
+ " minimum length is %d\n"), chvno, minlen);
+ rc = gpg_error (GPG_ERR_BAD_PIN);
+ goto leave;
+ }
}
}
else if (chvno == 2)
@@ -2024,6 +2028,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
size_t valuelen;
int remaining;
+ use_keypad = 0;
minlen = 8;
relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
if (!relptr || valuelen < 7)
@@ -2042,24 +2047,21 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
goto leave;
}
- if (!use_keypad)
+ rc = pincb (pincb_arg,
+ _("||Please enter the Reset Code for the card"),
+ &resetcode);
+ if (rc)
{
- rc = pincb (pincb_arg,
- _("||Please enter the Reset Code for the card"),
- &resetcode);
- if (rc)
- {
- log_info (_("PIN callback returned error: %s\n"),
- gpg_strerror (rc));
- goto leave;
- }
- if (strlen (resetcode) < minlen)
- {
- log_info (_("Reset Code is too short; minimum length is %d\n"),
- minlen);
- rc = gpg_error (GPG_ERR_BAD_PIN);
- goto leave;
- }
+ log_info (_("PIN callback returned error: %s\n"),
+ gpg_strerror (rc));
+ goto leave;
+ }
+ if (strlen (resetcode) < minlen)
+ {
+ log_info (_("Reset Code is too short; minimum length is %d\n"),
+ minlen);
+ rc = gpg_error (GPG_ERR_BAD_PIN);
+ goto leave;
}
}
else
@@ -2093,36 +2095,18 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
if (resetcode)
{
- if (use_keypad)
- {
- rc = pincb (pincb_arg,
- _("||Please enter the Reset Code for the card and New PIN"),
- NULL);
- if (rc)
- {
- log_info (_("PIN callback returned error: %s\n"),
- gpg_strerror (rc));
- goto leave;
- }
- rc = iso7816_reset_retry_counter_with_rc_kp (app->slot, 0x81,
- &pininfo);
- pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
- }
- else
- {
- char *buffer;
+ char *buffer;
- buffer = xtrymalloc (strlen (resetcode) + strlen (pinvalue) + 1);
- if (!buffer)
- rc = gpg_error_from_syserror ();
- else
- {
- strcpy (stpcpy (buffer, resetcode), pinvalue);
- rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81,
- buffer, strlen (buffer));
- wipememory (buffer, strlen (buffer));
- xfree (buffer);
- }
+ buffer = xtrymalloc (strlen (resetcode) + strlen (pinvalue) + 1);
+ if (!buffer)
+ rc = gpg_error_from_syserror ();
+ else
+ {
+ strcpy (stpcpy (buffer, resetcode), pinvalue);
+ rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81,
+ buffer, strlen (buffer));
+ wipememory (buffer, strlen (buffer));
+ xfree (buffer);
}
}
else if (set_resetcode)
@@ -2131,48 +2115,18 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
{
log_error (_("Reset Code is too short; minimum length is %d\n"), 8);
rc = gpg_error (GPG_ERR_BAD_PIN);
- }
+ }
else
- {
- if (use_keypad)
- {
- rc = pincb (pincb_arg, _("|RN|New Reset Code"), NULL);
- if (rc)
- {
- log_info (_("PIN callback returned error: %s\n"),
- gpg_strerror (rc));
- goto leave;
- }
- rc = iso7816_put_data_kp (app->slot, 0xD3, &pininfo);
- pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
- }
- else
- rc = iso7816_put_data (app->slot, 0, 0xD3,
- pinvalue, strlen (pinvalue));
- }
+ rc = iso7816_put_data (app->slot, 0, 0xD3,
+ pinvalue, strlen (pinvalue));
}
else if (reset_mode)
{
- if (use_keypad)
- {
- rc = pincb (pincb_arg, _("|N|New PIN"), NULL);
- if (rc)
- {
- log_info (_("PIN callback returned error: %s\n"),
- gpg_strerror (rc));
- goto leave;
- }
- rc = iso7816_reset_retry_counter_kp (app->slot, 0x81, &pininfo);
- pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
- }
- else
- {
- rc = iso7816_reset_retry_counter (app->slot, 0x81,
- pinvalue, strlen (pinvalue));
- if (!rc && !app->app_local->extcap.is_v2)
- rc = iso7816_reset_retry_counter (app->slot, 0x82,
- pinvalue, strlen (pinvalue));
- }
+ rc = iso7816_reset_retry_counter (app->slot, 0x81,
+ pinvalue, strlen (pinvalue));
+ if (!rc && !app->app_local->extcap.is_v2)
+ rc = iso7816_reset_retry_counter (app->slot, 0x82,
+ pinvalue, strlen (pinvalue));
}
else if (!app->app_local->extcap.is_v2)
{
@@ -2208,7 +2162,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
gpg_strerror (rc));
goto leave;
}
- rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno,
+ rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno, 0,
&pininfo);
/* Dismiss the prompt. */
pincb (pincb_arg, NULL, NULL);
diff --git a/scd/iso7816.c b/scd/iso7816.c
index 38ce79a01..dd73fc61d 100644
--- a/scd/iso7816.c
+++ b/scd/iso7816.c
@@ -307,16 +307,18 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen)
/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
verification vector CHVNO. With PININFO non-NULL the keypad of the
- reader will be used. */
+ reader will be used. If IS_EXCHANGE is 0, a "change reference
+ data" is done, otherwise an "exchange reference data". */
gpg_error_t
-iso7816_change_reference_data_kp (int slot, int chvno,
+iso7816_change_reference_data_kp (int slot, int chvno, int is_exchange,
iso7816_pininfo_t *pininfo)
{
int sw;
- sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, 0, chvno,
- pininfo->mode, pininfo->minlen, pininfo->maxlen,
- pininfo->padlen);
+ sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA,
+ is_exchange ? 1 : 0,
+ chvno, pininfo->mode, pininfo->minlen,
+ pininfo->maxlen, pininfo->padlen);
return map_sw (sw);
}
@@ -354,31 +356,6 @@ iso7816_change_reference_data (int slot, int chvno,
gpg_error_t
-iso7816_reset_retry_counter_kp (int slot, int chvno,
- const char *newchv, size_t newchvlen,
- iso7816_pininfo_t *pininfo)
-{
- int sw;
-
- if (!newchv || !newchvlen )
- return gpg_error (GPG_ERR_INV_VALUE);
-
- /* FIXME: The keypad mode has not yet been tested. */
- if (pininfo && pininfo->mode)
- sw = apdu_send_simple_kp (slot, 0x00, CMD_RESET_RETRY_COUNTER,
- 2, chvno, newchvlen, newchv,
- pininfo->mode,
- pininfo->minlen,
- pininfo->maxlen,
- pininfo->padlen);
- else
- sw = apdu_send_simple (slot, 0, 0x00, CMD_RESET_RETRY_COUNTER,
- 2, chvno, newchvlen, newchv);
- return map_sw (sw);
-}
-
-
-gpg_error_t
iso7816_reset_retry_counter_with_rc (int slot, int chvno,
const char *data, size_t datalen)
{
diff --git a/scd/iso7816.h b/scd/iso7816.h
index 6d5270288..d12855b1c 100644
--- a/scd/iso7816.h
+++ b/scd/iso7816.h
@@ -68,13 +68,10 @@ gpg_error_t iso7816_change_reference_data (int slot, int chvno,
const char *oldchv, size_t oldchvlen,
const char *newchv, size_t newchvlen);
gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno,
+ int is_exchange,
iso7816_pininfo_t *pininfo);
gpg_error_t iso7816_reset_retry_counter (int slot, int chvno,
const char *newchv, size_t newchvlen);
-gpg_error_t iso7816_reset_retry_counter_kp (int slot, int chvno,
- const char *newchv,
- size_t newchvlen,
- iso7816_pininfo_t *pininfo);
gpg_error_t iso7816_reset_retry_counter_with_rc (int slot, int chvno,
const char *data,
size_t datalen);
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-09 03:23:48 +0000