[PATCH] pcsc pinpad support (part 4)
NIIBE Yutaka
gniibe at fsij.org
Mon Jan 17 07:50:07 CET 2011
Here is the part 4.
Compilation is tested, but it is not tested well. I don't have a
reader with keypad (I am implementing the feature in Gnuk now).
Please report your result(s) if you test these patch series. Thanks
in advance.
2011-01-17 NIIBE Yutaka <gniibe at fsij.org>
* apdu.h (apdu_keypad_modify): New.
* apdu.c (reader_table_s: Add field for keypad_modify.
(pcsc_keypad_modify): New.
(apdu_keypad_modify): New.
* app-openpgp.c (do_change_pin): Handle keypad and call
iso7816_change_reference_data_kp if it is the case.
* iso7816.h (iso7816_change_reference_data_kp): Remove arguments
of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN.
* iso7816.c (iso7816_change_reference_data_kp): Call
apdu_keypad_modify.
(iso7816_change_reference_data): Don't call
iso7816_change_reference_data_kp.
---
scd/apdu.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++
scd/apdu.h | 3 +
scd/app-openpgp.c | 60 ++++++++++++++++++++---------
scd/iso7816.c | 53 ++++++++++---------------
scd/iso7816.h | 4 +-
5 files changed, 178 insertions(+), 53 deletions(-)
diff --git a/scd/apdu.c b/scd/apdu.c
index 5b7f883..df19640 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -111,6 +111,7 @@ struct reader_table_s {
void (*dump_status_reader)(int);
int (*set_progress_cb)(int, gcry_handler_progress_t, void*);
int (*keypad_verify)(int, int, int, int, int, struct pininfo_s *);
+ int (*keypad_modify)(int, int, int, int, int, struct pininfo_s *);
struct {
ccid_driver_t handle;
@@ -331,6 +332,8 @@ static int check_pcsc_keypad (int slot, int command, int pin_mode,
int pinlen_min, int pinlen_max, int pin_padlen);
static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
struct pininfo_s *pininfo);
+static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
+ struct pininfo_s *pininfo);
@@ -378,6 +381,7 @@ new_reader_slot (void)
reader_table[reader].dump_status_reader = NULL;
reader_table[reader].set_progress_cb = NULL;
reader_table[reader].keypad_verify = pcsc_keypad_verify;
+ reader_table[reader].keypad_modify = pcsc_keypad_modify;
reader_table[reader].used = 1;
reader_table[reader].any_status = 0;
@@ -665,6 +669,7 @@ open_ct_reader (int port)
reader_table[reader].check_keypad = NULL;
reader_table[reader].dump_status_reader = ct_dump_reader_status;
reader_table[reader].keypad_verify = NULL;
+ reader_table[reader].keypad_modify = NULL;
dump_reader_status (reader);
return reader;
@@ -2102,6 +2107,88 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
sw = (result[resultlen-2] << 8) | result[resultlen-1];
return sw;
}
+
+
+#define PIN_MODIFY_STRUCTURE_SIZE 28
+static int
+pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
+ struct pininfo_s *pininfo)
+{
+ int sw;
+ unsigned char *pin_modify;
+ unsigned long len = PIN_MODIFY_STRUCTURE_SIZE;
+ unsigned char result[2];
+ size_t resultlen = 2;
+
+ if (!reader_table[slot].atrlen
+ && (sw = reset_pcsc_reader (slot)))
+ return sw;
+
+ if (pininfo->mode != 1)
+ return SW_NOT_SUPPORTED;
+
+ if (pininfo->padlen != 0)
+ return SW_NOT_SUPPORTED;
+
+ if (!pininfo->minlen)
+ pininfo->minlen = 1;
+ if (!pininfo->maxlen)
+ pininfo->maxlen = 25;
+
+ /* Note that the 25 is the maximum value the SPR532 allows. */
+ if (pininfo->minlen < 1 || pininfo->minlen > 25
+ || pininfo->maxlen < 1 || pininfo->maxlen > 25
+ || pininfo->minlen > pininfo->maxlen)
+ return SW_HOST_INV_VALUE;
+
+ pin_modify = xtrymalloc (len);
+ if (!pin_modify)
+ return SW_HOST_OUT_OF_CORE;
+
+ pin_modify[0] = 0x00; /* bTimerOut */
+ pin_modify[1] = 0x00; /* bTimerOut2 */
+ pin_modify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */
+ pin_modify[3] = 0x00; /* bmPINBlockString */
+ pin_modify[4] = 0x00; /* bmPINLengthFormat */
+ pin_modify[5] = 0x00; /* bInsertionOffsetOld */
+ pin_modify[6] = 0x00; /* bInsertionOffsetNew */
+ pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */
+ pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */
+ pin_modify[9] = 0x03; /* bConfirmPIN
+ * 0x00: new PIN once
+ * 0x01: new PIN twice (confirmation)
+ * 0x02: old PIN and new PIN once
+ * 0x03: old PIN and new PIN twice (confirmation)
+ */
+ pin_modify[10] = 0x02; /* bEntryValidationCondition: Validation key pressed */
+ if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen)
+ pin_modify[10] |= 0x01; /* Max size reached. */
+ pin_modify[11] = 0xff; /* bNumberMessage: Default */
+ pin_modify[12] = 0x09; /* wLangId: 0x0409: US English */
+ pin_modify[13] = 0x04; /* wLangId: 0x0409: US English */
+ pin_modify[14] = 0x00; /* bMsgIndex1 */
+ pin_modify[15] = 0x00; /* bMsgIndex2 */
+ pin_modify[16] = 0x00; /* bMsgIndex3 */
+ pin_modify[17] = 0x00; /* bTeoPrologue[0] */
+ pin_modify[18] = 0x00; /* bTeoPrologue[1] */
+ pin_modify[19] = 0x00; /* bTeoPrologue[2] */
+ pin_modify[20] = 0x04; /* ulDataLength */
+ pin_modify[21] = 0x00; /* ulDataLength */
+ pin_modify[22] = 0x00; /* ulDataLength */
+ pin_modify[23] = 0x00; /* ulDataLength */
+ pin_modify[24] = class; /* abData[0] */
+ pin_modify[25] = ins; /* abData[1] */
+ pin_modify[26] = p0; /* abData[2] */
+ pin_modify[27] = p1; /* abData[3] */
+
+ sw = control_pcsc (slot, reader_table[slot].pcsc.modify_ioctl,
+ pin_modify, len, result, &resultlen);
+ xfree (pin_modify);
+ if (sw || resultlen < 2)
+ return sw? sw : SW_HOST_INCOMPLETE_CARD_RESPONSE;
+ sw = (result[resultlen-2] << 8) | result[resultlen-1];
+ return sw;
+}
#ifdef HAVE_LIBUSB
/*
@@ -2313,6 +2400,7 @@ open_ccid_reader (const char *portstr)
reader_table[slot].dump_status_reader = dump_ccid_reader_status;
reader_table[slot].set_progress_cb = set_progress_cb_ccid_reader;
reader_table[slot].keypad_verify = ccid_keypad_verify;
+ reader_table[slot].keypad_modify = NULL;
/* Our CCID reader code does not support T=0 at all, thus reset the
flag. */
reader_table[slot].is_t0 = 0;
@@ -2606,6 +2694,7 @@ open_rapdu_reader (int portno,
reader_table[slot].check_keypad = NULL;
reader_table[slot].dump_status_reader = NULL;
reader_table[slot].keypad_verify = NULL;
+ reader_table[slot].keypad_modify = NULL;
dump_reader_status (slot);
rapdu_msg_release (msg);
@@ -3223,6 +3312,28 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode,
}
+int
+apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int pin_mode,
+ int pinlen_min, int pinlen_max, int pin_padlen)
+{
+ struct pininfo_s pininfo;
+
+ pininfo.mode = pin_mode;
+ pininfo.minlen = pinlen_min;
+ pininfo.maxlen = pinlen_max;
+ pininfo.padlen = pin_padlen;
+
+ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+ return SW_HOST_NO_DRIVER;
+
+ if (reader_table[slot].keypad_modify)
+ return reader_table[slot].keypad_modify (slot, class, ins, p0, p1,
+ &pininfo);
+ else
+ return SW_HOST_NOT_SUPPORTED;
+}
+
+
/* Dispatcher for the actual send_apdu function. Note, that this
function should be called in locked state. */
static int
diff --git a/scd/apdu.h b/scd/apdu.h
index 4d21fb8..dbfffcc 100644
--- a/scd/apdu.h
+++ b/scd/apdu.h
@@ -117,6 +117,9 @@ int apdu_check_keypad (int slot, int command, int pin_mode,
int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1,
int pin_mode, int pinlen_min, int pinlen_max,
int pin_padlen);
+int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1,
+ int pin_mode, int pinlen_min, int pinlen_max,
+ int pin_padlen);
int apdu_send_simple (int slot, int extended_mode,
int class, int ins, int p0, int p1,
int lc, const char *data);
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index ac8eacb..48af0ca 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -1906,8 +1906,14 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
char *pinvalue;
int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET);
int set_resetcode = 0;
+ iso7816_pininfo_t pininfo;
+ int use_keypad = 0;
+ int minlen = 6;
(void)ctrl;
+ memset (&pininfo, 0, sizeof pininfo);
+ pininfo.mode = 1;
+ pininfo.minlen = minlen;
if (reset_mode && chvno == 3)
{
@@ -1951,6 +1957,11 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
{
/* Version 2 cards. */
+ if (!opt.disable_keypad
+ && !iso7816_check_keypad (app->slot,
+ ISO7816_CHANGE_REFERENCE_DATA, &pininfo))
+ use_keypad = 1;
+
if (reset_mode)
{
/* To reset a PIN the Admin PIN is required. */
@@ -1964,12 +1975,12 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
}
else if (chvno == 1 || chvno == 3)
{
- int minlen = (chvno ==3)? 8 : 6;
char *promptbuf = NULL;
const char *prompt;
if (chvno == 3)
{
+ minlen = 8;
rc = build_enter_admin_pin_prompt (app, &promptbuf);
if (rc)
goto leave;
@@ -1977,7 +1988,9 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
}
else
prompt = _("||Please enter the PIN");
- rc = pincb (pincb_arg, prompt, &oldpinvalue);
+
+ rc = pincb (pincb_arg, prompt, use_keypad ? NULL : &oldpinvalue);
+
xfree (promptbuf);
promptbuf = NULL;
if (rc)
@@ -1987,7 +2000,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
goto leave;
}
- if (strlen (oldpinvalue) < minlen)
+ if (!use_keypad && strlen (oldpinvalue) < minlen)
{
log_info (_("PIN for CHV%d is too short;"
" minimum length is %d\n"), chvno, minlen);
@@ -2003,8 +2016,8 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
unsigned char *value;
size_t valuelen;
int remaining;
- int minlen = 8;
+ minlen = 8;
relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
if (!relptr || valuelen < 7)
{
@@ -2051,17 +2064,20 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
else
app->did_chv1 = app->did_chv2 = 0;
- /* TRANSLATORS: Do not translate the "|*|" prefixes but
- keep it at the start of the string. We need this elsewhere
- to get some infos on the string. */
- rc = pincb (pincb_arg,
- set_resetcode? _("|RN|New Reset Code") :
- chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"),
- &pinvalue);
- if (rc)
+ if (!use_keypad)
{
- log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc));
- goto leave;
+ /* TRANSLATORS: Do not translate the "|*|" prefixes but
+ keep it at the start of the string. We need this elsewhere
+ to get some infos on the string. */
+ rc = pincb (pincb_arg,
+ set_resetcode? _("|RN|New Reset Code") :
+ chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"),
+ &pinvalue);
+ if (rc)
+ {
+ log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc));
+ goto leave;
+ }
}
@@ -2121,10 +2137,18 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
{
/* Version 2 cards. */
assert (chvno == 1 || chvno == 3);
-
- rc = iso7816_change_reference_data (app->slot, 0x80 + chvno,
- oldpinvalue, strlen (oldpinvalue),
- pinvalue, strlen (pinvalue));
+
+ if (use_keypad)
+ {
+ rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno,
+ &pininfo);
+ /* Dismiss the prompt. */
+ pincb (pincb_arg, NULL, NULL);
+ }
+ else
+ rc = iso7816_change_reference_data (app->slot, 0x80 + chvno,
+ oldpinvalue, strlen (oldpinvalue),
+ pinvalue, strlen (pinvalue));
}
if (pinvalue)
diff --git a/scd/iso7816.c b/scd/iso7816.c
index 8490dad..117de04 100644
--- a/scd/iso7816.c
+++ b/scd/iso7816.c
@@ -306,16 +306,29 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen)
}
/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
+ verification vector CHVNO. With PININFO non-NULL the keypad of the
+ reader will be used. */
+gpg_error_t
+iso7816_change_reference_data_kp (int slot, int chvno,
+ iso7816_pininfo_t *pininfo)
+{
+ int sw;
+
+ sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, 0, chvno,
+ pininfo->mode, pininfo->minlen, pininfo->maxlen,
+ pininfo->padlen);
+ return map_sw (sw);
+}
+
+/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
verification vector CHVNO. If the OLDCHV is NULL (and OLDCHVLEN
0), a "change reference data" is done, otherwise an "exchange
reference data". The new reference data is expected in NEWCHV of
- length NEWCHVLEN. With PININFO non-NULL the keypad of the reader
- will be used. */
+ length NEWCHVLEN. */
gpg_error_t
-iso7816_change_reference_data_kp (int slot, int chvno,
- const char *oldchv, size_t oldchvlen,
- const char *newchv, size_t newchvlen,
- iso7816_pininfo_t *pininfo)
+iso7816_change_reference_data (int slot, int chvno,
+ const char *oldchv, size_t oldchvlen,
+ const char *newchv, size_t newchvlen)
{
int sw;
char *buf;
@@ -332,36 +345,12 @@ iso7816_change_reference_data_kp (int slot, int chvno,
memcpy (buf, oldchv, oldchvlen);
memcpy (buf+oldchvlen, newchv, newchvlen);
- if (pininfo && pininfo->mode)
- sw = apdu_send_simple_kp (slot, 0x00, CMD_CHANGE_REFERENCE_DATA,
- oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf,
- pininfo->mode,
- pininfo->minlen,
- pininfo->maxlen,
- pininfo->padlen);
- else
- sw = apdu_send_simple (slot, 0, 0x00, CMD_CHANGE_REFERENCE_DATA,
- oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf);
+ sw = apdu_send_simple (slot, 0, 0x00, CMD_CHANGE_REFERENCE_DATA,
+ oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf);
xfree (buf);
return map_sw (sw);
-
}
-/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
- verification vector CHVNO. If the OLDCHV is NULL (and OLDCHVLEN
- 0), a "change reference data" is done, otherwise an "exchange
- reference data". The new reference data is expected in NEWCHV of
- length NEWCHVLEN. */
-gpg_error_t
-iso7816_change_reference_data (int slot, int chvno,
- const char *oldchv, size_t oldchvlen,
- const char *newchv, size_t newchvlen)
-{
- return iso7816_change_reference_data_kp (slot, chvno, oldchv, oldchvlen,
- newchv, newchvlen, NULL);
-}
-
-
gpg_error_t
iso7816_reset_retry_counter_kp (int slot, int chvno,
const char *newchv, size_t newchvlen,
diff --git a/scd/iso7816.h b/scd/iso7816.h
index 6af4701..6d52702 100644
--- a/scd/iso7816.h
+++ b/scd/iso7816.h
@@ -68,9 +68,7 @@ gpg_error_t iso7816_change_reference_data (int slot, int chvno,
const char *oldchv, size_t oldchvlen,
const char *newchv, size_t newchvlen);
gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno,
- const char *oldchv, size_t oldchvlen,
- const char *newchv, size_t newchvlen,
- iso7816_pininfo_t *pininfo);
+ iso7816_pininfo_t *pininfo);
gpg_error_t iso7816_reset_retry_counter (int slot, int chvno,
const char *newchv, size_t newchvlen);
gpg_error_t iso7816_reset_retry_counter_kp (int slot, int chvno,
--
1.7.2.3
More information about the Gnupg-devel
mailing list