[PATCH] pcsc pinpad support (part 4)

NIIBE Yutaka gniibe at fsij.org
Mon Jan 17 07:50:07 CET 2011


Here is the part 4.

Compilation is tested, but it is not tested well.  I don't have a
reader with keypad (I am implementing the feature in Gnuk now).
Please report your result(s) if you test these patch series.  Thanks
in advance.


2011-01-17  NIIBE Yutaka  <gniibe at fsij.org>

	* apdu.h (apdu_keypad_modify): New.

	* apdu.c (reader_table_s: Add field for keypad_modify.
	(pcsc_keypad_modify): New.
	(apdu_keypad_modify): New.

	* app-openpgp.c (do_change_pin): Handle keypad and call
	iso7816_change_reference_data_kp if it is the case.

	* iso7816.h (iso7816_change_reference_data_kp): Remove arguments
	of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN.

	* iso7816.c (iso7816_change_reference_data_kp): Call
	apdu_keypad_modify.
	(iso7816_change_reference_data): Don't call
	iso7816_change_reference_data_kp.

---
 scd/apdu.c        |  111 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 scd/apdu.h        |    3 +
 scd/app-openpgp.c |   60 ++++++++++++++++++++---------
 scd/iso7816.c     |   53 ++++++++++---------------
 scd/iso7816.h     |    4 +-
 5 files changed, 178 insertions(+), 53 deletions(-)

diff --git a/scd/apdu.c b/scd/apdu.c
index 5b7f883..df19640 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -111,6 +111,7 @@ struct reader_table_s {
   void (*dump_status_reader)(int);
   int (*set_progress_cb)(int, gcry_handler_progress_t, void*);
   int (*keypad_verify)(int, int, int, int, int, struct pininfo_s *);
+  int (*keypad_modify)(int, int, int, int, int, struct pininfo_s *);

   struct {
     ccid_driver_t handle;
@@ -331,6 +332,8 @@ static int check_pcsc_keypad (int slot, int command, int pin_mode,
                               int pinlen_min, int pinlen_max, int pin_padlen);
 static int pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
                                struct pininfo_s *pininfo);
+static int pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
+                               struct pininfo_s *pininfo);


 
@@ -378,6 +381,7 @@ new_reader_slot (void)
   reader_table[reader].dump_status_reader = NULL;
   reader_table[reader].set_progress_cb = NULL;
   reader_table[reader].keypad_verify = pcsc_keypad_verify;
+  reader_table[reader].keypad_modify = pcsc_keypad_modify;

   reader_table[reader].used = 1;
   reader_table[reader].any_status = 0;
@@ -665,6 +669,7 @@ open_ct_reader (int port)
   reader_table[reader].check_keypad = NULL;
   reader_table[reader].dump_status_reader = ct_dump_reader_status;
   reader_table[reader].keypad_verify = NULL;
+  reader_table[reader].keypad_modify = NULL;

   dump_reader_status (reader);
   return reader;
@@ -2102,6 +2107,88 @@ pcsc_keypad_verify (int slot, int class, int ins, int p0, int p1,
   sw = (result[resultlen-2] << 8) | result[resultlen-1];
   return sw;
 }
+
+
+#define PIN_MODIFY_STRUCTURE_SIZE 28
+static int
+pcsc_keypad_modify (int slot, int class, int ins, int p0, int p1,
+                    struct pininfo_s *pininfo)
+{
+  int sw;
+  unsigned char *pin_modify;
+  unsigned long len = PIN_MODIFY_STRUCTURE_SIZE;
+  unsigned char result[2];
+  size_t resultlen = 2;
+
+  if (!reader_table[slot].atrlen
+      && (sw = reset_pcsc_reader (slot)))
+    return sw;
+
+  if (pininfo->mode != 1)
+    return SW_NOT_SUPPORTED;
+
+  if (pininfo->padlen != 0)
+    return SW_NOT_SUPPORTED;
+
+  if (!pininfo->minlen)
+    pininfo->minlen = 1;
+  if (!pininfo->maxlen)
+    pininfo->maxlen = 25;
+
+  /* Note that the 25 is the maximum value the SPR532 allows.  */
+  if (pininfo->minlen < 1 || pininfo->minlen > 25
+      || pininfo->maxlen < 1 || pininfo->maxlen > 25
+      || pininfo->minlen > pininfo->maxlen)
+    return SW_HOST_INV_VALUE;
+
+  pin_modify = xtrymalloc (len);
+  if (!pin_modify)
+    return SW_HOST_OUT_OF_CORE;
+
+  pin_modify[0] = 0x00; /* bTimerOut */
+  pin_modify[1] = 0x00; /* bTimerOut2 */
+  pin_modify[2] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */
+  pin_modify[3] = 0x00; /* bmPINBlockString */
+  pin_modify[4] = 0x00; /* bmPINLengthFormat */
+  pin_modify[5] = 0x00; /* bInsertionOffsetOld */
+  pin_modify[6] = 0x00; /* bInsertionOffsetNew */
+  pin_modify[7] = pininfo->maxlen; /* wPINMaxExtraDigit */
+  pin_modify[8] = pininfo->minlen; /* wPINMaxExtraDigit */
+  pin_modify[9] = 0x03;  /* bConfirmPIN
+                          *    0x00: new PIN once
+                          *    0x01: new PIN twice (confirmation)
+                          *    0x02: old PIN and new PIN once
+                          *    0x03: old PIN and new PIN twice (confirmation)
+                          */
+  pin_modify[10] = 0x02; /* bEntryValidationCondition: Validation key pressed */
+  if (pininfo->minlen && pininfo->maxlen && pininfo->minlen == pininfo->maxlen)
+    pin_modify[10] |= 0x01; /* Max size reached.  */
+  pin_modify[11] = 0xff; /* bNumberMessage: Default */
+  pin_modify[12] =  0x09; /* wLangId: 0x0409: US English */
+  pin_modify[13] = 0x04; /* wLangId: 0x0409: US English */
+  pin_modify[14] = 0x00; /* bMsgIndex1 */
+  pin_modify[15] = 0x00; /* bMsgIndex2 */
+  pin_modify[16] = 0x00; /* bMsgIndex3 */
+  pin_modify[17] = 0x00; /* bTeoPrologue[0] */
+  pin_modify[18] = 0x00; /* bTeoPrologue[1] */
+  pin_modify[19] = 0x00; /* bTeoPrologue[2] */
+  pin_modify[20] = 0x04; /* ulDataLength */
+  pin_modify[21] = 0x00; /* ulDataLength */
+  pin_modify[22] = 0x00; /* ulDataLength */
+  pin_modify[23] = 0x00; /* ulDataLength */
+  pin_modify[24] = class; /* abData[0] */
+  pin_modify[25] = ins; /* abData[1] */
+  pin_modify[26] = p0; /* abData[2] */
+  pin_modify[27] = p1; /* abData[3] */
+
+  sw = control_pcsc (slot, reader_table[slot].pcsc.modify_ioctl,
+                     pin_modify, len, result, &resultlen);
+  xfree (pin_modify);
+  if (sw || resultlen < 2)
+    return sw? sw : SW_HOST_INCOMPLETE_CARD_RESPONSE;
+  sw = (result[resultlen-2] << 8) | result[resultlen-1];
+  return sw;
+}
 
 #ifdef HAVE_LIBUSB
 /*
@@ -2313,6 +2400,7 @@ open_ccid_reader (const char *portstr)
   reader_table[slot].dump_status_reader = dump_ccid_reader_status;
   reader_table[slot].set_progress_cb = set_progress_cb_ccid_reader;
   reader_table[slot].keypad_verify = ccid_keypad_verify;
+  reader_table[slot].keypad_modify = NULL;
   /* Our CCID reader code does not support T=0 at all, thus reset the
      flag.  */
   reader_table[slot].is_t0 = 0;
@@ -2606,6 +2694,7 @@ open_rapdu_reader (int portno,
   reader_table[slot].check_keypad = NULL;
   reader_table[slot].dump_status_reader = NULL;
   reader_table[slot].keypad_verify = NULL;
+  reader_table[slot].keypad_modify = NULL;

   dump_reader_status (slot);
   rapdu_msg_release (msg);
@@ -3223,6 +3312,28 @@ apdu_keypad_verify (int slot, int class, int ins, int p0, int p1, int pin_mode,
 }


+int
+apdu_keypad_modify (int slot, int class, int ins, int p0, int p1, int pin_mode,
+                    int pinlen_min, int pinlen_max, int pin_padlen)
+{
+  struct pininfo_s pininfo;
+
+  pininfo.mode = pin_mode;
+  pininfo.minlen = pinlen_min;
+  pininfo.maxlen = pinlen_max;
+  pininfo.padlen = pin_padlen;
+
+  if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
+    return SW_HOST_NO_DRIVER;
+
+  if (reader_table[slot].keypad_modify)
+    return reader_table[slot].keypad_modify (slot, class, ins, p0, p1,
+                                             &pininfo);
+  else
+    return SW_HOST_NOT_SUPPORTED;
+}
+
+
 /* Dispatcher for the actual send_apdu function. Note, that this
    function should be called in locked state. */
 static int
diff --git a/scd/apdu.h b/scd/apdu.h
index 4d21fb8..dbfffcc 100644
--- a/scd/apdu.h
+++ b/scd/apdu.h
@@ -117,6 +117,9 @@ int apdu_check_keypad (int slot, int command, int pin_mode,
 int apdu_keypad_verify (int slot, int class, int ins, int p0, int p1,
                         int pin_mode, int pinlen_min, int pinlen_max,
                         int pin_padlen);
+int apdu_keypad_modify (int slot, int class, int ins, int p0, int p1,
+                        int pin_mode, int pinlen_min, int pinlen_max,
+                        int pin_padlen);
 int apdu_send_simple (int slot, int extended_mode,
                       int class, int ins, int p0, int p1,
                       int lc, const char *data);
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index ac8eacb..48af0ca 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -1906,8 +1906,14 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
   char *pinvalue;
   int reset_mode = !!(flags & APP_CHANGE_FLAG_RESET);
   int set_resetcode = 0;
+  iso7816_pininfo_t pininfo;
+  int use_keypad = 0;
+  int minlen = 6;

   (void)ctrl;
+  memset (&pininfo, 0, sizeof pininfo);
+  pininfo.mode = 1;
+  pininfo.minlen = minlen;

   if (reset_mode && chvno == 3)
     {
@@ -1951,6 +1957,11 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
     {
       /* Version 2 cards.  */

+      if (!opt.disable_keypad
+          && !iso7816_check_keypad (app->slot,
+                                    ISO7816_CHANGE_REFERENCE_DATA, &pininfo))
+        use_keypad = 1;
+
       if (reset_mode)
         {
           /* To reset a PIN the Admin PIN is required. */
@@ -1964,12 +1975,12 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
         }
       else if (chvno == 1 || chvno == 3)
         {
-          int minlen = (chvno ==3)? 8 : 6;
           char *promptbuf = NULL;
           const char *prompt;

           if (chvno == 3)
             {
+              minlen = 8;
               rc = build_enter_admin_pin_prompt (app, &promptbuf);
               if (rc)
                 goto leave;
@@ -1977,7 +1988,9 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
             }
           else
             prompt = _("||Please enter the PIN");
-          rc = pincb (pincb_arg, prompt, &oldpinvalue);
+
+          rc = pincb (pincb_arg, prompt, use_keypad ? NULL : &oldpinvalue);
+
           xfree (promptbuf);
           promptbuf = NULL;
           if (rc)
@@ -1987,7 +2000,7 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
               goto leave;
             }

-          if (strlen (oldpinvalue) < minlen)
+          if (!use_keypad && strlen (oldpinvalue) < minlen)
             {
               log_info (_("PIN for CHV%d is too short;"
                           " minimum length is %d\n"), chvno, minlen);
@@ -2003,8 +2016,8 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
           unsigned char *value;
           size_t valuelen;
           int remaining;
-          int minlen = 8;

+          minlen = 8;
           relptr = get_one_do (app, 0x00C4, &value, &valuelen, NULL);
           if (!relptr || valuelen < 7)
             {
@@ -2051,17 +2064,20 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
   else
     app->did_chv1 = app->did_chv2 = 0;

-  /* TRANSLATORS: Do not translate the "|*|" prefixes but
-     keep it at the start of the string.  We need this elsewhere
-     to get some infos on the string. */
-  rc = pincb (pincb_arg,
-              set_resetcode? _("|RN|New Reset Code") :
-              chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"),
-              &pinvalue);
-  if (rc)
+  if (!use_keypad)
     {
-      log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc));
-      goto leave;
+      /* TRANSLATORS: Do not translate the "|*|" prefixes but
+         keep it at the start of the string.  We need this elsewhere
+         to get some infos on the string. */
+      rc = pincb (pincb_arg,
+                  set_resetcode? _("|RN|New Reset Code") :
+                  chvno == 3? _("|AN|New Admin PIN") : _("|N|New PIN"),
+                  &pinvalue);
+      if (rc)
+        {
+          log_error (_("error getting new PIN: %s\n"), gpg_strerror (rc));
+          goto leave;
+        }
     }


@@ -2121,10 +2137,18 @@ do_change_pin (app_t app, ctrl_t ctrl,  const char *chvnostr,
     {
       /* Version 2 cards.  */
       assert (chvno == 1 || chvno == 3);
-
-      rc = iso7816_change_reference_data (app->slot, 0x80 + chvno,
-                                          oldpinvalue, strlen (oldpinvalue),
-                                          pinvalue, strlen (pinvalue));
+
+      if (use_keypad)
+        {
+          rc = iso7816_change_reference_data_kp (app->slot, 0x80 + chvno,
+                                                 &pininfo);
+          /* Dismiss the prompt. */
+          pincb (pincb_arg, NULL, NULL);
+        }
+      else
+        rc = iso7816_change_reference_data (app->slot, 0x80 + chvno,
+                                            oldpinvalue, strlen (oldpinvalue),
+                                            pinvalue, strlen (pinvalue));
     }

   if (pinvalue)
diff --git a/scd/iso7816.c b/scd/iso7816.c
index 8490dad..117de04 100644
--- a/scd/iso7816.c
+++ b/scd/iso7816.c
@@ -306,16 +306,29 @@ iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen)
 }

 /* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
+   verification vector CHVNO.  With PININFO non-NULL the keypad of the
+   reader will be used.  */
+gpg_error_t
+iso7816_change_reference_data_kp (int slot, int chvno,
+                                  iso7816_pininfo_t *pininfo)
+{
+  int sw;
+
+  sw = apdu_keypad_modify (slot, 0x00, CMD_CHANGE_REFERENCE_DATA, 0, chvno,
+                           pininfo->mode, pininfo->minlen, pininfo->maxlen,
+                           pininfo->padlen);
+  return map_sw (sw);
+}
+
+/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
    verification vector CHVNO.  If the OLDCHV is NULL (and OLDCHVLEN
    0), a "change reference data" is done, otherwise an "exchange
    reference data".  The new reference data is expected in NEWCHV of
-   length NEWCHVLEN.  With PININFO non-NULL the keypad of the reader
-   will be used.  */
+   length NEWCHVLEN.  */
 gpg_error_t
-iso7816_change_reference_data_kp (int slot, int chvno,
-                                  const char *oldchv, size_t oldchvlen,
-                                  const char *newchv, size_t newchvlen,
-                                  iso7816_pininfo_t *pininfo)
+iso7816_change_reference_data (int slot, int chvno,
+                               const char *oldchv, size_t oldchvlen,
+                               const char *newchv, size_t newchvlen)
 {
   int sw;
   char *buf;
@@ -332,36 +345,12 @@ iso7816_change_reference_data_kp (int slot, int chvno,
     memcpy (buf, oldchv, oldchvlen);
   memcpy (buf+oldchvlen, newchv, newchvlen);

-  if (pininfo && pininfo->mode)
-    sw = apdu_send_simple_kp (slot, 0x00, CMD_CHANGE_REFERENCE_DATA,
-                           oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf,
-                           pininfo->mode,
-                           pininfo->minlen,
-                           pininfo->maxlen,
-                           pininfo->padlen);
-  else
-    sw = apdu_send_simple (slot, 0, 0x00, CMD_CHANGE_REFERENCE_DATA,
-                           oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf);
+  sw = apdu_send_simple (slot, 0, 0x00, CMD_CHANGE_REFERENCE_DATA,
+                         oldchvlen? 0 : 1, chvno, oldchvlen+newchvlen, buf);
   xfree (buf);
   return map_sw (sw);
-
 }

-/* Perform a CHANGE_REFERENCE_DATA command on SLOT for the card holder
-   verification vector CHVNO.  If the OLDCHV is NULL (and OLDCHVLEN
-   0), a "change reference data" is done, otherwise an "exchange
-   reference data".  The new reference data is expected in NEWCHV of
-   length NEWCHVLEN.  */
-gpg_error_t
-iso7816_change_reference_data (int slot, int chvno,
-                               const char *oldchv, size_t oldchvlen,
-                               const char *newchv, size_t newchvlen)
-{
-  return iso7816_change_reference_data_kp (slot, chvno, oldchv, oldchvlen,
-                                           newchv, newchvlen, NULL);
-}
-
-
 gpg_error_t
 iso7816_reset_retry_counter_kp (int slot, int chvno,
                                 const char *newchv, size_t newchvlen,
diff --git a/scd/iso7816.h b/scd/iso7816.h
index 6af4701..6d52702 100644
--- a/scd/iso7816.h
+++ b/scd/iso7816.h
@@ -68,9 +68,7 @@ gpg_error_t iso7816_change_reference_data (int slot, int chvno,
                                const char *oldchv, size_t oldchvlen,
                                const char *newchv, size_t newchvlen);
 gpg_error_t iso7816_change_reference_data_kp (int slot, int chvno,
-                               const char *oldchv, size_t oldchvlen,
-                               const char *newchv, size_t newchvlen,
-                               iso7816_pininfo_t *pininfo);
+                                              iso7816_pininfo_t *pininfo);
 gpg_error_t iso7816_reset_retry_counter (int slot, int chvno,
                                          const char *newchv, size_t newchvlen);
 gpg_error_t iso7816_reset_retry_counter_kp (int slot, int chvno,
-- 
1.7.2.3




More information about the Gnupg-devel mailing list