[pkg-opensc-commit] [opensc] 50/295: pkcs15: no PIN cache update in pincache-revalidate
Eric Dorland
eric at moszumanska.debian.org
Sat Jun 24 21:11:15 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository opensc.
commit 49a4eaaef320c7ef25fb33c78a25dda4c5a3d231
Author: Viktor Tarasov <viktor.tarasov at gmail.com>
Date: Sun Jul 24 18:42:01 2016 +0200
pkcs15: no PIN cache update in pincache-revalidate
PIN cache is not updated when PIN is verified using the PIN value from cache.
That's the case of validating PIN in 'revalidate' context.
Few source format fixes included
closes #805
---
src/libopensc/pkcs15-pin.c | 59 +++++++++++++++++++++++++++++++---------------
1 file changed, 40 insertions(+), 19 deletions(-)
diff --git a/src/libopensc/pkcs15-pin.c b/src/libopensc/pkcs15-pin.c
index 1bd1034..61756c9 100644
--- a/src/libopensc/pkcs15-pin.c
+++ b/src/libopensc/pkcs15-pin.c
@@ -31,6 +31,9 @@
#include "asn1.h"
#include "pkcs15.h"
+int _sc_pkcs15_verify_pin(struct sc_pkcs15_card *, struct sc_pkcs15_object *,
+ const unsigned char *, size_t);
+
static const struct sc_asn1_entry c_asn1_com_ao_attr[] = {
{ "authId", SC_ASN1_PKCS15_ID, SC_ASN1_TAG_OCTET_STRING, 0, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL }
@@ -69,15 +72,16 @@ static const struct sc_asn1_entry c_asn1_auth_type[] = {
{ NULL, 0, 0, 0, NULL, NULL }
};
static const struct sc_asn1_entry c_asn1_auth_type_choice[] = {
- { "pin", SC_ASN1_PKCS15_OBJECT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL },
- { "biometricTemplate", SC_ASN1_PKCS15_OBJECT, SC_ASN1_CTX | 0 | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL },
- { "authKey", SC_ASN1_PKCS15_OBJECT, SC_ASN1_CTX | 1 | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL },
+ { "pin", SC_ASN1_PKCS15_OBJECT, SC_ASN1_TAG_SEQUENCE | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL },
+ { "biometricTemplate", SC_ASN1_PKCS15_OBJECT, SC_ASN1_CTX | 0 | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL },
+ { "authKey", SC_ASN1_PKCS15_OBJECT, SC_ASN1_CTX | 1 | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL },
{ NULL, 0, 0, 0, NULL, NULL }
};
-int sc_pkcs15_decode_aodf_entry(struct sc_pkcs15_card *p15card,
- struct sc_pkcs15_object *obj,
- const u8 ** buf, size_t *buflen)
+
+int
+sc_pkcs15_decode_aodf_entry(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *obj,
+ const u8 ** buf, size_t *buflen)
{
sc_context_t *ctx = p15card->card->ctx;
struct sc_pkcs15_auth_info info;
@@ -218,9 +222,9 @@ int sc_pkcs15_encode_aodf_entry(sc_context_t *ctx,
sc_copy_asn1_entry(c_asn1_auth_type, asn1_auth_type);
sc_copy_asn1_entry(c_asn1_auth_type_choice, asn1_auth_type_choice);
- sc_copy_asn1_entry(c_asn1_type_pin_attr, asn1_type_pin_attr);
- sc_copy_asn1_entry(c_asn1_pin_attr, asn1_pin_attr);
- sc_copy_asn1_entry(c_asn1_com_ao_attr, asn1_com_ao_attr);
+ sc_copy_asn1_entry(c_asn1_type_pin_attr, asn1_type_pin_attr);
+ sc_copy_asn1_entry(c_asn1_pin_attr, asn1_pin_attr);
+ sc_copy_asn1_entry(c_asn1_com_ao_attr, asn1_com_ao_attr);
sc_format_asn1_entry(asn1_auth_type + 0, asn1_auth_type_choice, NULL, 1);
sc_format_asn1_entry(asn1_auth_type_choice + 0, &pin_obj, NULL, 1);
@@ -248,9 +252,8 @@ int sc_pkcs15_encode_aodf_entry(sc_context_t *ctx,
}
-static int _validate_pin(struct sc_pkcs15_card *p15card,
- struct sc_pkcs15_auth_info *auth_info,
- size_t pinlen)
+static int
+_validate_pin(struct sc_pkcs15_card *p15card, struct sc_pkcs15_auth_info *auth_info, size_t pinlen)
{
size_t max_length;
assert(p15card != NULL);
@@ -282,9 +285,26 @@ static int _validate_pin(struct sc_pkcs15_card *p15card,
* should ask the card reader to obtain the PIN from the
* reader's PIN pad
*/
-int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
- struct sc_pkcs15_object *pin_obj,
- const unsigned char *pincode, size_t pinlen)
+int
+sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pin_obj,
+ const unsigned char *pincode, size_t pinlen)
+{
+ struct sc_context *ctx = p15card->card->ctx;
+ int r;
+
+ LOG_FUNC_CALLED(ctx);
+
+ r = _sc_pkcs15_verify_pin(p15card, pin_obj, pincode, pinlen);
+ if (r == SC_SUCCESS)
+ sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
+
+ LOG_FUNC_RETURN(ctx, r);
+}
+
+
+int
+_sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pin_obj,
+ const unsigned char *pincode, size_t pinlen)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
@@ -366,13 +386,13 @@ int sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card,
r = sc_pin_cmd(card, &data, &auth_info->tries_left);
sc_log(ctx, "PIN cmd result %i", r);
- if (r == SC_SUCCESS)
- sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
out:
sc_unlock(card);
LOG_FUNC_RETURN(ctx, r);
}
+
+
/*
* Change a PIN.
*/
@@ -675,7 +695,8 @@ void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_obj
}
/* Validate the PIN code associated with an object */
-int sc_pkcs15_pincache_revalidate(struct sc_pkcs15_card *p15card, const sc_pkcs15_object_t *obj)
+int
+sc_pkcs15_pincache_revalidate(struct sc_pkcs15_card *p15card, const sc_pkcs15_object_t *obj)
{
struct sc_context *ctx = p15card->card->ctx;
sc_pkcs15_object_t *pin_obj;
@@ -710,7 +731,7 @@ int sc_pkcs15_pincache_revalidate(struct sc_pkcs15_card *p15card, const sc_pkcs1
return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
pin_obj->usage_counter++;
- r = sc_pkcs15_verify_pin(p15card, pin_obj, pin_obj->content.value, pin_obj->content.len);
+ r = _sc_pkcs15_verify_pin(p15card, pin_obj, pin_obj->content.value, pin_obj->content.len);
if (r != SC_SUCCESS) {
/* Ensure that wrong PIN isn't used again */
sc_pkcs15_free_object_content(pin_obj);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git
More information about the pkg-opensc-commit
mailing list