[pkg-opensc-commit] [opensc] 198/295: Set PIN-PUK association for cards that don't have it set

Eric Dorland eric at moszumanska.debian.org
Sat Jun 24 21:11:31 UTC 2017 

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository opensc.

commit 1168ca00f3c28f0fa55a2ecd809b4400fa285d2c
Author: Maciej S. Szmigiero <mail at maciej.szmigiero.name>
Date:   Sun Aug 14 00:55:13 2016 +0200

    Set PIN-PUK association for cards that don't have it set
    
    sc_pkcs15_unblock_pin() in libopensc/pkcs15-pin.c wants to associate PIN
    to be unblocked with its PUK to check, for example, whether provided PUK
    conforms to its policy.
    
    When this function is not able to find a relevant PUK is uses policy for
    PIN to be unblocked instead to check provided PUK which causes problems if
    PIN and PUK policies differ.
    
    Set PIN-PUK association for cards where it was unset and where this
    association was either obvious, described in code or specs or provided
    by the community.
    
    Signed-off-by: Maciej S. Szmigiero <mail at maciej.szmigiero.name>
---
 src/libopensc/pkcs15-gids.c     | 26 +++++++++++++++++---------
 src/libopensc/pkcs15-oberthur.c |  9 +++++++++
 src/libopensc/pkcs15-openpgp.c  |  4 ++++
 src/libopensc/pkcs15-piv.c      |  8 ++++++++
 src/libopensc/pkcs15-sc-hsm.c   |  2 ++
 src/libopensc/pkcs15-westcos.c  |  5 ++++-
 6 files changed, 44 insertions(+), 10 deletions(-)

diff --git a/src/libopensc/pkcs15-gids.c b/src/libopensc/pkcs15-gids.c
index f0eed06..158d7e0 100644
--- a/src/libopensc/pkcs15-gids.c
+++ b/src/libopensc/pkcs15-gids.c
@@ -118,6 +118,7 @@ static int sc_pkcs15emu_gids_init (sc_pkcs15_card_t * p15card)
 	struct sc_pkcs15_object pin_obj;
 	struct sc_pin_cmd_data pin_cmd_data;
 	size_t recordsnum;
+	int has_puk;
 
 	r = sc_card_ctl(card, SC_CARDCTL_GIDS_GET_ALL_CONTAINERS, &recordsnum);
 	SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "unable to get the containers. Uninitialized card ?");
@@ -183,21 +184,28 @@ static int sc_pkcs15emu_gids_init (sc_pkcs15_card_t * p15card)
 	strlcpy(pin_obj.label, "UserPIN", sizeof(pin_obj.label));
 	pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE|SC_PKCS15_CO_FLAG_MODIFIABLE;
 
+	/*
+	 * check whether PUK is available on this card and then optionally
+	 * link PIN with PUK.
+	 */
+	pin_cmd_data.pin_reference = 0x81;
+	has_puk = sc_pin_cmd(card, &pin_cmd_data, NULL) == SC_SUCCESS;
+	if (has_puk) {
+		pin_obj.auth_id.len = 1;
+		pin_obj.auth_id.value[0] = 0x81;
+	}
+
 	r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info);
 	SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "unable to sc_pkcs15emu_add_pin_obj");
 
-	// add the PUK if it is available on the card. Not all card have a PUK
-	pin_info.attrs.pin.reference = 0x81;
-	pin_info.auth_id.value[0] = 0x81;
-	pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED | SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN;
-	pin_info.attrs.pin.reference = 0x81;
-	pin_cmd_data.pin_reference = pin_info.attrs.pin.reference;
-
-	r = sc_pin_cmd(card, &pin_cmd_data, NULL);
-	if (r == SC_SUCCESS) {
+	if (has_puk) {
+		pin_info.auth_id.value[0] = 0x81;
+		pin_info.attrs.pin.flags = SC_PKCS15_PIN_FLAG_LOCAL|SC_PKCS15_PIN_FLAG_INITIALIZED | SC_PKCS15_PIN_FLAG_UNBLOCKING_PIN;
+		pin_info.attrs.pin.reference = 0x81;
 		pin_info.max_tries = pin_cmd_data.pin1.max_tries;
 		pin_info.tries_left = pin_cmd_data.pin1.tries_left;
 		strlcpy(pin_obj.label, "PUK", sizeof(pin_obj.label));
+		pin_obj.auth_id.len = 0;
 		r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info);
 		SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "unable to sc_pkcs15emu_add_pin_obj with PUK");
 	}
diff --git a/src/libopensc/pkcs15-oberthur.c b/src/libopensc/pkcs15-oberthur.c
index 4fb9e67..5073d36 100644
--- a/src/libopensc/pkcs15-oberthur.c
+++ b/src/libopensc/pkcs15-oberthur.c
@@ -991,6 +991,15 @@ sc_pkcs15emu_oberthur_init(struct sc_pkcs15_card * p15card)
 
 		strncpy(obj.label, PIN_DOMAIN_LABEL, SC_PKCS15_MAX_LABEL_SIZE-1);
 		obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE;
+		if (sopin_reference == 0x84) {
+			/*
+			 * auth_pin_reset_oberthur_style() in card-oberthur.c
+			 * always uses PUK with reference 0x84 for
+			 * unblocking of User PIN
+			 */
+			obj.auth_id.len = 1;
+			obj.auth_id.value[0] = 0xFF;
+		}
 
 		sc_format_path(AWP_PIN_DF, &auth_info.path);
 		auth_info.path.type = SC_PATH_TYPE_PATH;
diff --git a/src/libopensc/pkcs15-openpgp.c b/src/libopensc/pkcs15-openpgp.c
index 62086cc..678dedf 100644
--- a/src/libopensc/pkcs15-openpgp.c
+++ b/src/libopensc/pkcs15-openpgp.c
@@ -231,6 +231,10 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
 
 		strlcpy(pin_obj.label, pin_cfg[i].label, sizeof(pin_obj.label));
 		pin_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE;
+		if (i < 2) {
+			pin_obj.auth_id.len = 1;
+			pin_obj.auth_id.value[0] = 3;
+		}
 
 		r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info);
 		if (r < 0)
diff --git a/src/libopensc/pkcs15-piv.c b/src/libopensc/pkcs15-piv.c
index bf72df0..93c3ba7 100644
--- a/src/libopensc/pkcs15-piv.c
+++ b/src/libopensc/pkcs15-piv.c
@@ -934,6 +934,14 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
 sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE Adding pin %d label=%s",i, label);
 		strncpy(pin_obj.label, label, SC_PKCS15_MAX_LABEL_SIZE - 1);
 		pin_obj.flags = pins[i].obj_flags;
+		if (i == 0 && pin_info.attrs.pin.reference == 0x80) {
+			/*
+			 * according to description of "RESET RETRY COUNTER"
+			 * command in specs PUK can only unblock PIV PIN
+			 */
+			pin_obj.auth_id.len = 1;
+			pin_obj.auth_id.value[0] = 2;
+		}
 
 		r = sc_pkcs15emu_add_pin_obj(p15card, &pin_obj, &pin_info);
 		if (r < 0)
diff --git a/src/libopensc/pkcs15-sc-hsm.c b/src/libopensc/pkcs15-sc-hsm.c
index 938ea9d..252adff 100644
--- a/src/libopensc/pkcs15-sc-hsm.c
+++ b/src/libopensc/pkcs15-sc-hsm.c
@@ -876,6 +876,8 @@ static int sc_pkcs15emu_sc_hsm_init (sc_pkcs15_card_t * p15card)
 	pin_info.tries_left = 3;
 	pin_info.max_tries = 3;
 
+	pin_obj.auth_id.len = 1;
+	pin_obj.auth_id.value[0] = 2;
 	strlcpy(pin_obj.label, "UserPIN", sizeof(pin_obj.label));
 	pin_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE|SC_PKCS15_CO_FLAG_MODIFIABLE;
 
diff --git a/src/libopensc/pkcs15-westcos.c b/src/libopensc/pkcs15-westcos.c
index 0e1e634..424ca0c 100644
--- a/src/libopensc/pkcs15-westcos.c
+++ b/src/libopensc/pkcs15-westcos.c
@@ -97,9 +97,12 @@ static int sc_pkcs15emu_westcos_init(sc_pkcs15_card_t * p15card)
 				strlcpy(pin_obj.label, "Unblock",
 					sizeof(pin_obj.label));
 
-			else
+			else {
 				strlcpy(pin_obj.label, "User",
 					sizeof(pin_obj.label));
+				pin_obj.auth_id.len = 1;
+				pin_obj.auth_id.value[0] = 2;
+			}
 			pin_obj.flags =
 				SC_PKCS15_CO_FLAG_MODIFIABLE |
 				SC_PKCS15_CO_FLAG_PRIVATE;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git

More information about the pkg-opensc-commit mailing list