coelner/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2024-09-20 11:20:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding pka_enabled() to check whether the device is configured with PKA.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2022-08-09 00:26:56 +02:00
parent 30d3270e1d
commit cdce9ab50b
No known key found for this signature in database
GPG Key ID: C0095B7870A4CCD3
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/hsm/sc_hsm.c
View File

@ -520,14 +520,18 @@ int pin_wrong_retry(const file_t *pin) {
return CCID_ERR_BLOCKED; return CCID_ERR_BLOCKED;
} }
bool pka_enabled() {
file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF);
return ef_puk && ef_puk->data && file_get_size(ef_puk) > 0 && file_read_uint8(file_get_data(ef_puk)) > 0;
}
int check_pin(const file_t *pin, const uint8_t *data, size_t len) { int check_pin(const file_t *pin, const uint8_t *data, size_t len) {
if (!pin || !pin->data || file_get_size(pin) == 0) { if (!pin || !pin->data || file_get_size(pin) == 0) {
return SW_REFERENCE_NOT_FOUND(); return SW_REFERENCE_NOT_FOUND();
} }
file_t *ef_puk = search_by_fid(EF_PUKAUT, NULL, SPECIFY_EF);
/* check if isUserAuthenticated is handled by PUK Auth */ /* check if isUserAuthenticated is handled by PUK Auth */
bool puk_handled = !ef_puk || !ef_puk->data || file_get_size(ef_puk) == 0 || file_read_uint8(file_get_data(ef_puk)) == 0; bool puk_handled = pka_enabled();
if (puk_handled == false) if (pka_enabled() == false)
isUserAuthenticated = false; isUserAuthenticated = false;
has_session_pin = has_session_sopin = false; has_session_pin = has_session_sopin = false;
if (is_secured_apdu() && sm_session_pin_len > 0 && pin == file_pin1) { if (is_secured_apdu() && sm_session_pin_len > 0 && pin == file_pin1) {
@ -555,7 +559,7 @@ int check_pin(const file_t *pin, const uint8_t *data, size_t len) {
return SW_PIN_BLOCKED(); return SW_PIN_BLOCKED();
if (r != CCID_OK) if (r != CCID_OK)
return SW_MEMORY_FAILURE(); return SW_MEMORY_FAILURE();
if (puk_handled == false) if (pka_enabled() == false)
isUserAuthenticated = true; isUserAuthenticated = true;
hash_multi(data, len, session_pin); hash_multi(data, len, session_pin);
if (pin == file_pin1) if (pin == file_pin1)
@ -578,8 +582,8 @@ static int cmd_verify() {
return SW_DATA_INVALID(); return SW_DATA_INVALID();
if (has_session_pin && apdu.nc == 0) if (has_session_pin && apdu.nc == 0)
return SW_OK(); return SW_OK();
if (*file_get_data(file_pin1) == 0) //not initialized //if (*file_get_data(file_pin1) == 0) //not initialized
return SW_REFERENCE_NOT_FOUND(); // return SW_REFERENCE_NOT_FOUND();
if (apdu.nc > 0) { if (apdu.nc > 0) {
return check_pin(file_pin1, apdu.data, apdu.nc); return check_pin(file_pin1, apdu.data, apdu.nc);
} }