dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

When user resets retry counter and sends the SO-PIN (P1=0x0) it becomes authenticated in this session.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-08-12 00:29:34 +02:00
parent 7b286b04b1
commit 1756ec49ad
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/hsm/sc_hsm.c
View File

@@ -628,6 +628,8 @@ static int cmd_reset_retry() {
if (r != 0x9000) if (r != 0x9000)
return r; return r;
newpin_len = apdu.nc-8; newpin_len = apdu.nc-8;
has_session_sopin = true;
hash_multi(apdu.data, 8, session_sopin);
} }
else if (P1(apdu) == 0x2) { else if (P1(apdu) == 0x2) {
if (!has_session_sopin) if (!has_session_sopin)
@@ -1267,10 +1269,7 @@ static int cmd_change_pin() {
int r = check_pin(file_pin1, apdu.data, pin_len); int r = check_pin(file_pin1, apdu.data, pin_len);
if (r != 0x9000) if (r != 0x9000)
return r; return r;
uint8_t old_session_pin[32];
memcpy(old_session_pin, session_pin, sizeof(old_session_pin));
uint8_t mkek[MKEK_SIZE]; uint8_t mkek[MKEK_SIZE];
memcpy(session_pin, old_session_pin, sizeof(session_pin));
r = load_mkek(mkek); //loads the MKEK with old pin r = load_mkek(mkek); //loads the MKEK with old pin
if (r != CCID_OK) if (r != CCID_OK)
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
@@ -1281,7 +1280,6 @@ static int cmd_change_pin() {
release_mkek(mkek); release_mkek(mkek);
if (r != CCID_OK) if (r != CCID_OK)
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
memset(old_session_pin, 0, sizeof(old_session_pin));
uint8_t dhash[33]; uint8_t dhash[33];
dhash[0] = apdu.nc-pin_len; dhash[0] = apdu.nc-pin_len;
double_hash_pin(apdu.data+pin_len, apdu.nc-pin_len, dhash+1); double_hash_pin(apdu.data+pin_len, apdu.nc-pin_len, dhash+1);