dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Adding support for changing SO-PIN.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-10-10 00:37:56 +02:00
parent 84f646dbad
commit a089cc279b
1 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/hsm/cmd_change_pin.c
View File

@@ -21,15 +21,20 @@
int cmd_change_pin() { int cmd_change_pin() {
if (P1(apdu) == 0x0) { if (P1(apdu) == 0x0) {
if (P2(apdu) == 0x81) { if (P2(apdu) == 0x81 || P2(apdu) == 0x88) {
if (!file_sopin || !file_pin1) { file_t *file_pin = NULL;
if (P2(apdu) == 0x81)
file_pin = file_pin1;
else if (P2(apdu) == 0x88)
file_pin = file_sopin;
if (!file_pin) {
return SW_FILE_NOT_FOUND(); return SW_FILE_NOT_FOUND();
} }
if (!file_pin1->data) { if (!file_has_data(file_pin)) {
return SW_REFERENCE_NOT_FOUND(); return SW_REFERENCE_NOT_FOUND();
} }
uint8_t pin_len = file_read_uint8(file_get_data(file_pin1)); uint8_t pin_len = file_read_uint8(file_get_data(file_pin));
int r = check_pin(file_pin1, apdu.data, pin_len); int r = check_pin(file_pin, apdu.data, pin_len);
if (r != 0x9000) if (r != 0x9000)
return r; return r;
uint8_t mkek[MKEK_SIZE]; uint8_t mkek[MKEK_SIZE];
@@ -37,8 +42,15 @@ int cmd_change_pin() {
if (r != CCID_OK) if (r != CCID_OK)
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
//encrypt MKEK with new pin //encrypt MKEK with new pin
hash_multi(apdu.data+pin_len, apdu.nc-pin_len, session_pin);
has_session_pin = true; if (P2(apdu) == 0x81) {
hash_multi(apdu.data+pin_len, apdu.nc-pin_len, session_pin);
has_session_pin = true;
}
else if (P2(apdu) == 0x88) {
hash_multi(apdu.data+pin_len, apdu.nc-pin_len, session_sopin);
has_session_sopin = true;
}
r = store_mkek(mkek); r = store_mkek(mkek);
release_mkek(mkek); release_mkek(mkek);
if (r != CCID_OK) if (r != CCID_OK)
@@ -46,7 +58,7 @@ int cmd_change_pin() {
uint8_t dhash[33]; uint8_t dhash[33];
dhash[0] = apdu.nc-pin_len; dhash[0] = apdu.nc-pin_len;
double_hash_pin(apdu.data+pin_len, apdu.nc-pin_len, dhash+1); double_hash_pin(apdu.data+pin_len, apdu.nc-pin_len, dhash+1);
flash_write_data_to_file(file_pin1, dhash, sizeof(dhash)); flash_write_data_to_file(file_pin, dhash, sizeof(dhash));
low_flash_available(); low_flash_available();
return SW_OK(); return SW_OK();
} }