dearsky/pico-openpgp
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 15 Wiki Activity

Add PIN policy check on AUTHENTICATE.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2024-03-26 19:52:47 +01:00
parent a49aab43d7
commit f8974ff183
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/openpgp/piv.c
View File

@@ -536,6 +536,14 @@ static int cmd_authenticate() {
return SW_INCORRECT_P1P2();
}
}
uint8_t *meta = NULL;
int meta_len = 0;
if ((meta_len = meta_find(key_ref, &meta)) <= 0) {
return SW_REFERENCE_NOT_FOUND();
}
if (meta[1] == PINPOLICY_ALWAYS && !has_pwpiv && (key_ref == EF_PIV_KEY_AUTHENTICATION || key_ref == EF_PIV_KEY_SIGNATURE || key_ref == EF_PIV_KEY_KEYMGM || IS_RETIRED(key_ref))) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
uint8_t chal_len = (algo == PIV_ALGO_3DES ? sizeof(challenge) / 2 : sizeof(challenge));
asn1_ctx_t ctxi, a7c = { 0 };
asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);