/* Add a PIN to the PIN cache related to the card. Some operations can trigger re-authentication later. */ void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pin_obj, const u8 *pin, size_t pinlen) { struct sc_context *ctx = p15card->card->ctx; int r; SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL); if (!p15card->opts.use_pin_cache) { sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "No PIN cache allowed"); return; } /* Is it a user consent protecting PIN ? */ if (pin_obj->user_consent) { sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Not caching a PIN requiring user consent"); return; } r = sc_pkcs15_allocate_object_content(pin_obj, pin, pinlen); if (r != SC_SUCCESS) { sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Failed to allocate object content"); return; } pin_obj->usage_counter = 0; sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN(%s) cached", pin_obj->label); }
/* Add a PIN to the PIN cache related to the card. Some operations can trigger re-authentication later. */ void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pin_obj, const u8 *pin, size_t pinlen) { struct sc_context *ctx = p15card->card->ctx; struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data; struct sc_pkcs15_object *obj = NULL; int r; LOG_FUNC_CALLED(ctx); if (!p15card->opts.use_pin_cache) { sc_log(ctx, "PIN caching not enabled"); return; } else if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN) { sc_log(ctx, "only 'PIN' auth. object can be cached"); return; } /* If the PIN protects an object with user consent, don't cache it */ obj = p15card->obj_list; while (obj != NULL) { /* Compare 'sc_pkcs15_object.auth_id' with 'sc_pkcs15_pin_info.auth_id'. * In accordance with PKCS#15 "6.1.8 CommonObjectAttributes" and * "6.1.16 CommonAuthenticationObjectAttributes" with the exception that * "CommonObjectAttributes.accessControlRules" are not taken into account. */ if (sc_pkcs15_compare_id(&obj->auth_id, &auth_info->auth_id)) { /* Caching is refused, if the protected object requires user consent */ if (!p15card->opts.pin_cache_ignore_user_consent) { if (obj->user_consent > 0) { sc_log(ctx, "caching refused (user consent)"); return; } } } obj = obj->next; } r = sc_pkcs15_allocate_object_content(ctx, pin_obj, pin, pinlen); if (r != SC_SUCCESS) { sc_log(ctx, "Failed to allocate object content"); return; } pin_obj->usage_counter = 0; sc_log(ctx, "PIN(%s) cached", pin_obj->label); }