/* Add a PIN to the PIN cache related to the card. Some operations can trigger re-authentication later. */
void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pin_obj,
const u8 *pin, size_t pinlen)
{
struct sc_context *ctx = p15card->card->ctx;
int r;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
if (!p15card->opts.use_pin_cache) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "No PIN cache allowed");
return;
}
/* Is it a user consent protecting PIN ? */
if (pin_obj->user_consent) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Not caching a PIN requiring user consent");
return;
}
r = sc_pkcs15_allocate_object_content(pin_obj, pin, pinlen);
if (r != SC_SUCCESS) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Failed to allocate object content");
return;
}
pin_obj->usage_counter = 0;
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN(%s) cached", pin_obj->label);
}
/* Add a PIN to the PIN cache related to the card. Some operations can trigger re-authentication later. */
void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pin_obj,
const u8 *pin, size_t pinlen)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
struct sc_pkcs15_object *obj = NULL;
int r;
LOG_FUNC_CALLED(ctx);
if (!p15card->opts.use_pin_cache) {
sc_log(ctx, "PIN caching not enabled");
return;
}
else if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN) {
sc_log(ctx, "only 'PIN' auth. object can be cached");
return;
}
/* If the PIN protects an object with user consent, don't cache it */
obj = p15card->obj_list;
while (obj != NULL) {
/* Compare 'sc_pkcs15_object.auth_id' with 'sc_pkcs15_pin_info.auth_id'.
* In accordance with PKCS#15 "6.1.8 CommonObjectAttributes" and
* "6.1.16 CommonAuthenticationObjectAttributes" with the exception that
* "CommonObjectAttributes.accessControlRules" are not taken into account. */
if (sc_pkcs15_compare_id(&obj->auth_id, &auth_info->auth_id)) {
/* Caching is refused, if the protected object requires user consent */
if (!p15card->opts.pin_cache_ignore_user_consent) {
if (obj->user_consent > 0) {
sc_log(ctx, "caching refused (user consent)");
return;
}
}
}
obj = obj->next;
}
r = sc_pkcs15_allocate_object_content(ctx, pin_obj, pin, pinlen);
if (r != SC_SUCCESS) {
sc_log(ctx, "Failed to allocate object content");
return;
}
pin_obj->usage_counter = 0;
sc_log(ctx, "PIN(%s) cached", pin_obj->label);
}
