/*
* Create a new PIN inside a DF
*/
static int
cflex_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t *df,
sc_pkcs15_object_t *pin_obj,
const u8 *pin, size_t pin_len,
const u8 *puk, size_t puk_len)
{
struct sc_context *ctx = p15card->card->ctx;
sc_pkcs15_auth_info_t *auth_info = (sc_pkcs15_auth_info_t *) pin_obj->data;
struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
sc_file_t *dummies[2];
int ndummies, pin_type, puk_type, r;
sc_file_t *file;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
if (auth_info->auth_type != SC_PKCS15_PIN_AUTH_TYPE_PIN)
return SC_ERROR_OBJECT_NOT_VALID;
/* If the profile doesn't specify a reference for this PIN, guess */
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
pin_type = SC_PKCS15INIT_SO_PIN;
puk_type = SC_PKCS15INIT_SO_PUK;
if (pin_attrs->reference != 2)
return SC_ERROR_INVALID_ARGUMENTS;
} else {
pin_type = SC_PKCS15INIT_USER_PIN;
puk_type = SC_PKCS15INIT_USER_PUK;
if (pin_attrs->reference != 1)
return SC_ERROR_INVALID_ARGUMENTS;
}
/* Get file definition from the profile */
if (sc_profile_get_file(profile, (pin_attrs->reference == 1)? "CHV1" : "CHV2", &file) < 0
&& sc_profile_get_file(profile, "CHV", &file) < 0)
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_FILE_NOT_FOUND, "profile does not define pin file ACLs");
ndummies = cflex_create_dummy_chvs(profile, p15card, file, SC_AC_OP_CREATE, dummies);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, ndummies, "Unable to create dummy CHV file");
r = cflex_create_pin_file(profile, p15card, &df->path, pin_attrs->reference,
pin, pin_len, sc_profile_get_pin_retries(profile, pin_type),
puk, puk_len, sc_profile_get_pin_retries(profile, puk_type),
NULL, 0);
cflex_delete_dummy_chvs(profile, p15card, ndummies, dummies);
SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_VERBOSE, r);
}
/*
* Initialize pin file
*/
static int
gpk_init_pinfile(struct sc_profile *profile, sc_pkcs15_card_t *p15card,
sc_file_t *file)
{
const sc_acl_entry_t *acl;
unsigned char buffer[GPK_MAX_PINS * 8], *blk;
struct sc_file *pinfile;
unsigned int so_attempts[2], user_attempts[2];
unsigned int npins, i, j, cks;
int r;
SC_FUNC_CALLED(p15card->card->ctx, SC_LOG_DEBUG_VERBOSE);
/* Set defaults */
so_attempts[0] = sc_profile_get_pin_retries(profile, SC_PKCS15INIT_SO_PIN);
so_attempts[1] = sc_profile_get_pin_retries(profile, SC_PKCS15INIT_SO_PUK);
user_attempts[0] = sc_profile_get_pin_retries(profile, SC_PKCS15INIT_USER_PIN);
user_attempts[1] = sc_profile_get_pin_retries(profile, SC_PKCS15INIT_USER_PUK);
sc_file_dup(&pinfile, file);
if (pinfile == NULL)
return SC_ERROR_OUT_OF_MEMORY;
/* Create the PIN file. */
acl = sc_file_get_acl_entry(pinfile, SC_AC_OP_WRITE);
if (acl->method != SC_AC_NEVER) {
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL,
"PIN file most be protected by WRITE=NEVER");
sc_file_free(pinfile);
return SC_ERROR_INVALID_ARGUMENTS;
}
sc_file_add_acl_entry(pinfile, SC_AC_OP_WRITE, SC_AC_NONE, 0);
if (pinfile->size == 0)
pinfile->size = GPK_MAX_PINS * 8;
sc_debug(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, "Now create file");
/* Now create the file */
if ((r = sc_pkcs15init_create_file(profile, p15card, pinfile)) < 0
|| (r = sc_select_file(p15card->card, &pinfile->path, NULL)) < 0) {
goto out;
}
/* Set up the PIN file contents.
* We assume the file will contain pairs of PINs/PUKs */
npins = pinfile->size / 8;
memset(buffer, 0, sizeof(buffer));
for (i = 0, blk = buffer; i < npins; blk += 8, i += 1) {
/* Determine the number of PIN/PUK presentation
* attempts. If the profile defines a SO PIN,
* it will be stored in the first PIN/PUK pair.
*/
blk[0] = user_attempts[i & 1];
if (i < 2 && so_attempts[0])
blk[0] = so_attempts[i & 1];
if ((i & 1) == 0) {
/* This is a PIN. If there's room in the file,
* the next will be a PUK so take note of the
* unlock code */
if (i + 1 < npins)
blk[2] = GPK_PIN_SCOPE | (i + 1);
}
/* Compute the CKS */
for (j = 0, cks = 0; j < 8; j++)
cks ^= blk[j];
blk[3] = ~cks;
}
r = sc_write_binary(p15card->card, 0, buffer, npins * 8, 0);
if (r >= 0)
r = gpk_lock_pinfile(profile, p15card, pinfile);
out: sc_file_free(pinfile);
SC_FUNC_RETURN(p15card->card->ctx, SC_LOG_DEBUG_NORMAL, r);
}
