From 76d5e83d892b5d4b8f6f3b99803ecfc8fec17126 Mon Sep 17 00:00:00 2001 From: Klas Lindfors Date: Tue, 4 Feb 2014 09:27:55 +0100 Subject: [PATCH] implement set pin retries --- cmdline.ggo | 4 +++- yubico-piv-tool.c | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/cmdline.ggo b/cmdline.ggo index 1c3e417..119f433 100644 --- a/cmdline.ggo +++ b/cmdline.ggo @@ -27,7 +27,9 @@ option "verbose" v "Print more information" int optional default="0" argoptional option "reader" r "Only use a matching reader" string optional option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708" -option "action" a "Action to take" values="version","generate","set-mgm-key","reset" enum +option "action" a "Action to take" values="version","generate","set-mgm-key","reset","pin-retries" enum option "slot" s "What key slot to operate on" values="9a","9c","9d","9e" enum optional option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256" enum optional default="RSA2048" option "new-key" n "New authentication key to use" string optional +option "pin-retries" p "Number of retries before the pin code is blocked" int optional +option "puk-retries" P "Number of retries before the puk code is blocked" int optional diff --git a/yubico-piv-tool.c b/yubico-piv-tool.c index 66ef5eb..4266681 100644 --- a/yubico-piv-tool.c +++ b/yubico-piv-tool.c @@ -316,6 +316,33 @@ static bool reset(SCARDHANDLE *card, int verbose) { return false; } +static bool set_pin_retries(SCARDHANDLE *card, int pin_retries, int puk_retries, int verbose) { + APDU apdu; + unsigned char data[0xff]; + unsigned long recv_len = sizeof(data); + int sw; + + if(pin_retries > 0xff || puk_retries > 0xff || pin_retries < 1 || puk_retries < 1) { + fprintf(stderr, "pin and puk retries must be between 1 and 255.\n"); + return false; + } + + if(verbose) { + fprintf(stderr, "Setting pin retries to %d and puk retries to %d.\n", pin_retries, puk_retries); + } + + memset(apdu.raw, 0, sizeof(apdu)); + apdu.st.ins = 0xfa; + apdu.st.p1 = pin_retries; + apdu.st.p2 = puk_retries; + sw = send_data(card, apdu, 4, data, &recv_len, verbose); + + if(sw == 0x9000) { + return true; + } + return false; +} + int send_data(SCARDHANDLE *card, APDU apdu, unsigned int send_len, unsigned char *data, unsigned long *recv_len, int verbose) { long rc; int sw; @@ -431,6 +458,14 @@ int main(int argc, char *argv[]) { if(reset(&card, verbosity) == false) { return EXIT_FAILURE; } + } else if(args_info.action_arg == action_arg_pinMINUS_retries) { + if(args_info.pin_retries_arg && args_info.puk_retries_arg) { + if(set_pin_retries(&card, args_info.pin_retries_arg, args_info.puk_retries_arg, verbosity) == false) { + return EXIT_FAILURE; + } + } else { + return EXIT_FAILURE; + } } return EXIT_SUCCESS;