implement change-pin

This commit is contained in:
Klas Lindfors
2014-02-07 23:13:44 +01:00
parent 4c1a692838
commit f984081349
2 changed files with 44 additions and 2 deletions
+3 -2
View File
@@ -27,7 +27,7 @@
option "verbose" v "Print more information" int optional default="0" argoptional option "verbose" v "Print more information" int optional default="0" argoptional
option "reader" r "Only use a matching reader" string optional default="Yubikey" option "reader" r "Only use a matching reader" string optional default="Yubikey"
option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708" option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708"
option "action" a "Action to take" values="version","generate","set-mgm-key","reset","pin-retries","import-key","import-certificate","set-chuid","request-certificate","verify-pin" enum multiple option "action" a "Action to take" values="version","generate","set-mgm-key","reset","pin-retries","import-key","import-certificate","set-chuid","request-certificate","verify-pin","change-pin","change-puk" enum multiple
option "slot" s "What key slot to operate on" values="9a","9c","9d","9e" enum optional option "slot" s "What key slot to operate on" values="9a","9c","9d","9e" enum optional
option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256" enum optional default="RSA2048" option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256" enum optional default="RSA2048"
option "new-key" n "New authentication key to use" string optional option "new-key" n "New authentication key to use" string optional
@@ -39,4 +39,5 @@ option "key-format" K "Format of the key being read/written" values="PEM","PKCS1
option "password" p "Password for decryption of private key file" string optional option "password" p "Password for decryption of private key file" string optional
option "subject" S "The subject to use for certificate request" string optional option "subject" S "The subject to use for certificate request" string optional
details="The subject must be written as /CN=host.example.com/OU=test/O=example.com/\n" details="The subject must be written as /CN=host.example.com/OU=test/O=example.com/\n"
option "pin" P "Pin code for verification" string optional option "pin" P "Pin/puk code for verification" string optional
option "new-pin" N "New pin/puk code for changing" string optional dependon="pin"
+41
View File
@@ -1021,6 +1021,7 @@ static bool verify_pin(SCARDHANDLE *card, const char *pin, int verbose) {
if(len > 8) { if(len > 8) {
fprintf(stderr, "Maximum 8 digits of PIN supported.\n"); fprintf(stderr, "Maximum 8 digits of PIN supported.\n");
return false;
} }
memset(apdu.raw, 0, sizeof(apdu.raw)); memset(apdu.raw, 0, sizeof(apdu.raw));
@@ -1039,6 +1040,39 @@ static bool verify_pin(SCARDHANDLE *card, const char *pin, int verbose) {
return true; return true;
} }
static bool change_pin(SCARDHANDLE *card, enum enum_action action, const char *pin,
const char *new_pin, int verbose) {
APDU apdu;
unsigned char data[0xff];
unsigned long recv_len = sizeof(data);
int sw;
size_t pin_len = strlen(pin);
size_t new_len = strlen(new_pin);
if(pin_len > 8 || new_len > 8) {
fprintf(stderr, "Maximum 8 digits of PIN supported.\n");
return false;
}
memset(apdu.raw, 0, sizeof(apdu.raw));
apdu.st.ins = 0x24;
apdu.st.p2 = action == action_arg_changeMINUS_pin ? 0x80 : 0x81;
apdu.st.lc = 0x10;
memcpy(apdu.st.data, pin, pin_len);
if(pin_len < 8) {
memset(apdu.st.data + pin_len, 0xff, 8 - pin_len);
}
memcpy(apdu.st.data + 8, new_pin, new_len);
if(new_len < 8) {
memset(apdu.st.data + 8 + new_len, 0xff, 16 - new_len);
}
sw = send_data(card, &apdu, data, &recv_len, verbose);
if(sw != 0x9000) {
return false;
}
return true;
}
static unsigned char get_algorithm(EVP_PKEY *key) { static unsigned char get_algorithm(EVP_PKEY *key) {
int type = EVP_PKEY_type(key->type); int type = EVP_PKEY_type(key->type);
switch(type) { switch(type) {
@@ -1418,6 +1452,13 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE; return EXIT_FAILURE;
} }
break; break;
case action_arg_changeMINUS_pin:
case action_arg_changeMINUS_puk:
if(args_info.pin_arg && args_info.new_pin_arg) {
change_pin(&card, action, args_info.pin_arg, args_info.new_pin_arg, verbosity);
} else {
fprintf(stderr, "The change-%s action needs a pin (-P) and a new-pin (-N).\n", action == action_arg_changeMINUS_pin ? "pin" : "puk");
}
case action__NULL: case action__NULL:
default: default:
fprintf(stderr, "Wrong action. %d.\n", action); fprintf(stderr, "Wrong action. %d.\n", action);