1280
/* Verify a CHV either using using the pinentry or if possibile by
1281
using a keypad. PINCB and PINCB_ARG describe the usual callback
1282
for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only
1283
ised with CHV1. PINVALUE is the address of a pointer which will
1284
receive a newly allocated block with the actual PIN (this is useful
1285
in case that PIN shall be used for another verifiy operation). The
1286
caller needs to free this value. If the function returns with
1287
success and NULL is stored at PINVALUE, the caller should take this
1288
as an indication that the keypad has been used.
1291
verify_a_chv (app_t app,
1292
gpg_error_t (*pincb)(void*, const char *, char **),
1294
int chvno, unsigned long sigcount, char **pinvalue)
1298
iso7816_pininfo_t pininfo;
1301
assert (chvno == 1 || chvno == 2);
1305
memset (&pininfo, 0, sizeof pininfo);
1307
pininfo.minlen = minlen;
1309
if (!opt.disable_keypad
1310
&& !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
1312
/* The reader supports the verify command through the keypad. */
1316
#define PROMPTSTRING _("||Please enter your PIN at the reader's keypad%%0A" \
1318
size_t promptsize = strlen (PROMPTSTRING) + 50;
1320
prompt = xmalloc (promptsize);
1322
return gpg_error_from_syserror ();
1323
snprintf (prompt, promptsize-1, PROMPTSTRING, sigcount);
1324
rc = pincb (pincb_arg, prompt, NULL);
1329
rc = pincb (pincb_arg,
1330
_("||Please enter your PIN at the reader's keypad"),
1334
log_info (_("PIN callback returned error: %s\n"),
1338
rc = iso7816_verify_kp (app->slot, 0x80+chvno, "", 0, &pininfo);
1339
/* Dismiss the prompt. */
1340
pincb (pincb_arg, NULL, NULL);
1342
assert (!*pinvalue);
1346
/* The reader has no keypad or we don't want to use it. */
1350
#define PROMPTSTRING _("||Please enter the PIN%%0A[sigs done: %lu]")
1351
size_t promptsize = strlen (PROMPTSTRING) + 50;
1353
prompt = xmalloc (promptsize);
1355
return gpg_error_from_syserror ();
1356
snprintf (prompt, promptsize-1, PROMPTSTRING, sigcount);
1357
rc = pincb (pincb_arg, prompt, pinvalue);
1362
rc = pincb (pincb_arg, "PIN", pinvalue);
1366
log_info (_("PIN callback returned error: %s\n"),
1371
if (strlen (*pinvalue) < minlen)
1373
log_error (_("PIN for CHV%d is too short;"
1374
" minimum length is %d\n"), chvno, minlen);
1377
return gpg_error (GPG_ERR_BAD_PIN);
1380
rc = iso7816_verify (app->slot, 0x80+chvno,
1381
*pinvalue, strlen (*pinvalue));
1386
log_error (_("verify CHV%d failed: %s\n"), chvno, gpg_strerror (rc));
1389
flush_cache_after_error (app);
1281
1396
/* Verify CHV2 if required. Depending on the configuration of the
1282
1397
card CHV1 will also be verified. */
1285
1400
gpg_error_t (*pincb)(void*, const char *, char **),
1286
1401
void *pincb_arg)
1407
return 0; /* We already verified CHV2. */
1409
rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue);
1415
if (!app->did_chv1 && !app->force_chv1 && pinvalue)
1293
iso7816_pininfo_t pininfo;
1296
memset (&pininfo, 0, sizeof pininfo);
1300
if (!opt.disable_keypad
1301
&& !iso7816_check_keypad (app->slot, ISO7816_VERIFY, &pininfo) )
1303
/* The reader supports the verify command through the keypad. */
1305
rc = pincb (pincb_arg,
1306
_("||Please enter your PIN at the reader's keypad"),
1310
log_info (_("PIN callback returned error: %s\n"),
1314
rc = iso7816_verify_kp (app->slot, 0x82, "", 0, &pininfo);
1315
/* Dismiss the prompt. */
1316
pincb (pincb_arg, NULL, NULL);
1320
/* The reader has no keypad or we don't want to use it. */
1321
rc = pincb (pincb_arg, "PIN", &pinvalue);
1324
log_info (_("PIN callback returned error: %s\n"),
1329
if (strlen (pinvalue) < 6)
1331
log_error (_("PIN for CHV%d is too short;"
1332
" minimum length is %d\n"), 2, 6);
1334
return gpg_error (GPG_ERR_BAD_PIN);
1337
rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));
1417
/* For convenience we verify CHV1 here too. We do this only if
1418
the card is not configured to require a verification before
1419
each CHV1 controlled operation (force_chv1) and if we are not
1420
using the keypad (PINVALUE == NULL). */
1421
rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
1422
if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
1423
rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
1342
log_error (_("verify CHV%d failed: %s\n"), 2, gpg_strerror (rc));
1426
log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc));
1344
1427
flush_cache_after_error (app);
1349
if (!app->did_chv1 && !app->force_chv1 && !did_keypad)
1351
rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
1352
if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
1353
rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
1356
log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc));
1358
flush_cache_after_error (app);
1368
1438
/* Verify CHV3 if required. */
1369
1439
static gpg_error_t
1370
1440
verify_chv3 (app_t app,
2231
2302
char *pinvalue;
2235
#define PROMPTSTRING _("||Please enter the PIN%%0A[sigs done: %lu]")
2237
prompt = malloc (strlen (PROMPTSTRING) + 50);
2239
return gpg_error_from_syserror ();
2240
sprintf (prompt, PROMPTSTRING, sigcount);
2241
rc = pincb (pincb_arg, prompt, &pinvalue);
2247
log_info (_("PIN callback returned error: %s\n"), gpg_strerror (rc));
2251
if (strlen (pinvalue) < 6)
2253
log_error (_("PIN for CHV%d is too short;"
2254
" minimum length is %d\n"), 1, 6);
2256
return gpg_error (GPG_ERR_BAD_PIN);
2259
rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
2262
log_error (_("verify CHV%d failed: %s\n"), 1, gpg_strerror (rc));
2264
flush_cache_after_error (app);
2304
rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, &pinvalue);
2267
2308
app->did_chv1 = 1;
2310
if (!app->did_chv2 && pinvalue)
2270
/* We should also verify CHV2. */
2312
/* We should also verify CHV2. Note, that we can't do that
2313
if the keypad has been used. */
2271
2314
rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));
2272
2315
if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
2273
2316
rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);