Support VERIFY reset feature

2016-02-09 14:15:41 +09:00
parent 522ec3299e
commit 3f1ee534fe
3 changed files with 42 additions and 16 deletions
--- a/7
+++ b/7
@@ -1,7 +1,10 @@
-2016-02-09  gniibe  <gniibe@fsij.org>
+2016-02-09  Niibe Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp.c (cmd_verify): Support VERIFY reset, which is
+	described in the specification V2.2 and V3.1.

 	* polarssl/library/bignum.c (mpi_exp_mod): Fix to our local
-	change.  Thanks to Aidan Thornton for failure test case.
+	change.  Thanks to Aidan Thornton for the failure test case.

 	Fix of mpi_div_mpi from upstream.
 	* polarssl/library/bignum.c (int_clz, int_div_int): New.
--- a/8
+++ b/8
@@ -4,6 +4,10 @@ Gnuk NEWS - User visible changes

  Released 2016-02-xx, by NIIBE Yutaka

+** Support authentication status reset by VERIFY command.
+This feature is described in the OpenPGPcard specification V2.2 and
+V3.1, which allow user to reset authentication status.
+
 ** S2K algorithm change to defeat "copycat" service of MCU.
 Even if the existence of some services copying MCU, your private key
 will not be controled by others.
@@ -11,6 +15,10 @@ will not be controled by others.
 ** Bug fix for secp256k1 and NIST P-256.
 Bugs in basic computation were fixed.

+** Bug fix for bignum routines.
+Bignum routine update from upstream (failure doesn't occur for our RSA
+computation, though).  Another fix for mpi_exp_mod.
+

 * Major changes in Gnuk 1.1.9

--- a/src/openpgp.c
+++ b/src/openpgp.c
@@ -138,6 +138,7 @@ static void
 cmd_verify (void)
 {
  int len;
+  uint8_t p1 = P1 (apdu);
  uint8_t p2 = P2 (apdu);
  int r;
  const uint8_t *pw;
@@ -149,6 +150,8 @@ cmd_verify (void)
  pw = apdu.cmd_apdu_data;

  if (len == 0)
+    {
+      if (p1 == 0)
 	{			/* This is to examine status.  */
 	  if (p2 == 0x81)
 	    r = ac_check_status (AC_PSO_CDS_AUTHORIZED);
@@ -164,7 +167,19 @@ cmd_verify (void)
 	      r = gpg_pw_get_retry_counter (p2);
 	      set_res_sw (0x63, 0xc0 | (r&0x0f));
 	    }
-
+	}
+      else if (p1 == 0xff)
+	{			/* Reset the status.  */
+	  if (p2 == 0x81)
+	    ac_reset_pso_cds ();
+	  else if (p2 == 0x82)
+	    ac_reset_other ();
+	  else
+	    ac_reset_admin ();
+	  GPG_SUCCESS ();
+	}
+      else
+	GPG_BAD_P1_P2 ();
      return;
    }