From 9dde59867d564393797d2e645fc24dfbacab4eca Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Mon, 28 Jan 2013 12:10:14 +0900
Subject: [PATCH] Implement VERIFY with empty data

---
 ChangeLog        |  5 +++++
 src/gnuk.h       |  1 +
 src/openpgp-do.c | 11 +++++++++++
 src/openpgp.c    | 21 +++++++++++++++++++++
 4 files changed, 38 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index c185584..5ad3a1c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-01-28  Niibe Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp-do.c (gpg_pw_get_retry_counter): New.
+	* src/openpgp.c (cmd_verify): Implement VERIFY with empty data.
+
 2013-01-22  Niibe Yutaka  <gniibe@fsij.org>
 
 	* tool/pinpadtest.py (Card.cmd_vega_alpha_disable_empty_verify):
diff --git a/src/gnuk.h b/src/gnuk.h
index b539159..46a7418 100644
--- a/src/gnuk.h
+++ b/src/gnuk.h
@@ -94,6 +94,7 @@ extern volatile uint8_t auth_status;
 #define PW_ERR_PW1 0
 #define PW_ERR_RC  1
 #define PW_ERR_PW3 2
+extern int gpg_pw_get_retry_counter (int who);
 extern int gpg_pw_locked (uint8_t which);
 extern void gpg_pw_reset_err_counter (uint8_t which);
 extern void gpg_pw_increment_err_counter (uint8_t which);
diff --git a/src/openpgp-do.c b/src/openpgp-do.c
index fa5625e..759069e 100644
--- a/src/openpgp-do.c
+++ b/src/openpgp-do.c
@@ -41,6 +41,17 @@ gpg_pw_get_err_counter (uint8_t which)
   return flash_cnt123_get_value (pw_err_counter_p[which]);
 }
 
+int
+gpg_pw_get_retry_counter (int who)
+{
+  if (who == 0x81 || who == 0x82)
+    return PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_PW1);
+  else if (who == 0x83)
+    return PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_PW3);
+  else
+    return PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_RC);
+}
+
 int
 gpg_pw_locked (uint8_t which)
 {
diff --git a/src/openpgp.c b/src/openpgp.c
index 7888e80..eb63e86 100644
--- a/src/openpgp.c
+++ b/src/openpgp.c
@@ -140,6 +140,27 @@ cmd_verify (void)
   len = apdu.cmd_apdu_data_len;
   pw = apdu.cmd_apdu_data;
 
+  if (len == 0)
+    {				/* This is to examine status.  */
+      if (p2 == 0x81)
+	r = ac_check_status (AC_PSO_CDS_AUTHORIZED);
+      else if (p2 == 0x82)
+	r = ac_check_status (AC_OTHER_AUTHORIZED);
+      else
+	r = ac_check_status (AC_ADMIN_AUTHORIZED);
+
+      if (r)
+	GPG_SUCCESS ();	/* If authentication done already, return success.  */
+      else
+	{		 /* If not, return retry counter, encoded.  */
+	  r = gpg_pw_get_retry_counter (p2);
+	  set_res_sw (0x63, 0xc0 | (r&0f));
+	}
+
+      return;
+    }
+
+  /* This is real authentication.  */
   if (p2 == 0x81)
     r = verify_pso_cds (pw, len);
   else if (p2 == 0x82)