Implement VERIFY with empty data

ChangeLog

@@ -1,3 +1,8 @@
+2013-01-28  Niibe Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp-do.c (gpg_pw_get_retry_counter): New.
+	* src/openpgp.c (cmd_verify): Implement VERIFY with empty data.
+
 2013-01-22  Niibe Yutaka  <gniibe@fsij.org>
 
 	* tool/pinpadtest.py (Card.cmd_vega_alpha_disable_empty_verify):

src/gnuk.h

@@ -94,6 +94,7 @@ extern volatile uint8_t auth_status;
 #define PW_ERR_PW1 0
 #define PW_ERR_RC  1
 #define PW_ERR_PW3 2
+extern int gpg_pw_get_retry_counter (int who);
 extern int gpg_pw_locked (uint8_t which);
 extern void gpg_pw_reset_err_counter (uint8_t which);
 extern void gpg_pw_increment_err_counter (uint8_t which);

src/openpgp-do.c

@@ -41,6 +41,17 @@ gpg_pw_get_err_counter (uint8_t which)
   return flash_cnt123_get_value (pw_err_counter_p[which]);
 }
 
+int
+gpg_pw_get_retry_counter (int who)
+{
+  if (who == 0x81 || who == 0x82)
+    return PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_PW1);
+  else if (who == 0x83)
+    return PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_PW3);
+  else
+    return PASSWORD_ERRORS_MAX - gpg_pw_get_err_counter (PW_ERR_RC);
+}
+
 int
 gpg_pw_locked (uint8_t which)
 {

src/openpgp.c

@@ -140,6 +140,27 @@ cmd_verify (void)
   len = apdu.cmd_apdu_data_len;
   pw = apdu.cmd_apdu_data;
 
+  if (len == 0)
+    {				/* This is to examine status.  */
+      if (p2 == 0x81)
+	r = ac_check_status (AC_PSO_CDS_AUTHORIZED);
+      else if (p2 == 0x82)
+	r = ac_check_status (AC_OTHER_AUTHORIZED);
+      else
+	r = ac_check_status (AC_ADMIN_AUTHORIZED);
+
+      if (r)
+	GPG_SUCCESS ();	/* If authentication done already, return success.  */
+      else
+	{		 /* If not, return retry counter, encoded.  */
+	  r = gpg_pw_get_retry_counter (p2);
+	  set_res_sw (0x63, 0xc0 | (r&0f));
+	}
+
+      return;
+    }
+
+  /* This is real authentication.  */
   if (p2 == 0x81)
     r = verify_pso_cds (pw, len);
   else if (p2 == 0x82)