diff options
author | Werner Koch <wk@gnupg.org> | 2020-04-01 20:31:21 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2020-04-01 20:31:21 +0200 |
commit | 29f8f52bf8161c238c26389ab178caa98801234e (patch) | |
tree | f03d031531c7a080c03456118afd7bd26d7d4290 /scd | |
parent | scd:p15: Run a keygrip_from_prkdf before verify_pin (diff) | |
download | gnupg2-29f8f52bf8161c238c26389ab178caa98801234e.tar.xz gnupg2-29f8f52bf8161c238c26389ab178caa98801234e.zip |
scd:p15: Cache the PIN.
* scd/app-p15.c (struct prkdf_object_s): Add flag pin_verified.
(verify_pin): Make use of it.
--
Theee is still a problem with the APDUs we send: Switching between
signing and decryption does work but not in the other way.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'scd')
-rw-r--r-- | scd/app-p15.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/scd/app-p15.c b/scd/app-p15.c index ed1ba7a69..d95545ad3 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -180,6 +180,10 @@ struct prkdf_object_s unsigned int key_reference_valid:1; unsigned int have_off:1; + /* Flag indicating that the corresponding PIN has already been + * verified. */ + unsigned int pin_verified:1; + /* The key's usage flags. */ keyusage_flags_t usageflags; @@ -3154,6 +3158,9 @@ verify_pin (app_t app, const char *s; int i; + if (prkdf->pin_verified) + return 0; /* Already done. */ + if (prkdf->usageflags.non_repudiation && app->app_local->card_type == CARD_TYPE_BELPIC) err = pincb (pincb_arg, "PIN (qualified signature!)", &pinvalue); @@ -3301,6 +3308,7 @@ verify_pin (app_t app, } if (opt.verbose) log_info ("p15: PIN verification succeeded\n"); + prkdf->pin_verified = 1; return 0; } |