summaryrefslogtreecommitdiffstats
path: root/scd
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2020-04-01 20:31:21 +0200
committerWerner Koch <wk@gnupg.org>2020-04-01 20:31:21 +0200
commit29f8f52bf8161c238c26389ab178caa98801234e (patch)
treef03d031531c7a080c03456118afd7bd26d7d4290 /scd
parentscd:p15: Run a keygrip_from_prkdf before verify_pin (diff)
downloadgnupg2-29f8f52bf8161c238c26389ab178caa98801234e.tar.xz
gnupg2-29f8f52bf8161c238c26389ab178caa98801234e.zip
scd:p15: Cache the PIN.
* scd/app-p15.c (struct prkdf_object_s): Add flag pin_verified. (verify_pin): Make use of it. -- Theee is still a problem with the APDUs we send: Switching between signing and decryption does work but not in the other way. Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'scd')
-rw-r--r--scd/app-p15.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/scd/app-p15.c b/scd/app-p15.c
index ed1ba7a69..d95545ad3 100644
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@@ -180,6 +180,10 @@ struct prkdf_object_s
unsigned int key_reference_valid:1;
unsigned int have_off:1;
+ /* Flag indicating that the corresponding PIN has already been
+ * verified. */
+ unsigned int pin_verified:1;
+
/* The key's usage flags. */
keyusage_flags_t usageflags;
@@ -3154,6 +3158,9 @@ verify_pin (app_t app,
const char *s;
int i;
+ if (prkdf->pin_verified)
+ return 0; /* Already done. */
+
if (prkdf->usageflags.non_repudiation
&& app->app_local->card_type == CARD_TYPE_BELPIC)
err = pincb (pincb_arg, "PIN (qualified signature!)", &pinvalue);
@@ -3301,6 +3308,7 @@ verify_pin (app_t app,
}
if (opt.verbose)
log_info ("p15: PIN verification succeeded\n");
+ prkdf->pin_verified = 1;
return 0;
}