Adding support for changing SO-PIN.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2026-01-17 09:28:05 +00:00 · 2022-10-10 00:37:56 +02:00 · 2022-10-10 00:37:56 +02:00 · a089cc279b
commit a089cc279b
parent 84f646dbad
1 changed files with 20 additions and 8 deletions
--- a/src/hsm/cmd_change_pin.c
+++ b/src/hsm/cmd_change_pin.c
@ -21,15 +21,20 @@

 int cmd_change_pin() {
    if (P1(apdu) == 0x0) {
-        if (P2(apdu) == 0x81) {
-            if (!file_sopin || !file_pin1) {
+        if (P2(apdu) == 0x81 || P2(apdu) == 0x88) {
+            file_t *file_pin = NULL;
+            if (P2(apdu) == 0x81)
+                file_pin = file_pin1;
+            else if (P2(apdu) == 0x88)
+                file_pin = file_sopin;
+            if (!file_pin) {
                return SW_FILE_NOT_FOUND();
            }
-            if (!file_pin1->data) {
+            if (!file_has_data(file_pin)) {
                return SW_REFERENCE_NOT_FOUND();
            }
-            uint8_t pin_len = file_read_uint8(file_get_data(file_pin1));
-            int r = check_pin(file_pin1, apdu.data, pin_len);
+            uint8_t pin_len = file_read_uint8(file_get_data(file_pin));
+            int r = check_pin(file_pin, apdu.data, pin_len);
            if (r != 0x9000)
                return r;
            uint8_t mkek[MKEK_SIZE];
@ -37,8 +42,15 @@ int cmd_change_pin() {
            if (r != CCID_OK)
                return SW_EXEC_ERROR();
            //encrypt MKEK with new pin
-            hash_multi(apdu.data+pin_len, apdu.nc-pin_len, session_pin);
-            has_session_pin = true;
+
+            if (P2(apdu) == 0x81) {
+                hash_multi(apdu.data+pin_len, apdu.nc-pin_len, session_pin);
+                has_session_pin = true;
+            }
+            else if (P2(apdu) == 0x88) {
+                hash_multi(apdu.data+pin_len, apdu.nc-pin_len, session_sopin);
+                has_session_sopin = true;
+            }
            r = store_mkek(mkek);
            release_mkek(mkek);
            if (r != CCID_OK)
@ -46,7 +58,7 @@ int cmd_change_pin() {
            uint8_t dhash[33];
            dhash[0] = apdu.nc-pin_len;
            double_hash_pin(apdu.data+pin_len, apdu.nc-pin_len, dhash+1);
-            flash_write_data_to_file(file_pin1, dhash, sizeof(dhash));
+            flash_write_data_to_file(file_pin, dhash, sizeof(dhash));
            low_flash_available();
            return SW_OK();
        }