diff --git a/src/hsm/cmd_change_pin.c b/src/hsm/cmd_change_pin.c index ab57d92..df21ffd 100644 --- a/src/hsm/cmd_change_pin.c +++ b/src/hsm/cmd_change_pin.c @@ -21,15 +21,20 @@ int cmd_change_pin() { if (P1(apdu) == 0x0) { - if (P2(apdu) == 0x81) { - if (!file_sopin || !file_pin1) { + if (P2(apdu) == 0x81 || P2(apdu) == 0x88) { + file_t *file_pin = NULL; + if (P2(apdu) == 0x81) + file_pin = file_pin1; + else if (P2(apdu) == 0x88) + file_pin = file_sopin; + if (!file_pin) { return SW_FILE_NOT_FOUND(); } - if (!file_pin1->data) { + if (!file_has_data(file_pin)) { return SW_REFERENCE_NOT_FOUND(); } - uint8_t pin_len = file_read_uint8(file_get_data(file_pin1)); - int r = check_pin(file_pin1, apdu.data, pin_len); + uint8_t pin_len = file_read_uint8(file_get_data(file_pin)); + int r = check_pin(file_pin, apdu.data, pin_len); if (r != 0x9000) return r; uint8_t mkek[MKEK_SIZE]; @@ -37,8 +42,15 @@ int cmd_change_pin() { if (r != CCID_OK) return SW_EXEC_ERROR(); //encrypt MKEK with new pin - hash_multi(apdu.data+pin_len, apdu.nc-pin_len, session_pin); - has_session_pin = true; + + if (P2(apdu) == 0x81) { + hash_multi(apdu.data+pin_len, apdu.nc-pin_len, session_pin); + has_session_pin = true; + } + else if (P2(apdu) == 0x88) { + hash_multi(apdu.data+pin_len, apdu.nc-pin_len, session_sopin); + has_session_sopin = true; + } r = store_mkek(mkek); release_mkek(mkek); if (r != CCID_OK) @@ -46,7 +58,7 @@ int cmd_change_pin() { uint8_t dhash[33]; dhash[0] = apdu.nc-pin_len; double_hash_pin(apdu.data+pin_len, apdu.nc-pin_len, dhash+1); - flash_write_data_to_file(file_pin1, dhash, sizeof(dhash)); + flash_write_data_to_file(file_pin, dhash, sizeof(dhash)); low_flash_available(); return SW_OK(); }