Diff

Differences From Artifact [0c58d0837a]:

To Artifact [8554f45411]:


  3027   3027    *     ...
  3028   3028    *
  3029   3029    * NOTES
  3030   3030    *     ...
  3031   3031    *
  3032   3032    */
  3033   3033   static cackey_ret cackey_login(struct cackey_slot *slot, unsigned char *pin, unsigned long pin_len, int *tries_remaining_p) {
         3034  +	struct cackey_pcsc_identity *pcsc_identities;
  3034   3035   	unsigned char cac_pin[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
         3036  +	unsigned long num_certs;
  3035   3037   	uint16_t response_code;
  3036   3038   	int tries_remaining;
  3037   3039   	int send_ret;
  3038   3040   	int key_reference = 0x00;
  3039   3041   
  3040   3042   	/* Indicate that we do not know about how many tries are remaining */
  3041   3043   	if (tries_remaining_p) {
................................................................................
  3044   3046   
  3045   3047   	/* Apparently, CAC PINs are *EXACTLY* 8 bytes long -- pad with 0xFF if too short */
  3046   3048   	if (pin_len >= 8) {
  3047   3049   		memcpy(cac_pin, pin, 8);
  3048   3050   	} else {
  3049   3051   		memcpy(cac_pin, pin, pin_len);
  3050   3052   	}
         3053  +
         3054  +	/* PIV authentication uses a "key_reference" of 0x80 */
         3055  +	pcsc_identities = cackey_read_certs(slot, NULL, &num_certs);
         3056  +	if (num_certs > 0 && pcsc_identities != NULL) {
         3057  +		switch (pcsc_identities[0].id_type) {
         3058  +			case CACKEY_ID_TYPE_PIV:
         3059  +				CACKEY_DEBUG_PRINTF("We recently had a PIV card, so we will attempt to authenticate using the PIV Application key reference");
         3060  +
         3061  +				key_reference = 0x80;
         3062  +				break;
         3063  +			default:
         3064  +				break;
         3065  +		}
         3066  +	}
  3051   3067   
  3052   3068   	/* Issue PIN Verify */
  3053   3069   	send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_VERIFY, 0x00, key_reference, sizeof(cac_pin), cac_pin, 0x00, &response_code, NULL, NULL);
  3054         -	if (send_ret != CACKEY_PCSC_S_OK && response_code == 0x6A88) {
  3055         -		key_reference = 0x80;
  3056         -
  3057         -		send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_VERIFY, 0x00, key_reference, sizeof(cac_pin), cac_pin, 0x00, &response_code, NULL, NULL);
  3058         -	}
  3059   3070   
  3060   3071   	if (send_ret != CACKEY_PCSC_S_OK) {
  3061   3072   		if ((response_code & 0x63C0) == 0x63C0) {
  3062   3073   			tries_remaining = (response_code & 0xF);
  3063   3074   
  3064   3075   			CACKEY_DEBUG_PRINTF("PIN Verification failed, %i tries remaining", tries_remaining);
  3065   3076