Diffusion GnuPG 60502c3606ee

scd:piv: Implement PIN cache.

Authored by werner on Jan 13 2020, 5:53 PM.


scd:piv: Implement PIN cache.

* scd/command.c (pincache_put): Add arg pinlen and change all callers
to provide it.
* scd/app-piv.c (cache_pin): New.
(pin_from_cache): New.
(ask_and_prepare_chv): Add args no_cache and r_unpaddedpinlen.  Take
PIN from the cache.  Return the unpadded length.
(verify_chv): Add arg ctrl.  Cache the PIN.
(do_change_chv): Clear PIN cache.

The PIV pins are padded but we want to store the unpadded PIN. Thus
the changes to the function.

Code has has been tested by commenting the no_cache parameter because
we the current test certificate was created for PIV.9C which requires
a verification for each use. More testing is required.

  • GnuPG-bug-id: T4791
  • Signed-off-by: Werner Koch <wk@gnupg.org>