dtrust-tool: show transport protection status for D-Trust Card 5

OpenSC · May 24, 2024 · f0671ca · f0671ca
1 parent 83b7569
commit f0671ca
Showing 1 changed file with 31 additions and 11 deletions.
diff --git a/src/tools/dtrust-tool.c b/src/tools/dtrust-tool.c
@@ -137,37 +137,37 @@ pin_status(sc_card_t *card, int ref, const char *pin_label, unsigned char transp
 }
 
 int
-check_transport_protection(sc_card_t *card)
+check_transport_protection(sc_card_t *card, u8 ref, const char *pin_label)
 {
  struct sc_apdu apdu;
  int r;
  u8 buf[6];
  u8 prot_intact[6] = {0xE3, 0x04, 0x90, 0x02, 0x00, 0x01};
  u8 prot_broken[6] = {0xE3, 0x04, 0x90, 0x02, 0x00, 0x00};
 
- sc_format_apdu_ex(&apdu, 0x80, 0xCA, 0x00, 0x0B, NULL, 0, buf, sizeof(buf));
+ sc_format_apdu_ex(&apdu, 0x80, 0xCA, 0x00, ref, NULL, 0, buf, sizeof(buf));
 
  r = sc_transmit_apdu(card, &apdu);
  if (r != SC_SUCCESS) {
- fprintf(stderr, "Check transport protection: APDU transmit failed (%s)\n", sc_strerror(r));
+ fprintf(stderr, "Check transport protection of %s: APDU transmit failed (%s)\n", pin_label, sc_strerror(r));
  return -1;
  }
 
  r = sc_check_sw(card, apdu.sw1, apdu.sw2);
  if (r != SC_SUCCESS) {
- fprintf(stderr, "Check transport protection: GET_DATA failed (%s)\n", sc_strerror(r));
+ fprintf(stderr, "Check transport protection of %s: GET_DATA failed (%s)\n", pin_label, sc_strerror(r));
  return -1;
  }
 
  if (apdu.resplen == sizeof(prot_intact) && !memcmp(apdu.resp, prot_intact, 6)) {
- printf("Transport protection is still intact.\n");
+ printf("Transport protection of %s is still intact.\n", pin_label);
  return 0;
  } else if (apdu.resplen == sizeof(prot_broken) && !memcmp(apdu.resp, prot_broken, 6)) {
- printf("Transport protection is broken.\n");
+ printf("Transport protection of %s is broken.\n", pin_label);
  return 1;
  }
 
- fprintf(stderr, "Check transport protection: illegal response: ");
+ fprintf(stderr, "Check transport protection of %s: illegal response: ", pin_label);
  util_hex_dump(stderr, apdu.resp, apdu.resplen, " ");
  fprintf(stderr, "\n");
 
@@ -385,13 +385,33 @@ main(int argc, char *argv[])
  }
  }
 
- if (opt_check)
- check_transport_protection(card);
+ if (opt_check) {
+ switch (card->type) {
+ case SC_CARD_TYPE_DTRUST_V4_1_STD:
+ case SC_CARD_TYPE_DTRUST_V4_1_MULTI:
+ case SC_CARD_TYPE_DTRUST_V4_1_M100:
+ case SC_CARD_TYPE_DTRUST_V4_4_STD:
+ case SC_CARD_TYPE_DTRUST_V4_4_MULTI:
+ check_transport_protection(card, 0x0B, "Signature PIN");
+ break;
+
+ case SC_CARD_TYPE_DTRUST_V5_1_STD:
+ case SC_CARD_TYPE_DTRUST_V5_1_MULTI:
+ case SC_CARD_TYPE_DTRUST_V5_1_M100:
+ check_transport_protection(card, 0x0B, "Signature PIN");
+ /* FALLTHRU */
+
+ case SC_CARD_TYPE_DTRUST_V5_4_STD:
+ case SC_CARD_TYPE_DTRUST_V5_4_MULTI:
+ check_transport_protection(card, 0x0C, "Authentication PIN");
+ break;
+ }
+ }
 
  if (opt_unlock) {
- r = check_transport_protection(card);
+ r = check_transport_protection(card, 0x0B, "Signature PIN");
  if (r)
- printf("Cannot remove transport protection.\n");
+ printf("Cannot remove transport protection of Signature PIN.\n");
  else
  unlock_transport_protection(card);
  }