/[openpgpmdrv]/trunk/OpenPGPminidriver/CardPinOperation.c
ViewVC logotype

Contents of /trunk/OpenPGPminidriver/CardPinOperation.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 11 - (show annotations)
Thu Mar 18 16:03:39 2010 UTC (15 years, 1 month ago) by vletoux
File MIME type: text/plain
File size: 19614 byte(s) 
first working & stable version
1 /* OpenPGP Smart Card Mini Driver
2 Copyright (C) 2009 Vincent Le Toux
3
4 This library is Free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License version 2.1 as published by the Free Software Foundation.
7
8 This library is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 Lesser General Public License for more details.
12
13 You should have received a copy of the GNU Lesser General Public
14 License along with this library; if not, write to the Free Software
15 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
16 */
17
18 #include <windows.h>
19 #include <cardmod.h>
20 #include "Tracing.h"
21 #include "Context.h"
22 #include "SmartCard.h"
23 #include "PinOperations.h"
24
25
26 // 4.2 Card PIN Operations
27
28 /** The CardAuthenticatePin function submits a PIN value as a string
29 to the card to establish the user’s identity and to satisfy access
30 conditions for an operation to be undertaken on the user’s behalf.
31 Submission of a PIN to the card may involve some processing by the card
32 minidriver to render the PIN information to a card-specific form. */
33
34 DWORD WINAPI CardAuthenticatePin(
35 __in PCARD_DATA pCardData,
36 __in LPWSTR pwszUserId,
37 __in_bcount(cbPin) PBYTE pbPin,
38 __in DWORD cbPin,
39 __out_opt PDWORD pcAttemptsRemaining
40 )
41 {
42 DWORD dwReturn = 0;
43 Trace(WINEVENT_LEVEL_VERBOSE, L"Enter authenticate %s", pwszUserId);
44 __try
45 {
46 if ( pCardData == NULL )
47 {
48 Trace(WINEVENT_LEVEL_ERROR, L"pCardData == NULL");
49 dwReturn = SCARD_E_INVALID_PARAMETER;
50 __leave;
51 }
52 if ( pwszUserId == NULL )
53 {
54 Trace(WINEVENT_LEVEL_ERROR, L"pwszUserId == NULL");
55 dwReturn = SCARD_E_INVALID_PARAMETER;
56 __leave;
57 }
58 if ( pbPin == NULL )
59 {
60 Trace(WINEVENT_LEVEL_ERROR, L"pbPin == NULL");
61 dwReturn = SCARD_E_INVALID_PARAMETER;
62 __leave;
63 }
64 dwReturn = CheckContext(pCardData);
65 if ( dwReturn )
66 {
67 Trace(WINEVENT_LEVEL_ERROR, L"GetContext dwReturn == 0x%08X", dwReturn);
68 dwReturn = SCARD_E_INVALID_PARAMETER;
69 __leave;
70 }
71 if ( wcscmp(pwszUserId, wszCARD_USER_USER) == 0 )
72 {
73 dwReturn = CheckPinLength(pCardData, ROLE_USER, cbPin);
74 if (dwReturn)
75 {
76 __leave;
77 }
78 dwReturn = VerifyPIN(pCardData, ROLE_USER, pbPin, cbPin);
79 if (dwReturn && pcAttemptsRemaining)
80 {
81 GetRemainingPin(pCardData, ROLE_USER, pcAttemptsRemaining);
82 }
83 }
84 else if ( wcscmp(pwszUserId, wszCARD_USER_ADMIN) == 0)
85 {
86 dwReturn = CheckPinLength(pCardData, ROLE_ADMIN, cbPin);
87 if (dwReturn)
88 {
89 __leave;
90 }
91 dwReturn = VerifyPIN(pCardData, ROLE_ADMIN, pbPin, cbPin);
92 if (dwReturn && pcAttemptsRemaining)
93 {
94 GetRemainingPin(pCardData, ROLE_ADMIN, pcAttemptsRemaining);
95 }
96 }
97 else
98 {
99 Trace(WINEVENT_LEVEL_ERROR, L"pwszUserId unknown : %s", pwszUserId);
100 dwReturn = SCARD_E_INVALID_PARAMETER;
101 __leave;
102 }
103
104 }
105 __finally
106 {
107 }
108 Trace(WINEVENT_LEVEL_VERBOSE, L"dwReturn = 0x%08X",dwReturn);
109 return dwReturn;
110 }
111
112 /** A card principal can be authenticated by using either a PIN
113 or a challenge/response protocol in which the card generates a block
114 of challenge data by using its administrative key. The authenticating
115 caller must compute the response to the challenge by using shared
116 knowledge of that key and submit the response back to the card.
117 If the response is correct, the principal is authenticated to the card. */
118
119 DWORD WINAPI CardGetChallenge(
120 __in PCARD_DATA pCardData,
121 __deref_out_bcount(*pcbChallengeData) PBYTE *ppbChallengeData,
122 __out PDWORD pcbChallengeData
123 )
124 {
125 Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
126 return SCARD_E_UNSUPPORTED_FEATURE;
127 }
128
129 /** The CardAuthenticateChallenge function performs authentication of
130 a card principal by using a challenge/response protocol. The caller of
131 this function must have previously called CardGetChallenge to retrieve
132 the challenge data from the card and computed the correct response data
133 to submit with this call. */
134
135 DWORD WINAPI CardAuthenticateChallenge(
136 __in PCARD_DATA pCardData,
137 __in_bcount(cbResponseData) PBYTE pbResponseData,
138 __in DWORD cbResponseData,
139 __out_opt PDWORD pcAttemptsRemaining
140 )
141 {
142 Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
143 return SCARD_E_UNSUPPORTED_FEATURE;
144 }
145
146 /** The CardDeauthenticate function is an optional export that should be
147 provided if it is possible within the card minidriver to efficiently reverse
148 the effect of authenticating a user or administrator without resetting
149 the card. If this function is not implemented, the card minidriver should
150 put NULL in the CARD_DATA structure pointer for this function.
151 The Base CSP/KSP tests this pointer for NULL value before calling it. If it
152 is found NULL, the Base CSP/KSP deauthenticates a user by resetting the
153 card. Because a card reset is a time-consuming operation, the card minidriver
154 should implement this function if it can be done.
155 */
156
157 DWORD WINAPI CardDeauthenticate(
158 __in PCARD_DATA pCardData,
159 __in LPWSTR pwszUserId,
160 __in DWORD dwFlags
161 )
162 {
163 DWORD dwReturn = 0;
164 Trace(WINEVENT_LEVEL_VERBOSE, L"Enter %s", pwszUserId);
165 __try
166 {
167 if ( pCardData == NULL )
168 {
169 Trace(WINEVENT_LEVEL_ERROR, L"pCardData == NULL");
170 dwReturn = SCARD_E_INVALID_PARAMETER;
171 __leave;
172 }
173 if ( pwszUserId == NULL )
174 {
175 Trace(WINEVENT_LEVEL_ERROR, L"pwszUserId == NULL");
176 dwReturn = SCARD_E_INVALID_PARAMETER;
177 __leave;
178 }
179 if ( dwFlags != 0 )
180 {
181 Trace(WINEVENT_LEVEL_ERROR, L"dwFlags != 0 : %d", dwFlags);
182 dwReturn = SCARD_E_INVALID_PARAMETER;
183 __leave;
184 }
185 dwReturn = CheckContext(pCardData);
186 if ( dwReturn )
187 {
188 Trace(WINEVENT_LEVEL_ERROR, L"GetContext dwReturn == 0x%08X", dwReturn);
189 dwReturn = SCARD_E_INVALID_PARAMETER;
190 __leave;
191 }
192 dwReturn = Deauthenticate(pCardData);
193 }
194 __finally
195 {
196 }
197 Trace(WINEVENT_LEVEL_VERBOSE, L"%s dwReturn = 0x%08X", pwszUserId,dwReturn);
198 return dwReturn;
199 }
200
201 /** The CardAuthenticateEx function handles PIN authentication operations to the card.
202 This function replaces the CardAuthenticate function of earlier versions of these
203 specifications and adds support for the following PIN types:
204 • External PINs, which are PINs that are accessed from a device that is connected to the computer.
205 • Challenge/response PINs.
206 • Secure PIN channels.
207 • Session PINs.
208 */
209 DWORD WINAPI CardAuthenticateEx(
210 __in PCARD_DATA pCardData,
211 __in PIN_ID PinId,
212 __in DWORD dwFlags,
213 __in_bcount(cbPinData) PBYTE pbPinData,
214 __in DWORD cbPinData,
215 __deref_opt_out_bcount(*pcbSessionPin) PBYTE *ppbSessionPin,
216 __out_opt PDWORD pcbSessionPin,
217 __out_opt PDWORD pcAttemptsRemaining
218 )
219 {
220 DWORD dwReturn = 0;
221 Trace(WINEVENT_LEVEL_VERBOSE, L"Enter authenticate %d", PinId);
222 __try
223 {
224 if ( pCardData == NULL )
225 {
226 Trace(WINEVENT_LEVEL_ERROR, L"pCardData == NULL");
227 dwReturn = SCARD_E_INVALID_PARAMETER;
228 __leave;
229 }
230 if ((dwFlags & CARD_AUTHENTICATE_GENERATE_SESSION_PIN)
231 || (dwFlags & CARD_AUTHENTICATE_SESSION_PIN))
232 {
233 if ( ( ppbSessionPin == NULL ) ||
234 ( pcbSessionPin == NULL ) )
235 {
236 Trace(WINEVENT_LEVEL_ERROR, L"ppbSessionPin == NULL");
237 dwReturn = SCARD_E_INVALID_PARAMETER;
238 __leave;
239 }
240 else
241 {
242 Trace(WINEVENT_LEVEL_ERROR, L"SESSION_PIN SCARD_E_UNSUPPORTED_FEATURE");
243 dwReturn = SCARD_E_UNSUPPORTED_FEATURE;
244 __leave;
245 }
246 }
247 if ( pbPinData == NULL )
248 {
249 Trace(WINEVENT_LEVEL_ERROR, L"pbPinData == NULL");
250 dwReturn = SCARD_E_INVALID_PARAMETER;
251 __leave;
252 }
253 dwReturn = CheckContext(pCardData);
254 if ( dwReturn )
255 {
256 Trace(WINEVENT_LEVEL_ERROR, L"GetContext dwReturn == 0x%08X", dwReturn);
257 dwReturn = SCARD_E_INVALID_PARAMETER;
258 __leave;
259 }
260 dwReturn = CheckPinLength(pCardData, PinId, cbPinData);
261 if (dwReturn)
262 {
263 __leave;
264 }
265 dwReturn = VerifyPIN(pCardData, PinId, pbPinData, cbPinData);
266 if (dwReturn && pcAttemptsRemaining)
267 {
268 GetRemainingPin(pCardData, PinId, pcAttemptsRemaining);
269 }
270 }
271 __finally
272 {
273 }
274 Trace(WINEVENT_LEVEL_VERBOSE, L"dwReturn = 0x%08X",dwReturn);
275 return dwReturn;
276 }
277
278 /** Besides authentication by using a PIN, a card principal can be authenticated
279 by using a challenge/response protocol in which the card generates a block of challenge data.
280 The authenticating caller must compute the response to the challenge by using
281 shared knowledge of a key and submit the response back to the card by calling
282 CardGetChallengeEx. If the response is correct, the principal is authenticated to the card.
283 */
284
285 DWORD WINAPI CardGetChallengeEx(
286 __in PCARD_DATA pCardData,
287 __in PIN_ID PinId,
288 __deref_out_bcount(*pcbChallengeData) PBYTE *ppbChallengeData,
289 __out PDWORD pcbChallengeData,
290 __in DWORD dwFlags
291 )
292 {
293 Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
294 return SCARD_E_UNSUPPORTED_FEATURE;
295 }
296
297 /** The CardDeauthenticateEx function must always be provided. If it is not
298 possible within the card minidriver to efficiently reverse the effect of an
299 authentication operation without resetting the card, the call must return
300 SCARD_E_UNSUPPORTED_FEATURE. In this situation, the Base CSP/KSP performs
301 deauthentication by resetting the card. Because a card reset is a time-consuming
302 operation, the card minidriver must implement this function if it can be done.*/
303
304 DWORD WINAPI CardDeauthenticateEx(
305 __in PCARD_DATA pCardData,
306 __in PIN_SET PinId,
307 __in DWORD dwFlags
308 )
309 {
310 DWORD dwReturn = 0;
311 Trace(WINEVENT_LEVEL_VERBOSE, L"Enter PinId = %d", PinId);
312 __try
313 {
314 if ( pCardData == NULL )
315 {
316 Trace(WINEVENT_LEVEL_ERROR, L"pCardData == NULL");
317 dwReturn = SCARD_E_INVALID_PARAMETER;
318 __leave;
319 }
320 if ( dwFlags != 0 )
321 {
322 Trace(WINEVENT_LEVEL_ERROR, L"dwFlags != 0 : %d", dwFlags);
323 dwReturn = SCARD_E_INVALID_PARAMETER;
324 __leave;
325 }
326 dwReturn = CheckContext(pCardData);
327 if ( dwReturn )
328 {
329 Trace(WINEVENT_LEVEL_ERROR, L"GetContext dwReturn == 0x%08X", dwReturn);
330 dwReturn = SCARD_E_INVALID_PARAMETER;
331 __leave;
332 }
333 dwReturn = Deauthenticate(pCardData);
334 }
335 __finally
336 {
337 }
338 Trace(WINEVENT_LEVEL_VERBOSE, L"PinId = %d dwReturn = 0x%08X",PinId, dwReturn);
339 return dwReturn;
340 }
341
342 /** The CardUnblockPin function is used to unblock a card that has become
343 blocked by too many incorrect PIN entry attempts. The unblock function is
344 atomic in that authentication and unblocking the card must occur as a single
345 operation. Therefore, authentication information and the new user PIN must
346 be presented when the call is made.*/
347
348 DWORD WINAPI CardUnblockPin(
349 __in PCARD_DATA pCardData,
350 __in LPWSTR pwszUserId,
351 __in_bcount(cbAuthenticationData) PBYTE pbAuthenticationData,
352 __in DWORD cbAuthenticationData,
353 __in_bcount(cbNewPinData) PBYTE pbNewPinData,
354 __in DWORD cbNewPinData,
355 __in DWORD cRetryCount,
356 __in DWORD dwFlags
357 )
358 {
359 DWORD dwReturn = 0;
360
361 Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
362 __try
363 {
364 if ( pCardData == NULL )
365 {
366 Trace(WINEVENT_LEVEL_ERROR, L"pCardData == NULL");
367 dwReturn = SCARD_E_INVALID_PARAMETER;
368 __leave;
369 }
370 if ( pwszUserId == NULL )
371 {
372 Trace(WINEVENT_LEVEL_ERROR, L"pwszUserId == NULL");
373 dwReturn = SCARD_E_INVALID_PARAMETER;
374 __leave;
375 }
376 if ( pbAuthenticationData == NULL )
377 {
378 Trace(WINEVENT_LEVEL_ERROR, L"pbAuthenticationData == NULL");
379 dwReturn = SCARD_E_INVALID_PARAMETER;
380 __leave;
381 }
382 if ( pbNewPinData == NULL )
383 {
384 Trace(WINEVENT_LEVEL_ERROR, L"pbNewPinData == NULL");
385 dwReturn = SCARD_E_INVALID_PARAMETER;
386 __leave;
387 }
388 if (dwFlags == CARD_AUTHENTICATE_PIN_CHALLENGE_RESPONSE)
389 {
390 dwReturn = SCARD_E_UNSUPPORTED_FEATURE;
391 Trace(WINEVENT_LEVEL_ERROR, L"CARD_AUTHENTICATE_PIN_CHALLENGE_RESPONSE SCARD_E_UNSUPPORTED_FEATURE");
392 __leave;
393 }
394 if (dwFlags != CARD_AUTHENTICATE_PIN_PIN)
395 {
396 dwReturn = SCARD_E_INVALID_PARAMETER;
397 Trace(WINEVENT_LEVEL_ERROR, L"SCARD_E_INVALID_PARAMETER dwFlags = 0x%08X", dwFlags);
398 __leave;
399 }
400 dwReturn = CheckContext(pCardData);
401 if ( !dwReturn )
402 {
403 Trace(WINEVENT_LEVEL_ERROR, L"GetContext dwReturn == 0x%08X", dwReturn);
404 dwReturn = SCARD_E_INVALID_PARAMETER;
405 __leave;
406 }
407 if ( wcscmp(pwszUserId, wszCARD_USER_USER) == 0 )
408 {
409 dwReturn = ResetUserPIN(pCardData, ROLE_PUK,
410 pbAuthenticationData, cbAuthenticationData,
411 pbNewPinData, cbNewPinData);
412 }
413 else if ( wcscmp(pwszUserId, wszCARD_USER_ADMIN) == 0)
414 {
415 dwReturn = SCARD_E_UNSUPPORTED_FEATURE;
416 Trace(WINEVENT_LEVEL_ERROR, L"wszCARD_USER_ADMIN");
417 __leave;
418 }
419 else
420 {
421 Trace(WINEVENT_LEVEL_ERROR, L"pwszUserId unknown : %s", pwszUserId);
422 dwReturn = SCARD_E_INVALID_PARAMETER;
423 __leave;
424 }
425 }
426 __finally
427 {
428 }
429 Trace(WINEVENT_LEVEL_VERBOSE, L"dwReturn = 0x%08X",dwReturn);
430 return dwReturn;
431 }
432
433 /** This function changes the authenticator for the affected card principal.
434 It can be used to change a user’s PIN or to change the challenge/response key.
435 The two usages are distinguished by use of a flag value.*/
436
437 DWORD WINAPI CardChangeAuthenticator(
438 __in PCARD_DATA pCardData,
439 __in LPWSTR pwszUserId,
440 __in_bcount(cbCurrentAuthenticator)
441 PBYTE pbCurrentAuthenticator,
442 __in DWORD cbCurrentAuthenticator,
443 __in_bcount(cbNewAuthenticator) PBYTE pbNewAuthenticator,
444 __in DWORD cbNewAuthenticator,
445 __in DWORD cRetryCount,
446 __in DWORD dwFlags,
447 __out_opt PDWORD pcAttemptsRemaining
448 )
449 {
450 DWORD dwReturn = 0;
451
452 Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
453 __try
454 {
455 if ( pCardData == NULL )
456 {
457 Trace(WINEVENT_LEVEL_ERROR, L"pCardData == NULL");
458 dwReturn = SCARD_E_INVALID_PARAMETER;
459 __leave;
460 }
461 if ( pwszUserId == NULL )
462 {
463 Trace(WINEVENT_LEVEL_ERROR, L"pwszUserId == NULL");
464 dwReturn = SCARD_E_INVALID_PARAMETER;
465 __leave;
466 }
467 if ( pbCurrentAuthenticator == NULL )
468 {
469 Trace(WINEVENT_LEVEL_ERROR, L"pbCurrentAuthenticator == NULL");
470 dwReturn = SCARD_E_INVALID_PARAMETER;
471 __leave;
472 }
473 if ( pbNewAuthenticator == NULL )
474 {
475 Trace(WINEVENT_LEVEL_ERROR, L"pbNewAuthenticator == NULL");
476 dwReturn = SCARD_E_INVALID_PARAMETER;
477 __leave;
478 }
479 if (dwFlags == CARD_AUTHENTICATE_PIN_CHALLENGE_RESPONSE)
480 {
481 dwReturn = SCARD_E_UNSUPPORTED_FEATURE;
482 Trace(WINEVENT_LEVEL_ERROR, L"dwFlags = 0x%08X", dwFlags);
483 __leave;
484 }
485 if (dwFlags != CARD_AUTHENTICATE_PIN_PIN)
486 {
487 dwReturn = SCARD_E_INVALID_PARAMETER;
488 Trace(WINEVENT_LEVEL_ERROR, L"dwFlags = 0x%08X", dwFlags);
489 __leave;
490 }
491 if (cRetryCount)
492 {
493 dwReturn = SCARD_E_INVALID_PARAMETER;
494 Trace(WINEVENT_LEVEL_ERROR, L"cRetryCount = %d", cRetryCount);
495 __leave;
496 }
497 dwReturn = CheckContext(pCardData);
498 if (dwReturn )
499 {
500 Trace(WINEVENT_LEVEL_ERROR, L"GetContext dwReturn == 0x%08X", dwReturn);
501 dwReturn = SCARD_E_INVALID_PARAMETER;
502 __leave;
503 }
504 if ( wcscmp(pwszUserId, wszCARD_USER_USER) == 0 )
505 {
506 dwReturn = ChangePIN(pCardData, ROLE_USER,
507 pbCurrentAuthenticator, cbCurrentAuthenticator,
508 pbNewAuthenticator, cbNewAuthenticator);
509 if (dwReturn && pcAttemptsRemaining)
510 {
511 GetRemainingPin(pCardData, ROLE_USER, pcAttemptsRemaining);
512 }
513 }
514 else if ( wcscmp(pwszUserId, wszCARD_USER_ADMIN) == 0)
515 {
516 dwReturn = ChangePIN(pCardData, ROLE_ADMIN,
517 pbCurrentAuthenticator, cbCurrentAuthenticator,
518 pbNewAuthenticator, cbNewAuthenticator);
519 if (dwReturn && pcAttemptsRemaining)
520 {
521 GetRemainingPin(pCardData,ROLE_ADMIN, pcAttemptsRemaining);
522 }
523 }
524 else
525 {
526 Trace(WINEVENT_LEVEL_ERROR, L"pwszUserId unknown : %s", pwszUserId);
527 dwReturn = SCARD_E_INVALID_PARAMETER;
528 __leave;
529 }
530 }
531 __finally
532 {
533 }
534 Trace(WINEVENT_LEVEL_VERBOSE, L"dwReturn = 0x%08X",dwReturn);
535 return dwReturn;
536 }
537
538
539 /** This function changes the authenticator for the affected card principal.
540 It can be used to change a PIN or unblock a PIN. The usages are distinguished
541 by use of a flag value.*/
542
543 DWORD WINAPI CardChangeAuthenticatorEx(
544 __in PCARD_DATA pCardData,
545 __in DWORD dwFlags,
546 __in PIN_ID dwAuthenticatingPinId,
547 __in_bcount(cbAuthenticatingPinData)
548 PBYTE pbAuthenticatingPinData,
549 __in DWORD cbAuthenticatingPinData,
550 __in PIN_ID dwTargetPinId,
551 __in_bcount(cbTargetData) PBYTE pbTargetData,
552 __in DWORD cbTargetData,
553 __in DWORD cRetryCount,
554 __out_opt PDWORD pcAttemptsRemaining
555 )
556 {
557 DWORD dwReturn = 0;
558
559 Trace(WINEVENT_LEVEL_VERBOSE, L"Enter");
560 __try
561 {
562 if ( pCardData == NULL )
563 {
564 Trace(WINEVENT_LEVEL_ERROR, L"pCardData == NULL");
565 dwReturn = SCARD_E_INVALID_PARAMETER;
566 __leave;
567 }
568 if ( pbAuthenticatingPinData == NULL )
569 {
570 Trace(WINEVENT_LEVEL_ERROR, L"pbAuthenticatingPinData == NULL");
571 dwReturn = SCARD_E_INVALID_PARAMETER;
572 __leave;
573 }
574 if ( pbTargetData == NULL )
575 {
576 Trace(WINEVENT_LEVEL_ERROR, L"pbTargetData == NULL");
577 dwReturn = SCARD_E_INVALID_PARAMETER;
578 __leave;
579 }
580 if (dwFlags != PIN_CHANGE_FLAG_UNBLOCK && dwFlags != PIN_CHANGE_FLAG_CHANGEPIN)
581 {
582 dwReturn = SCARD_E_INVALID_PARAMETER;
583 Trace(WINEVENT_LEVEL_ERROR, L"dwFlags = 0x%08X", dwFlags);
584 __leave;
585 }
586 if (cRetryCount)
587 {
588 dwReturn = SCARD_E_INVALID_PARAMETER;
589 Trace(WINEVENT_LEVEL_ERROR, L"cRetryCount = %d", cRetryCount);
590 __leave;
591 }
592 dwReturn = CheckContext(pCardData);
593 if ( dwReturn )
594 {
595 Trace(WINEVENT_LEVEL_ERROR, L"GetContext dwReturn == 0x%08X", dwReturn);
596 dwReturn = SCARD_E_INVALID_PARAMETER;
597 __leave;
598 }
599 if ( dwAuthenticatingPinId == dwTargetPinId && dwFlags == PIN_CHANGE_FLAG_CHANGEPIN)
600 {
601 dwReturn = ChangePIN(pCardData, dwAuthenticatingPinId,
602 pbAuthenticatingPinData, cbAuthenticatingPinData,
603 pbTargetData, cbTargetData);
604 if (dwReturn && pcAttemptsRemaining)
605 {
606 GetRemainingPin(pCardData, dwAuthenticatingPinId, pcAttemptsRemaining);
607 }
608 }
609 else if ( (dwAuthenticatingPinId == ROLE_ADMIN || dwAuthenticatingPinId == ROLE_PUK )
610 && (dwTargetPinId == ROLE_USER || dwTargetPinId == ROLE_AUTHENTICATION)
611 && dwFlags == PIN_CHANGE_FLAG_UNBLOCK)
612 {
613 dwReturn = ResetUserPIN(pCardData, dwAuthenticatingPinId,
614 pbAuthenticatingPinData, cbAuthenticatingPinData,
615 pbTargetData, cbTargetData);
616 if (dwReturn && pcAttemptsRemaining)
617 {
618 GetRemainingPin(pCardData,dwAuthenticatingPinId, pcAttemptsRemaining);
619 }
620 }
621 else if ( dwAuthenticatingPinId == ROLE_ADMIN
622 && dwTargetPinId == ROLE_PUK && dwFlags == PIN_CHANGE_FLAG_CHANGEPIN)
623 {
624 dwReturn = SetPUK(pCardData,
625 pbAuthenticatingPinData, cbAuthenticatingPinData,
626 pbTargetData, cbTargetData);
627 if (dwReturn && pcAttemptsRemaining)
628 {
629 GetRemainingPin(pCardData,dwAuthenticatingPinId, pcAttemptsRemaining);
630 }
631 }
632 else
633 {
634 Trace(WINEVENT_LEVEL_ERROR, L"unknown role match: %d %d", dwAuthenticatingPinId, dwTargetPinId);
635 dwReturn = SCARD_E_INVALID_PARAMETER;
636 __leave;
637 }
638 }
639 __finally
640 {
641 }
642 Trace(WINEVENT_LEVEL_VERBOSE, L"dwReturn = 0x%08X",dwReturn);
643 return dwReturn;
644 }
[email protected]
 ViewVC Help
Powered by ViewVC 1.1.26