|
|
|
@ -510,14 +510,14 @@ int optiga_pin_set(OPTIGA_UI_PROGRESS ui_progress,
|
|
|
|
|
sizeof(stretched_pin));
|
|
|
|
|
memzero(stretched_pin, sizeof(stretched_pin));
|
|
|
|
|
if (res != OPTIGA_SUCCESS) {
|
|
|
|
|
optiga_clear_auto_state(OID_PIN_SECRET);
|
|
|
|
|
(void)optiga_clear_auto_state(OID_PIN_SECRET);
|
|
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Initialize the PIN counter.
|
|
|
|
|
res = optiga_set_data_object(OID_PIN_COUNTER, false, COUNTER_RESET,
|
|
|
|
|
sizeof(COUNTER_RESET));
|
|
|
|
|
optiga_clear_auto_state(OID_PIN_SECRET);
|
|
|
|
|
(void)optiga_clear_auto_state(OID_PIN_SECRET);
|
|
|
|
|
if (res != OPTIGA_SUCCESS) {
|
|
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
@ -588,7 +588,7 @@ int optiga_pin_verify(OPTIGA_UI_PROGRESS ui_progress,
|
|
|
|
|
size_t size = 0;
|
|
|
|
|
res = optiga_get_data_object(OID_PIN_SECRET, false, out_secret,
|
|
|
|
|
OPTIGA_PIN_SECRET_SIZE, &size);
|
|
|
|
|
optiga_clear_auto_state(OID_STRETCHED_PIN);
|
|
|
|
|
(void)optiga_clear_auto_state(OID_STRETCHED_PIN);
|
|
|
|
|
if (res != OPTIGA_SUCCESS) {
|
|
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
@ -609,7 +609,7 @@ int optiga_pin_verify(OPTIGA_UI_PROGRESS ui_progress,
|
|
|
|
|
// Reset the PIN counter.
|
|
|
|
|
res = optiga_set_data_object(OID_PIN_COUNTER, false, COUNTER_RESET,
|
|
|
|
|
sizeof(COUNTER_RESET));
|
|
|
|
|
optiga_clear_auto_state(OID_PIN_SECRET);
|
|
|
|
|
(void)optiga_clear_auto_state(OID_PIN_SECRET);
|
|
|
|
|
if (res != OPTIGA_SUCCESS) {
|
|
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
@ -664,3 +664,32 @@ int optiga_pin_fails_increase(uint32_t count) {
|
|
|
|
|
|
|
|
|
|
return optiga_count_data_object(OID_PIN_COUNTER, count);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool optiga_pin_wipe(void) {
|
|
|
|
|
bool ret = true;
|
|
|
|
|
|
|
|
|
|
if (optiga_pin_init_stretch() != OPTIGA_SUCCESS) {
|
|
|
|
|
ret = false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wipe the master secret / PIN counter reset key.
|
|
|
|
|
const uint8_t empty[] = {0};
|
|
|
|
|
if (optiga_set_data_object(OID_PIN_SECRET, false, empty, sizeof(empty)) !=
|
|
|
|
|
OPTIGA_SUCCESS) {
|
|
|
|
|
ret = false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Authorise using OID_PIN_SECRET so that we can wipe OID_STRETCHED_PIN.
|
|
|
|
|
if (optiga_set_auto_state(OPTIGA_OID_SESSION_CTX, OID_PIN_SECRET, empty,
|
|
|
|
|
sizeof(empty)) != OPTIGA_SUCCESS) {
|
|
|
|
|
ret = false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wipe the stretched PIN.
|
|
|
|
|
if (optiga_set_data_object(OID_STRETCHED_PIN, false, empty, sizeof(empty)) !=
|
|
|
|
|
OPTIGA_SUCCESS) {
|
|
|
|
|
ret = false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|