chrisboyle · March 28, 2021 22:20
diff --git a/dp855.patch b/dp855.patch
 Description: Support Vasco DP855 PIN pad with horrible hacks
 Disable varlen and assume PIN lengths.
 Author: Chris Boyle <[email protected]>

 ---
 The information above should follow the Patch Tagging Guidelines, please
 checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
 are templates for supplementary fields that you might want to add:

 Origin: <vendor|upstream|other>, <url of original patch>
 Bug: <url in upstream bugtracker>
 Bug-Debian: https://bugs.debian.org/<bugnumber>
 Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
 Forwarded: <no|not-needed|url proving that it has been forwarded>
 Reviewed-By: <name and email of someone who approved the patch>
 Last-Update: 2021-03-27

 --- gnupg2-2.2.19.orig/scd/apdu.c
 +++ gnupg2-2.2.19/scd/apdu.c
 @@ -1040,7 +1040,7 @@ pcsc_vendor_specific_init (int slot)
       reader_table[slot].pinpad_varlen_supported = 1;
     }
   else if (vendor == 0x0c4b /* Tested with Reiner cyberJack GO */
 -           || vendor == 0x1a44 /* Tested with Vasco DIGIPASS 920 */
 +           || (vendor == 0x1a44 && product != 0x0855) /* Tested with Vasco DIGIPASS 920; broken with DP855 */
            || vendor == 0x234b /* Tested with FSIJ Gnuk Token */
            || vendor == 0x0d46 /* Tested with KAAN Advanced??? */
            || (vendor == 0x1fc9 && product == 0x81e6) /* Tested with Trustica Cryptoucan */)
 @@ -1170,8 +1170,13 @@ check_pcsc_pinpad (int slot, int command
 
   if (!pininfo->minlen)
     pininfo->minlen = 1;
 -  if (!pininfo->maxlen)
 -    pininfo->maxlen = 15;
 +  if (!pininfo->maxlen) {
 +    if (pininfo->minlen) {
 +      pininfo->fixedlen = pininfo->maxlen = pininfo->minlen;
 +    } else {
 +      pininfo->maxlen = 15;
 +    }
 +  }
 
   if ((command == ISO7816_VERIFY && reader_table[slot].pcsc.verify_ioctl != 0)
       || (command == ISO7816_CHANGE_REFERENCE_DATA
 --- gnupg2-2.2.19.orig/scd/app-openpgp.c
 +++ gnupg2-2.2.19/scd/app-openpgp.c
 @@ -661,9 +661,9 @@ parse_login_data (app_t app)
   /* Set defaults.  */
   app->app_local->flags.no_sync = 0;
   app->app_local->flags.def_chv2 = 0;
 -  app->app_local->pinpad.specified = 0;
 -  app->app_local->pinpad.fixedlen_user = -1;
 -  app->app_local->pinpad.fixedlen_admin = -1;
 +  app->app_local->pinpad.specified = 1;
 +  app->app_local->pinpad.fixedlen_user = 6;
 +  app->app_local->pinpad.fixedlen_admin = 8;
 
   /* Read the DO.  */
   relptr = get_one_do (app, 0x005E, &buffer, &buflen, NULL);
 @@ -1993,6 +1993,8 @@ do_readcert (app_t app, const char *cert
 static int
 check_pinpad_request (app_t app, pininfo_t *pininfo, int admin_pin)
 {
 +  return 0;
 +#if 0
   if (app->app_local->pinpad.specified == 0) /* No preference on card.  */
     {
       if (pininfo->fixedlen == 0) /* Reader has varlen capability.  */
 @@ -2018,6 +2020,7 @@ check_pinpad_request (app_t app, pininfo
     return 1;
 
   return 0;
 +#endif
 }
 
 
 @@ -2607,7 +2610,7 @@ do_change_pin (app_t app, ctrl_t ctrl,
   int set_resetcode = 0;
   pininfo_t pininfo;
   int use_pinpad = 0;
 -  int minlen = 6;
 +  int minlen = (chvno == 3) ? 8 : 6;
   int pinlen0 = 0;
   int pinlen = 0;
 
 --- gnupg2-2.2.19.orig/scd/ccid-driver.c
 +++ gnupg2-2.2.19/scd/ccid-driver.c
 @@ -3402,8 +3402,8 @@ ccid_transceive_secure (ccid_driver_t ha
       enable_varlen = 1;
       break;
     case VENDOR_REINER:/* Tested with cyberJack go */
 -    case VENDOR_VASCO: /* Tested with DIGIPASS 920 */
 -      enable_varlen = 1;
 +    case VENDOR_VASCO: /* Tested with DIGIPASS 920; broken with DP855 */
 +      enable_varlen = (handle->id_product == VASCO_DP855) ? 0 : 1;
       break;
     case VENDOR_CHERRY:
       pininfo->maxlen = 15;
 --- gnupg2-2.2.19.orig/scd/ccid-driver.h
 +++ gnupg2-2.2.19/scd/ccid-driver.h
 @@ -81,6 +81,7 @@ enum {
 #define SCM_SPR532      0xe003    /* Also used succeeding model SPR332. */
 #define CHERRY_ST2000   0x003e
 #define VASCO_920       0x0920
 +#define VASCO_DP855     0x0855
 #define GEMPC_PINPAD    0x3478
 #define GEMPC_CT30      0x3437
 #define GEMPC_EZIO      0x34c2    /* (!=34c0) Also known as IDBridge CT710 */
	Description: Support Vasco DP855 PIN pad with horrible hacks
	Disable varlen and assume PIN lengths.
	Author: Chris Boyle <[email protected]>

	---
	The information above should follow the Patch Tagging Guidelines, please
	checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
	are templates for supplementary fields that you might want to add:

	Origin: <vendor\|upstream\|other>, <url of original patch>
	Bug: <url in upstream bugtracker>
	Bug-Debian: https://bugs.debian.org/<bugnumber>
	Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
	Forwarded: <no\|not-needed\|url proving that it has been forwarded>
	Reviewed-By: <name and email of someone who approved the patch>
	Last-Update: 2021-03-27

	--- gnupg2-2.2.19.orig/scd/apdu.c
	+++ gnupg2-2.2.19/scd/apdu.c
	@@ -1040,7 +1040,7 @@ pcsc_vendor_specific_init (int slot)
	reader_table[slot].pinpad_varlen_supported = 1;
	}
	else if (vendor == 0x0c4b /* Tested with Reiner cyberJack GO */
	- \|\| vendor == 0x1a44 /* Tested with Vasco DIGIPASS 920 */
	+ \|\| (vendor == 0x1a44 && product != 0x0855) /* Tested with Vasco DIGIPASS 920; broken with DP855 */
	\|\| vendor == 0x234b /* Tested with FSIJ Gnuk Token */
	\|\| vendor == 0x0d46 /* Tested with KAAN Advanced??? */
	\|\| (vendor == 0x1fc9 && product == 0x81e6) /* Tested with Trustica Cryptoucan */)
	@@ -1170,8 +1170,13 @@ check_pcsc_pinpad (int slot, int command

	if (!pininfo->minlen)
	pininfo->minlen = 1;
	- if (!pininfo->maxlen)
	- pininfo->maxlen = 15;
	+ if (!pininfo->maxlen) {
	+ if (pininfo->minlen) {
	+ pininfo->fixedlen = pininfo->maxlen = pininfo->minlen;
	+ } else {
	+ pininfo->maxlen = 15;
	+ }
	+ }

	if ((command == ISO7816_VERIFY && reader_table[slot].pcsc.verify_ioctl != 0)
	\|\| (command == ISO7816_CHANGE_REFERENCE_DATA
	--- gnupg2-2.2.19.orig/scd/app-openpgp.c
	+++ gnupg2-2.2.19/scd/app-openpgp.c
	@@ -661,9 +661,9 @@ parse_login_data (app_t app)
	/* Set defaults. */
	app->app_local->flags.no_sync = 0;
	app->app_local->flags.def_chv2 = 0;
	- app->app_local->pinpad.specified = 0;
	- app->app_local->pinpad.fixedlen_user = -1;
	- app->app_local->pinpad.fixedlen_admin = -1;
	+ app->app_local->pinpad.specified = 1;
	+ app->app_local->pinpad.fixedlen_user = 6;
	+ app->app_local->pinpad.fixedlen_admin = 8;

	/* Read the DO. */
	relptr = get_one_do (app, 0x005E, &buffer, &buflen, NULL);
	@@ -1993,6 +1993,8 @@ do_readcert (app_t app, const char *cert
	static int
	check_pinpad_request (app_t app, pininfo_t *pininfo, int admin_pin)
	{
	+ return 0;
	+#if 0
	if (app->app_local->pinpad.specified == 0) /* No preference on card. */
	{
	if (pininfo->fixedlen == 0) /* Reader has varlen capability. */
	@@ -2018,6 +2020,7 @@ check_pinpad_request (app_t app, pininfo
	return 1;

	return 0;
	+#endif
	}


	@@ -2607,7 +2610,7 @@ do_change_pin (app_t app, ctrl_t ctrl,
	int set_resetcode = 0;
	pininfo_t pininfo;
	int use_pinpad = 0;
	- int minlen = 6;
	+ int minlen = (chvno == 3) ? 8 : 6;
	int pinlen0 = 0;
	int pinlen = 0;

	--- gnupg2-2.2.19.orig/scd/ccid-driver.c
	+++ gnupg2-2.2.19/scd/ccid-driver.c
	@@ -3402,8 +3402,8 @@ ccid_transceive_secure (ccid_driver_t ha
	enable_varlen = 1;
	break;
	case VENDOR_REINER:/* Tested with cyberJack go */
	- case VENDOR_VASCO: /* Tested with DIGIPASS 920 */
	- enable_varlen = 1;
	+ case VENDOR_VASCO: /* Tested with DIGIPASS 920; broken with DP855 */
	+ enable_varlen = (handle->id_product == VASCO_DP855) ? 0 : 1;
	break;
	case VENDOR_CHERRY:
	pininfo->maxlen = 15;
	--- gnupg2-2.2.19.orig/scd/ccid-driver.h
	+++ gnupg2-2.2.19/scd/ccid-driver.h
	@@ -81,6 +81,7 @@ enum {
	#define SCM_SPR532 0xe003 /* Also used succeeding model SPR332. */
	#define CHERRY_ST2000 0x003e
	#define VASCO_920 0x0920
	+#define VASCO_DP855 0x0855
	#define GEMPC_PINPAD 0x3478
	#define GEMPC_CT30 0x3437
	#define GEMPC_EZIO 0x34c2 /* (!=34c0) Also known as IDBridge CT710 */