accounts, console: frendly card errors, support pin unblock

accounts/scwallet/apdu.go

@@ -21,29 +21,15 @@ import (
 	"encoding/binary"
 )
 
-const (
-	claISO7816 = 0
-
-	insSelect               = 0xA4
-	insGetResponse          = 0xC0
-	insPair                 = 0x12
-	insUnpair               = 0x13
-	insOpenSecureChannel    = 0x10
-	insMutuallyAuthenticate = 0x11
-
-	sw1GetResponse = 0x61
-	sw1Ok          = 0x90
-)
-
-// CommandAPDU represents an application data unit sent to a smartcard.
-type CommandAPDU struct {
+// commandAPDU represents an application data unit sent to a smartcard.
+type commandAPDU struct {
 	Cla, Ins, P1, P2 uint8  // Class, Instruction, Parameter 1, Parameter 2
 	Data             []byte // Command data
 	Le               uint8  // Command data length
 }
 
 // serialize serializes a command APDU.
-func (ca CommandAPDU) serialize() ([]byte, error) {
+func (ca commandAPDU) serialize() ([]byte, error) {
 	buf := new(bytes.Buffer)
 
 	if err := binary.Write(buf, binary.BigEndian, ca.Cla); err != nil {
@@ -72,14 +58,14 @@ func (ca CommandAPDU) serialize() ([]byte, error) {
 	return buf.Bytes(), nil
 }
 
-// ResponseAPDU represents an application data unit received from a smart card.
-type ResponseAPDU struct {
+// responseAPDU represents an application data unit received from a smart card.
+type responseAPDU struct {
 	Data     []byte // response data
 	Sw1, Sw2 uint8  // status words 1 and 2
 }
 
 // deserialize deserializes a response APDU.
-func (ra *ResponseAPDU) deserialize(data []byte) error {
+func (ra *responseAPDU) deserialize(data []byte) error {
 	ra.Data = make([]byte, len(data)-2)
 
 	buf := bytes.NewReader(data)

accounts/scwallet/hub.go

@@ -36,6 +36,7 @@ import (
 	"encoding/json"
 	"io/ioutil"
 	"os"
+	"sort"
 	"sync"
 	"time"
 
@@ -51,7 +52,7 @@ const Scheme = "pcsc"
 
 // refreshCycle is the maximum time between wallet refreshes (if USB hotplug
 // notifications don't work).
-const refreshCycle = 5 * time.Second
+const refreshCycle = time.Second
 
 // refreshThrottling is the minimum time between wallet refreshes to avoid thrashing.
 const refreshThrottling = 500 * time.Millisecond
@@ -132,7 +133,7 @@ func (hub *Hub) writePairings() error {
 	return pairingFile.Close()
 }
 
-func (hub *Hub) getPairing(wallet *Wallet) *smartcardPairing {
+func (hub *Hub) pairing(wallet *Wallet) *smartcardPairing {
 	pairing, ok := hub.pairings[string(wallet.PublicKey)]
 	if ok {
 		return &pairing
@@ -182,13 +183,7 @@ func (hub *Hub) Wallets() []accounts.Wallet {
 	for _, wallet := range hub.wallets {
 		cpy = append(cpy, wallet)
 	}
-	for i := 0; i < len(cpy); i++ {
-		for j := i + 1; j < len(cpy); j++ {
-			if cpy[i].URL().Cmp(cpy[j].URL()) > 0 {
-				cpy[i], cpy[j] = cpy[j], cpy[i]
-			}
-		}
-	}
+	sort.Sort(accounts.WalletsByURL(cpy))
 	return cpy
 }
 

accounts/scwallet/securechannel.go

@@ -17,7 +17,6 @@
 package scwallet
 
 import (
-	//"crypto/ecdsa"
 	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
@@ -25,10 +24,10 @@ import (
 	"crypto/sha256"
 	"crypto/sha512"
 	"fmt"
-	//"math/big"
+
 	"github.com/ebfe/scard"
 	"github.com/ethereum/go-ethereum/crypto"
-	ecdh "github.com/wsddn/go-ecdh"
+	"github.com/wsddn/go-ecdh"
 )
 
 const (
@@ -38,6 +37,11 @@ const (
 
 	scSecretLength = 32
 	scBlockSize    = 16
+
+	insOpenSecureChannel    = 0x10
+	insMutuallyAuthenticate = 0x11
+	insPair                 = 0x12
+	insUnpair               = 0x13
 )
 
 // SecureChannelSession enables secure communication with a hardware wallet.
@@ -192,8 +196,8 @@ func (s *SecureChannelSession) mutuallyAuthenticate() error {
 }
 
 // open is an internal method that sends an open APDU.
-func (s *SecureChannelSession) open() (*ResponseAPDU, error) {
-	return transmit(s.card, &CommandAPDU{
+func (s *SecureChannelSession) open() (*responseAPDU, error) {
+	return transmit(s.card, &commandAPDU{
 		Cla:  claSCWallet,
 		Ins:  insOpenSecureChannel,
 		P1:   s.PairingIndex,
@@ -204,8 +208,8 @@ func (s *SecureChannelSession) open() (*ResponseAPDU, error) {
 }
 
 // pair is an internal method that sends a pair APDU.
-func (s *SecureChannelSession) pair(p1 uint8, data []byte) (*ResponseAPDU, error) {
-	return transmit(s.card, &CommandAPDU{
+func (s *SecureChannelSession) pair(p1 uint8, data []byte) (*responseAPDU, error) {
+	return transmit(s.card, &commandAPDU{
 		Cla:  claSCWallet,
 		Ins:  insPair,
 		P1:   p1,
@@ -216,7 +220,7 @@ func (s *SecureChannelSession) pair(p1 uint8, data []byte) (*ResponseAPDU, error
 }
 
 // TransmitEncrypted sends an encrypted message, and decrypts and returns the response.
-func (s *SecureChannelSession) TransmitEncrypted(cla, ins, p1, p2 byte, data []byte) (*ResponseAPDU, error) {
+func (s *SecureChannelSession) TransmitEncrypted(cla, ins, p1, p2 byte, data []byte) (*responseAPDU, error) {
 	if s.iv == nil {
 		return nil, fmt.Errorf("Channel not open")
 	}
@@ -234,7 +238,7 @@ func (s *SecureChannelSession) TransmitEncrypted(cla, ins, p1, p2 byte, data []b
 	copy(fulldata, s.iv)
 	copy(fulldata[len(s.iv):], data)
 
-	response, err := transmit(s.card, &CommandAPDU{
+	response, err := transmit(s.card, &commandAPDU{
 		Cla:  cla,
 		Ins:  ins,
 		P1:   p1,
@@ -260,7 +264,7 @@ func (s *SecureChannelSession) TransmitEncrypted(cla, ins, p1, p2 byte, data []b
 		return nil, fmt.Errorf("Invalid MAC in response")
 	}
 
-	rapdu := &ResponseAPDU{}
+	rapdu := &responseAPDU{}
 	rapdu.deserialize(plainData)
 
 	if rapdu.Sw1 != sw1Ok {

accounts/sort.go

+// Copyright 2018 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package accounts
+
+// AccountsByURL implements sort.Interface for []Account based on the URL field.
+type AccountsByURL []Account
+
+func (a AccountsByURL) Len() int           { return len(a) }
+func (a AccountsByURL) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a AccountsByURL) Less(i, j int) bool { return a[i].URL.Cmp(a[j].URL) < 0 }
+
+// WalletsByURL implements sort.Interface for []Wallet based on the URL field.
+type WalletsByURL []Wallet
+
+func (w WalletsByURL) Len() int           { return len(w) }
+func (w WalletsByURL) Swap(i, j int)      { w[i], w[j] = w[j], w[i] }
+func (w WalletsByURL) Less(i, j int) bool { return w[i].URL().Cmp(w[j].URL()) < 0 }

console/bridge.go

@@ -141,6 +141,24 @@ func (b *bridge) OpenWallet(call otto.FunctionCall) (response otto.Value) {
 			}
 		}
 
+	case strings.HasSuffix(err.Error(), scwallet.ErrPINUnblockNeeded.Error()):
+		// PIN unblock requested, fetch PUK and new PIN from the user
+		var pukpin string
+		if input, err := b.prompter.PromptPassword("Please enter current PUK: "); err != nil {
+			throwJSException(err.Error())
+		} else {
+			pukpin = input
+		}
+		if input, err := b.prompter.PromptPassword("Please enter new PIN: "); err != nil {
+			throwJSException(err.Error())
+		} else {
+			pukpin += input
+		}
+		passwd, _ = otto.ToValue(pukpin)
+		if val, err = call.Otto.Call("jeth.openWallet", nil, wallet, passwd); err != nil {
+			throwJSException(err.Error())
+		}
+
 	case strings.HasSuffix(err.Error(), scwallet.ErrPINNeeded.Error()):
 		// PIN input requested, fetch from the user and call open again
 		if input, err := b.prompter.PromptPassword("Please enter current PIN: "); err != nil {