From 5022bca0b5f915e4f9ec45a9fb187b4fea670487 Mon Sep 17 00:00:00 2001
From: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Date: Wed, 23 May 2018 17:09:50 +0200
Subject: [PATCH] Improve PUK (aka Reset Code) handling

---
 src/fr/anssi/smartpgp/Persistent.java     | 9 ++++++++-
 src/fr/anssi/smartpgp/SmartPGPApplet.java | 6 +-----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/fr/anssi/smartpgp/Persistent.java b/src/fr/anssi/smartpgp/Persistent.java
index 573ff61..0318ae6 100644
--- a/src/fr/anssi/smartpgp/Persistent.java
+++ b/src/fr/anssi/smartpgp/Persistent.java
@@ -241,7 +241,14 @@ public final class Persistent {
         user_pin.resetAndUnblock();
         Common.commitTransaction(isRegistering);
 
-        user_puk_length = 0;
+        Common.beginTransaction(isRegistering);
+        user_puk_length = (short)0;
+        /* Ensures any previously defined PUK code is blocked at factory reset */
+        byte[] emptyPin = new byte[0];
+        while(user_puk.getTriesRemaining() > 0) {
+            user_puk.check(emptyPin, (short)0, (byte)0);
+        }
+        Common.commitTransaction(isRegistering);
 
         Common.beginTransaction(isRegistering);
         admin_pin_length = (byte)Constants.ADMIN_PIN_DEFAULT.length;
diff --git a/src/fr/anssi/smartpgp/SmartPGPApplet.java b/src/fr/anssi/smartpgp/SmartPGPApplet.java
index 9eefae7..fcbc3ef 100644
--- a/src/fr/anssi/smartpgp/SmartPGPApplet.java
+++ b/src/fr/anssi/smartpgp/SmartPGPApplet.java
@@ -154,11 +154,7 @@ public final class SmartPGPApplet extends Applet {
         buf[off++] = Constants.ADMIN_PIN_MAX_SIZE;
 
         buf[off++] = data.user_pin.getTriesRemaining();
-        if(data.user_puk_length > 0) {
-            buf[off++] = data.user_puk.getTriesRemaining();
-        } else {
-            buf[off++] = (byte)0x00;
-        }
+        buf[off++] = data.user_puk.getTriesRemaining();
         buf[off++] = data.admin_pin.getTriesRemaining();
 
         return off;