Merge pull request #542 from CardContact/fixv20

sc-hsm: Add status info support for SmartCard-HSM V2.0

src/libopensc/card-sc-hsm.c

@@ -867,7 +867,7 @@ static int sc_hsm_init_token(sc_card_t *card, sc_cardctl_pkcs11_init_token_t *pa
 	memset(&ip, 0, sizeof(ip));
 	ip.dkek_shares = -1;
 	ip.options[0] = 0x00;
-	ip.options[0] = 0x01;
+	ip.options[1] = 0x01;
 
 	r = sc_hsm_encode_sopin(params->so_pin, ip.init_code);
 	LOG_TEST_RET(ctx, r, "SO PIN wrong format");

src/libopensc/card-sc-hsm.h

@@ -50,6 +50,9 @@
 #define ID_USER_PIN				0x81		/* User PIN identifier */
 #define ID_SO_PIN				0x88		/* Security officer PIN identifier */
 
+#define INIT_RRC_ENABLED		0x01		/* Bit 1 of initialization options */
+#define INIT_TRANSPORT_PIN		0x02		/* Bit 2 of initialization options */
+
 /* Information the driver maintains between calls */
 typedef struct sc_hsm_private_data {
 	const sc_security_env_t *env;

src/tools/sc-hsm-tool.c

@@ -461,27 +461,75 @@ static void print_info(sc_card_t *card, sc_file_t *file)
 	struct sc_pin_cmd_data data;
 	sc_cardctl_sc_hsm_dkek_t dkekinfo;
 
-	u8 major, minor;
+	u8 major, minor, opt;
 
 	major = file->prop_attr[file->prop_attr_len - 2];
 	minor = file->prop_attr[file->prop_attr_len - 1];
 	printf("Version              : %d.%d\n", (int)major, (int)minor);
 
-	/* Try to update PIN info from card */
-	memset(&data, 0, sizeof(data));
-	data.cmd = SC_PIN_CMD_GET_INFO;
-	data.pin_type = SC_AC_CHV;
-	data.pin_reference = ID_USER_PIN;
+	if (file->prop_attr_len > 2) {	/* Version >= 2.0 */
+		opt = file->prop_attr[file->prop_attr_len - 4];
+		if (opt != 0) {
+			printf("Config options       :\n");
+			if (opt & INIT_RRC_ENABLED) {
+				printf("  User PIN reset with SO-PIN enabled\n");
+			}
+			if (opt & INIT_TRANSPORT_PIN) {
+				printf("  Transport-PIN mode enabled\n");
+			}
+		}
 
-	r = sc_pin_cmd(card, &data, &tries_left);
+		/* Try to update SO-PIN info from card */
+		memset(&data, 0, sizeof(data));
+		data.cmd = SC_PIN_CMD_GET_INFO;
+		data.pin_type = SC_AC_CHV;
+		data.pin_reference = ID_SO_PIN;
 
-	if (r == SC_ERROR_REF_DATA_NOT_USABLE) {
-		printf("SmartCard-HSM has never been initialized. Please use --initialize to set SO-PIN and user PIN.\n");
-	} else {
-		if (tries_left == 0) {
-			printf("User PIN locked\n");
+		r = sc_pin_cmd(card, &data, &tries_left);
+		if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) {
+			printf("SmartCard-HSM has never been initialized. Please use --initialize to set SO-PIN and user PIN.\n");
 		} else {
-			printf("User PIN tries left  : %d\n", tries_left);
+			if (tries_left == 0) {
+				printf("SO-PIN locked\n");
+			} else {
+				printf("SO-PIN tries left    : %d\n", tries_left);
+			}
+			/* Try to update PIN info from card */
+			memset(&data, 0, sizeof(data));
+			data.cmd = SC_PIN_CMD_GET_INFO;
+			data.pin_type = SC_AC_CHV;
+			data.pin_reference = ID_USER_PIN;
+
+			r = sc_pin_cmd(card, &data, &tries_left);
+			if (r == SC_ERROR_CARD_CMD_FAILED) {
+				printf("Public key authentication active.\n");
+			} else if (r == SC_ERROR_REF_DATA_NOT_USABLE) {
+				printf("Transport-PIN active. Please change to user selected PIN first.\n");
+			} else {
+				if (tries_left == 0) {
+					printf("User PIN locked\n");
+				} else {
+					printf("User PIN tries left  : %d\n", tries_left);
+				}
+			}
+		}
+	} else {	/* Version < 2.0 */
+		/* Try to update PIN info from card */
+		memset(&data, 0, sizeof(data));
+		data.cmd = SC_PIN_CMD_GET_INFO;
+		data.pin_type = SC_AC_CHV;
+		data.pin_reference = ID_USER_PIN;
+
+		r = sc_pin_cmd(card, &data, &tries_left);
+
+		if (r == SC_ERROR_REF_DATA_NOT_USABLE) {
+			printf("SmartCard-HSM has never been initialized. Please use --initialize to set SO-PIN and user PIN.\n");
+		} else {
+			if (tries_left == 0) {
+				printf("User PIN locked\n");
+			} else {
+				printf("User PIN tries left  : %d\n", tries_left);
+			}
 		}
 	}