Merge pull request #542 from CardContact/fixv20
sc-hsm: Add status info support for SmartCard-HSM V2.0
This commit is contained in:
commit
1d4c384026
|
@ -867,7 +867,7 @@ static int sc_hsm_init_token(sc_card_t *card, sc_cardctl_pkcs11_init_token_t *pa
|
|||
memset(&ip, 0, sizeof(ip));
|
||||
ip.dkek_shares = -1;
|
||||
ip.options[0] = 0x00;
|
||||
ip.options[0] = 0x01;
|
||||
ip.options[1] = 0x01;
|
||||
|
||||
r = sc_hsm_encode_sopin(params->so_pin, ip.init_code);
|
||||
LOG_TEST_RET(ctx, r, "SO PIN wrong format");
|
||||
|
|
|
@ -50,6 +50,9 @@
|
|||
#define ID_USER_PIN 0x81 /* User PIN identifier */
|
||||
#define ID_SO_PIN 0x88 /* Security officer PIN identifier */
|
||||
|
||||
#define INIT_RRC_ENABLED 0x01 /* Bit 1 of initialization options */
|
||||
#define INIT_TRANSPORT_PIN 0x02 /* Bit 2 of initialization options */
|
||||
|
||||
/* Information the driver maintains between calls */
|
||||
typedef struct sc_hsm_private_data {
|
||||
const sc_security_env_t *env;
|
||||
|
|
|
@ -461,27 +461,75 @@ static void print_info(sc_card_t *card, sc_file_t *file)
|
|||
struct sc_pin_cmd_data data;
|
||||
sc_cardctl_sc_hsm_dkek_t dkekinfo;
|
||||
|
||||
u8 major, minor;
|
||||
u8 major, minor, opt;
|
||||
|
||||
major = file->prop_attr[file->prop_attr_len - 2];
|
||||
minor = file->prop_attr[file->prop_attr_len - 1];
|
||||
printf("Version : %d.%d\n", (int)major, (int)minor);
|
||||
|
||||
/* Try to update PIN info from card */
|
||||
memset(&data, 0, sizeof(data));
|
||||
data.cmd = SC_PIN_CMD_GET_INFO;
|
||||
data.pin_type = SC_AC_CHV;
|
||||
data.pin_reference = ID_USER_PIN;
|
||||
if (file->prop_attr_len > 2) { /* Version >= 2.0 */
|
||||
opt = file->prop_attr[file->prop_attr_len - 4];
|
||||
if (opt != 0) {
|
||||
printf("Config options :\n");
|
||||
if (opt & INIT_RRC_ENABLED) {
|
||||
printf(" User PIN reset with SO-PIN enabled\n");
|
||||
}
|
||||
if (opt & INIT_TRANSPORT_PIN) {
|
||||
printf(" Transport-PIN mode enabled\n");
|
||||
}
|
||||
}
|
||||
|
||||
r = sc_pin_cmd(card, &data, &tries_left);
|
||||
/* Try to update SO-PIN info from card */
|
||||
memset(&data, 0, sizeof(data));
|
||||
data.cmd = SC_PIN_CMD_GET_INFO;
|
||||
data.pin_type = SC_AC_CHV;
|
||||
data.pin_reference = ID_SO_PIN;
|
||||
|
||||
if (r == SC_ERROR_REF_DATA_NOT_USABLE) {
|
||||
printf("SmartCard-HSM has never been initialized. Please use --initialize to set SO-PIN and user PIN.\n");
|
||||
} else {
|
||||
if (tries_left == 0) {
|
||||
printf("User PIN locked\n");
|
||||
r = sc_pin_cmd(card, &data, &tries_left);
|
||||
if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) {
|
||||
printf("SmartCard-HSM has never been initialized. Please use --initialize to set SO-PIN and user PIN.\n");
|
||||
} else {
|
||||
printf("User PIN tries left : %d\n", tries_left);
|
||||
if (tries_left == 0) {
|
||||
printf("SO-PIN locked\n");
|
||||
} else {
|
||||
printf("SO-PIN tries left : %d\n", tries_left);
|
||||
}
|
||||
/* Try to update PIN info from card */
|
||||
memset(&data, 0, sizeof(data));
|
||||
data.cmd = SC_PIN_CMD_GET_INFO;
|
||||
data.pin_type = SC_AC_CHV;
|
||||
data.pin_reference = ID_USER_PIN;
|
||||
|
||||
r = sc_pin_cmd(card, &data, &tries_left);
|
||||
if (r == SC_ERROR_CARD_CMD_FAILED) {
|
||||
printf("Public key authentication active.\n");
|
||||
} else if (r == SC_ERROR_REF_DATA_NOT_USABLE) {
|
||||
printf("Transport-PIN active. Please change to user selected PIN first.\n");
|
||||
} else {
|
||||
if (tries_left == 0) {
|
||||
printf("User PIN locked\n");
|
||||
} else {
|
||||
printf("User PIN tries left : %d\n", tries_left);
|
||||
}
|
||||
}
|
||||
}
|
||||
} else { /* Version < 2.0 */
|
||||
/* Try to update PIN info from card */
|
||||
memset(&data, 0, sizeof(data));
|
||||
data.cmd = SC_PIN_CMD_GET_INFO;
|
||||
data.pin_type = SC_AC_CHV;
|
||||
data.pin_reference = ID_USER_PIN;
|
||||
|
||||
r = sc_pin_cmd(card, &data, &tries_left);
|
||||
|
||||
if (r == SC_ERROR_REF_DATA_NOT_USABLE) {
|
||||
printf("SmartCard-HSM has never been initialized. Please use --initialize to set SO-PIN and user PIN.\n");
|
||||
} else {
|
||||
if (tries_left == 0) {
|
||||
printf("User PIN locked\n");
|
||||
} else {
|
||||
printf("User PIN tries left : %d\n", tries_left);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue