Fix some pinpad reader related issues (#1540)
1. Show pinpad reader capabilities even for uninitialised tokens. This way pinpad can be used during initialisation. 2. Make possible to create so-pin object during initialisation even if no so-pin was provided (on the command line) but pinpad reader is used and card profile contains so-pin data.
This commit is contained in:
parent
7d640e62c1
commit
2552fde05f
|
@ -1140,6 +1140,11 @@ pkcs15_create_slot(struct sc_pkcs11_card *p11card, struct pkcs15_fw_data *fw_dat
|
|||
/* Fill in the slot/token info from pkcs15 data */
|
||||
if (fw_data)
|
||||
pkcs15_init_slot(fw_data->p15_card, slot, auth, app_info);
|
||||
else {
|
||||
/* Token is not initialized, announce pinpad capability nevertheless */
|
||||
if (slot->reader->capabilities & SC_READER_CAP_PIN_PAD)
|
||||
slot->token_info.flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
|
||||
}
|
||||
|
||||
*out = slot;
|
||||
return CKR_OK;
|
||||
|
|
|
@ -771,6 +771,7 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
|
|||
struct sc_app_info *app;
|
||||
struct sc_file *df = profile->df_info->file;
|
||||
int r = SC_SUCCESS;
|
||||
int has_so_pin = args->so_pin_len != 0;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
p15card->card = card;
|
||||
|
@ -784,13 +785,22 @@ sc_pkcs15init_add_app(struct sc_card *card, struct sc_profile *profile,
|
|||
if (card->app_count >= SC_MAX_CARD_APPS)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_TOO_MANY_OBJECTS, "Too many applications on this card.");
|
||||
|
||||
/* In case of pinpad readers check if SO PIN is defined in a profile */
|
||||
if (!has_so_pin && (card->reader->capabilities & SC_READER_CAP_PIN_PAD)) {
|
||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &pin_ainfo);
|
||||
/* If found, assume we want SO PIN */
|
||||
has_so_pin = pin_ainfo.attrs.pin.reference != -1;
|
||||
}
|
||||
|
||||
/* If the profile requires an SO PIN, check min/max length */
|
||||
if (args->so_pin_len) {
|
||||
if (has_so_pin) {
|
||||
const char *pin_label;
|
||||
|
||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &pin_ainfo);
|
||||
r = sc_pkcs15init_qualify_pin(card, "SO PIN", args->so_pin_len, &pin_ainfo);
|
||||
LOG_TEST_RET(ctx, r, "Failed to qualify SO PIN");
|
||||
if (args->so_pin_len) {
|
||||
sc_profile_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &pin_ainfo);
|
||||
r = sc_pkcs15init_qualify_pin(card, "SO PIN", args->so_pin_len, &pin_ainfo);
|
||||
LOG_TEST_RET(ctx, r, "Failed to qualify SO PIN");
|
||||
}
|
||||
|
||||
/* Path encoded only for local SO PIN */
|
||||
if (pin_attrs->flags & SC_PKCS15_PIN_FLAG_LOCAL)
|
||||
|
@ -3791,7 +3801,7 @@ sc_pkcs15init_verify_secret(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||
|
||||
found:
|
||||
if (pin_obj) {
|
||||
r = sc_pkcs15_verify_pin(p15card, pin_obj, pinsize ? pinbuf : NULL, pinsize);
|
||||
r = sc_pkcs15_verify_pin(p15card, pin_obj, use_pinpad ? NULL : pinbuf, use_pinpad ? 0 : pinsize);
|
||||
LOG_TEST_RET(ctx, r, "Cannot validate pkcs15 PIN");
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue