From 57e05d33597bbce811750f472abaf58bf1da6b6e Mon Sep 17 00:00:00 2001
From: vletoux <vincent.letoux@gmail.com>
Date: Wed, 9 Dec 2015 21:41:37 +0100
Subject: [PATCH 1/2] minidriver: use sc_logout for CardDeauthenticate

---
 src/minidriver/minidriver.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/src/minidriver/minidriver.c b/src/minidriver/minidriver.c
index e9fbf9da..d1fdce76 100644
--- a/src/minidriver/minidriver.c
+++ b/src/minidriver/minidriver.c
@@ -3165,16 +3165,24 @@ DWORD WINAPI CardDeauthenticate(__in PCARD_DATA pCardData,
 	__in LPWSTR pwszUserId,
 	__in DWORD dwFlags)
 {
+	VENDOR_SPECIFIC* vs = NULL;
+	int rv;
 	logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData);
 	logprintf(pCardData, 1, "CardDeauthenticate(%S) %d\n", NULLWSTR(pwszUserId), dwFlags);
 
 	if(!pCardData)
 		return SCARD_E_INVALID_PARAMETER;
 
-	/* TODO Reset PKCS#15 PIN object 'validated' flag */
+	vs = (VENDOR_SPECIFIC*)(pCardData->pvVendorSpecific);
 
+	sc_pkcs15_pincache_clear(vs->p15card);
+
+	rv = sc_logout(vs->p15card->card);
+
+	if (rv != SC_SUCCESS)
+		return SCARD_E_UNSUPPORTED_FEATURE;
 	/* force a reset of a card - SCARD_S_SUCCESS do not lead to the reset of the card and leave it still authenticated */
-	return SCARD_E_UNSUPPORTED_FEATURE;
+	return SCARD_S_SUCCESS;
 }
 
 DWORD WINAPI CardCreateDirectory(__in PCARD_DATA pCardData,
@@ -4835,12 +4843,7 @@ DWORD WINAPI CardDeauthenticateEx(__in PCARD_DATA pCardData,
 	logprintf(pCardData, 1, "\nP:%d T:%d pCardData:%p ",GetCurrentProcessId(), GetCurrentThreadId(), pCardData);
 	logprintf(pCardData, 1, "CardDeauthenticateEx PinId=%d dwFlags=0x%08X\n",PinId, dwFlags);
 
-	if (!pCardData) return SCARD_E_INVALID_PARAMETER;
-
-	/* TODO Reset PKCS#15 PIN object 'validated' flag */
-
-	/* force a reset of a card - SCARD_S_SUCCESS does not lead to the reset of the card and leave it still authenticated */
-	return SCARD_E_UNSUPPORTED_FEATURE;
+	return CardDeauthenticate(pCardData, wszCARD_USER_USER, 0);
 }
 
 DWORD WINAPI CardGetContainerProperty(__in PCARD_DATA pCardData,
@@ -5554,8 +5557,7 @@ DWORD WINAPI CardAcquireContext(__inout PCARD_DATA pCardData, __in DWORD dwFlags
 	pCardData->pfnCardAuthenticateChallenge = CardAuthenticateChallenge;
 	pCardData->pfnCardUnblockPin = CardUnblockPin;
 	pCardData->pfnCardChangeAuthenticator = CardChangeAuthenticator;
-	/* the minidriver does not perform a deauthentication - set it to NULL according to the specification */
-	pCardData->pfnCardDeauthenticate = NULL;
+	pCardData->pfnCardDeauthenticate = CardDeauthenticate;
 	pCardData->pfnCardCreateDirectory = CardCreateDirectory;
 	pCardData->pfnCardDeleteDirectory = CardDeleteDirectory;
 	pCardData->pvUnused3 = NULL;

From 06f296b978ceecfa9cdd3a50b0d2042d2cc668d0 Mon Sep 17 00:00:00 2001
From: Andreas Schwier <andreas.schwier@cardcontact.de>
Date: Wed, 9 Dec 2015 22:10:54 +0100
Subject: [PATCH 2/2] sc-hsm: implement logout function

- re-selection of the applet resets the applet's state
- removes path in key object and fixes #631
---
 src/libopensc/card-sc-hsm.c   | 14 ++++++++++++++
 src/libopensc/pkcs15-sc-hsm.c |  1 +
 2 files changed, 15 insertions(+)

diff --git a/src/libopensc/card-sc-hsm.c b/src/libopensc/card-sc-hsm.c
index 86b33e0f..8ac9b6fa 100644
--- a/src/libopensc/card-sc-hsm.c
+++ b/src/libopensc/card-sc-hsm.c
@@ -192,6 +192,19 @@ static int sc_hsm_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data,
 
 
 
+static int sc_hsm_logout(sc_card_t * card)
+{
+	sc_path_t path;
+	sc_hsm_private_data_t *priv = (sc_hsm_private_data_t *) card->drv_data;
+	memset(priv->sopin, sizeof(priv->sopin), 0);
+
+	sc_path_set(&path, SC_PATH_TYPE_DF_NAME, sc_hsm_aid.value, sc_hsm_aid.len, 0, 0);
+
+	return sc_hsm_select_file(card, &path, NULL);
+}
+
+
+
 static int sc_hsm_read_binary(sc_card_t *card,
 			       unsigned int idx, u8 *buf, size_t count,
 			       unsigned long flags)
@@ -1063,6 +1076,7 @@ static struct sc_card_driver * sc_get_driver(void)
 	sc_hsm_ops.finish            = sc_hsm_finish;
 	sc_hsm_ops.card_ctl          = sc_hsm_card_ctl;
 	sc_hsm_ops.pin_cmd           = sc_hsm_pin_cmd;
+	sc_hsm_ops.logout            = sc_hsm_logout;
 
 	/* no record oriented file services */
 	sc_hsm_ops.read_record       = NULL;
diff --git a/src/libopensc/pkcs15-sc-hsm.c b/src/libopensc/pkcs15-sc-hsm.c
index 64185c05..84dce43f 100644
--- a/src/libopensc/pkcs15-sc-hsm.c
+++ b/src/libopensc/pkcs15-sc-hsm.c
@@ -588,6 +588,7 @@ static int sc_pkcs15emu_sc_hsm_add_prkd(sc_pkcs15_card_t * p15card, u8 keyid) {
 
 	key_info = (sc_pkcs15_prkey_info_t *)prkd.data;
 	key_info->key_reference = keyid;
+	key_info->path.aid.len = 0;
 
 	if (prkd.type == SC_PKCS15_TYPE_PRKEY_RSA) {
 		r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkd, key_info);