diff --git a/src/libopensc/card-sc-hsm.c b/src/libopensc/card-sc-hsm.c index 0613d49b..917eb171 100644 --- a/src/libopensc/card-sc-hsm.c +++ b/src/libopensc/card-sc-hsm.c @@ -867,7 +867,7 @@ static int sc_hsm_init_token(sc_card_t *card, sc_cardctl_pkcs11_init_token_t *pa memset(&ip, 0, sizeof(ip)); ip.dkek_shares = -1; ip.options[0] = 0x00; - ip.options[0] = 0x01; + ip.options[1] = 0x01; r = sc_hsm_encode_sopin(params->so_pin, ip.init_code); LOG_TEST_RET(ctx, r, "SO PIN wrong format"); diff --git a/src/libopensc/card-sc-hsm.h b/src/libopensc/card-sc-hsm.h index 12d18673..325f73fd 100644 --- a/src/libopensc/card-sc-hsm.h +++ b/src/libopensc/card-sc-hsm.h @@ -50,6 +50,9 @@ #define ID_USER_PIN 0x81 /* User PIN identifier */ #define ID_SO_PIN 0x88 /* Security officer PIN identifier */ +#define INIT_RRC_ENABLED 0x01 /* Bit 1 of initialization options */ +#define INIT_TRANSPORT_PIN 0x02 /* Bit 2 of initialization options */ + /* Information the driver maintains between calls */ typedef struct sc_hsm_private_data { const sc_security_env_t *env; diff --git a/src/tools/sc-hsm-tool.c b/src/tools/sc-hsm-tool.c index 22680c33..8fa26c18 100644 --- a/src/tools/sc-hsm-tool.c +++ b/src/tools/sc-hsm-tool.c @@ -461,27 +461,75 @@ static void print_info(sc_card_t *card, sc_file_t *file) struct sc_pin_cmd_data data; sc_cardctl_sc_hsm_dkek_t dkekinfo; - u8 major, minor; + u8 major, minor, opt; major = file->prop_attr[file->prop_attr_len - 2]; minor = file->prop_attr[file->prop_attr_len - 1]; printf("Version : %d.%d\n", (int)major, (int)minor); - /* Try to update PIN info from card */ - memset(&data, 0, sizeof(data)); - data.cmd = SC_PIN_CMD_GET_INFO; - data.pin_type = SC_AC_CHV; - data.pin_reference = ID_USER_PIN; + if (file->prop_attr_len > 2) { /* Version >= 2.0 */ + opt = file->prop_attr[file->prop_attr_len - 4]; + if (opt != 0) { + printf("Config options :\n"); + if (opt & INIT_RRC_ENABLED) { + printf(" User PIN reset with SO-PIN enabled\n"); + } + if (opt & INIT_TRANSPORT_PIN) { + printf(" Transport-PIN mode enabled\n"); + } + } - r = sc_pin_cmd(card, &data, &tries_left); + /* Try to update SO-PIN info from card */ + memset(&data, 0, sizeof(data)); + data.cmd = SC_PIN_CMD_GET_INFO; + data.pin_type = SC_AC_CHV; + data.pin_reference = ID_SO_PIN; - if (r == SC_ERROR_REF_DATA_NOT_USABLE) { - printf("SmartCard-HSM has never been initialized. Please use --initialize to set SO-PIN and user PIN.\n"); - } else { - if (tries_left == 0) { - printf("User PIN locked\n"); + r = sc_pin_cmd(card, &data, &tries_left); + if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) { + printf("SmartCard-HSM has never been initialized. Please use --initialize to set SO-PIN and user PIN.\n"); } else { - printf("User PIN tries left : %d\n", tries_left); + if (tries_left == 0) { + printf("SO-PIN locked\n"); + } else { + printf("SO-PIN tries left : %d\n", tries_left); + } + /* Try to update PIN info from card */ + memset(&data, 0, sizeof(data)); + data.cmd = SC_PIN_CMD_GET_INFO; + data.pin_type = SC_AC_CHV; + data.pin_reference = ID_USER_PIN; + + r = sc_pin_cmd(card, &data, &tries_left); + if (r == SC_ERROR_CARD_CMD_FAILED) { + printf("Public key authentication active.\n"); + } else if (r == SC_ERROR_REF_DATA_NOT_USABLE) { + printf("Transport-PIN active. Please change to user selected PIN first.\n"); + } else { + if (tries_left == 0) { + printf("User PIN locked\n"); + } else { + printf("User PIN tries left : %d\n", tries_left); + } + } + } + } else { /* Version < 2.0 */ + /* Try to update PIN info from card */ + memset(&data, 0, sizeof(data)); + data.cmd = SC_PIN_CMD_GET_INFO; + data.pin_type = SC_AC_CHV; + data.pin_reference = ID_USER_PIN; + + r = sc_pin_cmd(card, &data, &tries_left); + + if (r == SC_ERROR_REF_DATA_NOT_USABLE) { + printf("SmartCard-HSM has never been initialized. Please use --initialize to set SO-PIN and user PIN.\n"); + } else { + if (tries_left == 0) { + printf("User PIN locked\n"); + } else { + printf("User PIN tries left : %d\n", tries_left); + } } }