sc-hsm: Add status info support for SmartCard-HSM V2.0
This commit is contained in:
parent
a52b2928cd
commit
72e25db360
|
@ -867,7 +867,7 @@ static int sc_hsm_init_token(sc_card_t *card, sc_cardctl_pkcs11_init_token_t *pa
|
||||||
memset(&ip, 0, sizeof(ip));
|
memset(&ip, 0, sizeof(ip));
|
||||||
ip.dkek_shares = -1;
|
ip.dkek_shares = -1;
|
||||||
ip.options[0] = 0x00;
|
ip.options[0] = 0x00;
|
||||||
ip.options[0] = 0x01;
|
ip.options[1] = 0x01;
|
||||||
|
|
||||||
r = sc_hsm_encode_sopin(params->so_pin, ip.init_code);
|
r = sc_hsm_encode_sopin(params->so_pin, ip.init_code);
|
||||||
LOG_TEST_RET(ctx, r, "SO PIN wrong format");
|
LOG_TEST_RET(ctx, r, "SO PIN wrong format");
|
||||||
|
|
|
@ -50,6 +50,9 @@
|
||||||
#define ID_USER_PIN 0x81 /* User PIN identifier */
|
#define ID_USER_PIN 0x81 /* User PIN identifier */
|
||||||
#define ID_SO_PIN 0x88 /* Security officer PIN identifier */
|
#define ID_SO_PIN 0x88 /* Security officer PIN identifier */
|
||||||
|
|
||||||
|
#define INIT_RRC_ENABLED 0x01 /* Bit 1 of initialization options */
|
||||||
|
#define INIT_TRANSPORT_PIN 0x02 /* Bit 2 of initialization options */
|
||||||
|
|
||||||
/* Information the driver maintains between calls */
|
/* Information the driver maintains between calls */
|
||||||
typedef struct sc_hsm_private_data {
|
typedef struct sc_hsm_private_data {
|
||||||
const sc_security_env_t *env;
|
const sc_security_env_t *env;
|
||||||
|
|
|
@ -461,12 +461,59 @@ static void print_info(sc_card_t *card, sc_file_t *file)
|
||||||
struct sc_pin_cmd_data data;
|
struct sc_pin_cmd_data data;
|
||||||
sc_cardctl_sc_hsm_dkek_t dkekinfo;
|
sc_cardctl_sc_hsm_dkek_t dkekinfo;
|
||||||
|
|
||||||
u8 major, minor;
|
u8 major, minor, opt;
|
||||||
|
|
||||||
major = file->prop_attr[file->prop_attr_len - 2];
|
major = file->prop_attr[file->prop_attr_len - 2];
|
||||||
minor = file->prop_attr[file->prop_attr_len - 1];
|
minor = file->prop_attr[file->prop_attr_len - 1];
|
||||||
printf("Version : %d.%d\n", (int)major, (int)minor);
|
printf("Version : %d.%d\n", (int)major, (int)minor);
|
||||||
|
|
||||||
|
if (file->prop_attr_len > 2) { /* Version >= 2.0 */
|
||||||
|
opt = file->prop_attr[file->prop_attr_len - 4];
|
||||||
|
if (opt != 0) {
|
||||||
|
printf("Config options :\n");
|
||||||
|
if (opt & INIT_RRC_ENABLED) {
|
||||||
|
printf(" User PIN reset with SO-PIN enabled\n");
|
||||||
|
}
|
||||||
|
if (opt & INIT_TRANSPORT_PIN) {
|
||||||
|
printf(" Transport-PIN mode enabled\n");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Try to update SO-PIN info from card */
|
||||||
|
memset(&data, 0, sizeof(data));
|
||||||
|
data.cmd = SC_PIN_CMD_GET_INFO;
|
||||||
|
data.pin_type = SC_AC_CHV;
|
||||||
|
data.pin_reference = ID_SO_PIN;
|
||||||
|
|
||||||
|
r = sc_pin_cmd(card, &data, &tries_left);
|
||||||
|
if (r == SC_ERROR_DATA_OBJECT_NOT_FOUND) {
|
||||||
|
printf("SmartCard-HSM has never been initialized. Please use --initialize to set SO-PIN and user PIN.\n");
|
||||||
|
} else {
|
||||||
|
if (tries_left == 0) {
|
||||||
|
printf("SO-PIN locked\n");
|
||||||
|
} else {
|
||||||
|
printf("SO-PIN tries left : %d\n", tries_left);
|
||||||
|
}
|
||||||
|
/* Try to update PIN info from card */
|
||||||
|
memset(&data, 0, sizeof(data));
|
||||||
|
data.cmd = SC_PIN_CMD_GET_INFO;
|
||||||
|
data.pin_type = SC_AC_CHV;
|
||||||
|
data.pin_reference = ID_USER_PIN;
|
||||||
|
|
||||||
|
r = sc_pin_cmd(card, &data, &tries_left);
|
||||||
|
if (r == SC_ERROR_CARD_CMD_FAILED) {
|
||||||
|
printf("Public key authentication active.\n");
|
||||||
|
} else if (r == SC_ERROR_REF_DATA_NOT_USABLE) {
|
||||||
|
printf("Transport-PIN active. Please change to user selected PIN first.\n");
|
||||||
|
} else {
|
||||||
|
if (tries_left == 0) {
|
||||||
|
printf("User PIN locked\n");
|
||||||
|
} else {
|
||||||
|
printf("User PIN tries left : %d\n", tries_left);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else { /* Version < 2.0 */
|
||||||
/* Try to update PIN info from card */
|
/* Try to update PIN info from card */
|
||||||
memset(&data, 0, sizeof(data));
|
memset(&data, 0, sizeof(data));
|
||||||
data.cmd = SC_PIN_CMD_GET_INFO;
|
data.cmd = SC_PIN_CMD_GET_INFO;
|
||||||
|
@ -484,6 +531,7 @@ static void print_info(sc_card_t *card, sc_file_t *file)
|
||||||
printf("User PIN tries left : %d\n", tries_left);
|
printf("User PIN tries left : %d\n", tries_left);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
memset(&dkekinfo, 0, sizeof(dkekinfo));
|
memset(&dkekinfo, 0, sizeof(dkekinfo));
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue