giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs11: #250: update slot PIN flags when verifying slot's auth object 

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4671 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
viktor.tarasov 2010-09-02 09:19:27 +00:00
parent 241d3b5d86
commit 9acc8c44af
1 changed files with 36 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/pkcs11/framework-pkcs15.c
View File

@ -296,6 +296,36 @@ __pkcs15_delete_object(struct pkcs15_fw_data *fw_data, struct pkcs15_any_object
return SC_ERROR_OBJECT_NOT_FOUND;
}
static void
__pkcs15_update_pin_flags(struct sc_pkcs11_slot *slot, struct sc_pkcs15_object *auth,
int pin_verified)
{
/* FIXME: should 'FINAL_TRY' be set when 'max_tries' is 1 ? */
struct sc_pkcs15_pin_info *pin_info;
CK_TOKEN_INFO *tinfo;
if (!slot || !auth || !auth->data)
return;
if (slot_data_auth(slot->fw_data) != auth)
return;
tinfo = &slot->token_info;
pin_info = (struct sc_pkcs15_pin_info*) auth->data;
if (pin_verified)
tinfo->flags &= ~(CKF_USER_PIN_FINAL_TRY | CKF_USER_PIN_LOCKED | CKF_USER_PIN_COUNT_LOW);
else if (pin_info->tries_left < 0)
return;
else if (pin_info->tries_left == 1)
tinfo->flags |= CKF_USER_PIN_FINAL_TRY;
else if (pin_info->tries_left == 0)
tinfo->flags |= CKF_USER_PIN_LOCKED;
else if (pin_info->max_tries && pin_info->tries_left && pin_info->tries_left < pin_info->max_tries)
tinfo->flags |= CKF_USER_PIN_COUNT_LOW;
}
static int public_key_created(struct pkcs15_fw_data *fw_data,
const unsigned int num_objects,
const u8 *id,
@ -739,15 +769,7 @@ static void pkcs15_init_slot(struct sc_pkcs15_card *p15card,
snprintf(tmp, sizeof(tmp), "%s", p15card->label);
}
slot->token_info.flags |= CKF_LOGIN_REQUIRED;
/* FIXME: update this information during runtime */
if (pin_info->tries_left >= 0) {
if (pin_info->tries_left == 1)
slot->token_info.flags |= CKF_USER_PIN_FINAL_TRY;
else if (pin_info->tries_left == 0)
slot->token_info.flags |= CKF_USER_PIN_LOCKED;
else if (pin_info->max_tries && pin_info->tries_left && pin_info->tries_left < pin_info->max_tries)
slot->token_info.flags |= CKF_USER_PIN_COUNT_LOW;
}
__pkcs15_update_pin_flags(slot, auth, 0);
} else
snprintf(tmp, sizeof(tmp), "%s", p15card->label);
strcpy_bp(slot->token_info.label, tmp, 32);
@ -994,7 +1016,7 @@ static CK_RV pkcs15_login(struct sc_pkcs11_slot *slot,
}
}
sc_debug(context, SC_LOG_DEBUG_NORMAL, "No SOPIN found; returns %d\n", rc);
sc_debug(context, SC_LOG_DEBUG_NORMAL, "No SOPIN found; returns %d", rc);
return sc_to_cryptoki_error(rc, "C_Login");
}
else if (rc < 0) {
@ -1017,7 +1039,7 @@ static CK_RV pkcs15_login(struct sc_pkcs11_slot *slot,
}
}
#endif
sc_debug(context, SC_LOG_DEBUG_NORMAL, "context specific login returns %d\n", rc);
sc_debug(context, SC_LOG_DEBUG_NORMAL, "context specific login returns %d", rc);
return sc_to_cryptoki_error(rc, "C_Login");
default:
return CKR_USER_TYPE_INVALID;
@ -1056,7 +1078,8 @@ static CK_RV pkcs15_login(struct sc_pkcs11_slot *slot,
return sc_to_cryptoki_error(rc, "C_Login");
rc = sc_pkcs15_verify_pin(p15card, auth_object, pPin, ulPinLen);
sc_debug(context, SC_LOG_DEBUG_NORMAL, "PKCS15 verify PIN returned %d\n", rc);
sc_debug(context, SC_LOG_DEBUG_NORMAL, "PKCS15 verify PIN returned %d", rc);
__pkcs15_update_pin_flags(slot, auth_object, (rc >= 0));
if (rc < 0)
return sc_to_cryptoki_error(rc, "C_Login");
@ -1072,7 +1095,7 @@ static CK_RV pkcs15_login(struct sc_pkcs11_slot *slot,
unsigned ii, objs_num_before = fw_data->num_objects;
int rv;
sc_debug(context, SC_LOG_DEBUG_NORMAL, "PrKDF has been parsed loaded\n");
sc_debug(context, SC_LOG_DEBUG_NORMAL, "PrKDF has been parsed loaded");
rv = pkcs15_create_pkcs11_objects(fw_data, SC_PKCS15_TYPE_PRKEY_RSA,
"private key", __pkcs15_create_prkey_object);
if (rv < 0)