pkcs11/framework-pkcs15.c

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1538 c6295689-39f2-0310-b995-f0e70906c6a9

src/pkcs11/framework-pkcs15.c

@@ -691,8 +691,13 @@ static CK_RV pkcs15_login(struct sc_pkcs11_card *p11card,
 		 * NULL ourselves. This way, you can supply an empty (if
 		 * possible) or fake PIN if an application asks a PIN).
 		 */
-		pPin = NULL;
-		ulPinLen = 0;
+		/* But we want to be able to specify a PIN on the command
+		 * line (e.g. for the test scripts). So we don't do anything
+		 * here - this gives the user the choice of entering
+		 * an empty pin (which makes us use the pin pad) or
+		 * a valid pin (which is processed normally). --okir */
+		if (ulPinLen == 0)
+			pPin = NULL;
 	} else
 	if (ulPinLen < pin->min_length ||
 	    ulPinLen > pin->max_length)
@@ -1202,7 +1207,7 @@ CK_RV pkcs15_gen_keypair(struct sc_pkcs11_card *p11card, struct sc_pkcs11_slot *
 	CK_ULONG	keybits;
 	char		pub_label[SC_PKCS15_MAX_LABEL_SIZE];
 	char		priv_label[SC_PKCS15_MAX_LABEL_SIZE];
-	int rc, rv = CKR_OK;
+	int		rc, rv = CKR_OK;
 
 	sc_debug(context, "Keypair generation, mech = 0x%0x\n", pMechanism->mechanism);
 

src/tools/opensc-explorer.c

@@ -594,40 +594,53 @@ int do_verify(int argc, char **argv)
 		{ "PRO",	SC_AC_PRO	},
 		{ NULL, -1 }
 	};
-	int i, type = -1, ref, r, tries_left = -1;
+	int i, r, tries_left = -1;
 	u8 buf[30];
         const char *s;
 	size_t buflen = sizeof(buf);
-	
+	struct sc_pin_cmd_data data;
+
 	if (argc < 1 || argc > 2)
                 goto usage;
+
+	memset(&data, 0, sizeof(data));
+	data.cmd = SC_PIN_CMD_VERIFY;
+
+	data.pin_type = -1;
 	for (i = 0; typeNames[i].name; i++) {
 		if (strncasecmp(argv[0], typeNames[i].name, 3) == 0) {
-			type = typeNames[i].type;
+			data.pin_type = typeNames[i].type;
 			break;
 		}
         }
-	if (type == -1) {
+	if (data.pin_type == -1) {
 		printf("Invalid type.\n");
 		goto usage;
 	}
-	if (sscanf(argv[0] + 3, "%d", &ref) != 1) {
+	if (sscanf(argv[0] + 3, "%d", &data.pin_reference) != 1) {
 		printf("Invalid key reference.\n");
 		goto usage;
 	}
+
         if (argc < 2) {
-                /* just return the retry counter */
-                buflen = 0;
-        }
-	if (argv[1][0] == '"') {
+		if (!(card->reader->slot[0].capabilities & SC_SLOT_CAP_PIN_PAD)) {
+			printf("Card reader or driver doesn't support PIN PAD\n");
+			return -1;
+		}
+		printf("Please enter PIN on the reader's pin pad.\n");
+		data.pin1.prompt = "Please enter PIN";
+                data.flags |= SC_PIN_CMD_USE_PINPAD;
+        } else if (argv[1][0] == '"') {
 		for (s=argv[1]+1, i=0; i < sizeof(buf) && *s && *s != '"';i++) 
 			buf[i] = *s++;
-		buflen = i;
+		data.pin1.data = buf;
+		data.pin1.len = i;
 	} else if (sc_hex_to_bin(argv[1], buf, &buflen) != 0) {
 		printf("Invalid key value.\n");
 		goto usage;
 	}
-	r = sc_verify(card, type, ref, buf, buflen, &tries_left);
+	r = sc_pin_cmd(card, &data, &tries_left);
+
 	if (r) {
 		if (r == SC_ERROR_PIN_CODE_INCORRECT) {
 			if (tries_left >= 0) 
@@ -646,6 +659,7 @@ usage:
 	for (i = 0; typeNames[i].name; i++)
 		printf("\t%s\n", typeNames[i].name);
 	printf("Example: verify CHV2 31:32:33:34:00:00:00:00\n");
+	printf("If key is omitted, card reader's keypad will be used to collect PIN.\n");
 	return -1;
 }