C_Login returns CKR_USER_PIN_NOT_INITIALIZED error when token info flags do not
contains CKF_USER_PIN_INITIALIZED and CKU_USER login type is asked.
This flag is not consulted when CKU_SO or CKU_CONTEXT_SPECIFIC login type is needed
- simplify some of framework handles: remove from it's prototype the arguments that can be derived from the other arguments;
for exemple: foo(slot, slot->card) --> foo(slot)
- add the 'application' argument to the bind, unbind and similar handles;
- preview more then one framework data attached to the pkcs11card object.
- placehold for the future 'derive' and 'can_do' handles.
C_CloseSession() and C_CloseAllSessions() were calling sc_debug() before
any check on the validity of the context. So if C_Initialize() was not
previously called you get an assert:
log.c:76: sc_do_log_va: Assertion `ctx != ((void *)0)' failed.
spy segfaulted if CKU_CONTEXT_SPECIFIC was used,
pkcs11-session was reseting the userType before calling
framework. Framework will now see CKU_CONTEXT_SPECIFIC
and use slot->login_user to determine which PIN was used
to create the original session, and will send the PIN
to the card. It does not treats CKU_CONTEXT_SPECIFIC
as a full login, only a reassertion of the PIN.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4880 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
- slots, sessions and objects are kept as lists.
- change the way slots, cards and readers are managed.
- re-implement C_WaitForSlotEvent(/C_Finalize) as written in PCKS#11 v2.20, canceling pending blocking calls.
- implement a "virtual hotplug slot" with a floating slot id to keep NSS working with C_WaitForSlotEvent with a new reader.
NSS does not call C_GetSlotList(NULL) to re-fetch the list of available slots if C_WaitForSlotEvent returns an event in an already known slot ID.
By changing the ID of a slot whenever a reader attached NSS/Firefox can be tricked into recognizing new readers when waiting for events with C_WaitForSlotEvent.
- change (possibly break something) sc_to_cryptoki_error() to not have side-effects
- Implement CKU_CONTEXT_SPECIFIC in C_Login to implement CKA_ALWAYS_AUTHENTICATE (keys with user consent)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3935 c6295689-39f2-0310-b995-f0e70906c6a9
One of the three unblock methods can be activated from the 'opensc-pkcs11' section of opensc.conf:
- C_SetPin() in the unlogged sesssion;
- C_SetPin() in the CKU_SPECIFIC_CONTEXT session;
- C_InitPin() in CKU_SO session (inspired by Pierre Ossman).
-- This last one works, for a while, only for the pkcs15 cards without SOPIN auth object.
For the pkcs15 cards with SOPIN, this method will be useful for the cards
that do not have then modes '00' and '01' of ISO command 'RESET RETRY COUNTER'.
Test commands:
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --unlock-pin --puk "123456" --new-pin "9999"
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --unlock-pin -l --login-type context-specific --puk "123456" --new-pin "9999"
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --init-pin -l --new-pin "9999"
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3901 c6295689-39f2-0310-b995-f0e70906c6a9
PKCS#11:
"To log into a token with a protected authentication path, the pPin parameter to C_Login should be NULL_PTR."
"To initialize the normal user?s PIN on a token with such a protected authentication path, the pPin parameter to C_InitPIN should be NULL_PTR."
"To modify the current user?s PIN on a token with such a protected authentication path, the pOldPin and pNewPin parameters to C_SetPIN should be NULL_PTR."
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3890 c6295689-39f2-0310-b995-f0e70906c6a9
C_CreateObject, C_CopyObject, C_DestroyObject, C_SetAttributeValue,
C_GenerateKey, C_GenerateKeyPair, C_UnwrapKey, C_DeriveKey if session is
read-only.
PKCS#11:
"C_InitPIN can only be called in the 'R/W SO Functions' state."
"C_SetPIN can only be called in the 'R/W Public Session' state, 'R/W SO
Functions' state, or 'R/W User Functions' state. An attempt to call it
from a session in any other state fails with error CKR_SESSION_READ_ONLY."
"Only session objects can be created/destroyed/modified
(C_CreateObject/C_DestroyObject/C_SetAttributeValue) during a read-only
session."
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3886 c6295689-39f2-0310-b995-f0e70906c6a9
CKR_USER_ANOTHER_ALREADY_LOGGED_IN: It indicates that the specified user cannot be logged into the session, because another user is already logged into the session.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3862 c6295689-39f2-0310-b995-f0e70906c6a9