Design issues

Every change that is not a small fix or minor enhancement requires some kind of design. In order to discuss design decisions as much as possible and leave some kind of track about decisions made and design in place other than source code and comments and maybe even documentation, this sector of the wiki could be used. As always - feel free to comment (but please leave your name after your comment).

Pinpad functionality

(Martin) Current state of secure pin entry methods in OpenSC is somewhat limited and hairy. Checks and features and functionality spans several component borders (application, library, card driver, reader, pkcs15 layer, etc). The target is to provide smooth pinpad support.

In theory different layers affect the total pinpad-oriented functioning:

1. Reader capabilities - actual reader capabilities detected and enabled by the reader (ctapi, pcsc, openct)
2. Reader driver and how-if-what verify methods it implements (though the name verify is not correct if we talk about full pin operations)
3. Card driver and if it implements the new pin command interface or if it is possible at all for the given card (maybe it uses some other method, maybe it uses non-numeric passwords)
4. pkcs15 layer - what it thinks about underlying hardware capacities and if/how it makes use of it
5. pkcs11 layer - exports PROTECTED_AUTHENTICATION_PATH to indicate 'secure authentication (aka pinpad)' and itself feeds data to pkcs15 layer.
6. applications - how they interpret various parameters (like slot capabilities, pkcs11 features, etc), how/if they react or should react on empty pins etc.
7. Library internal UI functionality - instead of asking for a pin who should notify the user to insert the pin to the pinpad and how?

All these should be put to work for a common goal in a nice way.

Requirements

• Slot flags must correctly state the capabilities of the slot and all functionality must strictly check this flag.
• A card driver should have a possibility to disable pinpad enabled functionality even if the slot tells it can do it - for reasons like character passwords
• It should be possible to disable pinpad functionality on reader(driver)/global layer as a configuration option - this will result the slot capabilities to be hidden
• It should be possible to disable pinpad functionality on a higher level - as a global option. This could result in different
• pkcs11 flag about secure authentication flag can be affected by any of the previous config options.
• One reader should support different verification methods (you can talk class2 via pcsc and you can talk ctbcs)

Things to keep in mind

• Backwards compatibility
• User interaction.

Decisions

• Implement pinpad functionality in a proper way (err, small decisions should be outlined now)

... to be continued ...