Martin Paljak wrote: > On Feb 23, 2010, at 12:39 , Viktor TARASOV wrote: > >> François Leblanc wrote: >> >>> Hello Victor, >>> >>> I’m playing with opensc and find that when we use pkcs15 emulation >>> sc_pkcs15_verify_pin fails, >>> >>> this is due to 'auth_method' not set by emulation layer (and use to be set >>> by 'sc_pkcs15_verify_pin' >>> >>> before changeset 4048). For real pkcs15 card it seems that >>> 'sc_pkcs15_decode_aodf_entry' set this >>> >>> to SC_AC_CHV. >>> >>> What we should do for emulation, I guess we have to set 'auth_method' to >>> SC_AC_CHV for all cards? >>> >>> Perhaps set it on 'sc_pkcs15emu_add_pin_obj' ? >>> >>> What do you think? >>> >>> >> Well, >> the shortest way is to add it to 'sc_pkcs15emu_add_pin_obj', >> but, imho, it should be added into the every card 'emu' driver where >> pin_info is initialized. >> > > I'm a bit lost with the abundance of SC_AC_* variables, especially when > compared to PKCS#15 v1.1 page 69. But for a PIN object, SC_AC_NONE does not > seem as a sensible value? > > So only setting it in sc_pkcs15emu_add_pin_obj() if auth_method is 0 would > make sense. No? >
Probably, a little confusing comes from the fact, that, for the new PIN's authentication method values, I tried to reuse the existing authentication methods encoded by ACL. Maybe, for the first one the specially dedicated macros should be defined. In fact, by definition, the authentication method of the AUTH PKCS#15 object cannot be SC_AC_NONE (method 'not none' is it's reason for existence). Actually, the only AUTH method fully implemented in OpenSC-PKCS#15 is the PIN (CHV) -- that's why by default it should be initialized with SC_AC_CHV (or some specially dedicated macro). Sure, we can do it in 'sc_pkcs15emu_add_pin_obj', but it will overwrite the (actually hypothetic) setting from the card 'emu' driver . Kind wishes, Viktor. -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
