Re: [opensc-devel] How do we know that a card is locked and needs unblocking using PUK?

Thu, 01 Jul 2010 04:54:15 -0700 

I don't see why would it be bad to expose the token info flags field itself. 


On Jul 1, 2010, at 14:36 , Kalev Lember wrote:

> On 07/01/2010 01:28 PM, Martin Paljak wrote:
>> for a PIN or if PIN verification fails with CKR_PIN_LOCKED (which is
>> SC_ERROR_AUTH_METHOD_BLOCKED in libopensc).
>> 
>> If triest left is implemented by the driver and available,
>> CKF_USER_PIN_LOCKED token flag can also be used to detect a locked
>> PIN via PKCS#11.
> 
> I have a patch to expose this in libp11. However, I'm not sure if
> changing a struct like that breaks ABI or not. If we need to break ABI
> anyway, it might make sense to reorder the new flags in a more natural
> order, instead of putting them all before token->_private = tpriv; in
> the struct.
> 
> -- 
> Kalev
> 
> -- 
> 
> Index: libp11/src/p11_slot.c
> ===================================================================
> --- libp11/src/p11_slot.c     (revision 192)
> +++ libp11/src/p11_slot.c     (working copy)
> @@ -387,6 +387,9 @@
>       token->secureLogin = (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? 
> 1 : 0;
>       token->userPinSet = (info.flags & CKF_USER_PIN_INITIALIZED) ? 1 : 0;
>       token->readOnly = (info.flags & CKF_WRITE_PROTECTED) ? 1 : 0;
> +     token->userPinCountLow = (info.flags & CKF_USER_PIN_COUNT_LOW) ? 1 : 0;
> +     token->userPinFinalTry = (info.flags & CKF_USER_PIN_FINAL_TRY) ? 1 : 0;
> +     token->userPinLocked = (info.flags & CKF_USER_PIN_LOCKED) ? 1 : 0;
>       token->_private = tpriv;
> 
>       return 0;
> Index: libp11/src/libp11.h
> ===================================================================
> --- libp11/src/libp11.h       (revision 192)
> +++ libp11/src/libp11.h       (working copy)
> @@ -80,6 +80,9 @@
>       unsigned char secureLogin;
>       unsigned char userPinSet;
>       unsigned char readOnly;
> +     unsigned char userPinCountLow;
> +     unsigned char userPinFinalTry;
> +     unsigned char userPinLocked;
>       void *_private;
> } PKCS11_TOKEN;
> 
> _______________________________________________
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

-- 
Martin Paljak
@martinpaljak.net
+3725156495

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to