Hi, when logging in to a GemSafeV1 card with 0.13.0rc1, opensc first retrieves the number of tries_left using C_GetTokenInfo() and then calls C_Login(). Both functions invoke sc_pin_cmd() to communicate with the card.
It seems that somehow in-between the two invocations of sc_pin_cmd(), the sc_pkcs15_auth_info structure holding the PIN information is destroyed: $ OPENSC_DEBUG=9 pkcs11-tool --module opensc-pkcs11.so --test --login -p XXXXXXX [...] pkcs11-session.c:57:C_OpenSession: C_OpenSession(0x1) pkcs11-session.c:83:C_OpenSession: C_OpenSession handle: 0x6100f0 pkcs11-session.c:86:C_OpenSession: C_OpenSession() = CKR_OK framework-pkcs15.c:426:C_GetTokenInfo: C_GetTokenInfo(1) sec.c:157:sc_pin_cmd: called sec.c:204:sc_pin_cmd: returning with: -1408 (Not supported) <------ data structure okay pkcs11-session.c:259:C_Login: C_Login(0x6100f0, 1) pkcs15-pin.c:293:sc_pkcs15_verify_pin: called pkcs15-pin.c:294:sc_pkcs15_verify_pin: PIN(0xXXXXXXXX;len:8) pkcs15-pin.c:295:sc_pkcs15_verify_pin: Auth(type:0;method:0) pkcs15-pin.c:299:sc_pkcs15_verify_pin: PIN value validated card.c:315:sc_lock: called reader-pcsc.c:517:pcsc_lock: called card.c:610:sc_select_file: called; type=2, path=3f0016000004 card-gemsafeV1.c:184:gemsafe_select_file: called [...] card.c:636:sc_select_file: returning with: 0 (Success) sec.c:157:sc_pin_cmd: called sec.c:204:sc_pin_cmd: returning with: -1300 (Invalid arguments) <------ data structure destroyed pkcs15-pin.c:367:sc_pkcs15_verify_pin: PIN cmd result -1300 [...] error: PKCS11 function C_Login failed: rv = CKR_ARGUMENTS_BAD (0x7) The final error message is caused by "method:0". That value is assigned to data.pin_type in pkcs15-pin.c:sc_pkcs15_verify_pin(). A value of 0 means SC_AC_NONE. The correct value would be 1 which means SC_AC_CHV. There's a check in card-gemsafeV1.c:gemsafe_build_pin_apdu() for pin_type == SC_AC_CHV which returns SC_ERROR_INVALID_ARGUMENTS on failure. That's what causes the error message. If I hardwire "data.pin_type = SC_AC_CHV" in sc_pkcs15_verify_pin(), it still doesn't work: The card answers with CKR_PIN_INCORRECT even though the PIN is correct. Somehow the data structure holding the authentication info gets garbled. The curious thing is that upon the first invocation of sc_pin_cmd() (by C_GetTokenInfo()), the data structure seems to still be okay: The check for pin_type == SC_AC_CHV in gemsafe_build_pin_apdu() succeeds and the function just returns SC_ERROR_NOT_SUPPORTED because SC_PIN_CMD_GET_INFO is not implemented for GemSafeV1 cards. I'm at a loss here, if somebody has an idea what's going awry I'd be grateful to hear it. Thanks, Lukas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
