Hello,
On Tue, Nov 6, 2012 at 2:45 PM, Lukas Wunner <lu...@wunner.de> wrote:
> when logging in to a GemSafeV1 card with 0.13.0rc1, opensc first retrieves
> the number of tries_left using C_GetTokenInfo() and then calls C_Login().
> Both functions invoke sc_pin_cmd() to communicate with the card.
>
> It seems that somehow in-between the two invocations of sc_pin_cmd(),
> the sc_pkcs15_auth_info structure holding the PIN information is destroyed:
>
>
> $ OPENSC_DEBUG=9 pkcs11-tool --module opensc-pkcs11.so --test --login -p
> XXXXXXX
> [...]
> pkcs11-session.c:57:C_OpenSession: C_OpenSession(0x1)
> pkcs11-session.c:83:C_OpenSession: C_OpenSession handle: 0x6100f0
> pkcs11-session.c:86:C_OpenSession: C_OpenSession() = CKR_OK
> framework-pkcs15.c:426:C_GetTokenInfo: C_GetTokenInfo(1)
> sec.c:157:sc_pin_cmd: called
> sec.c:204:sc_pin_cmd: returning with: -1408 (Not supported)
> <------ data structure okay
> pkcs11-session.c:259:C_Login: C_Login(0x6100f0, 1)
> pkcs15-pin.c:293:sc_pkcs15_verify_pin: called
> pkcs15-pin.c:294:sc_pkcs15_verify_pin: PIN(0xXXXXXXXX;len:8)
> pkcs15-pin.c:295:sc_pkcs15_verify_pin: Auth(type:0;method:0)
> pkcs15-pin.c:299:sc_pkcs15_verify_pin: PIN value validated
> card.c:315:sc_lock: called
> reader-pcsc.c:517:pcsc_lock: called
> card.c:610:sc_select_file: called; type=2, path=3f0016000004
> card-gemsafeV1.c:184:gemsafe_select_file: called
> [...]
> card.c:636:sc_select_file: returning with: 0 (Success)
> sec.c:157:sc_pin_cmd: called
> sec.c:204:sc_pin_cmd: returning with: -1300 (Invalid arguments)
> <------ data structure destroyed
> pkcs15-pin.c:367:sc_pkcs15_verify_pin: PIN cmd result -1300
> [...]
> error: PKCS11 function C_Login failed: rv = CKR_ARGUMENTS_BAD (0x7)
>
>
> The final error message is caused by "method:0". That value is assigned
> to data.pin_type in pkcs15-pin.c:sc_pkcs15_verify_pin(). A value of 0
> means SC_AC_NONE. The correct value would be 1 which means SC_AC_CHV.
> There's a check in card-gemsafeV1.c:gemsafe_build_pin_apdu() for
> pin_type == SC_AC_CHV which returns SC_ERROR_INVALID_ARGUMENTS on failure.
> That's what causes the error message.
>
> If I hardwire "data.pin_type = SC_AC_CHV" in sc_pkcs15_verify_pin(),
> it still doesn't work: The card answers with CKR_PIN_INCORRECT even
> though the PIN is correct. Somehow the data structure holding the
> authentication info gets garbled.
>
> The curious thing is that upon the first invocation of sc_pin_cmd()
> (by C_GetTokenInfo()), the data structure seems to still be okay:
> The check for pin_type == SC_AC_CHV in gemsafe_build_pin_apdu()
> succeeds and the function just returns SC_ERROR_NOT_SUPPORTED
> because SC_PIN_CMD_GET_INFO is not implemented for GemSafeV1 cards.
>
> I'm at a loss here, if somebody has an idea what's going awry I'd be
> grateful to hear it.
>
Try to apply the following:
diff --git a/src/libopensc/pkcs15-gemsafeV1.c
b/src/libopensc/pkcs15-gemsafeV1.c
index c05578e..3e04d40 100644
--- a/src/libopensc/pkcs15-gemsafeV1.c
+++ b/src/libopensc/pkcs15-gemsafeV1.c
@@ -436,6 +436,7 @@ sc_pkcs15emu_add_pin(sc_pkcs15_card_t *p15card,
info = calloc(1, sizeof(*info));
info->auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
+ info->auth_method = SC_AC_CHV;
info->auth_id = *id;
info->attrs.pin.min_length = min_length;
info->attrs.pin.max_length = max_length;
>
> Thanks,
> Lukas
>
Kind regards,
Viktor.
> _______________________________________________
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
