Le 06/11/2012 15:54, Viktor Tarasov a écrit : > Hello, > > On Tue, Nov 6, 2012 at 2:45 PM, Lukas Wunner <lu...@wunner.de > <mailto:lu...@wunner.de>> wrote: > > when logging in to a GemSafeV1 card with 0.13.0rc1, opensc first retrieves > the number of tries_left using C_GetTokenInfo() and then calls C_Login(). > Both functions invoke sc_pin_cmd() to communicate with the card. > > It seems that somehow in-between the two invocations of sc_pin_cmd(), > the sc_pkcs15_auth_info structure holding the PIN information is > destroyed: > > > $ OPENSC_DEBUG=9 pkcs11-tool --module opensc-pkcs11.so --test --login -p > XXXXXXX > [...] > pkcs11-session.c:57:C_OpenSession: C_OpenSession(0x1) > pkcs11-session.c:83:C_OpenSession: C_OpenSession handle: 0x6100f0 > pkcs11-session.c:86:C_OpenSession: C_OpenSession() = CKR_OK > framework-pkcs15.c:426:C_GetTokenInfo: C_GetTokenInfo(1) > sec.c:157:sc_pin_cmd: called > sec.c:204:sc_pin_cmd: returning with: -1408 (Not supported) > <------ data structure okay > pkcs11-session.c:259:C_Login: C_Login(0x6100f0, 1) > pkcs15-pin.c:293:sc_pkcs15_verify_pin: called > pkcs15-pin.c:294:sc_pkcs15_verify_pin: PIN(0xXXXXXXXX;len:8) > pkcs15-pin.c:295:sc_pkcs15_verify_pin: Auth(type:0;method:0) > pkcs15-pin.c:299:sc_pkcs15_verify_pin: PIN value validated > card.c:315:sc_lock: called > reader-pcsc.c:517:pcsc_lock: called > card.c:610:sc_select_file: called; type=2, path=3f0016000004 > card-gemsafeV1.c:184:gemsafe_select_file: called > [...] > card.c:636:sc_select_file: returning with: 0 (Success) > sec.c:157:sc_pin_cmd: called > sec.c:204:sc_pin_cmd: returning with: -1300 (Invalid arguments) > <------ data structure destroyed > pkcs15-pin.c:367:sc_pkcs15_verify_pin: PIN cmd result -1300 > [...] > error: PKCS11 function C_Login failed: rv = CKR_ARGUMENTS_BAD (0x7) > > > The final error message is caused by "method:0". That value is assigned > to data.pin_type in pkcs15-pin.c:sc_pkcs15_verify_pin(). A value of 0 > means SC_AC_NONE. The correct value would be 1 which means SC_AC_CHV. > There's a check in card-gemsafeV1.c:gemsafe_build_pin_apdu() for > pin_type == SC_AC_CHV which returns SC_ERROR_INVALID_ARGUMENTS on failure. > That's what causes the error message. > > If I hardwire "data.pin_type = SC_AC_CHV" in sc_pkcs15_verify_pin(), > it still doesn't work: The card answers with CKR_PIN_INCORRECT even > though the PIN is correct. Somehow the data structure holding the > authentication info gets garbled. > > The curious thing is that upon the first invocation of sc_pin_cmd() > (by C_GetTokenInfo()), the data structure seems to still be okay: > The check for pin_type == SC_AC_CHV in gemsafe_build_pin_apdu() > succeeds and the function just returns SC_ERROR_NOT_SUPPORTED > because SC_PIN_CMD_GET_INFO is not implemented for GemSafeV1 cards. > > I'm at a loss here, if somebody has an idea what's going awry I'd be > grateful to hear it. > > > > Try to apply the following: > > diff --git a/src/libopensc/pkcs15-gemsafeV1.c > b/src/libopensc/pkcs15-gemsafeV1.c > index c05578e..3e04d40 100644 > --- a/src/libopensc/pkcs15-gemsafeV1.c > +++ b/src/libopensc/pkcs15-gemsafeV1.c > @@ -436,6 +436,7 @@ sc_pkcs15emu_add_pin(sc_pkcs15_card_t *p15card, > > info = calloc(1, sizeof(*info)); > info->auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN; > + info->auth_method = SC_AC_CHV; > info->auth_id = *id; > info->attrs.pin.min_length = min_length; > info->attrs.pin.max_length = max_length;
The patch has been applied to the Github OpenSC/OpenSC. > > > > Thanks, > Lukas > > > Kind regards, > Viktor. > > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > <mailto:opensc-devel@lists.opensc-project.org> > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
