Hello,
My PKCS#15 card has some DF protected by a PIN. So when
__sc_pkcs15_search_objects() try to read them the card sends a
SC_ERROR_SECURITY_STATUS_NOT_SATISFIED.
The problem is that this happens in the C_Initialize() so very early
in the process and the PIN has no chance to be submitted at this step.
What would be the cleanest way to solve this?
I have a patch but it may have severe side effects.
--- libopensc/pkcs15.c (révision 3011)
+++ libopensc/pkcs15.c (copie de travail)
@@ -799,7 +803,11 @@ __sc_pkcs15_search_objects(sc_pkcs15_car
/* Enumerate the DF's, so p15card->obj_list is
* populated. */
r = sc_pkcs15_parse_df(p15card, df);
- SC_TEST_RET(p15card->card->ctx, r, "DF parsing failed");
+ /* The DF is here but we can't read it yet */
+ if (r != SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)
+ SC_TEST_RET(p15card->card->ctx, r, "DF parsing failed")
+ else
+ sc_do_log(p15card->card->ctx, SC_LOG_TYPE_ERROR, __FILE__, __LINE__,
__FUNCTION__, "%s: %s\n", "DF parsing failed", sc_strerror(r)); \
df->enumerated = 1;
}
I can now have:
$ ./tools/pkcs11-tool -I --login --pin 123456 -L --module
./pkcs11/.libs/opensc-pkcs11.so
iso7816.c:99:iso7816_check_sw: Security status not satisfied
iso7816.c:129:iso7816_read_binary: returning with: Security status not satisfied
card.c:429:sc_read_binary: returning with: Security status not satisfied
card.c:414:sc_read_binary: sc_read_binary() failed: Security status
not satisfied
pkcs15.c:810:__sc_pkcs15_search_objects: DF parsing failed: Security
status not satisfied
iso7816.c:99:iso7816_check_sw: Security status not satisfied
iso7816.c:129:iso7816_read_binary: returning with: Security status not satisfied
card.c:429:sc_read_binary: returning with: Security status not satisfied
card.c:414:sc_read_binary: sc_read_binary() failed: Security status
not satisfied
pkcs15.c:810:__sc_pkcs15_search_objects: DF parsing failed: Security
status not satisfied
Cryptoki version 2.11
Manufacturer OpenSC (www.opensc-project.org)
Library smart card PKCS#11 API (ver 1.0)
Available slots:
Slot 0 Gemplus GemPC Twin 00 00
token label: xx (User PIN)
token manuf:
token model: PKCS #15 SCard
token flags: login required, PIN initialized, token initialized
serial num : 0040031D006A
Slot 1 (empty)
Slot 2 (empty)
Slot 3 (empty)
Slot 4 (empty)
Slot 5 (empty)
Slot 6 (empty)
Slot 7 (empty)
--
Dr. Ludovic Rousseau
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel