[opensc-devel] do not always fail when SC_ERROR_SECURITY_STATUS_NOT_SATISFIED?

Thu, 14 Sep 2006 06:58:26 -0700 

Hello,

My PKCS#15 card has some DF protected by a PIN. So when
__sc_pkcs15_search_objects() try to read them the card sends a
SC_ERROR_SECURITY_STATUS_NOT_SATISFIED.

The problem is that this happens in the C_Initialize() so very early
in the process and the PIN has no chance to be submitted at this step.

What would be the cleanest way to solve this?

I have a patch but it may have severe side effects.
--- libopensc/pkcs15.c  (révision 3011)
+++ libopensc/pkcs15.c  (copie de travail)
@@ -799,7 +803,11 @@ __sc_pkcs15_search_objects(sc_pkcs15_car
       /* Enumerate the DF's, so p15card->obj_list is
        * populated. */
       r = sc_pkcs15_parse_df(p15card, df);
-       SC_TEST_RET(p15card->card->ctx, r, "DF parsing failed");
+       /* The DF is here but we can't read it yet */
+       if (r != SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)
+           SC_TEST_RET(p15card->card->ctx, r, "DF parsing failed")
+       else
+           sc_do_log(p15card->card->ctx, SC_LOG_TYPE_ERROR, __FILE__, __LINE__,
 __FUNCTION__, "%s: %s\n", "DF parsing failed", sc_strerror(r)); \
       df->enumerated = 1;
   }


I can now have:
$ ./tools/pkcs11-tool -I --login --pin 123456 -L --module
./pkcs11/.libs/opensc-pkcs11.so
iso7816.c:99:iso7816_check_sw: Security status not satisfied
iso7816.c:129:iso7816_read_binary: returning with: Security status not satisfied
card.c:429:sc_read_binary: returning with: Security status not satisfied
card.c:414:sc_read_binary: sc_read_binary() failed: Security status
not satisfied
pkcs15.c:810:__sc_pkcs15_search_objects: DF parsing failed: Security
status not satisfied
iso7816.c:99:iso7816_check_sw: Security status not satisfied
iso7816.c:129:iso7816_read_binary: returning with: Security status not satisfied
card.c:429:sc_read_binary: returning with: Security status not satisfied
card.c:414:sc_read_binary: sc_read_binary() failed: Security status
not satisfied
pkcs15.c:810:__sc_pkcs15_search_objects: DF parsing failed: Security
status not satisfied
Cryptoki version 2.11
Manufacturer     OpenSC (www.opensc-project.org)
Library          smart card PKCS#11 API (ver 1.0)
Available slots:
Slot 0           Gemplus GemPC Twin 00 00
 token label:   xxxxxx (User PIN)
 token manuf:   xxxxxxxx
 token model:   PKCS #15 SCard
 token flags:   login required, PIN initialized, token initialized
 serial num  :  00400000031D006A
Slot 1           (empty)
Slot 2           (empty)
Slot 3           (empty)
Slot 4           (empty)
Slot 5           (empty)
Slot 6           (empty)
Slot 7           (empty)


--
 Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to