Re: [opensc-devel] Pinpad again

Fri, 17 Nov 2006 12:00:58 -0800 

On Fri, Nov 17, 2006 at 02:47:31PM +0100, Ludovic Rousseau wrote:
> I don't know if pam_pkcs11 can know:
> - that a PIN pad is connected
> - that the PKCS#11 lib will/can use the PIN pad so the PAM module do
> not have to ask for a PIN on the keyboard.

Supposedly, it can.

CKF_PROTECTED_AUTHENTICATION_PATH in CK_TOKEN_INFO.flags.

Try using pkcs11-spy, it pretty-prints CK_TOKEN_INFO on successful
calls to C_GetTokenInfo.

See PKCS#11 v2.11 page 16, 6.7.4 on page 28, page 152 and page 154.

--8<-- framework-pkcs15.c:pkcs15_init_slot()
if (card->card->slot->capabilities & SC_SLOT_CAP_PIN_PAD) {
        slot->token_info.flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
        sc_pkcs11_conf.cache_pins = 0;
}
-->8--

--8<-- libopensc/reader-ctapi.c:
if (priv->ctapi_functional_units & CTAPI_FU_KEYBOARD)
reader->slot[i].capabilities |= SC_SLOT_CAP_PIN_PAD;
-->8--

--8<-- libopensc/reader-openct.c:
if (data->info.ct_keypad)
        reader->slot[i].capabilities |= SC_SLOT_CAP_PIN_PAD;
-->8--

--8<-- libopensc/reader-pcsc.c:
/* Set slot capabilities based on detected IOCTLs */
if (pslot->verify_ioctl || (pslot->verify_ioctl_start && 
pslot->verify_ioctl_finish)) {
        char *log_text = "Reader supports pinpad PIN verification";
        if (priv->gpriv->enable_pinpad) {
                sc_debug(reader->ctx, log_text);
                slot->capabilities |= SC_SLOT_CAP_PIN_PAD;
        } else {
                sc_debug(reader->ctx, "%s %s", log_text, log_disabled);
        }
}
-->8--

libopensc/card-belpic.c has a BELPIC_PIN_PAD ifdef and lots of pinpad
code within..

What reader were you using again?


//Peter
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to