Re: [opensc-devel] Implement PIN retries in entersafe driver

Sun, 20 Feb 2011 02:57:46 -0800 

Hello,

On Feb 20, 2011, at 10:59 AM, Jean-Michel Pouré - GOOZE wrote:
> Le vendredi 18 février 2011 à 13:59 +0800, Xiaoshuo Wu a écrit :
>> I've added SC_PIN_CMD_GET_INFO handling in entersafe_pin_cmd(),  
>> C_GetTokenInfo() will get PIN retries now, you can run "pkcs11-tool  
>> --test-hotplug" to see if PIN is locked.
>> Regards, Xiaoshuo 
> 
> Could anyone apply this patch to trunk?
Interesting, the original e-mail with the patch does show up in list archive 
but I can't find it in any of my inboxes or spamboxes....

I thus copy the patch inline with comments:

Index: src/pkcs15init/pkcs15-entersafe.c
===================================================================
--- src/pkcs15init/pkcs15-entersafe.c   (revision 5121)
+++ src/pkcs15init/pkcs15-entersafe.c   (working copy)
@@ -276,7 +276,8 @@
 
                 data.key_id=pin_info->reference;
                 data.usage=0x0B;
-                data.key_data.symmetric.EC=0x33;
+                data.key_data.symmetric.EC= (pin_info->tries_left << 4) + 
+                        pin_info->tries_left;


Can you describe the data structure or the the value format?



Index: src/libopensc/card-entersafe.c
===================================================================
--- src/libopensc/card-entersafe.c      (revision 5121)
+++ src/libopensc/card-entersafe.c      (working copy)
@@ -953,10 +953,23 @@
+                r = entersafe_transmit_apdu(card, &apdu, 0, 0, 0, 0);

Use of entersafe_transmit_apdu is redundant here and in 13 other places where 
it is a straight passthrough to sc_transmit_apdu (called with 0,0,0,0). For one 
it makes following the code more difficult and it also generates twice as much 
log (if logging is enabled as identical APDU-s get logged twice).

As the wrapper is used for built-in APDU ciphering and mac-ing, you should 
instead propose a solution for the secure messaging infrastructure in OpenSC 
(ItaCNS, DNIe, IAS/ECC, Feitian have code that deals with it). As you use 
builtin keys for only specific APDU-s this should be the simplest case.


-- 
@MartinPaljak.net
+3725156495

_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to