Hello Alon, Il 10/05/2011 18.13, Alon Bar-Lev ha scritto: > Last message in this thread, as I think nothing is wrong and you try > to tweak implementation to suit your needs. > > Your assumption that only administrator is responsible for slot > management is totally wrong. > > 1 Every USB reader that is unplugged/plugged by user will most > probably result in a new slot index and slot id. This is done in order > to invalidate all previous slot id references. >
Well, actually the expected behaviour of a PKCS#11 compliant implementation, if you unplug the token from the USB port, is to clear the flag: CKF_TOKEN_PRESENT of the flags field in the CK_SLOT_INFO structure (returned by C_GetSlotInfo). This until you call C_GetSlotList again, where the library has a chance to take another snapshot of the slots layout. If your application is performing some operation on a token (es. Signing) when you remove it, the caller should get a CKR_DEVICE_REMOVED error and behave accordingly. Yet the slot_id remains valid. From the PKCS#11 standard: > All slots which C_GetSlotList reports must be able to be queried as > valid slots by > C_GetSlotInfo. Furthermore, the set of slots accessible through a > Cryptoki library is > checked at the time that C_GetSlotList, for list length prediction > (NULL pSlotList > argument) is called. If an application calls C_GetSlotList with a > non-NULL pSlotList, > and then the user adds or removes a hardware device, the changed slot > list will only be > visible and effective if C_GetSlotList is called again with NULL. Even > if C_ > GetSlotList is successfully called this way, it may or may not be the > case that the > changed slot list will be successfully recognized depending on the library > implementation. On some platforms, or earlier PKCS11 compliant > libraries, it may be > necessary to successfully call C_Initialize or to restart the entire > system. As for the administrator responsibility, when dealing with pocket tokens, administrator and user is the same person. So if he unplugs a token, he physically alters the hardware and should know that this has consequencies. Regards, -- Giuliano Bertoletti Pre-Sales Engineer - Technological Dept. Symbolic S.p.A. Viale Mentana, 29 I-43121 - Parma Tel. +39 0521 708811 Mob. +39 346 8749890 Fax +39 0521 776190 g...@symbolic.it www.symbolic.it _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
