Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Context Specific Login Using Pin Pad Reader Fix
sc_pkcs15_verify_pin say: /* if pin cache is disabled, we can get here with no PIN data. * in this case, to avoid error or unnecessary pin prompting on pinpad, * check if the PIN has been already verified and the access condition * is still open on card. */ It then call sc_pkcs15_get_pin_info A context specific login is used in PKCS#11 to force the user to enter the PIN again and a verify command be sent to the card. (Actually it could be a different value for the PINi depending on the card) sc_pkcs15_get_pin_info will then call the card driver, but does not say why it is testing the login status.sc_pkcs15_get_pin_info may return SC_PIN_STATE_LOGGED_IN=1 and sc_pkcs15_verify_pin will then skip sending the actual verify command to the card via _sc_pkcs15_verify_pin To avoid this, sc_pkcs15_get_pin_info will set data.pin_type = pin_info->auth_method; In the case of a context specific login, this is SC_AC_CONTEXT_SPECIFIC and the card driver can take action and can return SC_PIN_STATE_LOGGED_IN=0 so the verify will be done. The PIV driver card-piv.c does this. Other drivers could do something similar. Date: MOn May 21 20:40:00 2018 -0500 On branch History-fixes Changes to be committed: modified: card-piv.c modified: pkcs15-pin.c
- Loading branch information