Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

minidriver: fix support for pinless keys #2721

Closed
wants to merge 1 commit into from
Closed

minidriver: fix support for pinless keys #2721

wants to merge 1 commit into from

Conversation

llogar
Copy link
Contributor

@llogar llogar commented Feb 24, 2023

A call to CardGetProperty('PIN Information', ...) should not fail for keys that are not protected with PINs (PinId = ROLE_EVERYONE). Fixes #2719

Checklist
  • Documentation is added or updated
  • New files have a LGPL 2.1 license statement
  • PKCS#11 module is tested
  • Windows minidriver is tested
  • macOS tokend is tested

@llogar
minidriver: fix support for pinless keys
19b8a50 
A call to CardGetProperty('PIN Information', ...) should not fail for keys that
are not protected with PINs (PinId = ROLE_EVERYONE). Fixes issue OpenSC#2719
@dengert
Copy link
Member

dengert commented Feb 25, 2023

I think it should look more like:
minidriver-ROLE_EVERYONE.diff.txt

moved down inside switch, log it has been called and break, so as to log and return line 6508

@dengert
Copy link
Member

dengert commented Feb 25, 2023
edited
Loading

@vletoux Could you comment on this PR?

Is the real problem that ROLE_EVERYONE is not set on the private key that can be used without a PIN?

This PR is trying to define CardGetProperty('PIN Information', ...) for ROLE_EVERYONE.

@vletoux
Copy link
Contributor

vletoux commented Feb 25, 2023

I never saw in real life in the mini driver a key that cannot be protected by a PIN.
From what I saw, on windows, the api requires to set a PIN. An empty PIN has he special meaning of clearing the cached PIN.
So for me this PR is strange.

however I’m not working on minidriver for a while (mostly AD security stuff) so it may be correct - or not.

@vletoux
Copy link
Contributor

vletoux commented Feb 25, 2023

If I may add, I tested the opensc minidriver implementation with the cmck.exe test reference utility.
If a mistake was present, it would have been detected and fixed.
So for me the actual code is compliant with the minidriver implementation.

@Jakuje
Copy link
Member

Jakuje commented Sep 19, 2023

What is the status of this?

@Jakuje Jakuje mentioned this pull request Sep 19, 2023
Merged
4 tasks
@dengert
Copy link
Member

dengert commented Sep 20, 2023

As noted in #2722 (comment) this PR has been replaced by #2722.

@Jakuje
Copy link
Member

Jakuje commented Sep 20, 2023

Ok. Then I will close this one.

@Jakuje Jakuje closed this Sep 20, 2023
@llogar llogar deleted the minidriver-2719 branch November 14, 2023 21:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

minidriver not recognising pinless PKCS#15 applications
4 participants
@llogar @dengert @vletoux @Jakuje