Attachment 3124 Details for Bug 2652 – allow deferring the PIN prompt to reader keyboard

allow deferring the PIN prompt to reader keyboard

file_2652.txt (text/plain), 1.54 KB, created by Jakub Jelen on 2018-02-22 04:43:26 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Jakub Jelen

Created: 2018-02-22 04:43:26 AEDT

Size: 1.54 KB

patch

obsolete

>diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
>index c0c37dc2..1587e94b 100644
>--- a/ssh-pkcs11.c
>+++ b/ssh-pkcs11.c
>@@ -412,14 +412,19 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin)
> 	CK_RV			rv;
> 	CK_FUNCTION_LIST	*f;
> 	CK_SESSION_HANDLE	session;
>-	int			login_required;
>+	int			flags, login_required, have_pinpad;
> 
> 	f = p->function_list;
>-	login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED;
>-	if (pin && login_required && !strlen(pin)) {
>+	flags = p->slotinfo[slotidx].token.flags;
>+	have_pinpad = flags & CKF_PROTECTED_AUTHENTICATION_PATH;
>+	login_required = flags & CKF_LOGIN_REQUIRED;
>+
>+	/* fail early before opening session */
>+	if (login_required && !have_pinpad && pin && !strlen(pin)) {
> 		error("pin required");
> 		return (-1);
> 	}
>+
> 	if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION|
> 	    CKF_SERIAL_SESSION, NULL, NULL, &session))
> 	    != CKR_OK) {
>@@ -427,8 +432,13 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin)
> 		return (-1);
> 	}
> 	if (login_required && pin) {
>-		rv = f->C_Login(session, CKU_USER,
>-		    (u_char *)pin, strlen(pin));
>+		if (have_pinpad && !strlen(pin)) {
>+			/* defer PIN entry to the reader keypad */
>+			rv = f->C_Login(session, CKU_USER, NULL_PTR, 0);
>+		} else {
>+			rv = f->C_Login(session, CKU_USER,
>+			    (u_char *)pin, strlen(pin));
>+		}
> 		if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
> 			error("C_Login failed: %lu", rv);
> 			if ((rv = f->C_CloseSession(session)) != CKR_OK)

Actions: View

Attachments on bug 2652: 3032 | 3124 | 3125 | 3226