Menu
▾
▴
[Opensc-devel] Question about C_InitToken reinitialize
|
From: Bob B. <fig...@gm...> - 2018-10-29 10:01:52
|
Hi, Just some question on the C_InitToken implementation of OpenSC, the PKCS#11 document states the following below. *If the token is being reinitialized, the pPin parameter is checked against the existing SO PIN to authorize the initialization operation.* When the token is reinitialized, the C_InitToken should verify the PIN passed to it with the one provided on the first initialization. I tried to trace the source code but it seems this is not handled on the C_InitToken layer, the C_InitToken will just pass the data (pin, pin length, label) to PKCS#11 framework, or the pkcs15_initialize function. On this function, it will check if there is an implementation for the SC_CARDCTL_PKCS11_INIT_TOKEN command on the card level (card-*), the data is passed on this function. Most of the driver did not implement this one. After the call on this function, sc_pkcs15init_erase_card is also called, but data is not passed. After this, pkcs15nit_add_app is called, this is the function that do the initialization, but until here the existing SO validation was not handle, data was passed on this function. So, my question is if wanted to support the existing SO validation (as stated in PKCS#11 document) for the C_InitToken, what will be my approach? I was thinking of implementing SC_CARDCTL_PKCS11_INIT_TOKEN, but this is on the card level and it doesn't know anything about the PKCS#11 object or the PKCS# 15 structure. I appreciate if someone can put me on the direction or at least the a document that I can read that discusses this part of OpenSC. Thank you very much! Cheers, fightingsibuyas |
