diff --git a/src/pkcs11/misc.c b/src/pkcs11/misc.c index 1d893d61814..601b7a1c060 100644 --- a/src/pkcs11/misc.c +++ b/src/pkcs11/misc.c @@ -118,6 +118,8 @@ static CK_RV sc_to_cryptoki_error_common(int rc) return CKR_DEVICE_ERROR; case SC_ERROR_WRONG_PADDING: return CKR_ENCRYPTED_DATA_INVALID; + case SC_ERROR_CARD_BLACKLISTED: + return CKR_TOKEN_NOT_RECOGNIZED; } return CKR_GENERAL_ERROR; } diff --git a/src/pkcs11/slot.c b/src/pkcs11/slot.c index 0020a4002dd..3f07ac335f9 100644 --- a/src/pkcs11/slot.c +++ b/src/pkcs11/slot.c @@ -230,6 +230,14 @@ CK_RV card_detect(sc_reader_t *reader) return CKR_TOKEN_NOT_PRESENT; } + if (rc & SC_READER_CARD_BLACKLISTED) { + sc_log(context, "%s: token (blacklisted) not recognized", reader->name); + /* TODO ? but do not remove so slot shows card is still present */ + /* TODO need to see what pkcs11 apps do with CKR_TOKEN_NOT_RECOGNIZED */ + /* or do we make slot with unknown card */ + return CKR_TOKEN_NOT_RECOGNIZED; + } + /* If the card was changed, disconnect the current one */ if (rc & SC_READER_CARD_CHANGED) { sc_log(context, "%s: Card changed", reader->name); @@ -479,10 +487,12 @@ CK_RV slot_get_token(CK_SLOT_ID id, struct sc_pkcs11_slot ** slot) return CKR_TOKEN_NOT_PRESENT; sc_log(context, "Slot(id=0x%lX): get token: now detect card", id); rv = card_detect((*slot)->reader); + /* TODO test SC_READER_CARD_NOT_RECOGNIZED return CKR_TOKEN_NOT_RECOGNIZED */ if (rv != CKR_OK) return rv; } + if (!((*slot)->slot_info.flags & CKF_TOKEN_PRESENT)) { sc_log(context, "card detected, but slot not presenting token"); return CKR_TOKEN_NOT_PRESENT;