pkcs11: CKF_WRITE_PROTECTED based on card's read_only flag
uses `md_read_only` as `read_only` for both, PKCS#11 and Minidriver
This commit is contained in:
parent
db4ed9f4a2
commit
129946ca96
|
@ -822,11 +822,11 @@ app <replaceable>application</replaceable> {
|
|||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>md_read_only = <replaceable>bool</replaceable>;</option>
|
||||
<option>read_only = <replaceable>bool</replaceable>;</option>
|
||||
</term>
|
||||
<listitem><para>
|
||||
Mark card as read/only card in
|
||||
Minidriver/BaseCSP interface
|
||||
PKCS#11/Minidriver/BaseCSP interface
|
||||
(Default: <literal>false</literal>).
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -282,7 +282,7 @@ app default {
|
|||
|
||||
# Context: minidriver
|
||||
#
|
||||
# md_read_only: Mark card as read/only card in Minidriver/BaseCSP interface (Default: false)
|
||||
# read_only: Mark card as read/only card in Minidriver/BaseCSP interface (Default: false)
|
||||
# md_supports_X509_enrollment: Indicate X509 enrollment support at Minidriver/BaseCSP interface (Default: false)
|
||||
# md_guid_as_id: Use the GUID generated for the key as id in the PKCS#15 structure (Default: false, i.e. auto generated)
|
||||
# md_guid_as_label: Use the GUID generated for the key as label in the PKCS#15 structure (Default: false, i.e. no label set)
|
||||
|
@ -396,7 +396,7 @@ app default {
|
|||
name = "Gemalto MultiApp IAS/ECC v1.0.1";
|
||||
secure_messaging = local_gemalto_iam;
|
||||
# secure_messaging = local_adele;
|
||||
md_read_only = false;
|
||||
read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
}
|
||||
card_atr 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00 {
|
||||
|
@ -404,7 +404,7 @@ app default {
|
|||
driver = "iasecc";
|
||||
name = "Gemalto MultiApp IAS/ECC v1.0.1";
|
||||
secure_messaging = local_gemalto_iam;
|
||||
md_read_only = false;
|
||||
read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
}
|
||||
#card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:08:00:07:90:00:FE {
|
||||
|
@ -423,7 +423,7 @@ app default {
|
|||
# type = 25005;
|
||||
# driver = "iasecc";
|
||||
# name = "Morpho MI IAS/ECC v1.0.1";
|
||||
# md_read_only = false;
|
||||
# read_only = false;
|
||||
# md_supports_X509_enrollment = true;
|
||||
# secure_messaging = local_morpho_mi;
|
||||
#}
|
||||
|
@ -431,7 +431,7 @@ app default {
|
|||
type = 25004;
|
||||
driver = "iasecc";
|
||||
name = "Amos IAS/ECC v1.0.1";
|
||||
md_read_only = false;
|
||||
read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
secure_messaging = local_amos;
|
||||
}
|
||||
|
@ -439,7 +439,7 @@ app default {
|
|||
type = 25004;
|
||||
driver = "iasecc";
|
||||
name = "Amos IAS/ECC v1.0.1";
|
||||
md_read_only = false;
|
||||
read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
secure_messaging = local_amos_eid;
|
||||
}
|
||||
|
@ -447,7 +447,7 @@ app default {
|
|||
# SmartCard-HSM with contact-based interface or USB-Stick
|
||||
card_atr 3B:FE:18:00:00:81:31:FE:45:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:FA {
|
||||
driver = "sc-hsm";
|
||||
md_read_only = false;
|
||||
read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -456,7 +456,7 @@ app default {
|
|||
# SmartCard-HSM with contact-less interface
|
||||
card_atr 3B:8E:80:01:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:18 {
|
||||
driver = "sc-hsm";
|
||||
md_read_only = false;
|
||||
read_only = false;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -465,7 +465,7 @@ app default {
|
|||
# SmartCard-HSM with fingerprint sensor and PIN pad
|
||||
card_atr 3B:80:80:01:01 {
|
||||
force_protocol = "t1";
|
||||
md_read_only = false;
|
||||
read_only = true;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -489,7 +489,7 @@ app default {
|
|||
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00";
|
||||
driver = "sc-hsm";
|
||||
force_protocol = "t1";
|
||||
md_read_only = false;
|
||||
read_only = true;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -512,7 +512,7 @@ app default {
|
|||
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00";
|
||||
driver = "sc-hsm";
|
||||
force_protocol = "t1";
|
||||
md_read_only = false;
|
||||
read_only = true;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -535,7 +535,7 @@ app default {
|
|||
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00";
|
||||
driver = "sc-hsm";
|
||||
force_protocol = "t1";
|
||||
md_read_only = false;
|
||||
read_only = true;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -558,7 +558,7 @@ app default {
|
|||
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00";
|
||||
driver = "sc-hsm";
|
||||
force_protocol = "t1";
|
||||
md_read_only = false;
|
||||
read_only = true;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -581,7 +581,7 @@ app default {
|
|||
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00";
|
||||
driver = "sc-hsm";
|
||||
force_protocol = "t1";
|
||||
md_read_only = false;
|
||||
read_only = true;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -604,7 +604,7 @@ app default {
|
|||
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00";
|
||||
driver = "sc-hsm";
|
||||
force_protocol = "t1";
|
||||
md_read_only = false;
|
||||
read_only = true;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -627,7 +627,7 @@ app default {
|
|||
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00";
|
||||
driver = "sc-hsm";
|
||||
force_protocol = "t1";
|
||||
md_read_only = false;
|
||||
read_only = true;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -650,7 +650,7 @@ app default {
|
|||
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00";
|
||||
driver = "sc-hsm";
|
||||
force_protocol = "t1";
|
||||
md_read_only = false;
|
||||
read_only = true;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -673,7 +673,7 @@ app default {
|
|||
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00";
|
||||
driver = "sc-hsm";
|
||||
force_protocol = "t1";
|
||||
md_read_only = false;
|
||||
read_only = true;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -697,7 +697,7 @@ app default {
|
|||
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00";
|
||||
driver = "sc-hsm";
|
||||
force_protocol = "t1";
|
||||
md_read_only = false;
|
||||
read_only = true;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -721,7 +721,7 @@ app default {
|
|||
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00:00";
|
||||
driver = "sc-hsm";
|
||||
force_protocol = "t1";
|
||||
md_read_only = false;
|
||||
read_only = true;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
@ -745,7 +745,7 @@ app default {
|
|||
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00:00:00";
|
||||
driver = "sc-hsm";
|
||||
force_protocol = "t1";
|
||||
md_read_only = false;
|
||||
read_only = true;
|
||||
md_supports_X509_enrollment = true;
|
||||
md_supports_container_key_gen = true;
|
||||
md_guid_as_label = true;
|
||||
|
|
|
@ -699,7 +699,7 @@ md_is_read_only(PCARD_DATA pCardData)
|
|||
}
|
||||
}
|
||||
|
||||
return md_get_config_bool(pCardData, "md_read_only", ret);
|
||||
return md_get_config_bool(pCardData, "read_only", ret);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -1045,6 +1045,8 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
|
|||
struct pkcs15_slot_data *fw_data;
|
||||
struct sc_pkcs15_auth_info *pin_info = NULL;
|
||||
char label[(sizeof auth->label) + 10];
|
||||
int write_protected;
|
||||
scconf_block *atrblock;
|
||||
|
||||
sc_log(context, "Called");
|
||||
pkcs15_init_token_info(p15card, &slot->token_info);
|
||||
|
@ -1058,6 +1060,19 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
|
|||
if (p15card->card->caps & SC_CARD_CAP_RNG && p15card->card->ops->get_challenge != NULL)
|
||||
slot->token_info.flags |= CKF_RNG;
|
||||
|
||||
if (p15card->tokeninfo && p15card->tokeninfo->flags & SC_PKCS15_TOKEN_READONLY) {
|
||||
write_protected = 1;
|
||||
} else {
|
||||
write_protected = 0;
|
||||
}
|
||||
atrblock = _sc_match_atr_block(p15card->card->ctx, NULL, &p15card->card->atr);
|
||||
if (atrblock) {
|
||||
write_protected = scconf_get_bool(atrblock, "read_only", write_protected);
|
||||
}
|
||||
if (write_protected) {
|
||||
slot->token_info.flags |= CKF_WRITE_PROTECTED;
|
||||
}
|
||||
|
||||
slot->fw_data = fw_data = calloc(1, sizeof(*fw_data));
|
||||
if (!fw_data) {
|
||||
return;
|
||||
|
|
Loading…
Reference in New Issue