diff --git a/doc/files/opensc.conf.5.xml.in b/doc/files/opensc.conf.5.xml.in
index b0cb4e75..f703ce71 100644
--- a/doc/files/opensc.conf.5.xml.in
+++ b/doc/files/opensc.conf.5.xml.in
@@ -822,11 +822,11 @@ app application {
-
+
Mark card as read/only card in
- Minidriver/BaseCSP interface
+ PKCS#11/Minidriver/BaseCSP interface
(Default: false).
diff --git a/etc/opensc.conf.example.in b/etc/opensc.conf.example.in
index d8abb8f8..dc3b5bd8 100644
--- a/etc/opensc.conf.example.in
+++ b/etc/opensc.conf.example.in
@@ -282,7 +282,7 @@ app default {
# Context: minidriver
#
- # md_read_only: Mark card as read/only card in Minidriver/BaseCSP interface (Default: false)
+ # read_only: Mark card as read/only card in Minidriver/BaseCSP interface (Default: false)
# md_supports_X509_enrollment: Indicate X509 enrollment support at Minidriver/BaseCSP interface (Default: false)
# md_guid_as_id: Use the GUID generated for the key as id in the PKCS#15 structure (Default: false, i.e. auto generated)
# md_guid_as_label: Use the GUID generated for the key as label in the PKCS#15 structure (Default: false, i.e. no label set)
@@ -396,7 +396,7 @@ app default {
name = "Gemalto MultiApp IAS/ECC v1.0.1";
secure_messaging = local_gemalto_iam;
# secure_messaging = local_adele;
- md_read_only = false;
+ read_only = false;
md_supports_X509_enrollment = true;
}
card_atr 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00 {
@@ -404,7 +404,7 @@ app default {
driver = "iasecc";
name = "Gemalto MultiApp IAS/ECC v1.0.1";
secure_messaging = local_gemalto_iam;
- md_read_only = false;
+ read_only = false;
md_supports_X509_enrollment = true;
}
#card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:08:00:07:90:00:FE {
@@ -423,7 +423,7 @@ app default {
# type = 25005;
# driver = "iasecc";
# name = "Morpho MI IAS/ECC v1.0.1";
- # md_read_only = false;
+ # read_only = false;
# md_supports_X509_enrollment = true;
# secure_messaging = local_morpho_mi;
#}
@@ -431,7 +431,7 @@ app default {
type = 25004;
driver = "iasecc";
name = "Amos IAS/ECC v1.0.1";
- md_read_only = false;
+ read_only = false;
md_supports_X509_enrollment = true;
secure_messaging = local_amos;
}
@@ -439,7 +439,7 @@ app default {
type = 25004;
driver = "iasecc";
name = "Amos IAS/ECC v1.0.1";
- md_read_only = false;
+ read_only = false;
md_supports_X509_enrollment = true;
secure_messaging = local_amos_eid;
}
@@ -447,7 +447,7 @@ app default {
# SmartCard-HSM with contact-based interface or USB-Stick
card_atr 3B:FE:18:00:00:81:31:FE:45:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:FA {
driver = "sc-hsm";
- md_read_only = false;
+ read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -456,7 +456,7 @@ app default {
# SmartCard-HSM with contact-less interface
card_atr 3B:8E:80:01:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:18 {
driver = "sc-hsm";
- md_read_only = false;
+ read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -465,7 +465,7 @@ app default {
# SmartCard-HSM with fingerprint sensor and PIN pad
card_atr 3B:80:80:01:01 {
force_protocol = "t1";
- md_read_only = false;
+ read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -489,7 +489,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00";
driver = "sc-hsm";
force_protocol = "t1";
- md_read_only = false;
+ read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -512,7 +512,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00";
driver = "sc-hsm";
force_protocol = "t1";
- md_read_only = false;
+ read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -535,7 +535,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
- md_read_only = false;
+ read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -558,7 +558,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
- md_read_only = false;
+ read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -581,7 +581,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
- md_read_only = false;
+ read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -604,7 +604,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
- md_read_only = false;
+ read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -627,7 +627,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
- md_read_only = false;
+ read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -650,7 +650,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
- md_read_only = false;
+ read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -673,7 +673,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
- md_read_only = false;
+ read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -697,7 +697,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
- md_read_only = false;
+ read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -721,7 +721,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
- md_read_only = false;
+ read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
@@ -745,7 +745,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
- md_read_only = false;
+ read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
diff --git a/src/minidriver/minidriver.c b/src/minidriver/minidriver.c
index fc57ff09..3570a07b 100644
--- a/src/minidriver/minidriver.c
+++ b/src/minidriver/minidriver.c
@@ -699,7 +699,7 @@ md_is_read_only(PCARD_DATA pCardData)
}
}
- return md_get_config_bool(pCardData, "md_read_only", ret);
+ return md_get_config_bool(pCardData, "read_only", ret);
}
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index 3e881e66..cc4b1e80 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -1045,6 +1045,8 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
struct pkcs15_slot_data *fw_data;
struct sc_pkcs15_auth_info *pin_info = NULL;
char label[(sizeof auth->label) + 10];
+ int write_protected;
+ scconf_block *atrblock;
sc_log(context, "Called");
pkcs15_init_token_info(p15card, &slot->token_info);
@@ -1058,6 +1060,19 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
if (p15card->card->caps & SC_CARD_CAP_RNG && p15card->card->ops->get_challenge != NULL)
slot->token_info.flags |= CKF_RNG;
+ if (p15card->tokeninfo && p15card->tokeninfo->flags & SC_PKCS15_TOKEN_READONLY) {
+ write_protected = 1;
+ } else {
+ write_protected = 0;
+ }
+ atrblock = _sc_match_atr_block(p15card->card->ctx, NULL, &p15card->card->atr);
+ if (atrblock) {
+ write_protected = scconf_get_bool(atrblock, "read_only", write_protected);
+ }
+ if (write_protected) {
+ slot->token_info.flags |= CKF_WRITE_PROTECTED;
+ }
+
slot->fw_data = fw_data = calloc(1, sizeof(*fw_data));
if (!fw_data) {
return;