Add configuration for sloppy PKCS#11 initialization
This commit is contained in:
parent
3307dd6f45
commit
f252277fab
|
@ -334,9 +334,12 @@ app default {
|
||||||
#path to ans name of external SM module
|
#path to ans name of external SM module
|
||||||
#module_name = @DEFAULT_SM_MODULE@;
|
#module_name = @DEFAULT_SM_MODULE@;
|
||||||
#module_path = @libdir@;
|
#module_path = @libdir@;
|
||||||
|
# directory with external SM module
|
||||||
|
# Default: defined by windows register
|
||||||
|
# module_path = "";
|
||||||
|
|
||||||
# specific data to tune the module initialization
|
# specific data to tune the module initialization
|
||||||
#module_data = "Here can be your SM module init data";
|
# module_data = "Here can be your SM module init data";
|
||||||
|
|
||||||
# SM mode:
|
# SM mode:
|
||||||
# 'transmit' -- in this mode the procedure to securize an APDU is called by the OpenSC general
|
# 'transmit' -- in this mode the procedure to securize an APDU is called by the OpenSC general
|
||||||
|
@ -568,6 +571,18 @@ app opensc-pkcs11 {
|
||||||
# Default: false
|
# Default: false
|
||||||
# lock_login = true;
|
# lock_login = true;
|
||||||
|
|
||||||
|
# With this setting disabled, the OpenSC PKCS#11 module will initialize
|
||||||
|
# the slots available when the application calls `C_GetSlotList`. With
|
||||||
|
# this setting enabled, the slots will also get initialized when
|
||||||
|
# C_GetSlotInfo is called.
|
||||||
|
#
|
||||||
|
# This setting is a workaround for Java which does not call
|
||||||
|
# `C_GetSlotList` when configured with a static `slot` instead of
|
||||||
|
# `slotListIndex`.
|
||||||
|
#
|
||||||
|
# Default: true
|
||||||
|
# init_sloppy = false;
|
||||||
|
|
||||||
# User PIN unblock style
|
# User PIN unblock style
|
||||||
# none: PIN unblock is not possible with PKCS#11 API;
|
# none: PIN unblock is not possible with PKCS#11 API;
|
||||||
# set_pin_in_unlogged_session: C_SetPIN() in unlogged session:
|
# set_pin_in_unlogged_session: C_SetPIN() in unlogged session:
|
||||||
|
|
|
@ -305,6 +305,14 @@ app default {
|
||||||
# name = "Morpho YpsID S3 IAS/ECC";
|
# name = "Morpho YpsID S3 IAS/ECC";
|
||||||
# # secure_messaging = local_morpho_YpsID_S3;
|
# # secure_messaging = local_morpho_YpsID_S3;
|
||||||
#}
|
#}
|
||||||
|
#card_atr 3B:DF:96:00:80:31:FE:45:00:31:B8:64:04:1F:EC:C1:73:94:01:80:82:90:00:EC {
|
||||||
|
# type = 25005;
|
||||||
|
# driver = "iasecc";
|
||||||
|
# name = "Morpho MI IAS/ECC v1.0.1";
|
||||||
|
# md_read_only = false;
|
||||||
|
# md_supports_X509_enrollment = true;
|
||||||
|
# secure_messaging = local_morpho_mi;
|
||||||
|
#}
|
||||||
card_atr 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3 {
|
card_atr 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3 {
|
||||||
type = 25004;
|
type = 25004;
|
||||||
driver = "iasecc";
|
driver = "iasecc";
|
||||||
|
@ -559,6 +567,18 @@ app opensc-pkcs11 {
|
||||||
# Default: false
|
# Default: false
|
||||||
# lock_login = true;
|
# lock_login = true;
|
||||||
|
|
||||||
|
# With this setting disabled, the OpenSC PKCS#11 module will initialize
|
||||||
|
# the slots available when the application calls `C_GetSlotList`. With
|
||||||
|
# this setting enabled, the slots will also get initialized when
|
||||||
|
# C_GetSlotInfo is called.
|
||||||
|
#
|
||||||
|
# This setting is a workaround for Java which does not call
|
||||||
|
# `C_GetSlotList` when configured with a static `slot` instead of
|
||||||
|
# `slotListIndex`.
|
||||||
|
#
|
||||||
|
# Default: true
|
||||||
|
# init_sloppy = false;
|
||||||
|
|
||||||
# User PIN unblock style
|
# User PIN unblock style
|
||||||
# none: PIN unblock is not possible with PKCS#11 API;
|
# none: PIN unblock is not possible with PKCS#11 API;
|
||||||
# set_pin_in_unlogged_session: C_SetPIN() in unlogged session:
|
# set_pin_in_unlogged_session: C_SetPIN() in unlogged session:
|
||||||
|
@ -618,6 +638,16 @@ app opensc-pkcs11 {
|
||||||
# create_slots_for_pins = "user,sign";
|
# create_slots_for_pins = "user,sign";
|
||||||
# create_slots_for_pins = application;
|
# create_slots_for_pins = application;
|
||||||
# create_slots_for_pins = "application,sign";
|
# create_slots_for_pins = "application,sign";
|
||||||
|
#
|
||||||
|
# For the module to simulate the opensc-onepin module behavior the following option
|
||||||
|
# must be set:
|
||||||
|
# create_slots_for_pins = "user"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
app onepin-opensc-pkcs11 {
|
||||||
|
pkcs11 {
|
||||||
|
slots_per_card = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -324,6 +324,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
||||||
}
|
}
|
||||||
conf->hide_empty_tokens = 1;
|
conf->hide_empty_tokens = 1;
|
||||||
conf->lock_login = 0;
|
conf->lock_login = 0;
|
||||||
|
conf->init_sloppy = 1;
|
||||||
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
|
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
|
||||||
conf->create_puk_slot = 0;
|
conf->create_puk_slot = 0;
|
||||||
conf->zero_ckaid_for_ca_certs = 0;
|
conf->zero_ckaid_for_ca_certs = 0;
|
||||||
|
@ -339,6 +340,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
||||||
conf->slots_per_card = scconf_get_int(conf_block, "slots_per_card", conf->slots_per_card);
|
conf->slots_per_card = scconf_get_int(conf_block, "slots_per_card", conf->slots_per_card);
|
||||||
conf->hide_empty_tokens = scconf_get_bool(conf_block, "hide_empty_tokens", conf->hide_empty_tokens);
|
conf->hide_empty_tokens = scconf_get_bool(conf_block, "hide_empty_tokens", conf->hide_empty_tokens);
|
||||||
conf->lock_login = scconf_get_bool(conf_block, "lock_login", conf->lock_login);
|
conf->lock_login = scconf_get_bool(conf_block, "lock_login", conf->lock_login);
|
||||||
|
conf->init_sloppy = scconf_get_bool(conf_block, "init_sloppy", conf->init_sloppy);
|
||||||
|
|
||||||
unblock_style = (char *)scconf_get_str(conf_block, "user_pin_unblock_style", NULL);
|
unblock_style = (char *)scconf_get_str(conf_block, "user_pin_unblock_style", NULL);
|
||||||
if (unblock_style && !strcmp(unblock_style, "set_pin_in_unlogged_session"))
|
if (unblock_style && !strcmp(unblock_style, "set_pin_in_unlogged_session"))
|
||||||
|
|
|
@ -473,6 +473,7 @@ static sc_timestamp_t get_current_time(void)
|
||||||
CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
|
CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
|
||||||
{
|
{
|
||||||
struct sc_pkcs11_slot *slot;
|
struct sc_pkcs11_slot *slot;
|
||||||
|
unsigned int uninit_slotcount;
|
||||||
sc_timestamp_t now;
|
sc_timestamp_t now;
|
||||||
CK_RV rv;
|
CK_RV rv;
|
||||||
|
|
||||||
|
@ -485,7 +486,11 @@ CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
|
||||||
|
|
||||||
sc_log(context, "C_GetSlotInfo(0x%lx)", slotID);
|
sc_log(context, "C_GetSlotInfo(0x%lx)", slotID);
|
||||||
|
|
||||||
if (1 <= list_size(&virtual_slots)) {
|
if (sc_pkcs11_conf.plug_and_play)
|
||||||
|
uninit_slotcount = 1;
|
||||||
|
else
|
||||||
|
uninit_slotcount = 0;
|
||||||
|
if (sc_pkcs11_conf.init_sloppy && uninit_slotcount <= list_size(&virtual_slots)) {
|
||||||
/* Most likely virtual_slots only contains the hotplug slot and has not
|
/* Most likely virtual_slots only contains the hotplug slot and has not
|
||||||
* been initialized because the caller has *not* called C_GetSlotList
|
* been initialized because the caller has *not* called C_GetSlotList
|
||||||
* before C_GetSlotInfo, as required by PKCS#11. Initialize
|
* before C_GetSlotInfo, as required by PKCS#11. Initialize
|
||||||
|
|
|
@ -78,6 +78,7 @@ struct sc_pkcs11_config {
|
||||||
unsigned int slots_per_card;
|
unsigned int slots_per_card;
|
||||||
unsigned char hide_empty_tokens;
|
unsigned char hide_empty_tokens;
|
||||||
unsigned char lock_login;
|
unsigned char lock_login;
|
||||||
|
unsigned char init_sloppy;
|
||||||
unsigned int pin_unblock_style;
|
unsigned int pin_unblock_style;
|
||||||
unsigned int create_puk_slot;
|
unsigned int create_puk_slot;
|
||||||
unsigned int zero_ckaid_for_ca_certs;
|
unsigned int zero_ckaid_for_ca_certs;
|
||||||
|
|
Loading…
Reference in New Issue