Fix tokeninfo SC_PKCS15_TOKEN_LOGIN_REQUIRED

Fix tokeninfo SC_PKCS15_TOKEN_LOGIN_REQUIRED for non eOI cards
llogar · Nov 3, 2023 · d22e389 · d22e389
1 parent 180d296
commit d22e389
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 1 deletion.
diff --git a/src/libopensc/card-eoi.c b/src/libopensc/card-eoi.c
@@ -432,6 +432,10 @@ static int eoi_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
 			r = SC_SUCCESS;
 		}
 		break;
+	case SC_CARDCTL_TOKENINFO_FLAGS:
+		*(int*)ptr = SC_CARDCTRL_TOKENINFO_FLAGS_HONOR_LOGIN_REQUIRED;
+		r = SC_SUCCESS;
+		break;
 	default:
 		r = sc_get_iso7816_driver()->ops->card_ctl(card, cmd, ptr);
 	}

diff --git a/src/libopensc/cardctl.h b/src/libopensc/cardctl.h
@@ -47,6 +47,7 @@ enum {
 	SC_CARDCTL_PKCS11_INIT_TOKEN,
 	SC_CARDCTL_PKCS11_INIT_PIN,
 	SC_CARDCTL_GET_MODEL,
+	SC_CARDCTL_TOKENINFO_FLAGS,
 
 	/*
 	 * GPK specific calls
@@ -318,6 +319,12 @@ enum {
 	SC_CARDCTRL_LIFECYCLE_OTHER
 };
 
+enum {
+	SC_CARDCTRL_TOKENINFO_FLAGS_HONOR_LOGIN_REQUIRED,
+	SC_CARDCTRL_TOKENINFO_FLAGS_SET_LOGIN_REQUIRED,
+	SC_CARDCTRL_TOKENINFO_FLAGS_UNSET_LOGIN_REQUIRED
+};
+
 /*
  * Generic cardctl - check if the required key is a default
  * key (such as the GPK "TEST KEYTEST KEY" key, or the Cryptoflex AAK)

diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
@@ -1171,6 +1171,7 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
 		}
 		else   {
 			size_t pin_len = 0;
+			int tokeninfo_flags = SC_CARDCTRL_TOKENINFO_FLAGS_SET_LOGIN_REQUIRED;
 			if (auth->label[0] && strncmp(auth->label, "PIN", 4) != 0)
 				pin_len = strlen(auth->label);
 			if (pin_len && get_num_slots(p15card->card) > 1) {
@@ -1211,7 +1212,20 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
 					slot->token_info.label[i] = '.';
 				}
 			}
-			slot->token_info.flags |= CKF_LOGIN_REQUIRED;
+			/* Let the card driver override SC_PKCS15_TOKEN_LOGIN_REQUIRED flag */
+			sc_card_ctl(p15card->card, SC_CARDCTL_TOKENINFO_FLAGS, &tokeninfo_flags);
+			switch (tokeninfo_flags) {
+			case SC_CARDCTRL_TOKENINFO_FLAGS_HONOR_LOGIN_REQUIRED:
+				if (p15card->tokeninfo->flags & SC_PKCS15_TOKEN_LOGIN_REQUIRED)
+					slot->token_info.flags |= CKF_LOGIN_REQUIRED;
+				break;
+			case SC_CARDCTRL_TOKENINFO_FLAGS_SET_LOGIN_REQUIRED:
+				slot->token_info.flags |= CKF_LOGIN_REQUIRED;
+				break;
+			case SC_CARDCTRL_TOKENINFO_FLAGS_UNSET_LOGIN_REQUIRED:
+				slot->token_info.flags &= ~CKF_LOGIN_REQUIRED;
+				break;
+			}
 		}
 	}