pkcs15init: externalize and change name of select_intrinsic_id()
This commit is contained in:
parent
6a389f3c4b
commit
04fbf6ad08
|
@ -13,6 +13,8 @@ extern "C" {
|
||||||
|
|
||||||
#include "libopensc/pkcs15.h"
|
#include "libopensc/pkcs15.h"
|
||||||
|
|
||||||
|
#define DEFAULT_PRIVATE_KEY_LABEL "Private Key"
|
||||||
|
|
||||||
#define SC_PKCS15INIT_X509_DIGITAL_SIGNATURE 0x0080UL
|
#define SC_PKCS15INIT_X509_DIGITAL_SIGNATURE 0x0080UL
|
||||||
#define SC_PKCS15INIT_X509_NON_REPUDIATION 0x0040UL
|
#define SC_PKCS15INIT_X509_NON_REPUDIATION 0x0040UL
|
||||||
#define SC_PKCS15INIT_X509_KEY_ENCIPHERMENT 0x0020UL
|
#define SC_PKCS15INIT_X509_KEY_ENCIPHERMENT 0x0020UL
|
||||||
|
@ -369,6 +371,8 @@ extern int sc_pkcs15init_delete_by_path(struct sc_profile *,
|
||||||
struct sc_pkcs15_card *, const struct sc_path *);
|
struct sc_pkcs15_card *, const struct sc_path *);
|
||||||
extern int sc_pkcs15init_update_any_df(struct sc_pkcs15_card *, struct sc_profile *,
|
extern int sc_pkcs15init_update_any_df(struct sc_pkcs15_card *, struct sc_profile *,
|
||||||
struct sc_pkcs15_df *, int);
|
struct sc_pkcs15_df *, int);
|
||||||
|
extern int sc_pkcs15init_select_intrinsic_id(struct sc_pkcs15_card *, struct sc_profile *,
|
||||||
|
int, struct sc_pkcs15_id *, void *);
|
||||||
|
|
||||||
/* Erasing the card structure via rm -rf */
|
/* Erasing the card structure via rm -rf */
|
||||||
extern int sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *,
|
extern int sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *,
|
||||||
|
|
|
@ -1146,10 +1146,8 @@ sc_pkcs15init_encode_prvkey_content(struct sc_pkcs15_card *p15card, struct sc_pk
|
||||||
* Prepare private key download, and initialize a prkdf entry
|
* Prepare private key download, and initialize a prkdf entry
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
sc_pkcs15init_init_prkdf(struct sc_pkcs15_card *p15card,
|
sc_pkcs15init_init_prkdf(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||||
struct sc_profile *profile,
|
struct sc_pkcs15init_prkeyargs *keyargs, struct sc_pkcs15_prkey *key, int keybits,
|
||||||
struct sc_pkcs15init_prkeyargs *keyargs,
|
|
||||||
struct sc_pkcs15_prkey *key, int keybits,
|
|
||||||
struct sc_pkcs15_object **res_obj)
|
struct sc_pkcs15_object **res_obj)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
|
@ -1173,7 +1171,7 @@ sc_pkcs15init_init_prkdf(struct sc_pkcs15_card *p15card,
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((label = keyargs->label) == NULL)
|
if ((label = keyargs->label) == NULL)
|
||||||
label = "Private Key";
|
label = DEFAULT_PRIVATE_KEY_LABEL;
|
||||||
|
|
||||||
/* Create the prkey object now.
|
/* Create the prkey object now.
|
||||||
* If we find out below that we're better off reusing an
|
* If we find out below that we're better off reusing an
|
||||||
|
@ -1328,7 +1326,8 @@ sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card, struct sc_profile *pr
|
||||||
/* Caller not supplied ID, so,
|
/* Caller not supplied ID, so,
|
||||||
* if intrinsic ID can be calculated -- overwrite the native one */
|
* if intrinsic ID can be calculated -- overwrite the native one */
|
||||||
memset(&iid, 0, sizeof(iid));
|
memset(&iid, 0, sizeof(iid));
|
||||||
r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PUBKEY, &iid, &pubkey_args.key);
|
r = sc_pkcs15init_select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PUBKEY,
|
||||||
|
&iid, &pubkey_args.key);
|
||||||
LOG_TEST_RET(ctx, r, "Select intrinsic ID error");
|
LOG_TEST_RET(ctx, r, "Select intrinsic ID error");
|
||||||
|
|
||||||
if (iid.len)
|
if (iid.len)
|
||||||
|
@ -1367,10 +1366,8 @@ sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card, struct sc_profile *pr
|
||||||
* Store private key
|
* Store private key
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card,
|
sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||||
struct sc_profile *profile,
|
struct sc_pkcs15init_prkeyargs *keyargs, struct sc_pkcs15_object **res_obj)
|
||||||
struct sc_pkcs15init_prkeyargs *keyargs,
|
|
||||||
struct sc_pkcs15_object **res_obj)
|
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_object *object;
|
struct sc_pkcs15_object *object;
|
||||||
|
@ -1396,7 +1393,8 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Select a intrinsic Key ID if user didn't specify one */
|
/* Select a intrinsic Key ID if user didn't specify one */
|
||||||
r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PRKEY, &keyargs->id, &keyargs->key);
|
r = sc_pkcs15init_select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PRKEY,
|
||||||
|
&keyargs->id, &keyargs->key);
|
||||||
LOG_TEST_RET(ctx, r, "Get intrinsic ID error");
|
LOG_TEST_RET(ctx, r, "Get intrinsic ID error");
|
||||||
|
|
||||||
/* Make sure that private key's ID is the unique inside the PKCS#15 application */
|
/* Make sure that private key's ID is the unique inside the PKCS#15 application */
|
||||||
|
@ -1539,7 +1537,8 @@ sc_pkcs15init_store_public_key(struct sc_pkcs15_card *p15card,
|
||||||
key_info->field_length = keybits;
|
key_info->field_length = keybits;
|
||||||
|
|
||||||
/* Select a intrinsic Key ID if the user didn't specify one */
|
/* Select a intrinsic Key ID if the user didn't specify one */
|
||||||
r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PUBKEY, &keyargs->id, &key);
|
r = sc_pkcs15init_select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PUBKEY,
|
||||||
|
&keyargs->id, &key);
|
||||||
LOG_TEST_RET(ctx, r, "Get intrinsic ID error");
|
LOG_TEST_RET(ctx, r, "Get intrinsic ID error");
|
||||||
|
|
||||||
/* Select a Key ID if the user didn't specify one and there is no intrinsic ID,
|
/* Select a Key ID if the user didn't specify one and there is no intrinsic ID,
|
||||||
|
@ -1605,7 +1604,8 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card,
|
||||||
if (!label)
|
if (!label)
|
||||||
label = "Certificate";
|
label = "Certificate";
|
||||||
|
|
||||||
r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_CERT_X509, &args->id, &args->der_encoded);
|
r = sc_pkcs15init_select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_CERT_X509,
|
||||||
|
&args->id, &args->der_encoded);
|
||||||
LOG_TEST_RET(ctx, r, "Get certificate 'intrinsic ID' error");
|
LOG_TEST_RET(ctx, r, "Get certificate 'intrinsic ID' error");
|
||||||
|
|
||||||
/* Select an ID if the user didn't specify one, otherwise
|
/* Select an ID if the user didn't specify one, otherwise
|
||||||
|
@ -2162,44 +2162,48 @@ find_df_by_type(struct sc_pkcs15_card *p15card, unsigned int type)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int
|
int
|
||||||
select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
sc_pkcs15init_select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||||
int type, struct sc_pkcs15_id *id, void *data)
|
int type, struct sc_pkcs15_id *id_out, void *data)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
struct sc_pkcs15_pubkey *pubkey = NULL;
|
struct sc_pkcs15_pubkey *pubkey = NULL;
|
||||||
unsigned id_style = profile->id_style;
|
unsigned id_style = profile->id_style;
|
||||||
|
struct sc_pkcs15_id id;
|
||||||
|
unsigned char *id_data = NULL;
|
||||||
|
size_t id_data_len = 0;
|
||||||
int rv, allocated = 0;
|
int rv, allocated = 0;
|
||||||
|
|
||||||
LOG_FUNC_CALLED(ctx);
|
LOG_FUNC_CALLED(ctx);
|
||||||
#ifndef ENABLE_OPENSSL
|
#ifndef ENABLE_OPENSSL
|
||||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||||
#else
|
#else
|
||||||
|
if (!id_out)
|
||||||
|
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
|
||||||
|
|
||||||
/* ID already exists */
|
/* ID already exists */
|
||||||
if (id->len)
|
if (id_out->len)
|
||||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||||
|
|
||||||
/* Native ID style is not an intrisic one */
|
/* Native ID style is not intrisic one */
|
||||||
if (profile->id_style == SC_PKCS15INIT_ID_STYLE_NATIVE)
|
if (profile->id_style == SC_PKCS15INIT_ID_STYLE_NATIVE)
|
||||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||||
|
|
||||||
|
memset(&id, 0, sizeof(id));
|
||||||
/* Get PKCS15 public key */
|
/* Get PKCS15 public key */
|
||||||
switch(type) {
|
switch(type) {
|
||||||
case SC_PKCS15_TYPE_CERT_X509:
|
case SC_PKCS15_TYPE_CERT_X509:
|
||||||
rv = sc_pkcs15_pubkey_from_cert(ctx, (struct sc_pkcs15_der *)data, &pubkey);
|
rv = sc_pkcs15_pubkey_from_cert(ctx, (struct sc_pkcs15_der *)data, &pubkey);
|
||||||
LOG_TEST_RET(ctx, rv, "X509 parse error");
|
LOG_TEST_RET(ctx, rv, "X509 parse error");
|
||||||
|
|
||||||
allocated = 1;
|
allocated = 1;
|
||||||
break;
|
break;
|
||||||
case SC_PKCS15_TYPE_PRKEY:
|
case SC_PKCS15_TYPE_PRKEY:
|
||||||
rv = sc_pkcs15_pubkey_from_prvkey(ctx, (struct sc_pkcs15_prkey *)data, &pubkey);
|
rv = sc_pkcs15_pubkey_from_prvkey(ctx, (struct sc_pkcs15_prkey *)data, &pubkey);
|
||||||
LOG_TEST_RET(ctx, rv, "Cannot get public key");
|
LOG_TEST_RET(ctx, rv, "Cannot get public key");
|
||||||
|
|
||||||
allocated = 1;
|
allocated = 1;
|
||||||
break;
|
break;
|
||||||
case SC_PKCS15_TYPE_PUBKEY:
|
case SC_PKCS15_TYPE_PUBKEY:
|
||||||
pubkey = (struct sc_pkcs15_pubkey *)data;
|
pubkey = (struct sc_pkcs15_pubkey *)data;
|
||||||
|
|
||||||
allocated = 0;
|
allocated = 0;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
@ -2223,46 +2227,45 @@ select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
|
||||||
if (pubkey->algorithm == SC_ALGORITHM_GOSTR3410 && id_style == SC_PKCS15INIT_ID_STYLE_MOZILLA)
|
if (pubkey->algorithm == SC_ALGORITHM_GOSTR3410 && id_style == SC_PKCS15INIT_ID_STYLE_MOZILLA)
|
||||||
id_style = SC_PKCS15INIT_ID_STYLE_RFC2459;
|
id_style = SC_PKCS15INIT_ID_STYLE_RFC2459;
|
||||||
|
|
||||||
if (id_style == SC_PKCS15INIT_ID_STYLE_MOZILLA) {
|
switch (id_style) {
|
||||||
|
case SC_PKCS15INIT_ID_STYLE_MOZILLA:
|
||||||
if (pubkey->algorithm == SC_ALGORITHM_RSA)
|
if (pubkey->algorithm == SC_ALGORITHM_RSA)
|
||||||
SHA1(pubkey->u.rsa.modulus.data, pubkey->u.rsa.modulus.len, id->value);
|
SHA1(pubkey->u.rsa.modulus.data, pubkey->u.rsa.modulus.len, id.value);
|
||||||
else if (pubkey->algorithm == SC_ALGORITHM_DSA)
|
else if (pubkey->algorithm == SC_ALGORITHM_DSA)
|
||||||
SHA1(pubkey->u.dsa.pub.data, pubkey->u.dsa.pub.len, id->value);
|
SHA1(pubkey->u.dsa.pub.data, pubkey->u.dsa.pub.len, id.value);
|
||||||
else if (pubkey->algorithm == SC_ALGORITHM_EC) {
|
else if (pubkey->algorithm == SC_ALGORITHM_EC)
|
||||||
/* ID should be SHA1 of the X coordinate according to PKCS#15 v1.1 */
|
/* ID should be SHA1 of the X coordinate according to PKCS#15 v1.1 */
|
||||||
/* skip the 04 tag and get the X component */
|
/* skip the 04 tag and get the X component */
|
||||||
SHA1(pubkey->u.ec.ecpointQ.value+1, (pubkey->u.ec.ecpointQ.len - 1) / 2, id->value);
|
SHA1(pubkey->u.ec.ecpointQ.value+1, (pubkey->u.ec.ecpointQ.len - 1) / 2, id.value);
|
||||||
}
|
|
||||||
else
|
else
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
id->len = SHA_DIGEST_LENGTH;
|
id.len = SHA_DIGEST_LENGTH;
|
||||||
}
|
break;
|
||||||
else if (id_style == SC_PKCS15INIT_ID_STYLE_RFC2459) {
|
case SC_PKCS15INIT_ID_STYLE_RFC2459:
|
||||||
unsigned char *id_data = NULL;
|
|
||||||
size_t id_data_len = 0;
|
|
||||||
|
|
||||||
rv = sc_pkcs15_encode_pubkey(ctx, pubkey, &id_data, &id_data_len);
|
rv = sc_pkcs15_encode_pubkey(ctx, pubkey, &id_data, &id_data_len);
|
||||||
LOG_TEST_RET(ctx, rv, "Encoding public key error");
|
LOG_TEST_RET(ctx, rv, "Encoding public key error");
|
||||||
|
|
||||||
if (!id_data || !id_data_len)
|
if (!id_data || !id_data_len)
|
||||||
LOG_TEST_RET(ctx, SC_ERROR_INTERNAL, "Encoding public key error");
|
LOG_TEST_RET(ctx, SC_ERROR_INTERNAL, "Encoding public key error");
|
||||||
|
|
||||||
SHA1(id_data, id_data_len, id->value);
|
SHA1(id_data, id_data_len, id.value);
|
||||||
id->len = SHA_DIGEST_LENGTH;
|
id.len = SHA_DIGEST_LENGTH;
|
||||||
|
|
||||||
free(id_data);
|
break;
|
||||||
}
|
default:
|
||||||
else {
|
|
||||||
sc_log(ctx, "Unsupported ID style: %i", profile->id_style);
|
sc_log(ctx, "Unsupported ID style: %i", profile->id_style);
|
||||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Non supported ID style");
|
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Non supported ID style");
|
||||||
}
|
}
|
||||||
|
|
||||||
done:
|
done:
|
||||||
|
memcpy(id_out, &id, sizeof(*id_out));
|
||||||
|
if (id_data)
|
||||||
|
free(id_data);
|
||||||
if (allocated)
|
if (allocated)
|
||||||
sc_pkcs15_free_pubkey(pubkey);
|
sc_pkcs15_free_pubkey(pubkey);
|
||||||
|
|
||||||
LOG_FUNC_RETURN(ctx, id->len);
|
LOG_FUNC_RETURN(ctx, id_out->len);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -23,9 +23,9 @@ pkcs15 {
|
||||||
# Have a lastUpdate field in the EF(TokenInfo)?
|
# Have a lastUpdate field in the EF(TokenInfo)?
|
||||||
do-last-update = yes;
|
do-last-update = yes;
|
||||||
# Method to calculate ID of the crypto objects
|
# Method to calculate ID of the crypto objects
|
||||||
|
# native: 'E' + number_of_present_objects_of_the_same_type
|
||||||
# mozilla: SHA1(modulus) for RSA, SHA1(pub) for DSA
|
# mozilla: SHA1(modulus) for RSA, SHA1(pub) for DSA
|
||||||
# rfc2459: SHA1(SequenceASN1 of public key components as ASN1 integers)
|
# rfc2459: SHA1(SequenceASN1 of public key components as ASN1 integers)
|
||||||
# native: 'E' + number_of_present_objects_of_the_same_type
|
|
||||||
# default value: 'native'
|
# default value: 'native'
|
||||||
pkcs15-id-style = mozilla;
|
pkcs15-id-style = mozilla;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue