- first stab at user_consent handling
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1350 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
9f065e840f
commit
11e38e8d29
|
@ -1669,6 +1669,24 @@ CK_RV pkcs15_prkey_sign(struct sc_pkcs11_session *ses, void *obj,
|
||||||
debug(context, "Initiating signing operation, mechanism 0x%x.\n",
|
debug(context, "Initiating signing operation, mechanism 0x%x.\n",
|
||||||
pMechanism->mechanism);
|
pMechanism->mechanism);
|
||||||
|
|
||||||
|
/* If this key requires user consent for every N operations,
|
||||||
|
* we may have to present the PIN again and again.
|
||||||
|
* For now, we require that either the terminal has a key pad,
|
||||||
|
* or the user allows pin caching. We may want to add GUI
|
||||||
|
* function pointers though.
|
||||||
|
*/
|
||||||
|
if (prkey->prv_p15obj->user_consent) {
|
||||||
|
/* XXX we should really keep track how often the key
|
||||||
|
* is used, and how often we need to ask the user for
|
||||||
|
* her PIN.
|
||||||
|
* For now, we just assume user_consent is 1.
|
||||||
|
*/
|
||||||
|
/* XXX - do we require an sc_lock here? */
|
||||||
|
rv = revalidate_pin(data, ses);
|
||||||
|
if (rv < 0)
|
||||||
|
return sc_to_cryptoki_error(rv, ses->slot->card->reader);
|
||||||
|
}
|
||||||
|
|
||||||
/* See which of the alternative keys supports signing */
|
/* See which of the alternative keys supports signing */
|
||||||
while (prkey
|
while (prkey
|
||||||
&& !(prkey->prv_info->usage
|
&& !(prkey->prv_info->usage
|
||||||
|
@ -2112,6 +2130,7 @@ revalidate_pin(struct pkcs15_slot_data *data, struct sc_pkcs11_session *ses)
|
||||||
int rv;
|
int rv;
|
||||||
u8 value[MAX_CACHE_PIN];
|
u8 value[MAX_CACHE_PIN];
|
||||||
|
|
||||||
|
debug(context, "revalidate_pin called\n");
|
||||||
if (!sc_pkcs11_conf.cache_pins &&
|
if (!sc_pkcs11_conf.cache_pins &&
|
||||||
!(ses->slot->token_info.flags & CKF_PROTECTED_AUTHENTICATION_PATH))
|
!(ses->slot->token_info.flags & CKF_PROTECTED_AUTHENTICATION_PATH))
|
||||||
return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
|
return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
|
||||||
|
|
Loading…
Reference in New Issue