giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs15init: use random id for secret key 

Calculating intrinsic key would probably be not wise, because
it would leak out information about the secret key. Try to
generate globally unique IDs just by using a random one.
This commit is contained in:
Timo Teräs 2017-04-27 14:50:14 +03:00 committed by Frank Morgner
parent 023216c755
commit 137c6306d2
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/pkcs15init/pkcs15-lib.c
View File

@ -1879,12 +1879,16 @@ sc_pkcs15init_store_secret_key(struct sc_pkcs15_card *p15card, struct sc_profile
LOG_TEST_RET(ctx, SC_ERROR_INCOMPATIBLE_KEY, "Card does not support this key.");
}
/* Select a intrinsic Key ID if user didn't specify one */
r = sc_pkcs15init_select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_SKEY,
&keyargs->id, &keyargs->key);
LOG_TEST_RET(ctx, r, "Get intrinsic ID error");
#ifdef ENABLE_OPENSSL
if (!keyargs->id.len) {
/* Calculating intrinsic Key ID for secret key does not make
* sense - just generate random one */
if (RAND_bytes(keyargs->id.value, 20) == 1)
keyargs->id.len = 20;
}
#endif
/* Make sure that private key's ID is the unique inside the PKCS#15 application */
/* Make sure that secret key's ID is the unique inside the PKCS#15 application */
r = sc_pkcs15_find_skey_by_id(p15card, &keyargs->id, NULL);
if (!r)
LOG_TEST_RET(ctx, SC_ERROR_NON_UNIQUE_ID, "Non unique ID of the secret key object");