giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

OpenPGP: Set write access more restrictive for pubkey blobs. 

marschap: "The WRITE_ALWAYS ACL tells anyone can write to this file at any time."
This commit is contained in:
Nguyễn Hồng Quân 2012-08-08 10:12:11 +07:00 committed by Viktor Tarasov
parent a3b516a1e1
commit 1adbb3fae7
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/libopensc/card-openpgp.c
View File

@ -192,11 +192,11 @@ static struct do_info pgp1_objects[] = { /* OpenPGP card spec 1.1 */
{ 0x5f50, SIMPLE, READ_ALWAYS | WRITE_PIN3, sc_get_data, sc_put_data },
{ 0x7f49, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, NULL, NULL },
{ 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
{ 0xa401, SIMPLE, READ_ALWAYS | WRITE_ALWAYS, pgp_get_pubkey_pem, NULL },
{ 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
{ 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
{ 0xb601, SIMPLE, READ_ALWAYS | WRITE_ALWAYS, pgp_get_pubkey_pem, NULL },
{ 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
{ 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
{ 0xb801, SIMPLE, READ_ALWAYS | WRITE_ALWAYS, pgp_get_pubkey_pem, NULL },
{ 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
{ 0, 0, 0, NULL, NULL },
};
@ -251,12 +251,12 @@ static struct do_info pgp2_objects[] = { /* OpenPGP card spec 2.0 */
{ 0xa400, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
/* The 0xA401, 0xB601, 0xB801 are just symbolic, it does not represent any real DO.
* However, their R/W access condition may block the process of importing key in pkcs15init.
* So we set their accesses condition as ALWAYS. */
{ 0xa401, SIMPLE, READ_ALWAYS | WRITE_ALWAYS, pgp_get_pubkey_pem, NULL },
* So we set their accesses condition as WRITE_PIN3 (writable). */
{ 0xa401, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
{ 0xb600, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
{ 0xb601, SIMPLE, READ_ALWAYS | WRITE_ALWAYS, pgp_get_pubkey_pem, NULL },
{ 0xb601, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
{ 0xb800, CONSTRUCTED, READ_ALWAYS | WRITE_NEVER, pgp_get_pubkey, NULL },
{ 0xb801, SIMPLE, READ_ALWAYS | WRITE_ALWAYS, pgp_get_pubkey_pem, NULL },
{ 0xb801, SIMPLE, READ_ALWAYS | WRITE_PIN3, pgp_get_pubkey_pem, NULL },
{ 0, 0, 0, NULL, NULL },
};