- started to implement on-token key gen support
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@636 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
8535127ba8
commit
1b79b017e3
|
@ -33,7 +33,7 @@ filesystem {
|
||||||
type = internal-ef;
|
type = internal-ef;
|
||||||
file-id = 4B01; # This is the base FileID
|
file-id = 4B01; # This is the base FileID
|
||||||
size = 266; # 266 is enough for 1024-bit keys
|
size = 266; # 266 is enough for 1024-bit keys
|
||||||
ACL = *=NEVER, CRYPTO=$PIN, UPDATE=$PIN;
|
ACL = *=NEVER, UPDATE=$PIN;
|
||||||
}
|
}
|
||||||
EF template-public-key {
|
EF template-public-key {
|
||||||
file-id = 5501;
|
file-id = 5501;
|
||||||
|
@ -47,6 +47,12 @@ filesystem {
|
||||||
file-id = 7000;
|
file-id = 7000;
|
||||||
ACL = *=NEVER, READ=$PIN, UPDATE=$PIN;
|
ACL = *=NEVER, READ=$PIN, UPDATE=$PIN;
|
||||||
}
|
}
|
||||||
|
EF tempfile {
|
||||||
|
file-id = 7EAD;
|
||||||
|
structure = linear-variable-tlv;
|
||||||
|
ACL = *=NONE;
|
||||||
|
size = 512;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -54,6 +54,14 @@ struct sc_pkcs15init_operations {
|
||||||
*/
|
*/
|
||||||
int (*new_file)(struct sc_profile *, struct sc_card *,
|
int (*new_file)(struct sc_profile *, struct sc_card *,
|
||||||
unsigned int, unsigned int, struct sc_file **out);
|
unsigned int, unsigned int, struct sc_file **out);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Generate a new key pair
|
||||||
|
*/
|
||||||
|
int (*generate_key)(struct sc_profile *, struct sc_card *,
|
||||||
|
unsigned int index, unsigned int keybits,
|
||||||
|
sc_pkcs15_pubkey_t *pubkey_res);
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Do not change these or reorder these */
|
/* Do not change these or reorder these */
|
||||||
|
|
|
@ -371,8 +371,39 @@ sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card,
|
||||||
unsigned int keybits,
|
unsigned int keybits,
|
||||||
struct sc_pkcs15_object **res_obj)
|
struct sc_pkcs15_object **res_obj)
|
||||||
{
|
{
|
||||||
/* Currently, we do not support on-board key generation */
|
struct sc_pkcs15init_pubkeyargs pubkey_args;
|
||||||
return SC_ERROR_NOT_SUPPORTED;
|
int r, index;
|
||||||
|
|
||||||
|
/* For now, we support just RSA key pair generation */
|
||||||
|
if (keyargs->key.algorithm != SC_ALGORITHM_RSA)
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
|
||||||
|
if (profile->ops->generate_key == NULL)
|
||||||
|
return SC_ERROR_NOT_SUPPORTED;
|
||||||
|
|
||||||
|
if (keyargs->auth_id.len != 0) {
|
||||||
|
struct sc_pkcs15_pin_info *pin_info;
|
||||||
|
struct sc_pkcs15_object *objp;
|
||||||
|
|
||||||
|
r = sc_pkcs15_find_pin_by_auth_id(p15card,
|
||||||
|
&keyargs->auth_id, &objp);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
pin_info = (struct sc_pkcs15_pin_info *) objp->data;
|
||||||
|
sc_profile_set_pin_info(profile,
|
||||||
|
SC_PKCS15INIT_USER_PIN, pin_info);
|
||||||
|
}
|
||||||
|
|
||||||
|
memset(&pubkey_args, 0, sizeof(pubkey_args));
|
||||||
|
|
||||||
|
index = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0);
|
||||||
|
r = profile->ops->generate_key(profile, p15card->card, index, keybits,
|
||||||
|
&pubkey_args.key);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
/* XXX: add PrKDF entrye and write public key */
|
||||||
|
return SC_ERROR_INTERNAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue