pkcs15-pin: Fixing the method of obtaining objects protected by a particular PIN. Now it's in accordance with PKCS15. See [http://www.opensc-project.org/pipermail/opensc-devel/2011-January/015818.html discussion].

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5222 c6295689-39f2-0310-b995-f0e70906c6a9
2011-03-07 16:15:41 +00:00 · 2011-03-07 16:15:41 +00:00 · 3442649b42
parent 39db526407
commit 3442649b42
1 changed files with 17 additions and 5 deletions
--- a/src/libopensc/pkcs15-pin.c
+++ b/src/libopensc/pkcs15-pin.c
@ -500,12 +500,24 @@ void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_obj
 		return;
 	}

-	/* If the PIN protects a private key with user consent, don't cache it */
-	if (sc_pkcs15_find_prkey_by_reference(p15card, NULL, pin_info->reference, &obj) == SC_SUCCESS) {
-		if (obj->user_consent) {
-			sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Not caching a PIN protecting a key with user consent");
-			return;
+	/* If the PIN protects an object with user consent, don't cache it */
+
+	obj = p15card->obj_list;
+	while (obj != NULL) {
+		/* Compare 'sc_pkcs15_object.auth_id' with 'sc_pkcs15_pin_info.auth_id'.
+		 * In accordance with PKCS#15 "6.1.8 CommonObjectAttributes" and
+		 * "6.1.16 CommonAuthenticationObjectAttributes" with the exception that
+		 * "CommonObjectAttributes.accessControlRules" are not taken into account. */
+
+		if (sc_pkcs15_compare_id(&obj->auth_id, &pin_info->auth_id)) {
+			/* Caching is refused, if the protected object requires user consent */
+			if (obj->user_consent > 0) {
+				sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "caching refused (user consent)");
+				return;
+			}
 		}
+
+		obj = obj->next;
 	}

 	r = sc_pkcs15_allocate_object_content(pin_obj, pin, pinlen);