IASECC: proper pkcs15init of Algo_refs
For some Private RSA Keys, their Algo_refs remain empty: $ pkcs15-tool -k --verify-pin --pin 1234 Using reader with a card: ACS ACR33U-A1 3SAM ICC Reader 00 00 Private RSA Key [CPS_PRIV_SIG] Object Flags : [0x01], private Usage : [0x200], nonRepudiation Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract Algo_refs : 0 Access Rules : pso_cds:01; ModLength : 2048 Key ref : 129 (0x81) Native : yes Path : e828bd080f8025000001ff0010:: Auth ID : 01 ID : e828bd080f8025000001ff001001 MD:guid : e7aab727-f2af-e673-37bb-7d43867a6349 Private RSA Key [CPS_PRIV_AUT] Object Flags : [0x07], private, modifiable Usage : [0x06], decrypt, sign Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract Algo_refs : 6, 3, 4 Access Rules : pso_decrypt:01; int_auth:01; ModLength : 2048 Key ref : 130 (0x82) Native : yes Path : e828bd080f8025000001ff0010:: Auth ID : 01 ID : e828bd080f8025000001ff001002 MD:guid : 2b6bf284-225c-80bc-8cbe-1c791db33543 Based on Usage : [0x200], nonRepudiation the SC_PKCS15_PRKEY_USAGE_NONREPUDIATION may be set but not the SC_PKCS15_PRKEY_USAGE_SIGN so line 801 is never tested. Having just SC_PKCS15_PRKEY_USAGE_NONREPUDIATION set and not doing anything does not make any sense for any card. Suggested-by: Doug Engert <deengert@gmail.com> Fix: issue #2270
This commit is contained in:
parent
544aa4cc6b
commit
405ecfc402
@ -801,7 +801,8 @@ iasecc_pkcs15_encode_supported_algos(struct sc_pkcs15_card *p15card, struct sc_p
|
|||||||
LOG_TEST_RET(ctx, rv, "cannot add supported algorithm DECIPHER:CKM_RSA_PKCS");
|
LOG_TEST_RET(ctx, rv, "cannot add supported algorithm DECIPHER:CKM_RSA_PKCS");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (prkey_info->usage & SC_PKCS15_PRKEY_USAGE_SIGN) {
|
if (prkey_info->usage & (SC_PKCS15_PRKEY_USAGE_SIGN |
|
||||||
|
SC_PKCS15_PRKEY_USAGE_NONREPUDIATION)) {
|
||||||
if (prkey_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION) {
|
if (prkey_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION) {
|
||||||
algo = sc_pkcs15_get_supported_algo(p15card, SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE, CKM_SHA1_RSA_PKCS);
|
algo = sc_pkcs15_get_supported_algo(p15card, SC_PKCS15_ALGO_OP_COMPUTE_SIGNATURE, CKM_SHA1_RSA_PKCS);
|
||||||
rv = sc_pkcs15_add_supported_algo_ref(object, algo);
|
rv = sc_pkcs15_add_supported_algo_ref(object, algo);
|
||||||
|
Loading…
Reference in New Issue
Block a user