pkcs15init: use aux-data to set MD container GUID
This commit is contained in:
parent
5bbc86eb39
commit
5c0a37c53d
|
@ -61,6 +61,7 @@
|
|||
#include "libopensc/cardctl.h"
|
||||
#include "libopensc/asn1.h"
|
||||
#include "libopensc/log.h"
|
||||
#include "libopensc/aux-data.h"
|
||||
#include "profile.h"
|
||||
#include "pkcs15-init.h"
|
||||
|
||||
|
@ -1264,6 +1265,46 @@ err:
|
|||
}
|
||||
|
||||
|
||||
static int
|
||||
_pkcd15init_set_aux_md_data(struct sc_pkcs15_card *p15card, struct sc_auxiliary_data **aux_data,
|
||||
unsigned char *guid, size_t guid_len)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
unsigned char flags = SC_MD_CONTAINER_MAP_VALID_CONTAINER;
|
||||
char gd[SC_MD_MAX_CONTAINER_NAME_LEN + 1];
|
||||
int rv;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
|
||||
if(!guid || !guid_len)
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
|
||||
if (!aux_data)
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
|
||||
|
||||
if (guid_len > SC_MD_MAX_CONTAINER_NAME_LEN)
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
|
||||
|
||||
memset(gd, 0, sizeof(gd));
|
||||
memcpy(gd, guid, guid_len);
|
||||
|
||||
if (*aux_data == NULL) {
|
||||
rv = sc_aux_data_allocate(ctx, aux_data, NULL);
|
||||
LOG_TEST_RET(ctx, rv, "Failed to allocate aux data");
|
||||
}
|
||||
|
||||
rv = sc_aux_data_set_md_guid(ctx, *aux_data, gd);
|
||||
LOG_TEST_RET(ctx, rv, "Failed to set private key CMAP record GUID");
|
||||
|
||||
if (sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0) == 0)
|
||||
flags |= SC_MD_CONTAINER_MAP_DEFAULT_CONTAINER;
|
||||
|
||||
rv = sc_aux_data_set_md_flags(ctx, *aux_data, flags);
|
||||
LOG_TEST_RET(ctx, rv, "Failed to set private key CMAP record flags");
|
||||
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate a new private key
|
||||
*/
|
||||
|
@ -1309,6 +1350,10 @@ sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card, struct sc_profile *pr
|
|||
|
||||
key_info = (struct sc_pkcs15_prkey_info *) object->data;
|
||||
|
||||
r = _pkcd15init_set_aux_md_data(p15card, &key_info->aux_data,
|
||||
keygen_args->prkey_args.guid, keygen_args->prkey_args.guid_len);
|
||||
LOG_TEST_RET(ctx, r, "Failed to set aux MD data");
|
||||
|
||||
/* Set up the PuKDF info. The public key will be filled in
|
||||
* by the card driver's generate_key function called below.
|
||||
* Auth.ID of the public key object is left empty. */
|
||||
|
@ -1394,8 +1439,9 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card, struct sc_profil
|
|||
struct sc_pkcs15init_prkeyargs *keyargs, struct sc_pkcs15_object **res_obj)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
struct sc_pkcs15_object *object;
|
||||
struct sc_pkcs15_object *object = NULL;
|
||||
struct sc_pkcs15_prkey key;
|
||||
struct sc_pkcs15_prkey_info *key_info = NULL;
|
||||
int keybits, r = 0;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
|
@ -1435,8 +1481,9 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card, struct sc_profil
|
|||
r = sc_pkcs15init_encode_prvkey_content(p15card, &key, object);
|
||||
LOG_TEST_RET(ctx, r, "Failed to encode public key");
|
||||
|
||||
/* Get the number of private keys already on this card */
|
||||
/*idx = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0);*/
|
||||
key_info = (struct sc_pkcs15_prkey_info *) object->data;
|
||||
r = _pkcd15init_set_aux_md_data(p15card, &key_info->aux_data, keyargs->guid, keyargs->guid_len);
|
||||
LOG_TEST_RET(ctx, r, "Failed to set aux MD data");
|
||||
|
||||
if (profile->ops->create_key)
|
||||
r = profile->ops->create_key(profile, p15card, object);
|
||||
|
|
|
@ -139,6 +139,7 @@ enum {
|
|||
OPT_ERASE_APPLICATION,
|
||||
OPT_IGNORE_CA_CERTIFICATES,
|
||||
OPT_UPDATE_EXISTING,
|
||||
OPT_MD_CONTAINER_GUID,
|
||||
OPT_VERSION,
|
||||
|
||||
OPT_PIN1 = 0x10000, /* don't touch these values */
|
||||
|
@ -203,6 +204,7 @@ const struct option options[] = {
|
|||
{ "profile", required_argument, NULL, 'p' },
|
||||
{ "card-profile", required_argument, NULL, 'c' },
|
||||
{ "options-file", required_argument, NULL, OPT_OPTIONS },
|
||||
{ "md-container-guid", required_argument, NULL, OPT_MD_CONTAINER_GUID},
|
||||
{ "wait", no_argument, NULL, 'w' },
|
||||
{ "help", no_argument, NULL, 'h' },
|
||||
{ "verbose", no_argument, NULL, 'v' },
|
||||
|
@ -264,6 +266,7 @@ static const char * option_help[] = {
|
|||
"Specify the general profile to use",
|
||||
"Specify the card profile to use",
|
||||
"Read additional command line options from file",
|
||||
"For a new key specify GUID for a MD container",
|
||||
"Wait for card insertion",
|
||||
"Display this message",
|
||||
"Verbose operation. Use several times to enable debug output.",
|
||||
|
@ -364,6 +367,7 @@ static char * opt_application_id = NULL;
|
|||
static char * opt_application_name = NULL;
|
||||
static char * opt_bind_to_aid = NULL;
|
||||
static char * opt_puk_authid = NULL;
|
||||
static char * opt_md_container_guid = NULL;
|
||||
static unsigned int opt_x509_usage = 0;
|
||||
static unsigned int opt_delete_flags = 0;
|
||||
static unsigned int opt_type = 0;
|
||||
|
@ -1507,7 +1511,7 @@ do_generate_key(struct sc_profile *profile, const char *spec)
|
|||
|
||||
if ((r = init_keyargs(&keygen_args.prkey_args)) < 0)
|
||||
return r;
|
||||
keygen_args.prkey_args.access_flags |=
|
||||
keygen_args.prkey_args.access_flags |=
|
||||
SC_PKCS15_PRKEY_ACCESS_SENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
|
||||
|
@ -1565,7 +1569,7 @@ static int init_keyargs(struct sc_pkcs15init_prkeyargs *args)
|
|||
sc_pkcs15_format_id(opt_authid, &args->auth_id);
|
||||
} else if (!opt_insecure) {
|
||||
util_error("no PIN given for key - either use --insecure or \n"
|
||||
"specify a PIN using --auth-id");
|
||||
"specify a PIN using --auth-id");
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
}
|
||||
if (opt_extractable) {
|
||||
|
@ -1573,6 +1577,12 @@ static int init_keyargs(struct sc_pkcs15init_prkeyargs *args)
|
|||
}
|
||||
args->label = opt_label;
|
||||
args->x509_usage = opt_x509_usage;
|
||||
|
||||
if (opt_md_container_guid) {
|
||||
args->guid = (unsigned char *)opt_md_container_guid;
|
||||
args->guid_len = strlen(opt_md_container_guid);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -2559,6 +2569,9 @@ handle_option(const struct option *opt)
|
|||
case OPT_UPDATE_EXISTING:
|
||||
opt_update_existing = 1;
|
||||
break;
|
||||
case OPT_MD_CONTAINER_GUID:
|
||||
opt_md_container_guid = optarg;
|
||||
break;
|
||||
case OPT_VERSION:
|
||||
this_action = ACTION_PRINT_VERSION;
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue