pkcs15init: use aux-data to set MD container GUID

2016-04-07 15:59:34 +02:00 · 2016-04-07 15:59:34 +02:00 · 5c0a37c53d
parent 5bbc86eb39
commit 5c0a37c53d
2 changed files with 65 additions and 5 deletions
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@ -61,6 +61,7 @@
 #include "libopensc/cardctl.h"
 #include "libopensc/asn1.h"
 #include "libopensc/log.h"
+#include "libopensc/aux-data.h"
 #include "profile.h"
 #include "pkcs15-init.h"

@ -1264,6 +1265,46 @@ err:
 }


+static int
+_pkcd15init_set_aux_md_data(struct sc_pkcs15_card *p15card, struct sc_auxiliary_data **aux_data,
+		unsigned char *guid, size_t guid_len)
+{
+	struct sc_context *ctx = p15card->card->ctx;
+	unsigned char flags = SC_MD_CONTAINER_MAP_VALID_CONTAINER;
+	char gd[SC_MD_MAX_CONTAINER_NAME_LEN + 1];
+	int rv;
+
+	LOG_FUNC_CALLED(ctx);
+
+	if(!guid || !guid_len)
+		LOG_FUNC_RETURN(ctx, SC_SUCCESS);
+
+	if (!aux_data)
+		LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
+
+	if (guid_len > SC_MD_MAX_CONTAINER_NAME_LEN)
+		LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
+
+	memset(gd, 0, sizeof(gd));
+	memcpy(gd, guid, guid_len);
+
+	if (*aux_data == NULL)   {
+		rv = sc_aux_data_allocate(ctx, aux_data, NULL);
+		LOG_TEST_RET(ctx, rv, "Failed to allocate aux data");
+	}
+
+	rv = sc_aux_data_set_md_guid(ctx, *aux_data, gd);
+	LOG_TEST_RET(ctx, rv, "Failed to set private key CMAP record GUID");
+
+	if (sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0) == 0)
+		flags |= SC_MD_CONTAINER_MAP_DEFAULT_CONTAINER;
+
+	rv = sc_aux_data_set_md_flags(ctx, *aux_data, flags);
+	LOG_TEST_RET(ctx, rv, "Failed to set private key CMAP record flags");
+
+	LOG_FUNC_RETURN(ctx, SC_SUCCESS);
+}
+
 /*
 * Generate a new private key
 */
@ -1309,6 +1350,10 @@ sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card, struct sc_profile *pr

 	key_info = (struct sc_pkcs15_prkey_info *) object->data;

+	r = _pkcd15init_set_aux_md_data(p15card, &key_info->aux_data,
+			keygen_args->prkey_args.guid, keygen_args->prkey_args.guid_len);
+	LOG_TEST_RET(ctx, r, "Failed to set aux MD data");
+
 	/* Set up the PuKDF info. The public key will be filled in
 	 * by the card driver's generate_key function called below.
 	 * Auth.ID of the public key object is left empty. */
@ -1394,8 +1439,9 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card, struct sc_profil
 		struct sc_pkcs15init_prkeyargs *keyargs, struct sc_pkcs15_object **res_obj)
 {
 	struct sc_context *ctx = p15card->card->ctx;
-	struct sc_pkcs15_object *object;
+	struct sc_pkcs15_object *object = NULL;
 	struct sc_pkcs15_prkey key;
+	struct sc_pkcs15_prkey_info *key_info = NULL;
 	int keybits, r = 0;

 	LOG_FUNC_CALLED(ctx);
@ -1435,8 +1481,9 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card, struct sc_profil
 	r = sc_pkcs15init_encode_prvkey_content(p15card, &key, object);
 	LOG_TEST_RET(ctx, r, "Failed to encode public key");

-	/* Get the number of private keys already on this card */
-	/*idx = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0);*/
+	key_info = (struct sc_pkcs15_prkey_info *) object->data;
+	r = _pkcd15init_set_aux_md_data(p15card, &key_info->aux_data, keyargs->guid, keyargs->guid_len);
+	LOG_TEST_RET(ctx, r, "Failed to set aux MD data");

 	if (profile->ops->create_key)
 		r = profile->ops->create_key(profile, p15card, object);
--- a/src/tools/pkcs15-init.c
+++ b/src/tools/pkcs15-init.c
@ -139,6 +139,7 @@ enum {
 	OPT_ERASE_APPLICATION,
 	OPT_IGNORE_CA_CERTIFICATES,
 	OPT_UPDATE_EXISTING,
+	OPT_MD_CONTAINER_GUID,
 	OPT_VERSION,

 	OPT_PIN1     = 0x10000,	/* don't touch these values */
@ -203,6 +204,7 @@ const struct option	options[] = {
 	{ "profile",		required_argument, NULL,	'p' },
 	{ "card-profile",	required_argument, NULL,	'c' },
 	{ "options-file",	required_argument, NULL,	OPT_OPTIONS },
+	{ "md-container-guid",	required_argument, NULL,	OPT_MD_CONTAINER_GUID},
 	{ "wait",		no_argument, NULL,		'w' },
 	{ "help",		no_argument, NULL,		'h' },
 	{ "verbose",		no_argument, NULL,		'v' },
@ -264,6 +266,7 @@ static const char *		option_help[] = {
 	"Specify the general profile to use",
 	"Specify the card profile to use",
 	"Read additional command line options from file",
+	"For a new key specify GUID for a MD container",
 	"Wait for card insertion",
 	"Display this message",
 	"Verbose operation. Use several times to enable debug output.",
@ -364,6 +367,7 @@ static char *			opt_application_id = NULL;
 static char *			opt_application_name = NULL;
 static char *			opt_bind_to_aid = NULL;
 static char *			opt_puk_authid = NULL;
+static char *			opt_md_container_guid = NULL;
 static unsigned int		opt_x509_usage = 0;
 static unsigned int		opt_delete_flags = 0;
 static unsigned int		opt_type = 0;
@ -1507,7 +1511,7 @@ do_generate_key(struct sc_profile *profile, const char *spec)

 	if ((r = init_keyargs(&keygen_args.prkey_args)) < 0)
 		return r;
-        keygen_args.prkey_args.access_flags |=
+	keygen_args.prkey_args.access_flags |=
 		  SC_PKCS15_PRKEY_ACCESS_SENSITIVE
 		| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
 		| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
@ -1565,7 +1569,7 @@ static int init_keyargs(struct sc_pkcs15init_prkeyargs *args)
 		sc_pkcs15_format_id(opt_authid, &args->auth_id);
 	} else if (!opt_insecure) {
 		util_error("no PIN given for key - either use --insecure or \n"
-		      "specify a PIN using --auth-id");
+				"specify a PIN using --auth-id");
 		return SC_ERROR_INVALID_ARGUMENTS;
 	}
 	if (opt_extractable) {
@ -1573,6 +1577,12 @@ static int init_keyargs(struct sc_pkcs15init_prkeyargs *args)
 	}
 	args->label = opt_label;
 	args->x509_usage = opt_x509_usage;
+
+	if (opt_md_container_guid)   {
+		args->guid = (unsigned char *)opt_md_container_guid;
+		args->guid_len = strlen(opt_md_container_guid);
+	}
+
 	return 0;
 }

@ -2559,6 +2569,9 @@ handle_option(const struct option *opt)
 	case OPT_UPDATE_EXISTING:
 		opt_update_existing = 1;
 		break;
+	case OPT_MD_CONTAINER_GUID:
+		opt_md_container_guid = optarg;
+		break;
 	case OPT_VERSION:
 		this_action = ACTION_PRINT_VERSION;
 		break;