pkcs15init: #327: unique ID for the private key objects. Thanks a Diego (NdK) ...
http://www.opensc-project.org/opensc/ticket/327 git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5219 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
8ff3d5d647
commit
763c0bcefe
|
@ -104,7 +104,7 @@ const char *sc_strerror(int error)
|
|||
"Inconsistent or incomplete PKCS#15 profile",
|
||||
"Key length/algorithm not supported by card",
|
||||
"No default (transport) key available",
|
||||
"UNUSED",
|
||||
"Non unique object ID",
|
||||
"Unable to load key and certificate(s) from file",
|
||||
"UNUSED",
|
||||
"File template not found",
|
||||
|
|
|
@ -99,7 +99,7 @@ extern "C" {
|
|||
#define SC_ERROR_INCONSISTENT_PROFILE -1502
|
||||
#define SC_ERROR_INCOMPATIBLE_KEY -1503
|
||||
#define SC_ERROR_NO_DEFAULT_KEY -1504
|
||||
/* Unused: -1505 */
|
||||
#define SC_ERROR_NON_UNIQUE_ID -1505
|
||||
#define SC_ERROR_CANNOT_LOAD_KEY -1506
|
||||
/* Unused: -1007 */
|
||||
#define SC_ERROR_TEMPLATE_NOT_FOUND -1508
|
||||
|
|
|
@ -1195,7 +1195,16 @@ sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card,
|
|||
if (profile->ops->generate_key == NULL)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Key generation not supported");
|
||||
|
||||
caller_supplied_id = keygen_args->prkey_args.id.len != 0;
|
||||
if (keygen_args->prkey_args.id.len) {
|
||||
caller_supplied_id = 1;
|
||||
|
||||
/* Make sure that private key's ID is the unique inside the PKCS#15 application */
|
||||
r = sc_pkcs15_find_prkey_by_id(p15card, &keygen_args->prkey_args.id, NULL);
|
||||
if (!r)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NON_UNIQUE_ID, "Non unique ID of the private key object");
|
||||
else if (r != SC_ERROR_OBJECT_NOT_FOUND)
|
||||
LOG_TEST_RET(ctx, r, "Find private key error");
|
||||
}
|
||||
|
||||
/* Set up the PrKDF object */
|
||||
r = sc_pkcs15init_init_prkdf(p15card, profile, &keygen_args->prkey_args,
|
||||
|
@ -1284,15 +1293,13 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card,
|
|||
LOG_TEST_RET(ctx, keybits, "Invalid private key size");
|
||||
|
||||
/* Now check whether the card is able to handle this key */
|
||||
if (!check_key_compatibility(p15card, &key,
|
||||
keyargs->x509_usage, keybits, 0)) {
|
||||
if (!check_key_compatibility(p15card, &key, keyargs->x509_usage, keybits, 0)) {
|
||||
/* Make sure the caller explicitly tells us to store
|
||||
* the key as extractable. */
|
||||
if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE))
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INCOMPATIBLE_KEY, "Card does not support this key.");
|
||||
|
||||
if (!keyargs->passphrase
|
||||
&& !(keyargs->flags & SC_PKCS15INIT_NO_PASSPHRASE))
|
||||
if (!keyargs->passphrase && !(keyargs->flags & SC_PKCS15INIT_NO_PASSPHRASE))
|
||||
LOG_TEST_RET(ctx, SC_ERROR_PASSPHRASE_REQUIRED, "No key encryption passphrase given.");
|
||||
}
|
||||
|
||||
|
@ -1300,6 +1307,13 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card,
|
|||
r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PRKEY, &keyargs->id, &keyargs->key);
|
||||
LOG_TEST_RET(ctx, r, "Get intrinsic ID error");
|
||||
|
||||
/* Make sure that private key's ID is the unique inside the PKCS#15 application */
|
||||
r = sc_pkcs15_find_prkey_by_id(p15card, &keyargs->id, NULL);
|
||||
if (!r)
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NON_UNIQUE_ID, "Non unique ID of the private key object");
|
||||
else if (r != SC_ERROR_OBJECT_NOT_FOUND)
|
||||
LOG_TEST_RET(ctx, r, "Find private key error");
|
||||
|
||||
/* Set up the PrKDF object */
|
||||
r = sc_pkcs15init_init_prkdf(p15card, profile, keyargs, &key, keybits, &object);
|
||||
LOG_TEST_RET(ctx, r, "Failed to initialize private key object");
|
||||
|
|
Loading…
Reference in New Issue