giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs15init: #327: unique ID for the private key objects. Thanks a Diego (NdK) ... 

http://www.opensc-project.org/opensc/ticket/327


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5219 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
vtarasov 2011-03-06 11:34:58 +00:00
parent 8ff3d5d647
commit 763c0bcefe
3 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libopensc/errors.c
View File

@ -104,7 +104,7 @@ const char *sc_strerror(int error)
"Inconsistent or incomplete PKCS#15 profile", "Inconsistent or incomplete PKCS#15 profile",
"Key length/algorithm not supported by card", "Key length/algorithm not supported by card",
"No default (transport) key available", "No default (transport) key available",
"UNUSED", "Non unique object ID",
"Unable to load key and certificate(s) from file", "Unable to load key and certificate(s) from file",
"UNUSED", "UNUSED",
"File template not found", "File template not found",

2
src/libopensc/errors.h
View File

@ -99,7 +99,7 @@ extern "C" {
#define SC_ERROR_INCONSISTENT_PROFILE -1502 #define SC_ERROR_INCONSISTENT_PROFILE -1502
#define SC_ERROR_INCOMPATIBLE_KEY -1503 #define SC_ERROR_INCOMPATIBLE_KEY -1503
#define SC_ERROR_NO_DEFAULT_KEY -1504 #define SC_ERROR_NO_DEFAULT_KEY -1504
/* Unused: -1505 */ #define SC_ERROR_NON_UNIQUE_ID -1505
#define SC_ERROR_CANNOT_LOAD_KEY -1506 #define SC_ERROR_CANNOT_LOAD_KEY -1506
/* Unused: -1007 */ /* Unused: -1007 */
#define SC_ERROR_TEMPLATE_NOT_FOUND -1508 #define SC_ERROR_TEMPLATE_NOT_FOUND -1508

24
src/pkcs15init/pkcs15-lib.c
View File

@ -1195,7 +1195,16 @@ sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card,
if (profile->ops->generate_key == NULL) if (profile->ops->generate_key == NULL)
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Key generation not supported"); LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Key generation not supported");
caller_supplied_id = keygen_args->prkey_args.id.len != 0; if (keygen_args->prkey_args.id.len) {
caller_supplied_id = 1;
/* Make sure that private key's ID is the unique inside the PKCS#15 application */
r = sc_pkcs15_find_prkey_by_id(p15card, &keygen_args->prkey_args.id, NULL);
if (!r)
LOG_TEST_RET(ctx, SC_ERROR_NON_UNIQUE_ID, "Non unique ID of the private key object");
else if (r != SC_ERROR_OBJECT_NOT_FOUND)
LOG_TEST_RET(ctx, r, "Find private key error");
}
/* Set up the PrKDF object */ /* Set up the PrKDF object */
r = sc_pkcs15init_init_prkdf(p15card, profile, &keygen_args->prkey_args, r = sc_pkcs15init_init_prkdf(p15card, profile, &keygen_args->prkey_args,
@ -1284,15 +1293,13 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card,
LOG_TEST_RET(ctx, keybits, "Invalid private key size"); LOG_TEST_RET(ctx, keybits, "Invalid private key size");
/* Now check whether the card is able to handle this key */ /* Now check whether the card is able to handle this key */
if (!check_key_compatibility(p15card, &key, if (!check_key_compatibility(p15card, &key, keyargs->x509_usage, keybits, 0)) {
keyargs->x509_usage, keybits, 0)) {
/* Make sure the caller explicitly tells us to store /* Make sure the caller explicitly tells us to store
* the key as extractable. */ * the key as extractable. */
if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE)) if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE))
LOG_TEST_RET(ctx, SC_ERROR_INCOMPATIBLE_KEY, "Card does not support this key."); LOG_TEST_RET(ctx, SC_ERROR_INCOMPATIBLE_KEY, "Card does not support this key.");
if (!keyargs->passphrase if (!keyargs->passphrase && !(keyargs->flags & SC_PKCS15INIT_NO_PASSPHRASE))
&& !(keyargs->flags & SC_PKCS15INIT_NO_PASSPHRASE))
LOG_TEST_RET(ctx, SC_ERROR_PASSPHRASE_REQUIRED, "No key encryption passphrase given."); LOG_TEST_RET(ctx, SC_ERROR_PASSPHRASE_REQUIRED, "No key encryption passphrase given.");
} }
@ -1300,6 +1307,13 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card,
r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PRKEY, &keyargs->id, &keyargs->key); r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PRKEY, &keyargs->id, &keyargs->key);
LOG_TEST_RET(ctx, r, "Get intrinsic ID error"); LOG_TEST_RET(ctx, r, "Get intrinsic ID error");
/* Make sure that private key's ID is the unique inside the PKCS#15 application */
r = sc_pkcs15_find_prkey_by_id(p15card, &keyargs->id, NULL);
if (!r)
LOG_TEST_RET(ctx, SC_ERROR_NON_UNIQUE_ID, "Non unique ID of the private key object");
else if (r != SC_ERROR_OBJECT_NOT_FOUND)
LOG_TEST_RET(ctx, r, "Find private key error");
/* Set up the PrKDF object */ /* Set up the PrKDF object */
r = sc_pkcs15init_init_prkdf(p15card, profile, keyargs, &key, keybits, &object); r = sc_pkcs15init_init_prkdf(p15card, profile, keyargs, &key, keybits, &object);
LOG_TEST_RET(ctx, r, "Failed to initialize private key object"); LOG_TEST_RET(ctx, r, "Failed to initialize private key object");