pkcs15init: #327: unique ID for the private key objects. Thanks a Diego (NdK) ...
http://www.opensc-project.org/opensc/ticket/327 git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5219 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
8ff3d5d647
commit
763c0bcefe
|
@ -104,7 +104,7 @@ const char *sc_strerror(int error)
|
||||||
"Inconsistent or incomplete PKCS#15 profile",
|
"Inconsistent or incomplete PKCS#15 profile",
|
||||||
"Key length/algorithm not supported by card",
|
"Key length/algorithm not supported by card",
|
||||||
"No default (transport) key available",
|
"No default (transport) key available",
|
||||||
"UNUSED",
|
"Non unique object ID",
|
||||||
"Unable to load key and certificate(s) from file",
|
"Unable to load key and certificate(s) from file",
|
||||||
"UNUSED",
|
"UNUSED",
|
||||||
"File template not found",
|
"File template not found",
|
||||||
|
|
|
@ -99,7 +99,7 @@ extern "C" {
|
||||||
#define SC_ERROR_INCONSISTENT_PROFILE -1502
|
#define SC_ERROR_INCONSISTENT_PROFILE -1502
|
||||||
#define SC_ERROR_INCOMPATIBLE_KEY -1503
|
#define SC_ERROR_INCOMPATIBLE_KEY -1503
|
||||||
#define SC_ERROR_NO_DEFAULT_KEY -1504
|
#define SC_ERROR_NO_DEFAULT_KEY -1504
|
||||||
/* Unused: -1505 */
|
#define SC_ERROR_NON_UNIQUE_ID -1505
|
||||||
#define SC_ERROR_CANNOT_LOAD_KEY -1506
|
#define SC_ERROR_CANNOT_LOAD_KEY -1506
|
||||||
/* Unused: -1007 */
|
/* Unused: -1007 */
|
||||||
#define SC_ERROR_TEMPLATE_NOT_FOUND -1508
|
#define SC_ERROR_TEMPLATE_NOT_FOUND -1508
|
||||||
|
|
|
@ -1195,7 +1195,16 @@ sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card,
|
||||||
if (profile->ops->generate_key == NULL)
|
if (profile->ops->generate_key == NULL)
|
||||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Key generation not supported");
|
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Key generation not supported");
|
||||||
|
|
||||||
caller_supplied_id = keygen_args->prkey_args.id.len != 0;
|
if (keygen_args->prkey_args.id.len) {
|
||||||
|
caller_supplied_id = 1;
|
||||||
|
|
||||||
|
/* Make sure that private key's ID is the unique inside the PKCS#15 application */
|
||||||
|
r = sc_pkcs15_find_prkey_by_id(p15card, &keygen_args->prkey_args.id, NULL);
|
||||||
|
if (!r)
|
||||||
|
LOG_TEST_RET(ctx, SC_ERROR_NON_UNIQUE_ID, "Non unique ID of the private key object");
|
||||||
|
else if (r != SC_ERROR_OBJECT_NOT_FOUND)
|
||||||
|
LOG_TEST_RET(ctx, r, "Find private key error");
|
||||||
|
}
|
||||||
|
|
||||||
/* Set up the PrKDF object */
|
/* Set up the PrKDF object */
|
||||||
r = sc_pkcs15init_init_prkdf(p15card, profile, &keygen_args->prkey_args,
|
r = sc_pkcs15init_init_prkdf(p15card, profile, &keygen_args->prkey_args,
|
||||||
|
@ -1284,15 +1293,13 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card,
|
||||||
LOG_TEST_RET(ctx, keybits, "Invalid private key size");
|
LOG_TEST_RET(ctx, keybits, "Invalid private key size");
|
||||||
|
|
||||||
/* Now check whether the card is able to handle this key */
|
/* Now check whether the card is able to handle this key */
|
||||||
if (!check_key_compatibility(p15card, &key,
|
if (!check_key_compatibility(p15card, &key, keyargs->x509_usage, keybits, 0)) {
|
||||||
keyargs->x509_usage, keybits, 0)) {
|
|
||||||
/* Make sure the caller explicitly tells us to store
|
/* Make sure the caller explicitly tells us to store
|
||||||
* the key as extractable. */
|
* the key as extractable. */
|
||||||
if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE))
|
if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE))
|
||||||
LOG_TEST_RET(ctx, SC_ERROR_INCOMPATIBLE_KEY, "Card does not support this key.");
|
LOG_TEST_RET(ctx, SC_ERROR_INCOMPATIBLE_KEY, "Card does not support this key.");
|
||||||
|
|
||||||
if (!keyargs->passphrase
|
if (!keyargs->passphrase && !(keyargs->flags & SC_PKCS15INIT_NO_PASSPHRASE))
|
||||||
&& !(keyargs->flags & SC_PKCS15INIT_NO_PASSPHRASE))
|
|
||||||
LOG_TEST_RET(ctx, SC_ERROR_PASSPHRASE_REQUIRED, "No key encryption passphrase given.");
|
LOG_TEST_RET(ctx, SC_ERROR_PASSPHRASE_REQUIRED, "No key encryption passphrase given.");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1300,6 +1307,13 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card,
|
||||||
r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PRKEY, &keyargs->id, &keyargs->key);
|
r = select_intrinsic_id(p15card, profile, SC_PKCS15_TYPE_PRKEY, &keyargs->id, &keyargs->key);
|
||||||
LOG_TEST_RET(ctx, r, "Get intrinsic ID error");
|
LOG_TEST_RET(ctx, r, "Get intrinsic ID error");
|
||||||
|
|
||||||
|
/* Make sure that private key's ID is the unique inside the PKCS#15 application */
|
||||||
|
r = sc_pkcs15_find_prkey_by_id(p15card, &keyargs->id, NULL);
|
||||||
|
if (!r)
|
||||||
|
LOG_TEST_RET(ctx, SC_ERROR_NON_UNIQUE_ID, "Non unique ID of the private key object");
|
||||||
|
else if (r != SC_ERROR_OBJECT_NOT_FOUND)
|
||||||
|
LOG_TEST_RET(ctx, r, "Find private key error");
|
||||||
|
|
||||||
/* Set up the PrKDF object */
|
/* Set up the PrKDF object */
|
||||||
r = sc_pkcs15init_init_prkdf(p15card, profile, keyargs, &key, keybits, &object);
|
r = sc_pkcs15init_init_prkdf(p15card, profile, keyargs, &key, keybits, &object);
|
||||||
LOG_TEST_RET(ctx, r, "Failed to initialize private key object");
|
LOG_TEST_RET(ctx, r, "Failed to initialize private key object");
|
||||||
|
|
Loading…
Reference in New Issue