giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #352 from tc-anssi/better-compliance 

Better PKCS#11 compliance
This commit is contained in:
viktorTarasov 2015-01-20 10:18:27 +01:00
parent 4915eaa56b 91ddcfb514
commit 79f1539e68
15 changed files with 7 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libopensc/pkcs15-actalis.c
View File

@ -122,10 +122,6 @@ static int sc_pkcs15emu_add_prkey(sc_pkcs15_card_t *p15card,
info.modulus_length = modulus_length;
info.usage = usage;
info.native = 1;
info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
info.key_reference = ref;
if (path)

5
src/libopensc/pkcs15-atrust-acos.c
View File

@ -235,11 +235,6 @@ static int sc_pkcs15emu_atrust_acos_init(sc_pkcs15_card_t *p15card)
sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
prkey_info.usage = prkeys[i].usage;
prkey_info.native = 1;
/* Add default access_flags, see Issues #335 and #336 */
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
prkey_info.key_reference = prkeys[i].ref;
prkey_info.modulus_length= prkeys[i].modulus_len;
sc_format_path(prkeys[i].path, &prkey_info.path);

5
src/libopensc/pkcs15-esteid.c
View File

@ -238,11 +238,6 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
prkey_info.id.value[0] = prkey_pin[i];
prkey_info.usage = prkey_usage[i];
prkey_info.native = 1;
/* Add default access_flags, see Issues #335 and #336 */
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
prkey_info.key_reference = i + 1;
if (card->type == SC_CARD_TYPE_MCRD_ESTEID_V30)
prkey_info.modulus_length = 2048;

5
src/libopensc/pkcs15-gemsafeGPK.c
View File

@ -472,11 +472,6 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
prkey_info.usage = prkeys[i].usage;
prkey_info.native = 1;
/* Add default access_flags, see Issues #335 and #336 */
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
prkey_info.key_reference = prkeys[i].ref;
prkey_info.modulus_length= prkeys[i].modulus_len;
sc_format_path(prkeys[i].path, &prkey_info.path);

4
src/libopensc/pkcs15-infocamere.c
View File

@ -117,10 +117,6 @@ static int sc_pkcs15emu_add_prkey(sc_pkcs15_card_t *p15card,
info.modulus_length = modulus_length;
info.usage = usage;
info.native = 1;
info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
info.key_reference = ref;
if (path)

5
src/libopensc/pkcs15-itacns.c
View File

@ -319,11 +319,6 @@ static int itacns_add_prkey(sc_pkcs15_card_t *p15card,
info.usage = usage;
info.native = 1;
info.key_reference = ref;
info.access_flags =
SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
if (path)
info.path = *path;

4
src/libopensc/pkcs15-oberthur.c
View File

@ -800,10 +800,6 @@ sc_pkcs15emu_oberthur_add_prvkey(struct sc_pkcs15_card *p15card,
kinfo.modulus_length = size;
kinfo.native = 1;
kinfo.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
kinfo.key_reference = file_id & 0xFF;
kinfo.usage = sc_oberthur_decode_usage(flags);

5
src/libopensc/pkcs15-openpgp.c
View File

@ -271,11 +271,6 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
prkey_info.id.value[0] = i + 1;
prkey_info.usage = key_cfg[i].prkey_usage;
prkey_info.native = 1;
/* Add default access_flags, see Issues #335 and #336 */
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
prkey_info.key_reference = i;
prkey_info.modulus_length = bebytes2ushort(cxdata + 1);

5
src/libopensc/pkcs15-piv.c
View File

@ -965,11 +965,6 @@ sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE Adding pin %d label=%s",i, label);
sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
prkey_info.native = 1;
/* Add default access_flags, see Issues #335 and #336 */
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
prkey_info.key_reference = prkeys[i].ref;
sc_format_path(prkeys[i].path, &prkey_info.path);

4
src/libopensc/pkcs15-postecert.c
View File

@ -112,10 +112,6 @@ static int sc_pkcs15emu_add_prkey(sc_pkcs15_card_t *p15card,
info.modulus_length = modulus_length;
info.usage = usage;
info.native = 1;
info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
info.key_reference = ref;
if (path)

5
src/libopensc/pkcs15-pteid.c
View File

@ -206,11 +206,6 @@ static int sc_pkcs15emu_pteid_init(sc_pkcs15_card_t * p15card)
prkey_info.id.value[0] = pteid_prkey_ids[i];
prkey_info.usage = pteid_prkey_usage[i];
prkey_info.native = 1;
/* Add default access_flags, see Issues #335 and #336 */
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
prkey_info.key_reference = pteid_prkey_keyref[type][i];
prkey_info.modulus_length = 1024;
if (pteid_prkey_paths[type][i] != NULL)

5
src/libopensc/pkcs15-starcert.c
View File

@ -240,11 +240,6 @@ static int sc_pkcs15emu_starcert_init(sc_pkcs15_card_t *p15card)
sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
prkey_info.usage = prkeys[i].usage;
prkey_info.native = 1;
/* Add default access_flags, see Issues #335 and #336 */
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
prkey_info.key_reference = prkeys[i].ref;
prkey_info.modulus_length= prkeys[i].modulus_len;
sc_format_path(prkeys[i].path, &prkey_info.path);

5
src/libopensc/pkcs15-tcos.c
View File

@ -112,11 +112,6 @@ static int insert_key(
prkey_info.id.len = 1;
prkey_info.id.value[0] = id;
prkey_info.native = 1;
/* Add default access_flags, see Issues #335 and #336 */
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
prkey_info.key_reference = key_reference;
prkey_info.modulus_length = key_length;
sc_format_path(path, &prkey_info.path);

5
src/libopensc/pkcs15-westcos.c
View File

@ -216,11 +216,6 @@ static int sc_pkcs15emu_westcos_init(sc_pkcs15_card_t * p15card)
SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DECRYPT
| SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
prkey_info.native = 1;
/* Add default access_flags, see Issues #335 and #336 */
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
prkey_info.key_reference = 1;
prkey_info.modulus_length = modulus_length;
prkey_info.path = path;

18
src/pkcs11/framework-pkcs15.c
View File

@ -3429,14 +3429,10 @@ pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session,
check_attribute_buffer(attr, sizeof(CK_MECHANISM_TYPE));
*(CK_MECHANISM_TYPE*)attr->pValue = CK_UNAVAILABLE_INFORMATION;
break;
case CKA_ENCRYPT:
case CKA_DECRYPT:
case CKA_SIGN:
case CKA_SIGN_RECOVER:
case CKA_WRAP:
case CKA_UNWRAP:
case CKA_VERIFY:
case CKA_VERIFY_RECOVER:
case CKA_DERIVE:
case CKA_OPENSC_NON_REPUDIATION:
/* TODO seems to be obsolete */
@ -3860,13 +3856,17 @@ pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session, void *object, CK_
*(CK_OBJECT_CLASS*)attr->pValue = CKO_PUBLIC_KEY;
break;
case CKA_TOKEN:
case CKA_LOCAL:
case CKA_SENSITIVE:
case CKA_ALWAYS_SENSITIVE:
case CKA_NEVER_EXTRACTABLE:
check_attribute_buffer(attr, sizeof(CK_BBOOL));
*(CK_BBOOL*)attr->pValue = TRUE;
break;
case CKA_LOCAL:
check_attribute_buffer(attr, sizeof(CK_BBOOL));
if (pubkey->pub_info)
*(CK_BBOOL*)attr->pValue = (pubkey->pub_info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL) != 0;
else /* no pub_info structure, falling back to TRUE */
*(CK_BBOOL*)attr->pValue = TRUE;
break;
case CKA_PRIVATE:
check_attribute_buffer(attr, sizeof(CK_BBOOL));
if (pubkey->pub_p15obj)
@ -3925,11 +3925,7 @@ pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session, void *object, CK_
*(CK_MECHANISM_TYPE*)attr->pValue = CK_UNAVAILABLE_INFORMATION;
break;
case CKA_ENCRYPT:
case CKA_DECRYPT:
case CKA_SIGN:
case CKA_SIGN_RECOVER:
case CKA_WRAP:
case CKA_UNWRAP:
case CKA_VERIFY:
case CKA_VERIFY_RECOVER:
case CKA_DERIVE: