giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs15init cardos: fix update keys 

When creating application DF ('PKCS15-AppDF'), User PIN is not yet created, and AC type 'SC_AC_SYMBOLIC' cannot be resolved.
So, in the card profile, the macro '$PIN' cannot be used to define the ACLs of the application DF.



git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3967 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
viktor.tarasov 2010-01-31 20:26:45 +00:00
parent 72d5ebb79c
commit 7f52a0267f
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/pkcs15init/cardos.profile
View File

@ -35,7 +35,7 @@ filesystem {
# Prevent unauthorized updates of basic security
# objects via PUT DATA OCI.
# ACL = UPDATE=NEVER;
ACL = UPDATE=$PIN;
ACL = UPDATE=$SOPIN;
# Bump the size of the EF(PrKDF) - with split
# keys, we may need a little more room.

14
src/pkcs15init/pkcs15-cardos.c
View File

@ -249,6 +249,7 @@ cardos_store_key(sc_profile_t *profile, sc_card_t *card,
sc_pkcs15_prkey_t *key)
{
sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data;
struct sc_file *file = NULL;
int algorithm = 0, r;
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
@ -262,6 +263,19 @@ cardos_store_key(sc_profile_t *profile, sc_card_t *card,
return SC_ERROR_NOT_SUPPORTED;
}
r = sc_select_file(card, &key_info->path, &file);
if (r) {
sc_debug(card->ctx, "Failed to store key: cannot select parent DF");
return r;
}
r = sc_pkcs15init_authenticate(profile, card, file, SC_AC_OP_UPDATE);
sc_file_free(file);
if (r) {
sc_debug(card->ctx, "Failed to store key: 'UPDATE' authentication failed");
return r;
}
r = cardos_put_key(profile, card, algorithm, key_info, &key->u.rsa);
return r;