From 7f52a0267f909f531f67f366a3f5d286fb8b317f Mon Sep 17 00:00:00 2001 From: "viktor.tarasov" Date: Sun, 31 Jan 2010 20:26:45 +0000 Subject: [PATCH] pkcs15init cardos: fix update keys When creating application DF ('PKCS15-AppDF'), User PIN is not yet created, and AC type 'SC_AC_SYMBOLIC' cannot be resolved. So, in the card profile, the macro '$PIN' cannot be used to define the ACLs of the application DF. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3967 c6295689-39f2-0310-b995-f0e70906c6a9 --- src/pkcs15init/cardos.profile | 2 +- src/pkcs15init/pkcs15-cardos.c | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/pkcs15init/cardos.profile b/src/pkcs15init/cardos.profile index 45be7884..c5d6cf75 100644 --- a/src/pkcs15init/cardos.profile +++ b/src/pkcs15init/cardos.profile @@ -35,7 +35,7 @@ filesystem { # Prevent unauthorized updates of basic security # objects via PUT DATA OCI. # ACL = UPDATE=NEVER; - ACL = UPDATE=$PIN; + ACL = UPDATE=$SOPIN; # Bump the size of the EF(PrKDF) - with split # keys, we may need a little more room. diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c index c9357bce..d48c0a46 100644 --- a/src/pkcs15init/pkcs15-cardos.c +++ b/src/pkcs15init/pkcs15-cardos.c @@ -249,6 +249,7 @@ cardos_store_key(sc_profile_t *profile, sc_card_t *card, sc_pkcs15_prkey_t *key) { sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data; + struct sc_file *file = NULL; int algorithm = 0, r; if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) { @@ -262,6 +263,19 @@ cardos_store_key(sc_profile_t *profile, sc_card_t *card, return SC_ERROR_NOT_SUPPORTED; } + r = sc_select_file(card, &key_info->path, &file); + if (r) { + sc_debug(card->ctx, "Failed to store key: cannot select parent DF"); + return r; + } + + r = sc_pkcs15init_authenticate(profile, card, file, SC_AC_OP_UPDATE); + sc_file_free(file); + if (r) { + sc_debug(card->ctx, "Failed to store key: 'UPDATE' authentication failed"); + return r; + } + r = cardos_put_key(profile, card, algorithm, key_info, &key->u.rsa); return r;