- On-board generation of non-repudiation keys did not work

- Minor cleanup git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1531 c6295689-39f2-0310-b995-f0e70906c6a9
2003-10-16 14:31:11 +00:00 · 2003-10-16 14:31:11 +00:00 · 81e6d67204
parent 574d6f38ee
commit 81e6d67204
1 changed files with 14 additions and 12 deletions
--- a/src/pkcs15init/pkcs15-etoken.c
+++ b/src/pkcs15init/pkcs15-etoken.c
@ -71,11 +71,10 @@ static int	etoken_extract_pubkey(sc_card_t *, int,
 * SO PIN = 0x01, SO PUK = 0x02
 * each user pin is 2*N+1, each corresponding PUK is 2*N+2
 */
-#define ETOKEN_PIN_ID(idx)	(((idx) << 1) + 0x01)
-#define ETOKEN_PUK_ID(idx)	(((idx) << 1) + 0x02)
-#define ETOKEN_MAX_PINS		0x10
-#define ETOKEN_KEY_ID(idx)	(0x40 + (idx))
-#define ETOKEN_SE_ID(idx)	(0x40 + (idx))
+#define ETOKEN_PIN_ID_MIN	1
+#define ETOKEN_PIN_ID_MAX	15
+#define ETOKEN_KEY_ID_MIN	16
+#define ETOKEN_KEY_ID_MAX	31
 #define ETOKEN_AC_NEVER		0xFF

 #define ETOKEN_ALGO_RSA			0x08
@ -165,7 +164,7 @@ etoken_select_pin_reference(sc_profile_t *profile, sc_card_t *card,
 	int	preferred, current;

 	if ((current = pin_info->reference) < 0)
-		current = 1;
+		current = ETOKEN_PIN_ID_MIN;

 	if (pin_info->flags & SC_PKCS15_PIN_FLAG_SO_PIN) {
 		preferred = 1;
@ -178,7 +177,7 @@ etoken_select_pin_reference(sc_profile_t *profile, sc_card_t *card,
 			return SC_ERROR_TOO_MANY_OBJECTS;
 	}

-	if (current > preferred)
+	if (current > preferred || preferred > ETOKEN_PIN_ID_MAX)
 		return SC_ERROR_TOO_MANY_OBJECTS;
 	pin_info->reference = preferred;
 	return 0;
@ -232,7 +231,9 @@ etoken_select_key_reference(sc_profile_t *profile, sc_card_t *card,
 {
 	struct sc_file	*df = profile->df_info->file;

-	if (key_info->key_reference > 255)
+	if (key_info->key_reference < ETOKEN_KEY_ID_MIN)
+		key_info->key_reference = ETOKEN_KEY_ID_MIN;
+	if (key_info->key_reference > ETOKEN_KEY_ID_MAX)
 		return SC_ERROR_TOO_MANY_OBJECTS;

 	key_info->path = df->path;
@ -491,7 +492,8 @@ etoken_create_sec_env(struct sc_profile *profile, struct sc_card *card,
 * Note that CardOS/M4 does not support keys that can be used
 * for signing _and_ decipherment
 */
-#define USAGE_ANY_SIGN		(SC_PKCS15_PRKEY_USAGE_SIGN)
+#define USAGE_ANY_SIGN		(SC_PKCS15_PRKEY_USAGE_SIGN|\
+				 SC_PKCS15_PRKEY_USAGE_NONREPUDIATION)
 #define USAGE_ANY_DECIPHER	(SC_PKCS15_PRKEY_USAGE_DECRYPT|\
 				 SC_PKCS15_PRKEY_USAGE_UNWRAP)

@ -502,13 +504,13 @@ etoken_key_algorithm(unsigned int usage, int *algop)

 	if (usage & USAGE_ANY_SIGN) {
 		*algop = ETOKEN_SIGN_RSA;
-		sign++;
+		sign = 1;
 	}
 	if (usage & USAGE_ANY_DECIPHER) {
 		*algop = ETOKEN_DECIPHER_RSA;
-		decipher++;
+		decipher = 1;
 	}
-	return (sign && decipher)? -1 : 0;
+	return (sign == decipher)? -1 : 0;
 }

 /*