Create new type "privdata" in all profiles with different

ACL settings, and check C_CreateObject parameter CKA_PRIVATE aka pkcs15_create_data args.auth_id variable, aka sc_pkcs15init_new_object object->flags & SC_PKCS15_CO_FLAG_PRIVATE to decide if "data" or "privdata" profile needs to be used. Tested with cryptoflex 32k and opensc-explorer, now I no longer can "get" the data object file stored with "--private". git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3605 c6295689-39f2-0310-b995-f0e70906c6a9
2008-12-28 16:07:51 +00:00 · 2008-12-28 16:07:51 +00:00 · 8a6bc59e66
parent a89b14668f
commit 8a6bc59e66
11 changed files with 81 additions and 2 deletions
--- a/src/pkcs15init/asepcos.profile
+++ b/src/pkcs15init/asepcos.profile
@ -102,7 +102,15 @@ filesystem {
 					UPDATE=$PIN,
 					ERASE=$PIN;
                }
-
+	        # private data objects are stored in transparent EFs.
+                EF privdata {
+    	            file-id	= 3402;
+    	            structure	= transparent;
+    	            ACL		= *=NEVER,
+					READ=$PIN,
+					UPDATE=$PIN,
+					ERASE=$PIN;
+                }
 	    }

 	}
--- a/src/pkcs15init/cardos.profile
+++ b/src/pkcs15init/cardos.profile
@ -97,6 +97,16 @@ filesystem {
 					ERASE=$PIN;
                }

+	        # private data objects are stored in transparent EFs.
+                EF privdata {
+    	            file-id	= 3403;
+    	            structure	= transparent;
+    	            ACL		= *=NEVER,
+					READ=$PIN,
+					UPDATE=$PIN,
+					ERASE=$PIN;
+                }
+
 	    }

 	    # This is needed when generating a key on-card.
--- a/src/pkcs15init/cyberflex.profile
+++ b/src/pkcs15init/cyberflex.profile
@ -111,6 +111,10 @@ filesystem {
 		    file-id	= 4600;
 		    ACL		= *=$PIN, READ=NONE;
 		}
+		EF privdata {
+		    file-id	= 4700;
+		    ACL		= *=$PIN;
+		}
 	    }
 	}
    }
--- a/src/pkcs15init/entersafe.profile
+++ b/src/pkcs15init/entersafe.profile
@ -174,6 +174,13 @@ filesystem {
 					ACL	  	  	= *=NEVER,READ=NONE,UPDATE=$PIN;
        		}

+        		# private data objects are stored in transparent EFs.
+        		EF data {
+            	    file-id		= 3401;
+            		structure	= transparent;
+					ACL	  	  	= *=NEVER,READ=$PIN,UPDATE=$PIN;
+        		}
+
 			}

 		}
--- a/src/pkcs15init/flex.profile
+++ b/src/pkcs15init/flex.profile
@ -115,6 +115,10 @@ filesystem {
 		    file-id	= 4600;
 		    ACL		= *=$PIN, READ=NONE;
 		}
+		EF privdata {
+		    file-id	= 4700;
+		    ACL		= *=$PIN;
+		}
 	    }
 	}
    }
--- a/src/pkcs15init/gpk.profile
+++ b/src/pkcs15init/gpk.profile
@ -72,6 +72,16 @@ filesystem {
 					WRITE=$PIN;
                }

+	        # private data objects are stored in transparent EFs.
+                EF privdata {
+    	            file-id	= 3300;
+    	            structure	= transparent;
+    	            ACL		= *=NEVER,
+					READ=$PIN,
+					UPDATE=$PIN,
+					WRITE=$PIN;
+                }
+
                EF public-key {
    	            file-id	= 3300;
    	            structure	= transparent;
--- a/src/pkcs15init/incrypto34.profile
+++ b/src/pkcs15init/incrypto34.profile
@ -92,6 +92,16 @@ filesystem {
 					ERASE=$PIN;
                }

+	        # private data objects are stored in transparent EFs.
+                EF privdata {
+    	            file-id	= 3402;
+    	            structure	= transparent;
+    	            ACL		= *=NEVER,
+					READ=$PIN,
+					UPDATE=$PIN,
+					ERASE=$PIN;
+                }
+
 	    }

 	    # This is needed when generating a key on-card.
--- a/src/pkcs15init/jcop.profile
+++ b/src/pkcs15init/jcop.profile
@ -41,6 +41,11 @@ filesystem {
                    file-id         = 3200;
                    acl             = *=NEVER, UPDATE=$PIN, READ=NONE, 
                                      ERASE=$SOPIN;
+		}
+                EF privdata {
+                    file-id         = 3500;
+                    acl             = *=NEVER, UPDATE=$PIN, READ=$PIN, 
+                                      ERASE=$SOPIN;
                }
                EF public-key {
                    file-id         = 3300;
--- a/src/pkcs15init/muscle.profile
+++ b/src/pkcs15init/muscle.profile
@ -162,6 +162,15 @@ filesystem {
 					READ=NONE,
 					UPDATE=$PIN,
 					ERASE=$PIN;
+		}
+	        # private data objects are stored in transparent EFs.
+                EF privdata {
+    	            file-id	= 3400;
+    	            structure	= transparent;
+    	            ACL		= *=NEVER,
+					READ=$PIN,
+					UPDATE=$PIN,
+					ERASE=$PIN;
                }

 	    }
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@ -2339,7 +2339,10 @@ static int select_object_path(sc_pkcs15_card_t *p15card, sc_profile_t *profile,
 		name = "certificate";
 		break;
 	case SC_PKCS15_TYPE_DATA_OBJECT:
-		name = "data";
+		if (obj->flags & SC_PKCS15_CO_FLAG_PRIVATE) 
+			name = "privdata";
+		else
+			name = "data";
 		break;
 	default:
 		return 0;
--- a/src/pkcs15init/starcos.profile
+++ b/src/pkcs15init/starcos.profile
@ -122,6 +122,15 @@ filesystem {
 					READ=NONE,
 					UPDATE=$PIN,
 					ERASE=$PIN;
+		}
+	        # private data objects are stored in transparent EFs.
+                EF privdata {
+    	            file-id	= 3401;
+    	            structure	= transparent;
+    	            ACL		= *=NEVER,
+					READ=$PIN,
+					UPDATE=$PIN,
+					ERASE=$PIN;
                }

 	    }