pkcs15-init tool: don't ask for PUK value when creating PIN with 'unblock-disabled' in flags
- prepare pkcs15-init tool for creating a pkcs15 PinObject for PUK. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3948 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
42ad65e8d2
commit
8aa2128423
|
@ -219,6 +219,9 @@ struct sc_pkcs15init_pinargs {
|
||||||
const char * label;
|
const char * label;
|
||||||
const u8 * pin;
|
const u8 * pin;
|
||||||
size_t pin_len;
|
size_t pin_len;
|
||||||
|
|
||||||
|
struct sc_pkcs15_id puk_id;
|
||||||
|
const char * puk_label;
|
||||||
const u8 * puk;
|
const u8 * puk;
|
||||||
size_t puk_len;
|
size_t puk_len;
|
||||||
};
|
};
|
||||||
|
|
|
@ -139,6 +139,8 @@ enum {
|
||||||
OPT_CERT_LABEL,
|
OPT_CERT_LABEL,
|
||||||
OPT_APPLICATION_NAME,
|
OPT_APPLICATION_NAME,
|
||||||
OPT_APPLICATION_ID,
|
OPT_APPLICATION_ID,
|
||||||
|
OPT_PUK_ID,
|
||||||
|
OPT_PUK_LABEL,
|
||||||
|
|
||||||
OPT_PIN1 = 0x10000, /* don't touch these values */
|
OPT_PIN1 = 0x10000, /* don't touch these values */
|
||||||
OPT_PUK1 = 0x10001,
|
OPT_PUK1 = 0x10001,
|
||||||
|
@ -170,8 +172,10 @@ const struct option options[] = {
|
||||||
{ "no-so-pin", no_argument, NULL, OPT_NO_SOPIN },
|
{ "no-so-pin", no_argument, NULL, OPT_NO_SOPIN },
|
||||||
{ "serial", required_argument, NULL, OPT_SERIAL },
|
{ "serial", required_argument, NULL, OPT_SERIAL },
|
||||||
{ "auth-id", required_argument, NULL, 'a' },
|
{ "auth-id", required_argument, NULL, 'a' },
|
||||||
|
{ "puk-id", required_argument, NULL, OPT_PUK_ID },
|
||||||
{ "id", required_argument, NULL, 'i' },
|
{ "id", required_argument, NULL, 'i' },
|
||||||
{ "label", required_argument, NULL, 'l' },
|
{ "label", required_argument, NULL, 'l' },
|
||||||
|
{ "puk-label", required_argument, NULL, OPT_PUK_LABEL },
|
||||||
{ "public-key-label", required_argument, NULL, OPT_PUBKEY_LABEL },
|
{ "public-key-label", required_argument, NULL, OPT_PUBKEY_LABEL },
|
||||||
{ "cert-label", required_argument, NULL, OPT_CERT_LABEL },
|
{ "cert-label", required_argument, NULL, OPT_CERT_LABEL },
|
||||||
{ "application-name", required_argument, NULL, OPT_APPLICATION_NAME },
|
{ "application-name", required_argument, NULL, OPT_APPLICATION_NAME },
|
||||||
|
@ -182,7 +186,7 @@ const struct option options[] = {
|
||||||
{ "authority", no_argument, NULL, OPT_AUTHORITY },
|
{ "authority", no_argument, NULL, OPT_AUTHORITY },
|
||||||
{ "key-usage", required_argument, NULL, 'u' },
|
{ "key-usage", required_argument, NULL, 'u' },
|
||||||
{ "split-key", no_argument, NULL, OPT_SPLIT_KEY },
|
{ "split-key", no_argument, NULL, OPT_SPLIT_KEY },
|
||||||
{ "finalize", no_argument, NULL, 'F' },
|
{ "finalize", no_argument, NULL, 'F' },
|
||||||
|
|
||||||
{ "extractable", no_argument, NULL, OPT_EXTRACTABLE },
|
{ "extractable", no_argument, NULL, OPT_EXTRACTABLE },
|
||||||
{ "insecure", no_argument, NULL, OPT_UNPROTECTED },
|
{ "insecure", no_argument, NULL, OPT_UNPROTECTED },
|
||||||
|
@ -224,8 +228,10 @@ static const char * option_help[] = {
|
||||||
"Do not install a SO PIN, and dont prompt for it",
|
"Do not install a SO PIN, and dont prompt for it",
|
||||||
"Specify the serial number of the card",
|
"Specify the serial number of the card",
|
||||||
"Specify ID of PIN to use/create",
|
"Specify ID of PIN to use/create",
|
||||||
|
"Specify ID of PUK to use/create",
|
||||||
"Specify ID of key/certificate",
|
"Specify ID of key/certificate",
|
||||||
"Specify label of PIN/key",
|
"Specify label of PIN/key",
|
||||||
|
"Specify label of PUK",
|
||||||
"Specify public key label (use with --generate-key)",
|
"Specify public key label (use with --generate-key)",
|
||||||
"Specify user cert label (use with --store-private-key)",
|
"Specify user cert label (use with --store-private-key)",
|
||||||
"Specify application name of data object (use with --store-data-object)",
|
"Specify application name of data object (use with --store-data-object)",
|
||||||
|
@ -328,6 +334,7 @@ static char * opt_format = NULL;
|
||||||
static char * opt_authid = NULL;
|
static char * opt_authid = NULL;
|
||||||
static char * opt_objectid = NULL;
|
static char * opt_objectid = NULL;
|
||||||
static char * opt_label = NULL;
|
static char * opt_label = NULL;
|
||||||
|
static char * opt_puk_label = NULL;
|
||||||
static char * opt_pubkey_label = NULL;
|
static char * opt_pubkey_label = NULL;
|
||||||
static char * opt_cert_label = NULL;
|
static char * opt_cert_label = NULL;
|
||||||
static char * opt_pins[4];
|
static char * opt_pins[4];
|
||||||
|
@ -337,6 +344,7 @@ static char * opt_newkey = NULL;
|
||||||
static char * opt_outkey = NULL;
|
static char * opt_outkey = NULL;
|
||||||
static char * opt_application_id = NULL;
|
static char * opt_application_id = NULL;
|
||||||
static char * opt_application_name = NULL;
|
static char * opt_application_name = NULL;
|
||||||
|
static char * opt_puk_authid = NULL;
|
||||||
static unsigned int opt_x509_usage = 0;
|
static unsigned int opt_x509_usage = 0;
|
||||||
static unsigned int opt_delete_flags = 0;
|
static unsigned int opt_delete_flags = 0;
|
||||||
static unsigned int opt_type = 0;
|
static unsigned int opt_type = 0;
|
||||||
|
@ -596,7 +604,7 @@ do_init_app(struct sc_profile *profile)
|
||||||
sc_pkcs15_pin_info_t info;
|
sc_pkcs15_pin_info_t info;
|
||||||
sc_ui_hints_t hints;
|
sc_ui_hints_t hints;
|
||||||
const char *role = "so";
|
const char *role = "so";
|
||||||
int r;
|
int r, so_puk_disabled = 0;
|
||||||
|
|
||||||
memset(&hints, 0, sizeof(hints));
|
memset(&hints, 0, sizeof(hints));
|
||||||
hints.usage = SC_UI_USAGE_NEW_PIN;
|
hints.usage = SC_UI_USAGE_NEW_PIN;
|
||||||
|
@ -616,25 +624,28 @@ do_init_app(struct sc_profile *profile)
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(&args, 0, sizeof(args));
|
memset(&args, 0, sizeof(args));
|
||||||
|
|
||||||
|
sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_SO_PIN, &info);
|
||||||
|
|
||||||
|
if (!(info.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
||||||
|
role = "user";
|
||||||
|
else
|
||||||
|
hints.flags |= SC_UI_PIN_OPTIONAL; /* SO PIN is always optional */
|
||||||
|
|
||||||
|
|
||||||
|
if ((info.flags & SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED)
|
||||||
|
&& (info.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
||||||
|
so_puk_disabled = 1;
|
||||||
|
|
||||||
|
|
||||||
if (!opt_pins[2] && !opt_no_prompt && !opt_no_sopin) {
|
if (!opt_pins[2] && !opt_no_prompt && !opt_no_sopin) {
|
||||||
sc_pkcs15init_get_pin_info(profile,
|
|
||||||
SC_PKCS15INIT_SO_PIN, &info);
|
|
||||||
|
|
||||||
if (!(info.flags & SC_PKCS15_PIN_FLAG_SO_PIN)) {
|
|
||||||
role = "user";
|
|
||||||
} else {
|
|
||||||
/* SO pin is always optional */
|
|
||||||
hints.flags |= SC_UI_PIN_OPTIONAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
r = get_new_pin(&hints, role, "pin", &opt_pins[2]);
|
r = get_new_pin(&hints, role, "pin", &opt_pins[2]);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (opt_pins[2] && !opt_pins[3] && !opt_no_prompt) {
|
if (!so_puk_disabled && opt_pins[2] && !opt_pins[3] && !opt_no_prompt) {
|
||||||
sc_pkcs15init_get_pin_info(profile,
|
sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_SO_PUK, &info);
|
||||||
SC_PKCS15INIT_SO_PUK, &info);
|
|
||||||
|
|
||||||
if (!(info.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
if (!(info.flags & SC_PKCS15_PIN_FLAG_SO_PIN))
|
||||||
role = "user";
|
role = "user";
|
||||||
|
@ -644,12 +655,17 @@ do_init_app(struct sc_profile *profile)
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
}
|
||||||
|
|
||||||
args.so_pin = (const u8 *) opt_pins[2];
|
args.so_pin = (const u8 *) opt_pins[2];
|
||||||
if (args.so_pin)
|
if (args.so_pin)
|
||||||
args.so_pin_len = strlen((const char *) args.so_pin);
|
args.so_pin_len = strlen((const char *) args.so_pin);
|
||||||
args.so_puk = (const u8 *) opt_pins[3];
|
|
||||||
if (args.so_puk)
|
if (!so_puk_disabled) {
|
||||||
args.so_puk_len = strlen((const char *) args.so_puk);
|
args.so_puk = (const u8 *) opt_pins[3];
|
||||||
|
if (args.so_puk)
|
||||||
|
args.so_puk_len = strlen((const char *) args.so_puk);
|
||||||
|
}
|
||||||
|
|
||||||
args.serial = (const char *) opt_serial;
|
args.serial = (const char *) opt_serial;
|
||||||
args.label = opt_label;
|
args.label = opt_label;
|
||||||
|
|
||||||
|
@ -687,33 +703,37 @@ do_store_pin(struct sc_profile *profile)
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (opt_pins[0] == NULL) {
|
sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &info);
|
||||||
sc_pkcs15init_get_pin_info(profile,
|
if (opt_pins[0] == NULL)
|
||||||
SC_PKCS15INIT_USER_PIN, &info);
|
|
||||||
|
|
||||||
if ((r = get_new_pin(&hints, "user", "pin", &opt_pins[0])) < 0)
|
if ((r = get_new_pin(&hints, "user", "pin", &opt_pins[0])) < 0)
|
||||||
goto failed;
|
goto failed;
|
||||||
}
|
|
||||||
if (*opt_pins[0] == '\0') {
|
if (*opt_pins[0] == '\0') {
|
||||||
util_error("You must specify a PIN\n");
|
util_error("You must specify a PIN\n");
|
||||||
return SC_ERROR_INVALID_ARGUMENTS;
|
return SC_ERROR_INVALID_ARGUMENTS;
|
||||||
}
|
}
|
||||||
if (opt_pins[1] == NULL) {
|
|
||||||
sc_pkcs15init_get_pin_info(profile,
|
|
||||||
SC_PKCS15INIT_USER_PUK, &info);
|
|
||||||
|
|
||||||
hints.flags |= SC_UI_PIN_OPTIONAL;
|
|
||||||
if ((r = get_new_pin(&hints, "user", "puk", &opt_pins[1])) < 0)
|
|
||||||
goto failed;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(&args, 0, sizeof(args));
|
memset(&args, 0, sizeof(args));
|
||||||
sc_pkcs15_format_id(pin_id, &args.auth_id);
|
sc_pkcs15_format_id(pin_id, &args.auth_id);
|
||||||
args.pin = (u8 *) opt_pins[0];
|
args.pin = (u8 *) opt_pins[0];
|
||||||
args.pin_len = strlen(opt_pins[0]);
|
args.pin_len = strlen(opt_pins[0]);
|
||||||
|
args.label = opt_label;
|
||||||
|
|
||||||
|
if (!(info.flags & SC_PKCS15_PIN_FLAG_UNBLOCK_DISABLED)
|
||||||
|
&& opt_pins[1] == NULL) {
|
||||||
|
sc_pkcs15init_get_pin_info(profile, SC_PKCS15INIT_USER_PUK, &info);
|
||||||
|
|
||||||
|
hints.flags |= SC_UI_PIN_OPTIONAL;
|
||||||
|
if ((r = get_new_pin(&hints, "user", "puk", &opt_pins[1])) < 0)
|
||||||
|
goto failed;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if (opt_puk_authid && opt_pins[1])
|
||||||
|
sc_pkcs15_format_id(opt_puk_authid, &args.puk_id);
|
||||||
|
args.puk_label = opt_puk_label;
|
||||||
args.puk = (u8 *) opt_pins[1];
|
args.puk = (u8 *) opt_pins[1];
|
||||||
args.puk_len = opt_pins[1]? strlen(opt_pins[1]) : 0;
|
args.puk_len = opt_pins[1]? strlen(opt_pins[1]) : 0;
|
||||||
args.label = opt_label;
|
|
||||||
|
|
||||||
return sc_pkcs15init_store_pin(p15card, profile, &args);
|
return sc_pkcs15init_store_pin(p15card, profile, &args);
|
||||||
|
|
||||||
|
@ -2567,6 +2587,12 @@ handle_option(const struct option *opt)
|
||||||
case OPT_APPLICATION_ID:
|
case OPT_APPLICATION_ID:
|
||||||
opt_application_id = optarg;
|
opt_application_id = optarg;
|
||||||
break;
|
break;
|
||||||
|
case OPT_PUK_ID:
|
||||||
|
opt_puk_authid = optarg;
|
||||||
|
break;
|
||||||
|
case OPT_PUK_LABEL:
|
||||||
|
opt_puk_label = optarg;
|
||||||
|
break;
|
||||||
case 'T':
|
case 'T':
|
||||||
opt_use_defkeys = 1;
|
opt_use_defkeys = 1;
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in New Issue