Douglas E. Engert:
The pkcs15-gemsafeV1.c code assumes that the key_ref is always 3. But that is not always the case. In our case it is 4. The patch tries to determine the key_ref by looking at what appears to be a table of allocated keys, and picking the first allocated key. In case this is not always true, the patch will also allow for the the opensc.conf card flag = n to specify the key_ref as the low order 4 bits of the flag. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3557 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
27d00f9265
commit
9468d989cf
|
@ -114,10 +114,12 @@ const prdata gemsafe_prkeys[] = {
|
||||||
{ NULL, NULL, 0, 0, NULL, 0, NULL, 0}
|
{ NULL, NULL, 0, 0, NULL, 0, NULL, 0}
|
||||||
};
|
};
|
||||||
|
|
||||||
static int gemsafe_get_cert_len(sc_card_t *card, sc_path_t *path)
|
static int gemsafe_get_cert_len(sc_card_t *card, sc_path_t *path,
|
||||||
|
int *key_ref)
|
||||||
{
|
{
|
||||||
const char *fn_name = "gemsafe_get_cert_len";
|
const char *fn_name = "gemsafe_get_cert_len";
|
||||||
int r;
|
int r;
|
||||||
|
int ind;
|
||||||
u8 ibuf[248];
|
u8 ibuf[248];
|
||||||
struct sc_file *file;
|
struct sc_file *file;
|
||||||
size_t objlen, certlen;
|
size_t objlen, certlen;
|
||||||
|
@ -146,6 +148,26 @@ static int gemsafe_get_cert_len(sc_card_t *card, sc_path_t *path)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We need to find the private key associated with the cert
|
||||||
|
* It looks like the first thing in the block is a table of
|
||||||
|
* which keys are allocated.
|
||||||
|
* We will look for the first allocated key, and save the
|
||||||
|
* key_ref. The table is small and is in the first 248 bytes.
|
||||||
|
* If for some reason this is not true, we can still override
|
||||||
|
* the key_ref in the opensc.conf with flag = n.
|
||||||
|
*/
|
||||||
|
ind = 2; /* skip length */
|
||||||
|
while (ibuf[ind] == 0x01) {
|
||||||
|
if (ibuf[ind+1] == 0xFE) {
|
||||||
|
*key_ref = ibuf[ind+4];
|
||||||
|
sc_debug(card->ctx, "Using key_ref %d found at offset %d\n",
|
||||||
|
*key_ref, ind);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
ind = ind + 8;
|
||||||
|
}
|
||||||
|
|
||||||
/* Using (block+1) in while loop avoids using final cert object data block */
|
/* Using (block+1) in while loop avoids using final cert object data block */
|
||||||
while (!found && ( (block+1) * 248 < objlen) ) {
|
while (!found && ( (block+1) * 248 < objlen) ) {
|
||||||
/* Check current buffer */
|
/* Check current buffer */
|
||||||
|
@ -193,6 +215,7 @@ static int sc_pkcs15emu_gemsafeV1_init( sc_pkcs15_card_t *p15card)
|
||||||
const char *fn_name = "sc_pkcs15emu_gemsafe_init";
|
const char *fn_name = "sc_pkcs15emu_gemsafe_init";
|
||||||
|
|
||||||
int r, i;
|
int r, i;
|
||||||
|
int key_ref = 0x03;
|
||||||
struct sc_path path;
|
struct sc_path path;
|
||||||
struct sc_file *file = NULL;
|
struct sc_file *file = NULL;
|
||||||
struct sc_card *card = p15card->card;
|
struct sc_card *card = p15card->card;
|
||||||
|
@ -252,7 +275,7 @@ static int sc_pkcs15emu_gemsafeV1_init( sc_pkcs15_card_t *p15card)
|
||||||
struct sc_pkcs15_id p15Id;
|
struct sc_pkcs15_id p15Id;
|
||||||
|
|
||||||
sc_format_path(gemsafe_cert[i].path, &path);
|
sc_format_path(gemsafe_cert[i].path, &path);
|
||||||
if (!gemsafe_get_cert_len(card, &path))
|
if (!gemsafe_get_cert_len(card, &path, &key_ref))
|
||||||
/* skip errors */
|
/* skip errors */
|
||||||
continue;
|
continue;
|
||||||
sc_pkcs15_format_id(gemsafe_cert[i].id, &p15Id);
|
sc_pkcs15_format_id(gemsafe_cert[i].id, &p15Id);
|
||||||
|
@ -284,10 +307,20 @@ static int sc_pkcs15emu_gemsafeV1_init( sc_pkcs15_card_t *p15card)
|
||||||
pauthId = &authId;
|
pauthId = &authId;
|
||||||
} else
|
} else
|
||||||
pauthId = NULL;
|
pauthId = NULL;
|
||||||
|
/*
|
||||||
|
* the key ref may be different for different sites
|
||||||
|
* by adding flags=n where the low order 4 bits can be
|
||||||
|
* the key ref we can force it.
|
||||||
|
*/
|
||||||
|
if ( p15card->card->flags & 0x0F) {
|
||||||
|
key_ref = p15card->card->flags & 0x0F;
|
||||||
|
sc_debug(p15card->card->ctx,
|
||||||
|
"Overriding key_ref with %d\n", key_ref);
|
||||||
|
}
|
||||||
sc_pkcs15emu_add_prkey(p15card, &p15Id, gemsafe_prkeys[i].label,
|
sc_pkcs15emu_add_prkey(p15card, &p15Id, gemsafe_prkeys[i].label,
|
||||||
SC_PKCS15_TYPE_PRKEY_RSA,
|
SC_PKCS15_TYPE_PRKEY_RSA,
|
||||||
gemsafe_prkeys[i].modulus_len, gemsafe_prkeys[i].usage,
|
gemsafe_prkeys[i].modulus_len, gemsafe_prkeys[i].usage,
|
||||||
&path, gemsafe_prkeys[i].ref, pauthId,
|
&path, key_ref, pauthId,
|
||||||
gemsafe_prkeys[i].obj_flags);
|
gemsafe_prkeys[i].obj_flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue