libopensc: new operations for access control
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3939 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
4662812e93
commit
986309db79
|
@ -431,15 +431,24 @@ auth_process_fci(struct sc_card *card, struct sc_file *file,
|
|||
switch (file->ef_structure) {
|
||||
case SC_CARDCTL_OBERTHUR_KEY_DES:
|
||||
add_acl_entry(card, file, SC_AC_OP_UPDATE, attr[0]);
|
||||
add_acl_entry(card, file, SC_AC_OP_READ, attr[1]);
|
||||
add_acl_entry(card, file, SC_AC_OP_PSO_DECRYPT, attr[1]);
|
||||
add_acl_entry(card, file, SC_AC_OP_PSO_ENCRYPT, attr[2]);
|
||||
add_acl_entry(card, file, SC_AC_OP_PSO_COMPUTE_CHECKSUM, attr[3]);
|
||||
add_acl_entry(card, file, SC_AC_OP_PSO_VERIFY_CHECKSUM, attr[4]);
|
||||
add_acl_entry(card, file, SC_AC_OP_INTERNAL_AUTHENTICATE, attr[5]);
|
||||
add_acl_entry(card, file, SC_AC_OP_EXTERNAL_AUTHENTICATE, attr[6]);
|
||||
break;
|
||||
case SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC:
|
||||
add_acl_entry(card, file, SC_AC_OP_UPDATE, attr[0]);
|
||||
add_acl_entry(card, file, SC_AC_OP_READ, attr[2]);
|
||||
add_acl_entry(card, file, SC_AC_OP_PSO_ENCRYPT, attr[2]);
|
||||
add_acl_entry(card, file, SC_AC_OP_PSO_VERIFY_SIGNATURE, attr[4]);
|
||||
add_acl_entry(card, file, SC_AC_OP_EXTERNAL_AUTHENTICATE, attr[6]);
|
||||
break;
|
||||
case SC_CARDCTL_OBERTHUR_KEY_RSA_CRT:
|
||||
add_acl_entry(card, file, SC_AC_OP_UPDATE, attr[0]);
|
||||
add_acl_entry(card, file, SC_AC_OP_READ, attr[1]);
|
||||
add_acl_entry(card, file, SC_AC_OP_PSO_DECRYPT, attr[1]);
|
||||
add_acl_entry(card, file, SC_AC_OP_PSO_COMPUTE_SIGNATURE, attr[3]);
|
||||
add_acl_entry(card, file, SC_AC_OP_INTERNAL_AUTHENTICATE, attr[5]);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -705,7 +714,7 @@ static int
|
|||
acl_to_ac_byte(struct sc_card *card, const struct sc_acl_entry *e)
|
||||
{
|
||||
if (e == NULL)
|
||||
return -1;
|
||||
return SC_ERROR_OBJECT_NOT_FOUND;
|
||||
|
||||
switch (e->method) {
|
||||
case SC_AC_NONE:
|
||||
|
@ -874,25 +883,29 @@ encode_file_structure_V5(struct sc_card *card, const struct sc_file *file,
|
|||
if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_DES) {
|
||||
sc_debug(card->ctx, "EF_DES\n");
|
||||
ops[0] = SC_AC_OP_UPDATE;
|
||||
ops[1] = SC_AC_OP_CRYPTO; /* SC_AC_OP_DECRYPT */
|
||||
ops[2] = SC_AC_OP_CRYPTO; /* SC_AC_OP_ENCRYPT */
|
||||
ops[3] = SC_AC_OP_CRYPTO; /* SC_AC_OP_CHECKSUM */
|
||||
ops[4] = SC_AC_OP_CRYPTO; /* SC_AC_OP_CHECKSUM */
|
||||
ops[1] = SC_AC_OP_PSO_DECRYPT;
|
||||
ops[2] = SC_AC_OP_PSO_ENCRYPT;
|
||||
ops[3] = SC_AC_OP_PSO_COMPUTE_CHECKSUM;
|
||||
ops[4] = SC_AC_OP_PSO_VERIFY_CHECKSUM;
|
||||
ops[5] = SC_AC_OP_INTERNAL_AUTHENTICATE;
|
||||
ops[6] = SC_AC_OP_EXTERNAL_AUTHENTICATE;
|
||||
}
|
||||
else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_PUBLIC) {
|
||||
sc_debug(card->ctx, "EF_RSA_PUBLIC\n");
|
||||
ops[0] = SC_AC_OP_UPDATE;
|
||||
ops[2] = SC_AC_OP_CRYPTO; /* SC_AC_OP_ENCRYPT */
|
||||
ops[4] = SC_AC_OP_CRYPTO; /* SC_AC_OP_SIGN */
|
||||
ops[2] = SC_AC_OP_PSO_ENCRYPT;
|
||||
ops[4] = SC_AC_OP_PSO_VERIFY_SIGNATURE;
|
||||
ops[6] = SC_AC_OP_EXTERNAL_AUTHENTICATE;
|
||||
}
|
||||
else if (file->ef_structure == SC_CARDCTL_OBERTHUR_KEY_RSA_CRT) {
|
||||
sc_debug(card->ctx, "EF_RSA_PRIVATE\n");
|
||||
ops[0] = SC_AC_OP_UPDATE;
|
||||
ops[1] = SC_AC_OP_CRYPTO; /* SC_AC_OP_ENCRYPT */
|
||||
ops[3] = SC_AC_OP_CRYPTO; /* SC_AC_OP_SIGN */
|
||||
ops[1] = SC_AC_OP_PSO_DECRYPT;
|
||||
ops[3] = SC_AC_OP_PSO_COMPUTE_SIGNATURE;
|
||||
ops[5] = SC_AC_OP_INTERNAL_AUTHENTICATE;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
for (ii = 0; ii < sizeof(ops); ii++) {
|
||||
const struct sc_acl_entry *entry;
|
||||
|
||||
|
|
|
@ -90,7 +90,7 @@ extern "C" {
|
|||
#define SC_AC_UNKNOWN 0xFFFFFFFE
|
||||
#define SC_AC_NEVER 0xFFFFFFFF
|
||||
|
||||
/* Operations relating to access control (in case of DF) */
|
||||
/* Operations relating to access control */
|
||||
#define SC_AC_OP_SELECT 0
|
||||
#define SC_AC_OP_LOCK 1
|
||||
#define SC_AC_OP_DELETE 2
|
||||
|
@ -100,23 +100,29 @@ extern "C" {
|
|||
#define SC_AC_OP_LIST_FILES 6
|
||||
#define SC_AC_OP_CRYPTO 7
|
||||
#define SC_AC_OP_DELETE_SELF 8
|
||||
#define SC_AC_OP_PSO_DECRYPT 9
|
||||
#define SC_AC_OP_PSO_ENCRYPT 10
|
||||
#define SC_AC_OP_PSO_COMPUTE_SIGNATURE 11
|
||||
#define SC_AC_OP_PSO_VERIFY_SIGNATURE 12
|
||||
#define SC_AC_OP_PSO_COMPUTE_CHECKSUM 13
|
||||
#define SC_AC_OP_PSO_VERIFY_CHECKSUM 14
|
||||
#define SC_AC_OP_INTERNAL_AUTHENTICATE 15
|
||||
#define SC_AC_OP_EXTERNAL_AUTHENTICATE 16
|
||||
#define SC_AC_OP_PIN_DEFINE 17
|
||||
#define SC_AC_OP_PIN_CHANGE 18
|
||||
#define SC_AC_OP_PIN_RESET 19
|
||||
|
||||
/* If you add more OPs here, make sure you increase
|
||||
* SC_MAX_AC_OPS in types.h */
|
||||
|
||||
/* Operations relating to access control (in case of EF) */
|
||||
/* In case of EF re-use the OPs related to DF */
|
||||
#define SC_AC_OP_READ 0
|
||||
#define SC_AC_OP_UPDATE 1
|
||||
#define SC_AC_OP_WRITE 3
|
||||
|
||||
/* the use of SC_AC_OP_ERASE is deprecated, SC_AC_OP_DELETE should be used
|
||||
* instead */
|
||||
#define SC_AC_OP_ERASE SC_AC_OP_DELETE
|
||||
#define SC_AC_OP_WRITE 3
|
||||
/* rehab and invalidate are the same as in DF case */
|
||||
|
||||
/* Special 'Oberthur IdOne AuthentIC's case:
|
||||
* re-use the existing DF ACLs that are not relevant to this card. */
|
||||
#define SC_AC_OP_PIN_DEFINE SC_AC_OP_LOCK
|
||||
#define SC_AC_OP_PIN_CHANGE SC_AC_OP_REHABILITATE
|
||||
#define SC_AC_OP_PIN_RESET SC_AC_OP_DELETE_SELF
|
||||
|
||||
/* various maximum values */
|
||||
#define SC_MAX_READER_DRIVERS 6
|
||||
|
|
|
@ -66,7 +66,7 @@ typedef struct sc_acl_entry {
|
|||
struct sc_acl_entry *next;
|
||||
} sc_acl_entry_t;
|
||||
|
||||
#define SC_MAX_AC_OPS 9
|
||||
#define SC_MAX_AC_OPS 20
|
||||
|
||||
typedef struct sc_file {
|
||||
struct sc_path path;
|
||||
|
|
Loading…
Reference in New Issue