From aa4b089a419807a6517b32457743b9ac19e8312a Mon Sep 17 00:00:00 2001 From: Doug Engert Date: Tue, 22 Dec 2015 09:41:39 -0600 Subject: [PATCH] PIV pubkey auth_id fix pkcs15-piv.c was setting the auth_id of the public keys which would cause some appications to require a login to access a public key. The public keys are obtained from the certificates which do not require the PIN to read. Very early drafts of NIST 800-73 did require the PIN to access the certificates, and the auth_id was removed in the opensc code for certificates many years ago, but not from the public keys. --- src/libopensc/pkcs15-piv.c | 48 +++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/src/libopensc/pkcs15-piv.c b/src/libopensc/pkcs15-piv.c index 549a91b9..8c107f53 100644 --- a/src/libopensc/pkcs15-piv.c +++ b/src/libopensc/pkcs15-piv.c @@ -392,7 +392,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card) SC_PKCS15_PRKEY_USAGE_VERIFY | SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER, /*EC*/SC_PKCS15_PRKEY_USAGE_VERIFY, - "9A06", 0x9A, "1", 0, "PIV_9A_KEY"}, + "9A06", 0x9A, NULL, 0, "PIV_9A_KEY"}, { "2", "SIGN pubkey", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_VERIFY | @@ -400,97 +400,97 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card) SC_PKCS15_PRKEY_USAGE_NONREPUDIATION, /*EC*/SC_PKCS15_PRKEY_USAGE_VERIFY | SC_PKCS15_PRKEY_USAGE_NONREPUDIATION, - "9C06", 0x9C, "1", 0, "PIV_9C_KEY"}, + "9C06", 0x9C, NULL, 0, "PIV_9C_KEY"}, { "3", "KEY MAN pubkey", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT| SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "9D06", 0x9D, "1", 0, "PIV_9D_KEY"}, + "9D06", 0x9D, NULL, 0, "PIV_9D_KEY"}, { "4", "CARD AUTH pubkey", /*RSA*/SC_PKCS15_PRKEY_USAGE_VERIFY | SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER, /*EC*/SC_PKCS15_PRKEY_USAGE_VERIFY, - "9E06", 0x9E, "0", 0, "PIV_9E_KEY"}, /* no pin, and avail in contactless */ + "9E06", 0x9E, NULL, 0, "PIV_9E_KEY"}, /* no pin, and avail in contactless */ { "5", "Retired KEY MAN 1", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8206", 0x82, "1", 0, NULL}, + "8206", 0x82, NULL, 0, NULL}, { "6", "Retired KEY MAN 2", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8306", 0x83, "1", 0, NULL}, + "8306", 0x83, NULL, 0, NULL}, { "7", "Retired KEY MAN 3", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8406", 0x84, "1", 0, NULL}, + "8406", 0x84, NULL, 0, NULL}, { "8", "Retired KEY MAN 4", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8506", 0x85, "1", 0, NULL}, + "8506", 0x85, NULL, 0, NULL}, { "9", "Retired KEY MAN 5", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8606", 0x86, "1", 0, NULL}, + "8606", 0x86, NULL, 0, NULL}, { "10", "Retired KEY MAN 6", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8706", 0x87, "1", 0, NULL}, + "8706", 0x87, NULL, 0, NULL}, { "11", "Retired KEY MAN 7", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8806", 0x88, "1", 0, NULL}, + "8806", 0x88, NULL, 0, NULL}, { "12", "Retired KEY MAN 8", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8906", 0x89, "1", 0, NULL}, + "8906", 0x89, NULL, 0, NULL}, { "13", "Retired KEY MAN 9", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8A06", 0x8A, "1", 0, NULL}, + "8A06", 0x8A, NULL, 0, NULL}, { "14", "Retired KEY MAN 10", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8B06", 0x8B, "1", 0, NULL}, + "8B06", 0x8B, NULL, 0, NULL}, { "15", "Retired KEY MAN 11", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8C06", 0x8C, "1", 0, NULL}, + "8C06", 0x8C, NULL, 0, NULL}, { "16", "Retired KEY MAN 12", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8D06", 0x8D, "1", 0, NULL}, + "8D06", 0x8D, NULL, 0, NULL}, { "17", "Retired KEY MAN 13", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8E06", 0x8E, "1", 0, NULL}, + "8E06", 0x8E, NULL, 0, NULL}, { "18", "Retired KEY MAN 14", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "8F06", 0x8F, "1", 0, NULL}, + "8F06", 0x8F, NULL, 0, NULL}, { "19", "Retired KEY MAN 15", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "9006", 0x90, "1", 0, NULL}, + "9006", 0x90, NULL, 0, NULL}, { "20", "Retired KEY MAN 16", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "9106", 0x91, "1", 0, NULL}, + "9106", 0x91, NULL, 0, NULL}, { "21", "Retired KEY MAN 17", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "9206", 0x92, "1", 0, NULL}, + "9206", 0x92, NULL, 0, NULL}, { "22", "Retired KEY MAN 18", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "9306", 0x93, "1", 0, NULL}, + "9306", 0x93, NULL, 0, NULL}, { "23", "Retired KEY MAN 19", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "9406", 0x94, "1", 0, NULL}, + "9406", 0x94, NULL, 0, NULL}, { "24", "Retired KEY MAN 20", /*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP, /*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE, - "9506", 0x95, "1", 0, NULL} }; + "9506", 0x95, NULL, 0, NULL} }; /* * note some of the SC_PKCS15_PRKEY values are dependent