PIV pubkey auth_id fix
pkcs15-piv.c was setting the auth_id of the public keys which would cause some appications to require a login to access a public key. The public keys are obtained from the certificates which do not require the PIN to read. Very early drafts of NIST 800-73 did require the PIN to access the certificates, and the auth_id was removed in the opensc code for certificates many years ago, but not from the public keys.
This commit is contained in:
parent
9cc7da4c80
commit
aa4b089a41
|
@ -392,7 +392,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
|||
SC_PKCS15_PRKEY_USAGE_VERIFY |
|
||||
SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_VERIFY,
|
||||
"9A06", 0x9A, "1", 0, "PIV_9A_KEY"},
|
||||
"9A06", 0x9A, NULL, 0, "PIV_9A_KEY"},
|
||||
{ "2", "SIGN pubkey",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT |
|
||||
SC_PKCS15_PRKEY_USAGE_VERIFY |
|
||||
|
@ -400,97 +400,97 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
|
|||
SC_PKCS15_PRKEY_USAGE_NONREPUDIATION,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_VERIFY |
|
||||
SC_PKCS15_PRKEY_USAGE_NONREPUDIATION,
|
||||
"9C06", 0x9C, "1", 0, "PIV_9C_KEY"},
|
||||
"9C06", 0x9C, NULL, 0, "PIV_9C_KEY"},
|
||||
{ "3", "KEY MAN pubkey",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT| SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"9D06", 0x9D, "1", 0, "PIV_9D_KEY"},
|
||||
"9D06", 0x9D, NULL, 0, "PIV_9D_KEY"},
|
||||
{ "4", "CARD AUTH pubkey",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_VERIFY |
|
||||
SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_VERIFY,
|
||||
"9E06", 0x9E, "0", 0, "PIV_9E_KEY"}, /* no pin, and avail in contactless */
|
||||
"9E06", 0x9E, NULL, 0, "PIV_9E_KEY"}, /* no pin, and avail in contactless */
|
||||
|
||||
{ "5", "Retired KEY MAN 1",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8206", 0x82, "1", 0, NULL},
|
||||
"8206", 0x82, NULL, 0, NULL},
|
||||
{ "6", "Retired KEY MAN 2",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8306", 0x83, "1", 0, NULL},
|
||||
"8306", 0x83, NULL, 0, NULL},
|
||||
{ "7", "Retired KEY MAN 3",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8406", 0x84, "1", 0, NULL},
|
||||
"8406", 0x84, NULL, 0, NULL},
|
||||
{ "8", "Retired KEY MAN 4",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8506", 0x85, "1", 0, NULL},
|
||||
"8506", 0x85, NULL, 0, NULL},
|
||||
{ "9", "Retired KEY MAN 5",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8606", 0x86, "1", 0, NULL},
|
||||
"8606", 0x86, NULL, 0, NULL},
|
||||
{ "10", "Retired KEY MAN 6",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8706", 0x87, "1", 0, NULL},
|
||||
"8706", 0x87, NULL, 0, NULL},
|
||||
{ "11", "Retired KEY MAN 7",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8806", 0x88, "1", 0, NULL},
|
||||
"8806", 0x88, NULL, 0, NULL},
|
||||
{ "12", "Retired KEY MAN 8",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8906", 0x89, "1", 0, NULL},
|
||||
"8906", 0x89, NULL, 0, NULL},
|
||||
{ "13", "Retired KEY MAN 9",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8A06", 0x8A, "1", 0, NULL},
|
||||
"8A06", 0x8A, NULL, 0, NULL},
|
||||
{ "14", "Retired KEY MAN 10",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8B06", 0x8B, "1", 0, NULL},
|
||||
"8B06", 0x8B, NULL, 0, NULL},
|
||||
{ "15", "Retired KEY MAN 11",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8C06", 0x8C, "1", 0, NULL},
|
||||
"8C06", 0x8C, NULL, 0, NULL},
|
||||
{ "16", "Retired KEY MAN 12",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8D06", 0x8D, "1", 0, NULL},
|
||||
"8D06", 0x8D, NULL, 0, NULL},
|
||||
{ "17", "Retired KEY MAN 13",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8E06", 0x8E, "1", 0, NULL},
|
||||
"8E06", 0x8E, NULL, 0, NULL},
|
||||
{ "18", "Retired KEY MAN 14",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"8F06", 0x8F, "1", 0, NULL},
|
||||
"8F06", 0x8F, NULL, 0, NULL},
|
||||
{ "19", "Retired KEY MAN 15",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"9006", 0x90, "1", 0, NULL},
|
||||
"9006", 0x90, NULL, 0, NULL},
|
||||
{ "20", "Retired KEY MAN 16",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"9106", 0x91, "1", 0, NULL},
|
||||
"9106", 0x91, NULL, 0, NULL},
|
||||
{ "21", "Retired KEY MAN 17",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"9206", 0x92, "1", 0, NULL},
|
||||
"9206", 0x92, NULL, 0, NULL},
|
||||
{ "22", "Retired KEY MAN 18",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"9306", 0x93, "1", 0, NULL},
|
||||
"9306", 0x93, NULL, 0, NULL},
|
||||
{ "23", "Retired KEY MAN 19",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"9406", 0x94, "1", 0, NULL},
|
||||
"9406", 0x94, NULL, 0, NULL},
|
||||
{ "24", "Retired KEY MAN 20",
|
||||
/*RSA*/SC_PKCS15_PRKEY_USAGE_ENCRYPT | SC_PKCS15_PRKEY_USAGE_WRAP,
|
||||
/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
|
||||
"9506", 0x95, "1", 0, NULL} };
|
||||
"9506", 0x95, NULL, 0, NULL} };
|
||||
|
||||
/*
|
||||
* note some of the SC_PKCS15_PRKEY values are dependent
|
||||
|
|
Loading…
Reference in New Issue