giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

IAS-ECC: improve PKCS#11 compliance Issue #336 

* Ensure CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE are only set when
  generating the key on board, not reason to set them when importing a private
  key.
This commit is contained in:
Thomas Calderon 2014-12-03 18:05:32 +01:00 committed by Viktor Tarasov
parent 32d8173b4c
commit bbedd4ef00
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/pkcs15init/pkcs15-iasecc.c
View File

@ -889,8 +889,6 @@ iasecc_pkcs15_fix_private_key_attributes(struct sc_profile *profile, struct sc_p
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Unsupported object type");
key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE;
key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE;
key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE;
sc_log(ctx, "SDO(class:%X,ref:%X,usage:%X)",
sdo_prvkey->sdo_class, sdo_prvkey->sdo_ref, sdo_prvkey->usage);
@ -1129,6 +1127,8 @@ iasecc_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15card
LOG_TEST_RET(ctx, rv, "SC_AC_OP_GENERATE authentication failed");
key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_LOCAL;
key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE;
key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE;
rv = sc_card_ctl(card, SC_CARDCTL_IASECC_SDO_GENERATE, sdo_prvkey);
LOG_TEST_RET(ctx, rv, "generate key failed");