cardos: overwrite content of deleted private key
when deleting a private key object, overwrite its contents so the key can no longer be used. (VTA: original commit touched to use LOG macros and add debug logs)
This commit is contained in:
parent
b08671fab5
commit
ced77ae6c7
|
@ -402,6 +402,62 @@ out:
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Object deletion.
|
||||||
|
*/
|
||||||
|
static int
|
||||||
|
cardos_delete_object(sc_profile_t *profile, struct sc_pkcs15_card *p15card,
|
||||||
|
struct sc_pkcs15_object *obj, const struct sc_path *path)
|
||||||
|
{
|
||||||
|
int r, stored_in_ef = 0, algorithm = 0;
|
||||||
|
size_t keybits;
|
||||||
|
sc_file_t *file = NULL;
|
||||||
|
struct sc_pkcs15_prkey_info *key_info;
|
||||||
|
struct sc_pkcs15_prkey_rsa key_obj;
|
||||||
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
|
uint8_t abignum[256];
|
||||||
|
|
||||||
|
LOG_FUNC_CALLED(ctx);
|
||||||
|
/*
|
||||||
|
* If we are deleting a private key, overwrite it so it can't be used.
|
||||||
|
*/
|
||||||
|
if ((obj->type & SC_PKCS15_TYPE_CLASS_MASK) == SC_PKCS15_TYPE_PRKEY) {
|
||||||
|
key_info = obj->data;
|
||||||
|
keybits = key_info->modulus_length & ~7UL;
|
||||||
|
init_key_object(&key_obj, abignum, keybits >> 3);
|
||||||
|
r = cardos_key_algorithm(key_info->usage, keybits, &algorithm);
|
||||||
|
LOG_TEST_RET(ctx, r, "cardos_key_algorithm failed");
|
||||||
|
|
||||||
|
r = sc_select_file(p15card->card, &key_info->path, &file);
|
||||||
|
LOG_TEST_RET(ctx, r, "Failed to store key: cannot select parent DF");
|
||||||
|
|
||||||
|
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_UPDATE);
|
||||||
|
sc_file_free(file);
|
||||||
|
LOG_TEST_RET(ctx, r, "Failed to store key: UPDATE authentication failed");
|
||||||
|
|
||||||
|
r = cardos_put_key(profile, p15card, algorithm, key_info, &key_obj);
|
||||||
|
LOG_TEST_RET(ctx, r, "cardos_put_key failed");
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Delete object from the PKCS15 file system. */
|
||||||
|
if (path->len || path->aid.len) {
|
||||||
|
r = sc_select_file(p15card->card, path, &file);
|
||||||
|
if (r != SC_ERROR_FILE_NOT_FOUND)
|
||||||
|
LOG_TEST_RET(ctx, r, "select object path failed");
|
||||||
|
|
||||||
|
stored_in_ef = (file->type != SC_FILE_TYPE_DF);
|
||||||
|
sc_file_free(file);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* If the object is stored in a normal EF, try to delete the EF. */
|
||||||
|
if (r == SC_SUCCESS && stored_in_ef) {
|
||||||
|
r = sc_pkcs15init_delete_by_path(profile, p15card, path);
|
||||||
|
LOG_TEST_RET(ctx, r, "Failed to delete object by path");
|
||||||
|
}
|
||||||
|
|
||||||
|
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Store a PIN or PUK
|
* Store a PIN or PUK
|
||||||
*/
|
*/
|
||||||
|
@ -851,7 +907,7 @@ static struct sc_pkcs15init_operations sc_pkcs15init_cardos_operations = {
|
||||||
cardos_generate_key,
|
cardos_generate_key,
|
||||||
NULL, NULL, /* encode private/public key */
|
NULL, NULL, /* encode private/public key */
|
||||||
NULL, /* finalize_card */
|
NULL, /* finalize_card */
|
||||||
NULL, /* delete_object */
|
cardos_delete_object,
|
||||||
NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */
|
NULL, NULL, NULL, NULL, NULL, /* pkcs15init emulation */
|
||||||
NULL /* sanity_check */
|
NULL /* sanity_check */
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue