giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs15init: 'protect-certificates' profile option not used 

Profile option 'protect-certifcates' was activated by default for all the cards, 
was mentioned and commented out only in 'flex' profile,
and finaly is not working 'by design' of pkcs15-lib.c

So, no need to keep this option, untill the valid arguments to restore it back.
Anyway, the access to certificates is controlled by the file's ACLs defined in profile.


;in profile use the 'define' macros to define the pin encoding type;



git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4050 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
viktor.tarasov 2010-02-20 23:14:45 +00:00
parent 128e066176
commit ef919e94d4
4 changed files with 6 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/pkcs15init/flex.profile
View File

@ -6,16 +6,6 @@ cardinfo {
pin-encoding = ascii-numeric; pin-encoding = ascii-numeric;
pin-pad-char = 0x00; pin-pad-char = 0x00;
pin-domains = yes; pin-domains = yes;
# This profile does not PIN-protect certificates
# stored on the card. If you enable this, you MUST
# adjust the sizes of the pin-domain and key-dir DFs
# accordingly.
#
# Update: everything seems to work fine without this
# option, so it is commented out
#
# protect-certificates = no;
} }
# Define reasonable limits for PINs and PUK # Define reasonable limits for PINs and PUK

16
src/pkcs15init/pkcs15-lib.c
View File

@ -1496,22 +1496,6 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card,
r = select_id(p15card, SC_PKCS15_TYPE_CERT, &args->id); r = select_id(p15card, SC_PKCS15_TYPE_CERT, &args->id);
SC_TEST_RET(ctx, r, "Select certificate ID error"); SC_TEST_RET(ctx, r, "Select certificate ID error");
if (profile->protect_certificates) {
/* If there is a private key corresponding to the ID given
* by the user, make sure $PIN references the pin protecting
* this key
*/
r = -1;
if (args->id.len != 0
&& sc_pkcs15_find_prkey_by_id(p15card, &args->id, &object) == 0) {
r = set_user_pin_from_authid(p15card, profile, &object->auth_id);
SC_TEST_RET(ctx, r, "Failed to assign user pin reference "
"(copied from private key auth_id)");
}
if (r == -1) /* User pin ref not yet set */
set_user_pin_from_authid(p15card, profile, NULL);
}
object = sc_pkcs15init_new_object(SC_PKCS15_TYPE_CERT_X509, label, NULL, NULL); object = sc_pkcs15init_new_object(SC_PKCS15_TYPE_CERT_X509, label, NULL, NULL);
if (object == NULL) if (object == NULL)
SC_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Failed to allocate certificate object"); SC_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Failed to allocate certificate object");

20
src/pkcs15init/profile.c
View File

@ -147,11 +147,11 @@ static struct map pkcs15DfNames[] = {
{ NULL, 0 } { NULL, 0 }
}; };
static struct map pinTypeNames[] = { static struct map pinTypeNames[] = {
{ "BCD", 0 }, { "BCD", SC_PKCS15_PIN_TYPE_BCD },
{ "ascii-numeric", 1 }, { "ascii-numeric", SC_PKCS15_PIN_TYPE_ASCII_NUMERIC },
{ "utf8", 2 }, { "utf8", SC_PKCS15_PIN_TYPE_UTF8 },
{ "half-nibble-bcd", 3 }, { "half-nibble-bcd", SC_PKCS15_PIN_TYPE_HALFNIBBLE_BCD },
{ "iso9564-1", 4 }, { "iso9564-1", SC_PKCS15_PIN_TYPE_ISO9564_1 },
{ NULL, 0 } { NULL, 0 }
}; };
static struct map pinIdNames[] = { static struct map pinIdNames[] = {
@ -274,7 +274,6 @@ sc_profile_new(void)
return NULL; return NULL;
pro->p15_spec = p15card = sc_pkcs15_card_new(); pro->p15_spec = p15card = sc_pkcs15_card_new();
pro->protect_certificates = 1;
pro->pkcs15.do_last_update = 1; pro->pkcs15.do_last_update = 1;
if (p15card) { if (p15card) {
@ -293,7 +292,7 @@ sc_profile_new(void)
/* Assume card does RSA natively, but no DSA */ /* Assume card does RSA natively, but no DSA */
pro->rsa_access_flags = DEF_PRKEY_RSA_ACCESS; pro->rsa_access_flags = DEF_PRKEY_RSA_ACCESS;
pro->dsa_access_flags = DEF_PRKEY_DSA_ACCESS; pro->dsa_access_flags = DEF_PRKEY_DSA_ACCESS;
pro->pin_encoding = 0x01; pro->pin_encoding = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
pro->pin_minlen = 4; pro->pin_minlen = 4;
pro->pin_maxlen = 8; pro->pin_maxlen = 8;
pro->id_style = SC_PKCS15INIT_ID_STYLE_NATIVE; pro->id_style = SC_PKCS15INIT_ID_STYLE_NATIVE;
@ -788,12 +787,6 @@ do_pin_domains(struct state *cur, int argc, char **argv)
return get_bool(cur, argv[0], &cur->profile->pin_domains); return get_bool(cur, argv[0], &cur->profile->pin_domains);
} }
static int
do_protect_certificates(struct state *cur, int argc, char **argv)
{
return get_bool(cur, argv[0], &cur->profile->protect_certificates);
}
static int static int
do_card_label(struct state *cur, int argc, char **argv) do_card_label(struct state *cur, int argc, char **argv)
{ {
@ -1590,7 +1583,6 @@ static struct command ci_commands[] = {
{ "pin-encoding", 1, 1, do_default_pin_type }, { "pin-encoding", 1, 1, do_default_pin_type },
{ "pin-pad-char", 1, 1, do_pin_pad_char }, { "pin-pad-char", 1, 1, do_pin_pad_char },
{ "pin-domains", 1, 1, do_pin_domains }, { "pin-domains", 1, 1, do_pin_domains },
{ "protect-certificates", 1, 1, do_protect_certificates },
{ "label", 1, 1, do_card_label }, { "label", 1, 1, do_card_label },
{ "manufacturer", 1, 1, do_card_manufacturer}, { "manufacturer", 1, 1, do_card_manufacturer},

1
src/pkcs15init/profile.h
View File

@ -104,7 +104,6 @@ struct sc_profile {
unsigned int puk_attempts; unsigned int puk_attempts;
unsigned int rsa_access_flags; unsigned int rsa_access_flags;
unsigned int dsa_access_flags; unsigned int dsa_access_flags;
unsigned int protect_certificates;
struct { struct {
unsigned int direct_certificates; unsigned int direct_certificates;