Skip authentication if card access control mechanism is not active.
Depending on the "lifecycle" of the file, we may omit the authentication operation. Typically if the card is in initialization or creation state, the access control mechanism is inactive. If authentification can be skiped, the card driver is responsible for setting the "acl_inactive" variable in sc_file structure.
This commit is contained in:
parent
8e614bfe6e
commit
f46b617397
|
@ -43,9 +43,6 @@
|
|||
#define LOAD_KEY_EC_PRIVATE 0x1087
|
||||
#define LOAD_KEY_SYMMETRIC 0x20a0
|
||||
|
||||
#define MYEID_STATE_CREATION 0x01
|
||||
#define MYEID_STATE_ACTIVATED 0x07
|
||||
|
||||
#define MYEID_CARD_NAME_MAX_LEN 100
|
||||
|
||||
/* The following flags define the features supported by the card currently in use.
|
||||
|
@ -475,20 +472,18 @@ static int myeid_process_fci(struct sc_card *card, struct sc_file *file,
|
|||
sc_log(card->ctx, "id (%X) sec_attr (%X %X %X)", file->id,
|
||||
file->sec_attr[0],file->sec_attr[1],file->sec_attr[2]);
|
||||
}
|
||||
tag = sc_asn1_find_tag(NULL, buf, buflen, 0x8A, &taglen);
|
||||
if (tag != NULL && taglen > 0)
|
||||
{
|
||||
if(tag[0] == MYEID_STATE_CREATION) {
|
||||
file->status = SC_FILE_STATUS_CREATION;
|
||||
sc_log(card->ctx, "File id (%X) status SC_FILE_STATUS_CREATION (0x%X)",
|
||||
file->id, tag[0]);
|
||||
}
|
||||
else if(tag[0] == MYEID_STATE_ACTIVATED) {
|
||||
file->status = SC_FILE_STATUS_ACTIVATED;
|
||||
sc_log(card->ctx, "File id (%X) status SC_FILE_STATUS_ACTIVATED (0x%X)",
|
||||
file->id, tag[0]);
|
||||
}
|
||||
priv->card_state = file->status;
|
||||
|
||||
priv->card_state = file->status;
|
||||
switch (file->status) {
|
||||
case SC_FILE_STATUS_CREATION:
|
||||
file->acl_inactive = 1;
|
||||
sc_log(card->ctx, "File id (%X) status SC_FILE_STATUS_CREATION", file->id);
|
||||
break;
|
||||
case SC_FILE_STATUS_ACTIVATED:
|
||||
sc_log(card->ctx, "File id (%X) status SC_FILE_STATUS_ACTIVATED", file->id);
|
||||
break;
|
||||
default:
|
||||
sc_log(card->ctx, "File id (%X) unusual status (0x%X)", file->id, file->status);
|
||||
}
|
||||
|
||||
LOG_FUNC_RETURN(card->ctx, 0);
|
||||
|
|
|
@ -257,6 +257,7 @@ typedef struct sc_file {
|
|||
int id; /* file identifier (2 bytes) */
|
||||
int sid; /* short EF identifier (1 byte) */
|
||||
struct sc_acl_entry *acl[SC_MAX_AC_OPS]; /* Access Control List */
|
||||
int acl_inactive; /* if set, the card access control mechanism is not active */
|
||||
|
||||
size_t record_length; /* max. length in case of record-oriented EF */
|
||||
size_t record_count; /* Valid, if not transparent EF or DF */
|
||||
|
|
|
@ -3851,6 +3851,11 @@ sc_pkcs15init_authenticate(struct sc_profile *profile, struct sc_pkcs15_card *p1
|
|||
assert(file != NULL);
|
||||
sc_log(ctx, "path '%s', op=%u", sc_print_path(&file->path), op);
|
||||
|
||||
if (file->acl_inactive) {
|
||||
sc_log(ctx, "access control mechanism is not active (always allowed)");
|
||||
LOG_FUNC_RETURN(ctx, r);
|
||||
}
|
||||
|
||||
if (p15card->card->caps & SC_CARD_CAP_USE_FCI_AC) {
|
||||
r = sc_select_file(p15card->card, &file->path, &file_tmp);
|
||||
LOG_TEST_RET(ctx, r, "Authentication failed: cannot select file.");
|
||||
|
|
Loading…
Reference in New Issue