Improve PKCS#11 compliance. Issue #335

* Add default behavior for cards using the PKCS#15 emulation layer.
    Hence, this patch provide a default value for access_flags compatible with
    current OpenSC's behavior while allowing compatible cards to fetch the real
    value from the card (IAS-ECC and AuthentIC).

src/libopensc/pkcs15-atrust-acos.c

@@ -235,6 +235,11 @@ static int sc_pkcs15emu_atrust_acos_init(sc_pkcs15_card_t *p15card)
 		sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
 		prkey_info.usage         = prkeys[i].usage;
 		prkey_info.native        = 1;
+		/* Add default access_flags, see Issues #335 and #336 */
+		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
+						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = prkeys[i].ref;
 		prkey_info.modulus_length= prkeys[i].modulus_len;
 		sc_format_path(prkeys[i].path, &prkey_info.path);

src/libopensc/pkcs15-esteid.c

@@ -238,6 +238,11 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
 		prkey_info.id.value[0] = prkey_pin[i];
 		prkey_info.usage  = prkey_usage[i];
 		prkey_info.native = 1;
+		/* Add default access_flags, see Issues #335 and #336 */
+		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
+						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = i + 1;
 		if (card->type == SC_CARD_TYPE_MCRD_ESTEID_V30)
 			prkey_info.modulus_length = 2048;

src/libopensc/pkcs15-gemsafeGPK.c

@@ -472,6 +472,11 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
 		sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
 		prkey_info.usage         = prkeys[i].usage;
 		prkey_info.native        = 1;
+		/* Add default access_flags, see Issues #335 and #336 */
+		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
+						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = prkeys[i].ref;
 		prkey_info.modulus_length= prkeys[i].modulus_len;
 		sc_format_path(prkeys[i].path, &prkey_info.path);

src/libopensc/pkcs15-openpgp.c

@@ -271,6 +271,11 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
 			prkey_info.id.value[0]    = i + 1;
 			prkey_info.usage          = key_cfg[i].prkey_usage;
 			prkey_info.native         = 1;
+			/* Add default access_flags, see Issues #335 and #336 */
+			prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
+							| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
+							| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
+							| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 			prkey_info.key_reference  = i;
 			prkey_info.modulus_length = bebytes2ushort(cxdata + 1);
 

src/libopensc/pkcs15-piv.c

@@ -965,6 +965,11 @@ sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE Adding pin %d label=%s",i, label);
 		
 		sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
 		prkey_info.native        = 1;
+		/* Add default access_flags, see Issues #335 and #336 */
+		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
+						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = prkeys[i].ref;
 		sc_format_path(prkeys[i].path, &prkey_info.path);
 

src/libopensc/pkcs15-pteid.c

@@ -206,6 +206,11 @@ static int sc_pkcs15emu_pteid_init(sc_pkcs15_card_t * p15card)
 		prkey_info.id.value[0] = pteid_prkey_ids[i];
 		prkey_info.usage = pteid_prkey_usage[i];
 		prkey_info.native = 1;
+		/* Add default access_flags, see Issues #335 and #336 */
+		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
+						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = pteid_prkey_keyref[type][i];
 		prkey_info.modulus_length = 1024;
 		if (pteid_prkey_paths[type][i] != NULL)

src/libopensc/pkcs15-starcert.c

@@ -240,6 +240,11 @@ static int sc_pkcs15emu_starcert_init(sc_pkcs15_card_t *p15card)
 		sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
 		prkey_info.usage         = prkeys[i].usage;
 		prkey_info.native        = 1;
+		/* Add default access_flags, see Issues #335 and #336 */
+		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
+						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = prkeys[i].ref;
 		prkey_info.modulus_length= prkeys[i].modulus_len;
 		sc_format_path(prkeys[i].path, &prkey_info.path);

src/libopensc/pkcs15-tcos.c

@@ -112,6 +112,11 @@ static int insert_key(
 	prkey_info.id.len         = 1;
 	prkey_info.id.value[0]    = id;
 	prkey_info.native         = 1;
+	/* Add default access_flags, see Issues #335 and #336 */
+	prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
+						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 	prkey_info.key_reference  = key_reference;
 	prkey_info.modulus_length = key_length;
 	sc_format_path(path, &prkey_info.path);

src/libopensc/pkcs15-westcos.c

@@ -216,6 +216,11 @@ static int sc_pkcs15emu_westcos_init(sc_pkcs15_card_t * p15card)
 			SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DECRYPT
 			| SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
 		prkey_info.native = 1;
+		/* Add default access_flags, see Issues #335 and #336 */
+		prkey_info.access_flags  = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
+						| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
+						| SC_PKCS15_PRKEY_ACCESS_LOCAL;
 		prkey_info.key_reference = 1;
 		prkey_info.modulus_length = modulus_length;
 		prkey_info.path = path;