Improve PKCS#11 compliance. Issue #335
* Add default behavior for cards using the PKCS#15 emulation layer. Hence, this patch provide a default value for access_flags compatible with current OpenSC's behavior while allowing compatible cards to fetch the real value from the card (IAS-ECC and AuthentIC).
This commit is contained in:
parent
2a966734f4
commit
facaf5969b
@ -235,6 +235,11 @@ static int sc_pkcs15emu_atrust_acos_init(sc_pkcs15_card_t *p15card)
|
||||
sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
|
||||
prkey_info.usage = prkeys[i].usage;
|
||||
prkey_info.native = 1;
|
||||
/* Add default access_flags, see Issues #335 and #336 */
|
||||
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
|
||||
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
|
||||
prkey_info.key_reference = prkeys[i].ref;
|
||||
prkey_info.modulus_length= prkeys[i].modulus_len;
|
||||
sc_format_path(prkeys[i].path, &prkey_info.path);
|
||||
|
@ -238,6 +238,11 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
||||
prkey_info.id.value[0] = prkey_pin[i];
|
||||
prkey_info.usage = prkey_usage[i];
|
||||
prkey_info.native = 1;
|
||||
/* Add default access_flags, see Issues #335 and #336 */
|
||||
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
|
||||
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
|
||||
prkey_info.key_reference = i + 1;
|
||||
if (card->type == SC_CARD_TYPE_MCRD_ESTEID_V30)
|
||||
prkey_info.modulus_length = 2048;
|
||||
|
@ -472,6 +472,11 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
|
||||
sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
|
||||
prkey_info.usage = prkeys[i].usage;
|
||||
prkey_info.native = 1;
|
||||
/* Add default access_flags, see Issues #335 and #336 */
|
||||
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
|
||||
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
|
||||
prkey_info.key_reference = prkeys[i].ref;
|
||||
prkey_info.modulus_length= prkeys[i].modulus_len;
|
||||
sc_format_path(prkeys[i].path, &prkey_info.path);
|
||||
|
@ -271,6 +271,11 @@ sc_pkcs15emu_openpgp_init(sc_pkcs15_card_t *p15card)
|
||||
prkey_info.id.value[0] = i + 1;
|
||||
prkey_info.usage = key_cfg[i].prkey_usage;
|
||||
prkey_info.native = 1;
|
||||
/* Add default access_flags, see Issues #335 and #336 */
|
||||
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
|
||||
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
|
||||
prkey_info.key_reference = i;
|
||||
prkey_info.modulus_length = bebytes2ushort(cxdata + 1);
|
||||
|
||||
|
@ -965,6 +965,11 @@ sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE Adding pin %d label=%s",i, label);
|
||||
|
||||
sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
|
||||
prkey_info.native = 1;
|
||||
/* Add default access_flags, see Issues #335 and #336 */
|
||||
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
|
||||
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
|
||||
prkey_info.key_reference = prkeys[i].ref;
|
||||
sc_format_path(prkeys[i].path, &prkey_info.path);
|
||||
|
||||
|
@ -206,6 +206,11 @@ static int sc_pkcs15emu_pteid_init(sc_pkcs15_card_t * p15card)
|
||||
prkey_info.id.value[0] = pteid_prkey_ids[i];
|
||||
prkey_info.usage = pteid_prkey_usage[i];
|
||||
prkey_info.native = 1;
|
||||
/* Add default access_flags, see Issues #335 and #336 */
|
||||
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
|
||||
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
|
||||
prkey_info.key_reference = pteid_prkey_keyref[type][i];
|
||||
prkey_info.modulus_length = 1024;
|
||||
if (pteid_prkey_paths[type][i] != NULL)
|
||||
|
@ -240,6 +240,11 @@ static int sc_pkcs15emu_starcert_init(sc_pkcs15_card_t *p15card)
|
||||
sc_pkcs15_format_id(prkeys[i].id, &prkey_info.id);
|
||||
prkey_info.usage = prkeys[i].usage;
|
||||
prkey_info.native = 1;
|
||||
/* Add default access_flags, see Issues #335 and #336 */
|
||||
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
|
||||
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
|
||||
prkey_info.key_reference = prkeys[i].ref;
|
||||
prkey_info.modulus_length= prkeys[i].modulus_len;
|
||||
sc_format_path(prkeys[i].path, &prkey_info.path);
|
||||
|
@ -112,6 +112,11 @@ static int insert_key(
|
||||
prkey_info.id.len = 1;
|
||||
prkey_info.id.value[0] = id;
|
||||
prkey_info.native = 1;
|
||||
/* Add default access_flags, see Issues #335 and #336 */
|
||||
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
|
||||
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
|
||||
prkey_info.key_reference = key_reference;
|
||||
prkey_info.modulus_length = key_length;
|
||||
sc_format_path(path, &prkey_info.path);
|
||||
|
@ -216,6 +216,11 @@ static int sc_pkcs15emu_westcos_init(sc_pkcs15_card_t * p15card)
|
||||
SC_PKCS15_PRKEY_USAGE_SIGN | SC_PKCS15_PRKEY_USAGE_DECRYPT
|
||||
| SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
|
||||
prkey_info.native = 1;
|
||||
/* Add default access_flags, see Issues #335 and #336 */
|
||||
prkey_info.access_flags = SC_PKCS15_PRKEY_ACCESS_SENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
|
||||
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
|
||||
| SC_PKCS15_PRKEY_ACCESS_LOCAL;
|
||||
prkey_info.key_reference = 1;
|
||||
prkey_info.modulus_length = modulus_length;
|
||||
prkey_info.path = path;
|
||||
|
Loading…
Reference in New Issue
Block a user