* Ensure CKA_ALWAYS_SENSITIVE and CKA_NEVER_EXTRACTABLE are only set when
generating the key on board, not reason to set them when importing a private
key.
add the possibility to store public ECC keys encoded according to SPKI
EC pubkey storing: Check if params are available before copying.
pkcs15-lib.c / sc_pkcs15init_store_public_key may be called with keyargs->key.u.ec.params.value == NULL. In this case, allocating and copying the parameters will fail. Add a check to prevent this.
If a certificate is deleted after the related private key, then the driver
picks the wrong certificate EF, leading to an CKR_GENERAL_ERROR or the wrong
certificate being deleted.
Private key import is not supported by the SmartCard-HSM. However there is no error code
if it is still tried using pkcs15-init or from within Firefox.
card-asepcos: removed dead code
card-authentic: removed dead code
card-belpic: removed dead code
card-epass2003: removed dead code
card-flex: removed dead code
card-gpk: removed dead code
card-oberthur: removed dead code
card-piv: removed dead code
card-setcos: removed dead code
ctbcs: removed dead code
cwa14890: removed dead code
muscle: removed dead code
pkcs15-atrust-acos: removed dead code
pkcs15-gemsafeV1: removed dead code
pkcs15-skey: removed dead code
reader-ctapi: removed dead code
framework-pkcs15: removed dead code
pkcs11-object: removed dead code
pkcs15-asepcos: removed dead code
pkcs15-cardos: removed dead code
pkcs15-jcop: removed dead code
pkcs15-lib: removed dead code
pkcs15-oberthur: removed dead code
parse: removed dead code
sclex: removed dead code
sm-card-authentic: removed dead code
sm-card-iasecc: removed dead code
sm-cwa14890: removed dead code
sm-global-platform: removed dead code
sc-test: removed dead code
pkcs11-tool: removed dead code
pkcs15-tool: removed dead code
pkcs15: in pubkey-info data
* introduced new 'direct' 'raw' and 'spki' members
* removed 'encoded der data' member
* in 'read-public-key' try firstly SPKI direct value
pkcs11:
'direct' data used when getting CKA_VALUE attribute of public key
pkcs15init:
* initialize 'raw' and 'spki' direct public key value
existing 'guid' obejct's data replaced by the one in private-key info
New CMAP record data used by pkcs15init emulator for the cards that have
the MD specific on-card data
The name implies what the format of the returned value, a SPKI.
The support for spki as a pkcs15 format of a pubkey, is extended to
work for any algorithm not just EC pubkeys. PKCS#15 appears to allow this.
sc_pkcs15_decode_pubkey_with_param will look for a SPKI
and attempt to use it for any algorithm, including RSA.
(RSA is the null case, as there are no algorithm parameters.)
sc_pkcs15_encode_pubkey_as_spki is exported from libopensc.
pkcs15-piv.c will use sc_pkcs15_encode_pubkey_as_spki to load public keys
as SPKI for RSA and EC.
The pubkey->data is never a SPKI, it is the DER encoding of the
pubkey without the parameters. If an spki is needed, use the
sc_pkcs15_encode_pubkey_as_spki to get the DER encoding of the spki.
As in the previous set of patches, pkcs15-tool.c will output both
sc_pkcs15_decode_pubkey_with_param and its internal.
This was left for testing, and the pubkey_pem_encode should be deleted
Frank Morgner
Thomas Calderon
Andreas Schwier
Philip Wendland
Henryk Plötz
Viktor Tarasov