[pkg-opensc-commit] [opensc] 06/50: iasecc: select parent before fixing ACLs of a new file
Eric Dorland
eric at moszumanska.debian.org
Sat May 28 03:35:46 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository opensc.
commit 07493c11d8612dd2bbeae8de43498a0e1cd37ce6
Author: Viktor Tarasov <viktor.tarasov at gmail.com>
Date: Fri Apr 1 18:08:58 2016 +0200
iasecc: select parent before fixing ACLs of a new file
With MD, after card rebinding, the context to fix ACLs for a
new certificate file can be changed.
---
src/pkcs15init/pkcs15-iasecc.c | 53 ++++++++++++++++++++++++------------------
1 file changed, 31 insertions(+), 22 deletions(-)
diff --git a/src/pkcs15init/pkcs15-iasecc.c b/src/pkcs15init/pkcs15-iasecc.c
index d3082ac..2a7db90 100644
--- a/src/pkcs15init/pkcs15-iasecc.c
+++ b/src/pkcs15init/pkcs15-iasecc.c
@@ -3,7 +3,7 @@
*
* Copyright (C) 2002 Juha Yrjölä <juha.yrjola at iki.fi>
* Copyright (C) 2010 Viktor Tarasov <vtarasov at opentrust.com>
- * OpenTrust <www.opentrust.com>
+ * OpenTrust <www.opentrust.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -671,7 +671,7 @@ iasecc_pkcs15_get_auth_id_from_se(struct sc_pkcs15_card *p15card, unsigned char
struct sc_pkcs15_id *auth_id)
{
struct sc_context *ctx = p15card->card->ctx;
- struct sc_pkcs15_object *pin_objs[32];
+ struct sc_pkcs15_object *pin_objs[32];
int rv, ii, nn_pins, se_ref, pin_ref;
LOG_FUNC_CALLED(ctx);
@@ -683,7 +683,7 @@ iasecc_pkcs15_get_auth_id_from_se(struct sc_pkcs15_card *p15card, unsigned char
if (!(scb & IASECC_SCB_METHOD_USER_AUTH))
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
- rv = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, pin_objs, 32);
+ rv = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_AUTH_PIN, pin_objs, 32);
LOG_TEST_RET(ctx, rv, "Error while getting AUTH objects");
nn_pins = rv;
@@ -1441,12 +1441,12 @@ iasecc_md_gemalto_set_default(struct sc_pkcs15_card *p15card, struct sc_profile
struct sc_file *file = NULL;
sc_log(ctx, "update data object content in '%s'\n", sc_print_path(&dinfo->path));
- rv = sc_select_file(p15card->card, &dinfo->path, &file);
- LOG_TEST_RET(ctx, rv, "Cannot select data object file");
+ rv = sc_select_file(p15card->card, &dinfo->path, &file);
+ LOG_TEST_RET(ctx, rv, "Cannot select data object file");
- rv = sc_pkcs15init_update_file(profile, p15card, file, guid, guid_len);
- sc_file_free(file);
- LOG_TEST_RET(ctx, rv, "Failed to update 'CSP'/'Default Key Container' data object");
+ rv = sc_pkcs15init_update_file(profile, p15card, file, guid, guid_len);
+ sc_file_free(file);
+ LOG_TEST_RET(ctx, rv, "Failed to update 'CSP'/'Default Key Container' data object");
}
LOG_FUNC_RETURN(ctx, rv);
@@ -1460,7 +1460,7 @@ iasecc_md_gemalto_unset_default(struct sc_pkcs15_card *p15card, struct sc_profil
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_object *data_obj = NULL;
struct sc_pkcs15_data *dod = NULL;
- struct sc_pkcs15_object *key_objs[32];
+ struct sc_pkcs15_object *key_objs[32];
struct sc_pkcs15_prkey_info *key_info = (struct sc_pkcs15_prkey_info *)key_obj->data;
unsigned char guid[40];
size_t guid_len;
@@ -1545,7 +1545,7 @@ iasecc_md_gemalto_new_prvkey(struct sc_pkcs15_card *p15card, struct sc_profile *
sc_init_oid(&data_args.app_oid);
data_args.label = (char *)guid;
data_args.app_label = "CSP";
- data_args.der_encoded.value = data;
+ data_args.der_encoded.value = data;
data_args.der_encoded.len = offs;
rv = sc_pkcs15init_store_data_object(p15card, profile, &data_args, NULL);
@@ -1581,7 +1581,7 @@ iasecc_md_gemalto_delete_prvkey(struct sc_pkcs15_card *p15card, struct sc_profil
LOG_TEST_RET(ctx, rv, "Cannot get private key GUID");
rv = sc_pkcs15_find_data_object_by_name(p15card, "CSP", (char *)guid, &data_obj);
- if (rv == SC_ERROR_OBJECT_NOT_FOUND)
+ if (rv == SC_ERROR_OBJECT_NOT_FOUND)
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
LOG_TEST_RET(ctx, rv, "Find 'CSP'/<key> data object error");
@@ -1643,22 +1643,22 @@ iasecc_store_pubkey(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
prkey_info = (struct sc_pkcs15_prkey_info *)prkey_object->data;
- pubkey_info->key_reference = prkey_info->key_reference;
+ pubkey_info->key_reference = prkey_info->key_reference;
- pubkey_info->access_flags = prkey_info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL;
- pubkey_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE;
+ pubkey_info->access_flags = prkey_info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL;
+ pubkey_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE;
- pubkey_info->native = 0;
+ pubkey_info->native = 0;
- pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_SIGN ? SC_PKCS15_PRKEY_USAGE_VERIFY : 0;
- pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_SIGNRECOVER ? SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER : 0;
- pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION ? SC_PKCS15_PRKEY_USAGE_VERIFY : 0;
- pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_DECRYPT ? SC_PKCS15_PRKEY_USAGE_ENCRYPT : 0;
- pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_UNWRAP ? SC_PKCS15_PRKEY_USAGE_WRAP : 0;
+ pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_SIGN ? SC_PKCS15_PRKEY_USAGE_VERIFY : 0;
+ pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_SIGNRECOVER ? SC_PKCS15_PRKEY_USAGE_VERIFYRECOVER : 0;
+ pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_NONREPUDIATION ? SC_PKCS15_PRKEY_USAGE_VERIFY : 0;
+ pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_DECRYPT ? SC_PKCS15_PRKEY_USAGE_ENCRYPT : 0;
+ pubkey_info->usage |= prkey_info->usage & SC_PKCS15_PRKEY_USAGE_UNWRAP ? SC_PKCS15_PRKEY_USAGE_WRAP : 0;
- iasecc_pkcs15_add_access_rule(object, SC_PKCS15_ACCESS_RULE_MODE_READ, NULL);
+ iasecc_pkcs15_add_access_rule(object, SC_PKCS15_ACCESS_RULE_MODE_READ, NULL);
- memcpy(&pubkey_info->algo_refs[0], &prkey_info->algo_refs[0], sizeof(pubkey_info->algo_refs));
+ memcpy(&pubkey_info->algo_refs[0], &prkey_info->algo_refs[0], sizeof(pubkey_info->algo_refs));
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
@@ -1672,6 +1672,7 @@ iasecc_store_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
struct sc_context *ctx = p15card->card->ctx;
struct sc_card *card = p15card->card;
struct sc_file *pfile = NULL;
+ struct sc_path parent_path;
int rv;
LOG_FUNC_CALLED(ctx);
@@ -1680,6 +1681,14 @@ iasecc_store_cert(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
rv = iasecc_pkcs15_new_file(profile, card, SC_PKCS15_TYPE_CERT, 0, &pfile);
LOG_TEST_RET(ctx, rv, "IasEcc new CERT file error");
+ parent_path = pfile->path;
+ if (parent_path.len >= 2)
+ parent_path.len -= 2;
+ if (!parent_path.len && !parent_path.aid.len)
+ sc_format_path("3F00", &parent_path);
+ rv = sc_select_file(card, &parent_path, NULL);
+ LOG_TEST_RET(ctx, rv, "cannot select parent of certificate to store");
+
rv = iasecc_pkcs15_fix_file_access(p15card, pfile, object);
LOG_TEST_RET(ctx, rv, "encode file access rules failed");
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git
More information about the pkg-opensc-commit
mailing list