[pkg-opensc-commit] [opensc] 12/50: pkcs15init: use aux-data to set MD container GUID
Eric Dorland
eric at moszumanska.debian.org
Sat May 28 03:35:46 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository opensc.
commit 5c0a37c53d3732f5a26b218cfbfc788a6d8c599f
Author: Viktor Tarasov <viktor.tarasov at gmail.com>
Date: Thu Apr 7 15:59:34 2016 +0200
pkcs15init: use aux-data to set MD container GUID
---
src/pkcs15init/pkcs15-lib.c | 53 ++++++++++++++++++++++++++++++++++++++++++---
src/tools/pkcs15-init.c | 17 +++++++++++++--
2 files changed, 65 insertions(+), 5 deletions(-)
diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index 7bf7398..cfbb1b6 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -61,6 +61,7 @@
#include "libopensc/cardctl.h"
#include "libopensc/asn1.h"
#include "libopensc/log.h"
+#include "libopensc/aux-data.h"
#include "profile.h"
#include "pkcs15-init.h"
@@ -1264,6 +1265,46 @@ err:
}
+static int
+_pkcd15init_set_aux_md_data(struct sc_pkcs15_card *p15card, struct sc_auxiliary_data **aux_data,
+ unsigned char *guid, size_t guid_len)
+{
+ struct sc_context *ctx = p15card->card->ctx;
+ unsigned char flags = SC_MD_CONTAINER_MAP_VALID_CONTAINER;
+ char gd[SC_MD_MAX_CONTAINER_NAME_LEN + 1];
+ int rv;
+
+ LOG_FUNC_CALLED(ctx);
+
+ if(!guid || !guid_len)
+ LOG_FUNC_RETURN(ctx, SC_SUCCESS);
+
+ if (!aux_data)
+ LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
+
+ if (guid_len > SC_MD_MAX_CONTAINER_NAME_LEN)
+ LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
+
+ memset(gd, 0, sizeof(gd));
+ memcpy(gd, guid, guid_len);
+
+ if (*aux_data == NULL) {
+ rv = sc_aux_data_allocate(ctx, aux_data, NULL);
+ LOG_TEST_RET(ctx, rv, "Failed to allocate aux data");
+ }
+
+ rv = sc_aux_data_set_md_guid(ctx, *aux_data, gd);
+ LOG_TEST_RET(ctx, rv, "Failed to set private key CMAP record GUID");
+
+ if (sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0) == 0)
+ flags |= SC_MD_CONTAINER_MAP_DEFAULT_CONTAINER;
+
+ rv = sc_aux_data_set_md_flags(ctx, *aux_data, flags);
+ LOG_TEST_RET(ctx, rv, "Failed to set private key CMAP record flags");
+
+ LOG_FUNC_RETURN(ctx, SC_SUCCESS);
+}
+
/*
* Generate a new private key
*/
@@ -1309,6 +1350,10 @@ sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card, struct sc_profile *pr
key_info = (struct sc_pkcs15_prkey_info *) object->data;
+ r = _pkcd15init_set_aux_md_data(p15card, &key_info->aux_data,
+ keygen_args->prkey_args.guid, keygen_args->prkey_args.guid_len);
+ LOG_TEST_RET(ctx, r, "Failed to set aux MD data");
+
/* Set up the PuKDF info. The public key will be filled in
* by the card driver's generate_key function called below.
* Auth.ID of the public key object is left empty. */
@@ -1394,8 +1439,9 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card, struct sc_profil
struct sc_pkcs15init_prkeyargs *keyargs, struct sc_pkcs15_object **res_obj)
{
struct sc_context *ctx = p15card->card->ctx;
- struct sc_pkcs15_object *object;
+ struct sc_pkcs15_object *object = NULL;
struct sc_pkcs15_prkey key;
+ struct sc_pkcs15_prkey_info *key_info = NULL;
int keybits, r = 0;
LOG_FUNC_CALLED(ctx);
@@ -1435,8 +1481,9 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card, struct sc_profil
r = sc_pkcs15init_encode_prvkey_content(p15card, &key, object);
LOG_TEST_RET(ctx, r, "Failed to encode public key");
- /* Get the number of private keys already on this card */
- /*idx = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0);*/
+ key_info = (struct sc_pkcs15_prkey_info *) object->data;
+ r = _pkcd15init_set_aux_md_data(p15card, &key_info->aux_data, keyargs->guid, keyargs->guid_len);
+ LOG_TEST_RET(ctx, r, "Failed to set aux MD data");
if (profile->ops->create_key)
r = profile->ops->create_key(profile, p15card, object);
diff --git a/src/tools/pkcs15-init.c b/src/tools/pkcs15-init.c
index 8abf14f..6d8487e 100644
--- a/src/tools/pkcs15-init.c
+++ b/src/tools/pkcs15-init.c
@@ -139,6 +139,7 @@ enum {
OPT_ERASE_APPLICATION,
OPT_IGNORE_CA_CERTIFICATES,
OPT_UPDATE_EXISTING,
+ OPT_MD_CONTAINER_GUID,
OPT_VERSION,
OPT_PIN1 = 0x10000, /* don't touch these values */
@@ -203,6 +204,7 @@ const struct option options[] = {
{ "profile", required_argument, NULL, 'p' },
{ "card-profile", required_argument, NULL, 'c' },
{ "options-file", required_argument, NULL, OPT_OPTIONS },
+ { "md-container-guid", required_argument, NULL, OPT_MD_CONTAINER_GUID},
{ "wait", no_argument, NULL, 'w' },
{ "help", no_argument, NULL, 'h' },
{ "verbose", no_argument, NULL, 'v' },
@@ -264,6 +266,7 @@ static const char * option_help[] = {
"Specify the general profile to use",
"Specify the card profile to use",
"Read additional command line options from file",
+ "For a new key specify GUID for a MD container",
"Wait for card insertion",
"Display this message",
"Verbose operation. Use several times to enable debug output.",
@@ -364,6 +367,7 @@ static char * opt_application_id = NULL;
static char * opt_application_name = NULL;
static char * opt_bind_to_aid = NULL;
static char * opt_puk_authid = NULL;
+static char * opt_md_container_guid = NULL;
static unsigned int opt_x509_usage = 0;
static unsigned int opt_delete_flags = 0;
static unsigned int opt_type = 0;
@@ -1507,7 +1511,7 @@ do_generate_key(struct sc_profile *profile, const char *spec)
if ((r = init_keyargs(&keygen_args.prkey_args)) < 0)
return r;
- keygen_args.prkey_args.access_flags |=
+ keygen_args.prkey_args.access_flags |=
SC_PKCS15_PRKEY_ACCESS_SENSITIVE
| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
@@ -1565,7 +1569,7 @@ static int init_keyargs(struct sc_pkcs15init_prkeyargs *args)
sc_pkcs15_format_id(opt_authid, &args->auth_id);
} else if (!opt_insecure) {
util_error("no PIN given for key - either use --insecure or \n"
- "specify a PIN using --auth-id");
+ "specify a PIN using --auth-id");
return SC_ERROR_INVALID_ARGUMENTS;
}
if (opt_extractable) {
@@ -1573,6 +1577,12 @@ static int init_keyargs(struct sc_pkcs15init_prkeyargs *args)
}
args->label = opt_label;
args->x509_usage = opt_x509_usage;
+
+ if (opt_md_container_guid) {
+ args->guid = (unsigned char *)opt_md_container_guid;
+ args->guid_len = strlen(opt_md_container_guid);
+ }
+
return 0;
}
@@ -2559,6 +2569,9 @@ handle_option(const struct option *opt)
case OPT_UPDATE_EXISTING:
opt_update_existing = 1;
break;
+ case OPT_MD_CONTAINER_GUID:
+ opt_md_container_guid = optarg;
+ break;
case OPT_VERSION:
this_action = ACTION_PRINT_VERSION;
break;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git
More information about the pkg-opensc-commit
mailing list