[pkg-opensc-commit] [opensc] 12/50: pkcs15init: use aux-data to set MD container GUID

Eric Dorland eric at moszumanska.debian.org
Sat May 28 03:35:46 UTC 2016 

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository opensc.

commit 5c0a37c53d3732f5a26b218cfbfc788a6d8c599f
Author: Viktor Tarasov <viktor.tarasov at gmail.com>
Date:   Thu Apr 7 15:59:34 2016 +0200

    pkcs15init: use aux-data to set MD container GUID
---
 src/pkcs15init/pkcs15-lib.c | 53 ++++++++++++++++++++++++++++++++++++++++++---
 src/tools/pkcs15-init.c     | 17 +++++++++++++--
 2 files changed, 65 insertions(+), 5 deletions(-)

diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index 7bf7398..cfbb1b6 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -61,6 +61,7 @@
 #include "libopensc/cardctl.h"
 #include "libopensc/asn1.h"
 #include "libopensc/log.h"
+#include "libopensc/aux-data.h"
 #include "profile.h"
 #include "pkcs15-init.h"
 
@@ -1264,6 +1265,46 @@ err:
 }
 
 
+static int
+_pkcd15init_set_aux_md_data(struct sc_pkcs15_card *p15card, struct sc_auxiliary_data **aux_data,
+		unsigned char *guid, size_t guid_len)
+{
+	struct sc_context *ctx = p15card->card->ctx;
+	unsigned char flags = SC_MD_CONTAINER_MAP_VALID_CONTAINER;
+	char gd[SC_MD_MAX_CONTAINER_NAME_LEN + 1];
+	int rv;
+
+	LOG_FUNC_CALLED(ctx);
+
+	if(!guid || !guid_len)
+		LOG_FUNC_RETURN(ctx, SC_SUCCESS);
+
+	if (!aux_data)
+		LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
+
+	if (guid_len > SC_MD_MAX_CONTAINER_NAME_LEN)
+		LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
+
+	memset(gd, 0, sizeof(gd));
+	memcpy(gd, guid, guid_len);
+
+	if (*aux_data == NULL)   {
+		rv = sc_aux_data_allocate(ctx, aux_data, NULL);
+		LOG_TEST_RET(ctx, rv, "Failed to allocate aux data");
+	}
+
+	rv = sc_aux_data_set_md_guid(ctx, *aux_data, gd);
+	LOG_TEST_RET(ctx, rv, "Failed to set private key CMAP record GUID");
+
+	if (sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0) == 0)
+		flags |= SC_MD_CONTAINER_MAP_DEFAULT_CONTAINER;
+
+	rv = sc_aux_data_set_md_flags(ctx, *aux_data, flags);
+	LOG_TEST_RET(ctx, rv, "Failed to set private key CMAP record flags");
+
+	LOG_FUNC_RETURN(ctx, SC_SUCCESS);
+}
+
 /*
  * Generate a new private key
  */
@@ -1309,6 +1350,10 @@ sc_pkcs15init_generate_key(struct sc_pkcs15_card *p15card, struct sc_profile *pr
 
 	key_info = (struct sc_pkcs15_prkey_info *) object->data;
 
+	r = _pkcd15init_set_aux_md_data(p15card, &key_info->aux_data,
+			keygen_args->prkey_args.guid, keygen_args->prkey_args.guid_len);
+	LOG_TEST_RET(ctx, r, "Failed to set aux MD data");
+
 	/* Set up the PuKDF info. The public key will be filled in
 	 * by the card driver's generate_key function called below.
 	 * Auth.ID of the public key object is left empty. */
@@ -1394,8 +1439,9 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card, struct sc_profil
 		struct sc_pkcs15init_prkeyargs *keyargs, struct sc_pkcs15_object **res_obj)
 {
 	struct sc_context *ctx = p15card->card->ctx;
-	struct sc_pkcs15_object *object;
+	struct sc_pkcs15_object *object = NULL;
 	struct sc_pkcs15_prkey key;
+	struct sc_pkcs15_prkey_info *key_info = NULL;
 	int keybits, r = 0;
 
 	LOG_FUNC_CALLED(ctx);
@@ -1435,8 +1481,9 @@ sc_pkcs15init_store_private_key(struct sc_pkcs15_card *p15card, struct sc_profil
 	r = sc_pkcs15init_encode_prvkey_content(p15card, &key, object);
 	LOG_TEST_RET(ctx, r, "Failed to encode public key");
 
-	/* Get the number of private keys already on this card */
-	/*idx = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0);*/
+	key_info = (struct sc_pkcs15_prkey_info *) object->data;
+	r = _pkcd15init_set_aux_md_data(p15card, &key_info->aux_data, keyargs->guid, keyargs->guid_len);
+	LOG_TEST_RET(ctx, r, "Failed to set aux MD data");
 
 	if (profile->ops->create_key)
 		r = profile->ops->create_key(profile, p15card, object);
diff --git a/src/tools/pkcs15-init.c b/src/tools/pkcs15-init.c
index 8abf14f..6d8487e 100644
--- a/src/tools/pkcs15-init.c
+++ b/src/tools/pkcs15-init.c
@@ -139,6 +139,7 @@ enum {
 	OPT_ERASE_APPLICATION,
 	OPT_IGNORE_CA_CERTIFICATES,
 	OPT_UPDATE_EXISTING,
+	OPT_MD_CONTAINER_GUID,
 	OPT_VERSION,
 
 	OPT_PIN1     = 0x10000,	/* don't touch these values */
@@ -203,6 +204,7 @@ const struct option	options[] = {
 	{ "profile",		required_argument, NULL,	'p' },
 	{ "card-profile",	required_argument, NULL,	'c' },
 	{ "options-file",	required_argument, NULL,	OPT_OPTIONS },
+	{ "md-container-guid",	required_argument, NULL,	OPT_MD_CONTAINER_GUID},
 	{ "wait",		no_argument, NULL,		'w' },
 	{ "help",		no_argument, NULL,		'h' },
 	{ "verbose",		no_argument, NULL,		'v' },
@@ -264,6 +266,7 @@ static const char *		option_help[] = {
 	"Specify the general profile to use",
 	"Specify the card profile to use",
 	"Read additional command line options from file",
+	"For a new key specify GUID for a MD container",
 	"Wait for card insertion",
 	"Display this message",
 	"Verbose operation. Use several times to enable debug output.",
@@ -364,6 +367,7 @@ static char *			opt_application_id = NULL;
 static char *			opt_application_name = NULL;
 static char *			opt_bind_to_aid = NULL;
 static char *			opt_puk_authid = NULL;
+static char *			opt_md_container_guid = NULL;
 static unsigned int		opt_x509_usage = 0;
 static unsigned int		opt_delete_flags = 0;
 static unsigned int		opt_type = 0;
@@ -1507,7 +1511,7 @@ do_generate_key(struct sc_profile *profile, const char *spec)
 
 	if ((r = init_keyargs(&keygen_args.prkey_args)) < 0)
 		return r;
-        keygen_args.prkey_args.access_flags |=
+	keygen_args.prkey_args.access_flags |=
 		  SC_PKCS15_PRKEY_ACCESS_SENSITIVE
 		| SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE
 		| SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE
@@ -1565,7 +1569,7 @@ static int init_keyargs(struct sc_pkcs15init_prkeyargs *args)
 		sc_pkcs15_format_id(opt_authid, &args->auth_id);
 	} else if (!opt_insecure) {
 		util_error("no PIN given for key - either use --insecure or \n"
-		      "specify a PIN using --auth-id");
+				"specify a PIN using --auth-id");
 		return SC_ERROR_INVALID_ARGUMENTS;
 	}
 	if (opt_extractable) {
@@ -1573,6 +1577,12 @@ static int init_keyargs(struct sc_pkcs15init_prkeyargs *args)
 	}
 	args->label = opt_label;
 	args->x509_usage = opt_x509_usage;
+
+	if (opt_md_container_guid)   {
+		args->guid = (unsigned char *)opt_md_container_guid;
+		args->guid_len = strlen(opt_md_container_guid);
+	}
+
 	return 0;
 }
 
@@ -2559,6 +2569,9 @@ handle_option(const struct option *opt)
 	case OPT_UPDATE_EXISTING:
 		opt_update_existing = 1;
 		break;
+	case OPT_MD_CONTAINER_GUID:
+		opt_md_container_guid = optarg;
+		break;
 	case OPT_VERSION:
 		this_action = ACTION_PRINT_VERSION;
 		break;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git

More information about the pkg-opensc-commit mailing list