Ticket #198: access_flags.patch

File access_flags.patch, 2.9 KB (added by martin, 2 years ago)

Correctly set access flags for stored and generated keys

  • src/tools/pkcs15-init.c

     
    14081408 
    14091409        if ((r = init_keyargs(&keygen_args.prkey_args)) < 0) 
    14101410                return r; 
     1411        keygen_args.prkey_args.access_flags |= SC_PKCS15_PRKEY_ACCESS_SENSITIVE|SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE|SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE|SC_PKCS15_PRKEY_ACCESS_LOCAL; 
    14111412 
    14121413        /* Parse the key spec given on the command line */ 
    14131414        if (!strncasecmp(spec, "rsa", 3)) { 
     
    14981499                return SC_ERROR_INVALID_ARGUMENTS; 
    14991500        } 
    15001501        if (opt_extractable) { 
    1501                 args->flags |= SC_PKCS15INIT_EXTRACTABLE; 
     1502                args->access_flags |= SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE; 
    15021503                if (opt_passphrase) { 
    15031504                        args->passphrase = opt_passphrase; 
    15041505                } else { 

  • src/pkcs15init/pkcs15-lib.c

     
    10051005        key_info->native = 1; 
    10061006        key_info->key_reference = 0; 
    10071007        key_info->modulus_length = keybits; 
    1008         key_info->access_flags = DEFAULT_PRKEY_ACCESS_FLAGS; 
     1008        key_info->access_flags = keyargs->access_flags; 
    10091009        /* Path is selected below */ 
    10101010 
    1011         if (keyargs->flags & SC_PKCS15INIT_EXTRACTABLE) { 
    1012                 key_info->access_flags |= SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE; 
     1011        if (keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE) { 
    10131012                key_info->access_flags &= ~SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE; 
    10141013                key_info->native = 0; 
    10151014        } 
     
    11881187                        keyargs->x509_usage, keybits, 0)) { 
    11891188                /* Make sure the caller explicitly tells us to store 
    11901189                 * the key non-natively. */ 
    1191                 if (!(keyargs->flags & SC_PKCS15INIT_EXTRACTABLE)) 
     1190                if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE)) 
    11921191                        SC_TEST_RET(ctx, SC_ERROR_INCOMPATIBLE_KEY, "Card does not support this key."); 
    11931192 
    11941193                if (!keyargs->passphrase 
     
    12071206 
    12081207        /* Get the number of private keys already on this card */ 
    12091208        idx = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_PRKEY, NULL, 0); 
    1210         if (!(keyargs->flags & SC_PKCS15INIT_EXTRACTABLE)) { 
     1209        if (!(keyargs->access_flags & SC_PKCS15_PRKEY_ACCESS_EXTRACTABLE)) { 
    12111210                r = profile->ops->create_key(profile, p15card, object); 
    12121211                SC_TEST_RET(ctx, r, "Card specific 'create key' failed"); 
    12131212 

  • src/pkcs15init/pkcs15-init.h

     
    191191        unsigned long           usage; 
    192192        unsigned long           x509_usage; 
    193193        unsigned int            flags; 
     194        unsigned int            access_flags; 
    194195        struct sc_pkcs15init_keyarg_gost_params gost_params; 
    195196 
    196197        sc_pkcs15_prkey_t       key; 
     
    204205        const char *                   pubkey_label; 
    205206}; 
    206207 
    207 #define SC_PKCS15INIT_EXTRACTABLE       0x0001 
    208208#define SC_PKCS15INIT_NO_PASSPHRASE     0x0002 
    209209#define SC_PKCS15INIT_SPLIT_KEY         0x0004 
    210210