Changeset 3537 for trunk/src/pkcs15init/pkcs15-cardos.c

Timestamp:

07/21/08 16:35:21 (4 months ago)

Author:

aj

Message:

Chaskiel Grundman:
Nowhere in pkcs15init/pkcs15-cardos.c is the user pin ever
requested or presented to the card.
Since the update acl for the key object uses the user pin, the GENERATE
KEY operation fails when it isn't logged in.

Files:

• trunk/src/pkcs15init/pkcs15-cardos.c (modified) (2 diffs)

trunk/src/pkcs15init/pkcs15-cardos.c

@@ -309 +309 @@
         int             algorithm, r, delete_it = 0, use_ext_rsa = 0;
         size_t          keybits, rsa_max_size;
-        
+        int             pin_id = -1;
+
         if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA)
                 return SC_ERROR_NOT_SUPPORTED;
@@ -334 +335 @@
                                 "for key generation.");
                 return SC_ERROR_NOT_SUPPORTED;
+        }
+       pin_id = sc_keycache_find_named_pin(&key_info->path, SC_PKCS15INIT_USER_PIN);
+       if (pin_id > 0) {
+                r = sc_pkcs15init_verify_key(profile, card, NULL, SC_AC_CHV, pin_id);
+                if (r < 0)
+                        return r;
         }
         if (use_ext_rsa == 0)