- (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from

larsch@trustcenter.de
This commit is contained in:
Damien Miller 2003-08-25 10:58:26 +10:00
parent 49d32566c2
commit 331b6af8fa
2 changed files with 25 additions and 5 deletions

View File

@ -1,3 +1,7 @@
20030825
- (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from
larsch@trustcenter.de
20030822
- (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal
-lbroken; ok dtucker
@ -851,4 +855,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
$Id: ChangeLog,v 1.2898 2003/08/22 08:43:48 dtucker Exp $
$Id: ChangeLog,v 1.2899 2003/08/25 00:58:26 djm Exp $

View File

@ -110,7 +110,8 @@ err:
/* private key operations */
static int
sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out)
sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out,
unsigned int usage)
{
int r;
struct sc_priv_data *priv;
@ -130,7 +131,8 @@ sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out)
goto err;
}
}
r = sc_pkcs15_find_prkey_by_id(p15card, &priv->cert_id, &key_obj);
r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id,
usage, &key_obj);
if (r) {
error("Unable to find private key from SmartCard: %s",
sc_strerror(r));
@ -176,6 +178,9 @@ err:
return -1;
}
#define SC_USAGE_DECRYPT SC_PKCS15_PRKEY_USAGE_DECRYPT | \
SC_PKCS15_PRKEY_USAGE_UNWRAP
static int
sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
int padding)
@ -185,7 +190,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
if (padding != RSA_PKCS1_PADDING)
return -1;
r = sc_prkey_op_init(rsa, &key_obj);
r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_DECRYPT);
if (r)
return -1;
r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1,
@ -201,6 +206,9 @@ err:
return -1;
}
#define SC_USAGE_SIGN SC_PKCS15_PRKEY_USAGE_SIGN | \
SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
static int
sc_sign(int type, u_char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, RSA *rsa)
@ -209,7 +217,15 @@ sc_sign(int type, u_char *m, unsigned int m_len,
int r;
unsigned long flags = 0;
r = sc_prkey_op_init(rsa, &key_obj);
/* XXX: sc_prkey_op_init will search for a pkcs15 private
* key object with the sign or signrecover usage flag set.
* If the signing key has only the non-repudiation flag set
* the key will be rejected as using a non-repudiation key
* for authentication is not recommended. Note: This does not
* prevent the use of a non-repudiation key for authentication
* if the sign or signrecover flag is set as well.
*/
r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_SIGN);
if (r)
return -1;
/* FIXME: length of sigret correct? */