- (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from

larsch@trustcenter.de
2003-08-25 10:58:26 +10:00 · 2003-08-25 10:58:26 +10:00 · 331b6af8fa
parent 49d32566c2
commit 331b6af8fa
2 changed files with 25 additions and 5 deletions
--- a/6
+++ b/6
@ -1,3 +1,7 @@
 20030825
 - (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from 
   larsch@trustcenter.de
 20030822
 - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal 
   -lbroken; ok dtucker 
@ -851,4 +855,4 @@
 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
   Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.2898 2003/08/22 08:43:48 dtucker Exp $
+$Id: ChangeLog,v 1.2899 2003/08/25 00:58:26 djm Exp $
--- a/scard-opensc.c
+++ b/scard-opensc.c
@ -110,7 +110,8 @@ err:
 /* private key operations */
 static int
-sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out)
+sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out,
 	unsigned int usage)
 {
 	int r;
 	struct sc_priv_data *priv;
@ -130,7 +131,8 @@ sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out)
 			goto err;
 		}
 	}
-	r = sc_pkcs15_find_prkey_by_id(p15card, &priv->cert_id, &key_obj);
+	r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id, 
 		usage, &key_obj);
 	if (r) {
 		error("Unable to find private key from SmartCard: %s",
 		      sc_strerror(r));
@ -176,6 +178,9 @@ err:
 	return -1;
 }
 #define SC_USAGE_DECRYPT	SC_PKCS15_PRKEY_USAGE_DECRYPT | \
 				SC_PKCS15_PRKEY_USAGE_UNWRAP
 static int
 sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
    int padding)
@ -185,7 +190,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
 	if (padding != RSA_PKCS1_PADDING)
 		return -1;	
-	r = sc_prkey_op_init(rsa, &key_obj);
+	r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_DECRYPT);
 	if (r)
 		return -1;
 	r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1, 
@ -201,6 +206,9 @@ err:
 	return -1;
 }
 #define SC_USAGE_SIGN 		SC_PKCS15_PRKEY_USAGE_SIGN | \
 				SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
 static int
 sc_sign(int type, u_char *m, unsigned int m_len,
 	unsigned char *sigret, unsigned int *siglen, RSA *rsa)
@ -209,7 +217,15 @@ sc_sign(int type, u_char *m, unsigned int m_len,
 	int r;
 	unsigned long flags = 0;
-	r = sc_prkey_op_init(rsa, &key_obj);
+	/* XXX: sc_prkey_op_init will search for a pkcs15 private
 	 * key object with the sign or signrecover usage flag set.
 	 * If the signing key has only the non-repudiation flag set
 	 * the key will be rejected as using a non-repudiation key
 	 * for authentication is not recommended. Note: This does not
 	 * prevent the use of a non-repudiation key for authentication
 	 * if the sign or signrecover flag is set as well. 
 	 */
 	r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_SIGN);
 	if (r)
 		return -1;
 	/* FIXME: length of sigret correct? */