Nils Larsch a écrit :
what about this quick hack in sc_pkcs15init_new_object()Hi Nils, According to your various remarks, i have changed the source code like this : - I deleted the added flags field of sc_pkcs15init_dataargs structure and i used the auth_id field in the place of it. - I modified the label management. So the "patch_creation_destruction_data_object.txt" file recapitulate the modifications to have the management of data object creation and destruction. But i have a last question about destruction of data object. With these modifications, the data objects can be deleted in smartcard. But i did not find the way to delete them from pkcs11 objects list, stored in pkcs15_fw_data : struct pkcs15_fw_data { struct sc_pkcs15_card * p15_card; struct pkcs15_any_object * objects[MAX_OBJECTS]; unsigned int num_objects; unsigned int locked; }; Cheers, --
Vincent
WYON
Dhimyotis 5 allée des écuries 59650 Villeneuve d'ascq tél. : 03 20 79 24 09
============================================= Ce mail est signé électroniquement grâce au système Certigna. Il a valeur légale. Pour plus d'informations, connectez-vous à : ============================================= |
Index: src/pkcs11/framework-pkcs15.c
===================================================================
--- src/pkcs11/framework-pkcs15.c (rvision 3114)
+++ src/pkcs11/framework-pkcs15.c (copie de travail)
@@ -1260,6 +1260,75 @@
out: return rv;
}
+/* This function create a data object in the inserted card and create a new */
+/* PKCS#11 object too (like pkcs15_create_certificate,
pkcs15_create_public_key) */
+static CK_RV pkcs15_create_data_object(struct sc_pkcs11_card *p11card,
+ struct sc_pkcs11_slot *slot,
+ struct sc_profile *profile,
+ CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+ CK_OBJECT_HANDLE_PTR phObject)
+{
+ struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *)
p11card->fw_data;
+ struct sc_pkcs15init_dataargs args;
+ struct pkcs15_any_object *data_any_obj;
+ struct sc_pkcs15_object *data_obj;
+ struct sc_pkcs15_pin_info *pin;
+ CK_BBOOL bPrivateData;
+ int rc, rv;
+ size_t i;
+
+ memset(&args, 0, sizeof(args));
+
+ while (ulCount--) {
+ CK_ATTRIBUTE_PTR attr = pTemplate++;
+
+ switch (attr->type) {
+ /* Skip attrs we already know or don't care for */
+ case CKA_CLASS:
+ case CKA_TOKEN:
+ break;
+ case CKA_PRIVATE:
+ rv = attr_extract(attr, &bPrivateData, NULL);
+ if (bPrivateData) { /* If private data object, then we
must store the id of PIN used for login */
+ if ((pin = slot_data_pin_info(slot->fw_data))
!= NULL)
+ args.auth_id = pin->auth_id;
+ }
+ break;
+ case CKA_LABEL:
+ args.label = (char *) attr->pValue;
+ break;
+ case CKA_APPLICATION:
+ args.app_label = (char *) attr->pValue;
+ break;
+ case CKA_VALUE:
+ args.der_encoded.len = attr->ulValueLen;
+ args.der_encoded.value = (u8 *) attr->pValue;
+ break;
+ default:
+ /* ignore unknown attrs, or flag error? */
+ continue;
+ }
+ }
+
+ /* From PKCS#11 library, it's not possible to pass an OID attribute.
+ * So args.app_oid must be equal to -1 ! */
+ args.app_oid.value[0] = -1;
+
+ rc = sc_pkcs15init_store_data_object(fw_data->p15_card, profile, &args,
&data_obj);
+ if (rc < 0) {
+ rv = sc_to_cryptoki_error(rc, p11card->reader);
+ goto out;
+ }
+
+ /* Create a new pkcs11 object for it */
+ __pkcs15_create_data_object(fw_data, data_obj, &data_any_obj);
+ pkcs15_add_object(slot, data_any_obj, phObject);
+
+ rv = CKR_OK;
+
+out: return rv;
+}
+
static CK_RV pkcs15_create_object(struct sc_pkcs11_card *p11card,
struct sc_pkcs11_slot *slot,
CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
@@ -1300,6 +1369,10 @@
rv = pkcs15_create_certificate(p11card, slot, profile,
pTemplate, ulCount, phObject);
break;
+ case CKO_DATA:
+ rv = pkcs15_create_data_object(p11card, slot, profile,
+ pTemplate, ulCount, phObject);
+ break;
default:
rv = CKR_FUNCTION_NOT_SUPPORTED;
}
@@ -2397,16 +2470,53 @@
return CKR_OK;
}
+/* This function allows the destruction of a data object */
+/* This function is stored in the structure sc_pkcs11_object_ops and used */
+/* with C_DestroyObject */
+static CK_RV pkcs15_dobj_destroy(struct sc_pkcs11_session *session, void
*object)
+{
+ struct pkcs15_data_object *p15Obj = (struct pkcs15_data_object*) object;
+ struct sc_pkcs11_card *card = session->slot->card;
+ struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *)
card->fw_data;
+ struct sc_profile *profile = NULL;
+ int rv;
+
+ rv = sc_lock(card->card);
+ if (rv < 0)
+ return sc_to_cryptoki_error(rv, card->reader);
+
+ /* Bind the profile */
+ rv = sc_pkcs15init_bind(card->card, "pkcs15", NULL, &profile);
+ if (rv < 0) {
+ sc_unlock(card->card);
+ return sc_to_cryptoki_error(rv, card->reader);
+ }
+
+ /* Add the PINs the user presented so far to the keycache */
+ add_pins_to_keycache(card, session->slot);
+
+ /* Delete object in smartcard */
+ rv = sc_pkcs15init_delete_object(fw_data->p15_card, profile,
p15Obj->base.p15_object);
+
+ /* Delete pkcs11 object, but how ?? */
+
+ sc_pkcs15init_unbind(profile);
+ sc_unlock(card->card);
+
+ return rv;
+}
+
+
struct sc_pkcs11_object_ops pkcs15_dobj_ops = {
pkcs15_dobj_release,
pkcs15_dobj_set_attribute,
pkcs15_dobj_get_attribute,
sc_pkcs11_any_cmp_attribute,
+ pkcs15_dobj_destroy,
NULL,
NULL,
NULL,
NULL,
- NULL,
};
Index: src/pkcs11/pkcs11-object.c
===================================================================
--- src/pkcs11/pkcs11-object.c (rvision 3114)
+++ src/pkcs11/pkcs11-object.c (copie de travail)
@@ -69,7 +69,34 @@
CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession, /* the session's handle */
CK_OBJECT_HANDLE hObject) /* the object's handle */
{
- return CKR_FUNCTION_NOT_SUPPORTED;
+ struct sc_pkcs11_session *session;
+ struct sc_pkcs11_object *object;
+ char object_name[64];
+ int rv;
+
+ rv = sc_pkcs11_lock();
+ if (rv != CKR_OK)
+ return rv;
+
+ snprintf(object_name, sizeof(object_name), "C_DestroyObject : Object %lu",
+ (unsigned long) hObject);
+ sc_debug( context, object_name );
+
+ rv = pool_find(&session_pool, hSession, (void**) &session);
+ if (rv != CKR_OK)
+ goto out;
+
+ rv = pool_find(&session->slot->object_pool, hObject, (void**) &object);
+ if (rv != CKR_OK)
+ goto out;
+
+ if( object->ops->destroy_object == NULL )
+ rv = CKR_FUNCTION_NOT_SUPPORTED;
+ else
+ rv = object->ops->destroy_object(session, object);
+
+out: sc_pkcs11_unlock();
+ return rv;
}
CK_RV C_GetObjectSize(CK_SESSION_HANDLE hSession, /* the session's handle */
Index: src/pkcs15init/pkcs15-lib.c
===================================================================
--- src/pkcs15init/pkcs15-lib.c (rvision 3114)
+++ src/pkcs15init/pkcs15-lib.c (copie de travail)
@@ -1785,8 +1785,9 @@
int r, i;
unsigned int tid = 0x01;
- if ((label = args->label) == NULL)
- label = "Data Object";
+ /* Label field is optional, so we don't have to force label to store "Data
object"
+ * like old code did */
+ label = args->label;
if (!args->id.len) {
/* Select an ID if the user didn't specify one, otherwise
@@ -1827,12 +1828,19 @@
if (object == NULL)
return SC_ERROR_OUT_OF_MEMORY;
data_object_info = (sc_pkcs15_data_info_t *) object->data;
- if (label != NULL) {
+
+ /* The data_object_info->app_label must stores the object's application
label if it's present.
+ * If not, it stores the object's label. */
+ if( args->app_label != NULL ) {
+ strlcpy(data_object_info->app_label, args->app_label,
+ sizeof(data_object_info->app_label));
+ } else if( label != NULL ) {
strlcpy(data_object_info->app_label, label,
sizeof(data_object_info->app_label));
- }
- data_object_info->app_oid = args->app_oid;
+ }
+ data_object_info->app_oid = args->app_oid;
+
r = sc_pkcs15init_store_data(p15card, profile,
object, &args->id, &args->der_encoded,
&data_object_info->path);
@@ -2711,6 +2719,8 @@
break;
case SC_PKCS15_TYPE_DATA_OBJECT:
object->flags = DEFAULT_DATA_FLAGS;
+ if( auth_id->len != 0 )
+ object->flags |= SC_PKCS15_CO_FLAG_PRIVATE;
data_size = sizeof(sc_pkcs15_data_info_t);
break;
}
Index: src/pkcs15init/pkcs15-cardos.c
===================================================================
--- src/pkcs15init/pkcs15-cardos.c (rvision 3114)
+++ src/pkcs15init/pkcs15-cardos.c (copie de travail)
@@ -754,6 +754,16 @@
return r;
}
+/*
+ * Try to delete a cardos file from his path
+ */
+static int cardos_delete_object(struct sc_profile *profile, struct sc_card
*card,
+ unsigned int type, const void *data, const sc_path_t *path)
+{
+ /* For Cardos, all objects are files that can be deleted in any order */
+ return sc_pkcs15init_delete_by_path(profile, card, path);
+}
+
static struct sc_pkcs15init_operations sc_pkcs15init_cardos_operations = {
cardos_erase,
NULL, /* init_card */
@@ -768,7 +778,7 @@
NULL, NULL, /* encode private/public key */
NULL, /* finalize_card */
NULL, NULL, NULL, NULL, NULL, /* old style api */
- NULL /* delete_object */
+ cardos_delete_object /* delete_object */
};
struct sc_pkcs15init_operations *
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
