Dear all, in the attached patch I have collected some pieces of code, which I consider for obsolete sine r4113 (removal of split-key concept). This patch is maintains only and as this may have a lower priority.
Kind Regards Andre Zepezauer
Index: pkcs11/framework-pkcs15.c =================================================================== --- pkcs11/framework-pkcs15.c (revision 4452) +++ pkcs11/framework-pkcs15.c (working copy) @@ -89,7 +89,9 @@ #define prv_flags base.base.flags #define prv_p15obj base.p15_object #define prv_pubkey base.related_pubkey +/* split-key related #define prv_next base.related_privkey +*/ struct pkcs15_pubkey_object { struct pkcs15_any_object base; @@ -510,6 +512,8 @@ for (i = 0; i < fw_data->num_objects; i++) { struct pkcs15_any_object *obj = fw_data->objects[i]; +#if 0 + // split-key related if (obj->base.flags & SC_PKCS11_OBJECT_HIDDEN) continue; if (is_privkey(obj) && obj != (struct pkcs15_any_object *) pk) { @@ -525,6 +529,7 @@ *pp = (struct pkcs15_prkey_object *) obj; } } else +#endif if (is_pubkey(obj) && !pk->prv_pubkey) { struct pkcs15_pubkey_object *pubkey; @@ -594,8 +599,11 @@ for (i = 0; i < fw_data->num_objects; i++) { struct pkcs15_any_object *obj = fw_data->objects[i]; +#if 0 + // split-key related if (obj->base.flags & SC_PKCS11_OBJECT_HIDDEN) continue; +#endif sc_debug(context, SC_LOG_DEBUG_NORMAL, "Looking for objects related to object %d", i); @@ -655,8 +663,7 @@ unsigned int i; struct pkcs15_fw_data *card_fw_data; - if (obj == NULL - || (obj->base.flags & (SC_PKCS11_OBJECT_HIDDEN | SC_PKCS11_OBJECT_RECURS))) + if (obj == NULL || obj->base.flags & SC_PKCS11_OBJECT_RECURS) return; @@ -2324,10 +2331,14 @@ case CKA_VERIFY: case CKA_VERIFY_RECOVER: case CKA_DERIVE: +#if 0 + // split-key related /* Combine the usage bits of all split keys */ for (usage = 0; prkey; prkey = prkey->prv_next) usage |= prkey->prv_info->usage; return get_usage_bit(usage, attr); +#endif + return get_usage_bit(prkey->prv_info->usage, attr); case CKA_MODULUS: return get_modulus(key, attr); /* XXX: this should be removed sometimes as a private key has no @@ -2376,15 +2387,18 @@ sc_debug(context, SC_LOG_DEBUG_NORMAL, "Initiating signing operation, mechanism 0x%x.\n", pMechanism->mechanism); +#if 0 + // split-key related /* See which of the alternative keys supports signing */ while (prkey && !(prkey->prv_info->usage & (SC_PKCS15_PRKEY_USAGE_SIGN|SC_PKCS15_PRKEY_USAGE_SIGNRECOVER| SC_PKCS15_PRKEY_USAGE_NONREPUDIATION))) prkey = prkey->prv_next; +#endif if (prkey == NULL) - return CKR_KEY_FUNCTION_NOT_PERMITTED; + SC_FUNC_RETURN(context, SC_LOG_DEBUG_VERBOSE, CKR_FUNCTION_FAILED); switch (pMechanism->mechanism) { case CKM_RSA_PKCS: @@ -2461,21 +2475,23 @@ CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) { struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) ses->slot->card->fw_data; - struct pkcs15_prkey_object *prkey; + struct pkcs15_prkey_object *prkey = (struct pkcs15_prkey_object *) obj; u8 decrypted[256]; int buff_too_small, rv, flags = 0; sc_debug(context, SC_LOG_DEBUG_NORMAL, "Initiating unwrap/decryption.\n"); +#if 0 + // split-key related /* See which of the alternative keys supports unwrap/decrypt */ prkey = (struct pkcs15_prkey_object *) obj; while (prkey && !(prkey->prv_info->usage & (SC_PKCS15_PRKEY_USAGE_DECRYPT|SC_PKCS15_PRKEY_USAGE_UNWRAP))) prkey = prkey->prv_next; - +#endif if (prkey == NULL) - return CKR_KEY_FUNCTION_NOT_PERMITTED; + SC_FUNC_RETURN(context, SC_LOG_DEBUG_VERBOSE, CKR_FUNCTION_FAILED); /* Select the proper padding mechanism */ switch (pMechanism->mechanism) { Index: pkcs11/sc-pkcs11.h =================================================================== --- pkcs11/sc-pkcs11.h (revision 4452) +++ pkcs11/sc-pkcs11.h (working copy) @@ -124,7 +124,9 @@ }; #define SC_PKCS11_OBJECT_SEEN 0x0001 +/* split-key related #define SC_PKCS11_OBJECT_HIDDEN 0x0002 +*/ #define SC_PKCS11_OBJECT_RECURS 0x8000 Index: pkcs15init/pkcs15-init.h =================================================================== --- pkcs15init/pkcs15-init.h (revision 4452) +++ pkcs15init/pkcs15-init.h (working copy) @@ -280,11 +280,13 @@ struct sc_profile *, struct sc_pkcs15init_prkeyargs *, struct sc_pkcs15_object **); +/* split-key related extern int sc_pkcs15init_store_split_key(struct sc_pkcs15_card *, struct sc_profile *, struct sc_pkcs15init_prkeyargs *, struct sc_pkcs15_object **, struct sc_pkcs15_object **); +*/ extern int sc_pkcs15init_store_public_key(struct sc_pkcs15_card *, struct sc_profile *, struct sc_pkcs15init_pubkeyargs *, @@ -352,10 +354,12 @@ struct sc_file *); /* Helper function for CardOS */ +/* split-key related extern int sc_pkcs15init_requires_restrictive_usage( struct sc_pkcs15_card *, struct sc_pkcs15init_prkeyargs *, unsigned int); +*/ extern int sc_pkcs15_create_pin_domain(struct sc_profile *, struct sc_pkcs15_card *, const struct sc_pkcs15_id *, struct sc_file **);
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel