Re: [opensc-devel] [RFC] removal of more split-key related pieces

Andre Zepezauer Thu, 24 Jun 2010 09:20:41 -0700

On Thu, 2010-06-24 at 14:47 +0300, Martin Paljak wrote:
> Hello,
> 
> On Jun 24, 2010, at 12:47 , Andre Zepezauer wrote:
> > Ludovic Rousseau wrote:
> >> Why not just remove the lines if they are useless now?
> >>  
> > Because it makes the process of reviewing much easier. One could apply the 
> > patch local and see the hole context of the pieces which are considered 
> > obsolete. Don't forget that the framework code is complex and simply 
> > removing some lines may have subtle effects.
> 
> 
> A patch that can be compared to the original changeset which added the 
> feature [1] would be much easier both to review as well as apply
> 
> [1] http://www.opensc-project.org/opensc/changeset/1038


Well, here is my next attempt.

Regards
Andre

Index: pkcs11/framework-pkcs15.c
===================================================================
--- pkcs11/framework-pkcs15.c	(revision 4460)
+++ pkcs11/framework-pkcs15.c	(working copy)
@@ -89,7 +89,6 @@
 #define prv_flags		base.base.flags
 #define prv_p15obj		base.p15_object
 #define prv_pubkey		base.related_pubkey
-#define prv_next		base.related_privkey
 
 struct pkcs15_pubkey_object {
 	struct pkcs15_any_object	base;
@@ -510,21 +509,6 @@
 	for (i = 0; i < fw_data->num_objects; i++) {
 		struct pkcs15_any_object *obj = fw_data->objects[i];
 
-		if (obj->base.flags & SC_PKCS11_OBJECT_HIDDEN)
-			continue;
-		if (is_privkey(obj) && obj != (struct pkcs15_any_object *) pk) {
-			/* merge private keys with the same ID and
-			 * different usage bits */
-			struct pkcs15_prkey_object *other, **pp;
-
-			other = (struct pkcs15_prkey_object *) obj;
-			if (sc_pkcs15_compare_id(&other->prv_info->id, id)) {
-				obj->base.flags |= SC_PKCS11_OBJECT_HIDDEN;
-				for (pp = &pk->prv_next; *pp; pp = &(*pp)->prv_next)
-					;
-				*pp = (struct pkcs15_prkey_object *) obj;
-			}
-		} else
 		if (is_pubkey(obj) && !pk->prv_pubkey) {
 			struct pkcs15_pubkey_object *pubkey;
 			
@@ -594,9 +578,6 @@
 	for (i = 0; i < fw_data->num_objects; i++) {
 		struct pkcs15_any_object *obj = fw_data->objects[i];
 
-		if (obj->base.flags & SC_PKCS11_OBJECT_HIDDEN)
-			continue;
-
 		sc_debug(context, SC_LOG_DEBUG_NORMAL, "Looking for objects related to object %d", i);
 
 		if (is_privkey(obj)) {
@@ -655,8 +636,7 @@
 	unsigned int i;
 	struct pkcs15_fw_data *card_fw_data;
 
-	if (obj == NULL
-	 || (obj->base.flags & (SC_PKCS11_OBJECT_HIDDEN | SC_PKCS11_OBJECT_RECURS)))
+	if (obj == NULL)
 		return;
 
         
@@ -676,8 +656,6 @@
 	 * XXX prevent infinite recursion when a card specifies two certificates
 	 * referring to each other.
 	 */
-	obj->base.flags |= SC_PKCS11_OBJECT_RECURS;
-
 	switch (__p15_type(obj)) {
 	case SC_PKCS15_TYPE_PRKEY_RSA:
 	case SC_PKCS15_TYPE_PRKEY_GOSTR3410:
@@ -703,8 +681,6 @@
 		pkcs15_add_object(slot, (struct pkcs15_any_object *) obj->related_cert, NULL);
 		break;
 	}
-
-	obj->base.flags &= ~SC_PKCS11_OBJECT_RECURS;
 }
 
 static void pkcs15_init_slot(struct sc_pkcs15_card *p15card,
@@ -2324,10 +2300,7 @@
 	case CKA_VERIFY:
 	case CKA_VERIFY_RECOVER:
 	case CKA_DERIVE:
-		/* Combine the usage bits of all split keys */
-		for (usage = 0; prkey; prkey = prkey->prv_next)
-			usage |= prkey->prv_info->usage;
-		return get_usage_bit(usage, attr);
+		return get_usage_bit(prkey->prv_info->usage, attr);
 	case CKA_MODULUS:
 		return get_modulus(key, attr);
 	/* XXX: this should be removed sometimes as a private key has no
@@ -2376,16 +2349,6 @@
 	sc_debug(context, SC_LOG_DEBUG_NORMAL, "Initiating signing operation, mechanism 0x%x.\n",
 				pMechanism->mechanism);
 
-	/* See which of the alternative keys supports signing */
-	while (prkey
-	 && !(prkey->prv_info->usage
-	     & (SC_PKCS15_PRKEY_USAGE_SIGN|SC_PKCS15_PRKEY_USAGE_SIGNRECOVER|
-	     	SC_PKCS15_PRKEY_USAGE_NONREPUDIATION)))
-		prkey = prkey->prv_next;
-
-	if (prkey == NULL)
-		return CKR_KEY_FUNCTION_NOT_PERMITTED;
-
 	switch (pMechanism->mechanism) {
 	case CKM_RSA_PKCS:
 		flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_NONE;
@@ -2461,22 +2424,12 @@
 		CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
 {
 	struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *) ses->slot->card->fw_data;
-	struct pkcs15_prkey_object *prkey;
+	struct pkcs15_prkey_object *prkey = (struct pkcs15_prkey_object *) obj;
 	u8	decrypted[256];
 	int	buff_too_small, rv, flags = 0;
 
 	sc_debug(context, SC_LOG_DEBUG_NORMAL, "Initiating unwrap/decryption.\n");
 
-	/* See which of the alternative keys supports unwrap/decrypt */
-	prkey = (struct pkcs15_prkey_object *) obj;
-	while (prkey
-	 && !(prkey->prv_info->usage
-	     & (SC_PKCS15_PRKEY_USAGE_DECRYPT|SC_PKCS15_PRKEY_USAGE_UNWRAP)))
-		prkey = prkey->prv_next;
-
-	if (prkey == NULL)
-		return CKR_KEY_FUNCTION_NOT_PERMITTED;
-
 	/* Select the proper padding mechanism */
 	switch (pMechanism->mechanism) {
 	case CKM_RSA_PKCS:
Index: pkcs11/sc-pkcs11.h
===================================================================
--- pkcs11/sc-pkcs11.h	(revision 4460)
+++ pkcs11/sc-pkcs11.h	(working copy)
@@ -124,8 +124,6 @@
 };
 
 #define SC_PKCS11_OBJECT_SEEN	0x0001
-#define SC_PKCS11_OBJECT_HIDDEN	0x0002
-#define SC_PKCS11_OBJECT_RECURS	0x8000
 
 
 /*
Index: pkcs15init/pkcs15-lib.c
===================================================================
--- pkcs15init/pkcs15-lib.c	(revision 4460)
+++ pkcs15init/pkcs15-lib.c	(working copy)
@@ -1087,15 +1087,10 @@
 		key_info->native = 0;
 	}
 
-	if (keyargs->id.len != 0 && (keyargs->flags & SC_PKCS15INIT_SPLIT_KEY)) {
-		/* Split key; this ID exists already, don't check for
-		 * the pkcs15 object */
-	} else {
-		/* Select a Key ID if the user didn't specify one,
-		 * otherwise make sure it's compatible with our intended use */
-		r = select_id(p15card, SC_PKCS15_TYPE_PRKEY, &keyargs->id);
-		SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot select ID for PrKey object");
-	}
+	/* Select a Key ID if the user didn't specify one,
+	 * otherwise make sure it's compatible with our intended use */
+	r = select_id(p15card, SC_PKCS15_TYPE_PRKEY, &keyargs->id);
+	SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, r, "Cannot select ID for PrKey object");
 
 	key_info->id = keyargs->id;
 
Index: pkcs15init/pkcs15-init.h
===================================================================
--- pkcs15init/pkcs15-init.h	(revision 4460)
+++ pkcs15init/pkcs15-init.h	(working copy)
@@ -215,7 +215,6 @@
 };
 
 #define SC_PKCS15INIT_NO_PASSPHRASE	0x0002
-#define SC_PKCS15INIT_SPLIT_KEY		0x0004
 
 struct sc_pkcs15init_pubkeyargs {
 	struct sc_pkcs15_id	id;
@@ -280,11 +279,6 @@
 				struct sc_profile *,
 				struct sc_pkcs15init_prkeyargs *,
 				struct sc_pkcs15_object **);
-extern int	sc_pkcs15init_store_split_key(struct sc_pkcs15_card *,
-				struct sc_profile *,
-				struct sc_pkcs15init_prkeyargs *,
-				struct sc_pkcs15_object **,
-				struct sc_pkcs15_object **);
 extern int	sc_pkcs15init_store_public_key(struct sc_pkcs15_card *,
 				struct sc_profile *,
 				struct sc_pkcs15init_pubkeyargs *,
@@ -351,12 +345,6 @@
 extern int	sc_pkcs15init_rmdir(struct sc_pkcs15_card *, struct sc_profile *,
 				struct sc_file *);
 
-/* Helper function for CardOS */
-extern int	sc_pkcs15init_requires_restrictive_usage(
-				struct sc_pkcs15_card *,
-				struct sc_pkcs15init_prkeyargs *,
-				unsigned int);
-
 extern int	sc_pkcs15_create_pin_domain(struct sc_profile *, struct sc_pkcs15_card *,
 				const struct sc_pkcs15_id *, struct sc_file **);

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] [RFC] removal of more split-key related pieces

Reply via email to