Re: [opensc-devel] r5124

Mon, 28 Feb 2011 06:33:40 -0800 

Hello Martin,

I would like to commit the attached patch. Any objections?

On Thu, 2011-02-03 at 14:36 +0200, Martin Paljak wrote:
> Hello,
> 
> On Thu, Jan 27, 2011 at 20:08, Andre Zepezauer
> <[email protected]> wrote:
> > Hello Martin,
> >
> > some comments on r5124:
> >
> > 1. The values of pin_info->reference and prkey_info->key_reference
> > shouldn't be compared because:
> >
> > * pin_info->reference is used as P2 parameter in VERIFY command
> > * prkey_info->key_reference is used in MSE SET tag 0x84
> 
> OK, I see your point.
> Looking at your patch: could it be extracted into a small lookup
> function like the current one that is used? such a small lookup
> function with a small doxygen doc would look really nice.
> 
> I see it has been working up to because of a coincidence...

Index: src/libopensc/pkcs15-pin.c
===================================================================
--- src/libopensc/pkcs15-pin.c	(revision 5215)
+++ src/libopensc/pkcs15-pin.c	(working copy)
@@ -499,12 +499,21 @@
 		return;
 	}
 
-	/* If the PIN protects a private key with user consent, don't cache it */
-	if (sc_pkcs15_find_prkey_by_reference(p15card, NULL, pin_info->reference, &obj) == SC_SUCCESS) {
-		if (obj->user_consent) {
-			sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Not caching a PIN protecting a key with user consent");
-			return;
+	/* If the PIN protects an object with user consent, don't cache it */
+	obj = p15card->obj_list;
+	while (obj != NULL) {
+		/* Compare 'sc_pkcs15_object.auth_id' with 'sc_pkcs15_pin_info.auth_id'.
+		 * In accordance with PKCS#15 "6.1.8 CommonObjectAttributes" and
+		 * "6.1.16 CommonAuthenticationObjectAttributes" with the exception that
+		 * "CommonObjectAttributes.accessControlRules" are not taken into account. */
+		if (sc_pkcs15_compare_id(&obj->auth_id, &pin_info->auth_id)) {
+			/* Caching is refused, if the protected object requires user consent */
+			if (obj->user_consent > 0) {
+				sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "caching refused (user consent)");
+				return;
+			}
 		}
+		obj = obj->next;
 	}
 
 	r = sc_pkcs15_allocate_object_content(pin_obj, pin, pinlen);

_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to