|
Lines 110-116
Link Here
|
| 110 |
/* private key operations */ |
110 |
/* private key operations */ |
| 111 |
|
111 |
|
| 112 |
static int |
112 |
static int |
| 113 |
sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out) |
113 |
sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out, |
|
|
114 |
unsigned int usage) |
| 114 |
{ |
115 |
{ |
| 115 |
int r; |
116 |
int r; |
| 116 |
struct sc_priv_data *priv; |
117 |
struct sc_priv_data *priv; |
|
Lines 130-136
Link Here
|
| 130 |
goto err; |
131 |
goto err; |
| 131 |
} |
132 |
} |
| 132 |
} |
133 |
} |
| 133 |
r = sc_pkcs15_find_prkey_by_id(p15card, &priv->cert_id, &key_obj); |
134 |
r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id, |
|
|
135 |
usage, &key_obj); |
| 134 |
if (r) { |
136 |
if (r) { |
| 135 |
error("Unable to find private key from SmartCard: %s", |
137 |
error("Unable to find private key from SmartCard: %s", |
| 136 |
sc_strerror(r)); |
138 |
sc_strerror(r)); |
|
Lines 176-181
Link Here
|
| 176 |
return -1; |
178 |
return -1; |
| 177 |
} |
179 |
} |
| 178 |
|
180 |
|
|
|
181 |
#define SC_USAGE_DECRYPT SC_PKCS15_PRKEY_USAGE_DECRYPT | \ |
| 182 |
SC_PKCS15_PRKEY_USAGE_UNWRAP |
| 183 |
|
| 179 |
static int |
184 |
static int |
| 180 |
sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, |
185 |
sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, |
| 181 |
int padding) |
186 |
int padding) |
|
Lines 185-191
Link Here
|
| 185 |
|
190 |
|
| 186 |
if (padding != RSA_PKCS1_PADDING) |
191 |
if (padding != RSA_PKCS1_PADDING) |
| 187 |
return -1; |
192 |
return -1; |
| 188 |
r = sc_prkey_op_init(rsa, &key_obj); |
193 |
r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_DECRYPT); |
| 189 |
if (r) |
194 |
if (r) |
| 190 |
return -1; |
195 |
return -1; |
| 191 |
r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1, |
196 |
r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1, |
|
Lines 201-206
Link Here
|
| 201 |
return -1; |
206 |
return -1; |
| 202 |
} |
207 |
} |
| 203 |
|
208 |
|
|
|
209 |
#define SC_USAGE_SIGN SC_PKCS15_PRKEY_USAGE_SIGN | \ |
| 210 |
SC_PKCS15_PRKEY_USAGE_SIGNRECOVER |
| 211 |
|
| 204 |
static int |
212 |
static int |
| 205 |
sc_sign(int type, u_char *m, unsigned int m_len, |
213 |
sc_sign(int type, u_char *m, unsigned int m_len, |
| 206 |
unsigned char *sigret, unsigned int *siglen, RSA *rsa) |
214 |
unsigned char *sigret, unsigned int *siglen, RSA *rsa) |
|
Lines 209-215
Link Here
|
| 209 |
int r; |
217 |
int r; |
| 210 |
unsigned long flags = 0; |
218 |
unsigned long flags = 0; |
| 211 |
|
219 |
|
| 212 |
r = sc_prkey_op_init(rsa, &key_obj); |
220 |
/* XXX: sc_prkey_op_init will search for a pkcs15 private |
|
|
221 |
* key object with the sign or signrecover usage flag set. |
| 222 |
* If the signing key has only the non-repudiation flag set |
| 223 |
* the key will be rejected as using a non-repudiation key |
| 224 |
* for authentication is not recommended. Note: This does not |
| 225 |
* prevent the use of a non-repudiation key for authentication |
| 226 |
* if the sign or signrecover flag is set as well. |
| 227 |
*/ |
| 228 |
r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_SIGN); |
| 213 |
if (r) |
229 |
if (r) |
| 214 |
return -1; |
230 |
return -1; |
| 215 |
/* FIXME: length of sigret correct? */ |
231 |
/* FIXME: length of sigret correct? */ |