Dear all, in the attached patch I have collected some pieces of code, which I consider for obsolete sine r4113 (removal of split-key concept). This patch is maintains only and as this may have a lower priority.
Kind Regards Andre Zepezauer
Index: pkcs11/framework-pkcs15.c
===================================================================
--- pkcs11/framework-pkcs15.c (revision 4452)
+++ pkcs11/framework-pkcs15.c (working copy)
@@ -89,7 +89,9 @@
#define prv_flags base.base.flags
#define prv_p15obj base.p15_object
#define prv_pubkey base.related_pubkey
+/* split-key related
#define prv_next base.related_privkey
+*/
struct pkcs15_pubkey_object {
struct pkcs15_any_object base;
@@ -510,6 +512,8 @@
for (i = 0; i < fw_data->num_objects; i++) {
struct pkcs15_any_object *obj = fw_data->objects[i];
+#if 0
+ // split-key related
if (obj->base.flags & SC_PKCS11_OBJECT_HIDDEN)
continue;
if (is_privkey(obj) && obj != (struct pkcs15_any_object *) pk) {
@@ -525,6 +529,7 @@
*pp = (struct pkcs15_prkey_object *) obj;
}
} else
+#endif
if (is_pubkey(obj) && !pk->prv_pubkey) {
struct pkcs15_pubkey_object *pubkey;
@@ -594,8 +599,11 @@
for (i = 0; i < fw_data->num_objects; i++) {
struct pkcs15_any_object *obj = fw_data->objects[i];
+#if 0
+ // split-key related
if (obj->base.flags & SC_PKCS11_OBJECT_HIDDEN)
continue;
+#endif
sc_debug(context, SC_LOG_DEBUG_NORMAL, "Looking for objects
related to object %d", i);
@@ -655,8 +663,7 @@
unsigned int i;
struct pkcs15_fw_data *card_fw_data;
- if (obj == NULL
- || (obj->base.flags & (SC_PKCS11_OBJECT_HIDDEN |
SC_PKCS11_OBJECT_RECURS)))
+ if (obj == NULL || obj->base.flags & SC_PKCS11_OBJECT_RECURS)
return;
@@ -2324,10 +2331,14 @@
case CKA_VERIFY:
case CKA_VERIFY_RECOVER:
case CKA_DERIVE:
+#if 0
+ // split-key related
/* Combine the usage bits of all split keys */
for (usage = 0; prkey; prkey = prkey->prv_next)
usage |= prkey->prv_info->usage;
return get_usage_bit(usage, attr);
+#endif
+ return get_usage_bit(prkey->prv_info->usage, attr);
case CKA_MODULUS:
return get_modulus(key, attr);
/* XXX: this should be removed sometimes as a private key has no
@@ -2376,15 +2387,18 @@
sc_debug(context, SC_LOG_DEBUG_NORMAL, "Initiating signing operation,
mechanism 0x%x.\n",
pMechanism->mechanism);
+#if 0
+ // split-key related
/* See which of the alternative keys supports signing */
while (prkey
&& !(prkey->prv_info->usage
& (SC_PKCS15_PRKEY_USAGE_SIGN|SC_PKCS15_PRKEY_USAGE_SIGNRECOVER|
SC_PKCS15_PRKEY_USAGE_NONREPUDIATION)))
prkey = prkey->prv_next;
+#endif
if (prkey == NULL)
- return CKR_KEY_FUNCTION_NOT_PERMITTED;
+ SC_FUNC_RETURN(context, SC_LOG_DEBUG_VERBOSE,
CKR_FUNCTION_FAILED);
switch (pMechanism->mechanism) {
case CKM_RSA_PKCS:
@@ -2461,21 +2475,23 @@
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
{
struct pkcs15_fw_data *fw_data = (struct pkcs15_fw_data *)
ses->slot->card->fw_data;
- struct pkcs15_prkey_object *prkey;
+ struct pkcs15_prkey_object *prkey = (struct pkcs15_prkey_object *) obj;
u8 decrypted[256];
int buff_too_small, rv, flags = 0;
sc_debug(context, SC_LOG_DEBUG_NORMAL, "Initiating
unwrap/decryption.\n");
+#if 0
+ // split-key related
/* See which of the alternative keys supports unwrap/decrypt */
prkey = (struct pkcs15_prkey_object *) obj;
while (prkey
&& !(prkey->prv_info->usage
& (SC_PKCS15_PRKEY_USAGE_DECRYPT|SC_PKCS15_PRKEY_USAGE_UNWRAP)))
prkey = prkey->prv_next;
-
+#endif
if (prkey == NULL)
- return CKR_KEY_FUNCTION_NOT_PERMITTED;
+ SC_FUNC_RETURN(context, SC_LOG_DEBUG_VERBOSE,
CKR_FUNCTION_FAILED);
/* Select the proper padding mechanism */
switch (pMechanism->mechanism) {
Index: pkcs11/sc-pkcs11.h
===================================================================
--- pkcs11/sc-pkcs11.h (revision 4452)
+++ pkcs11/sc-pkcs11.h (working copy)
@@ -124,7 +124,9 @@
};
#define SC_PKCS11_OBJECT_SEEN 0x0001
+/* split-key related
#define SC_PKCS11_OBJECT_HIDDEN 0x0002
+*/
#define SC_PKCS11_OBJECT_RECURS 0x8000
Index: pkcs15init/pkcs15-init.h
===================================================================
--- pkcs15init/pkcs15-init.h (revision 4452)
+++ pkcs15init/pkcs15-init.h (working copy)
@@ -280,11 +280,13 @@
struct sc_profile *,
struct sc_pkcs15init_prkeyargs *,
struct sc_pkcs15_object **);
+/* split-key related
extern int sc_pkcs15init_store_split_key(struct sc_pkcs15_card *,
struct sc_profile *,
struct sc_pkcs15init_prkeyargs *,
struct sc_pkcs15_object **,
struct sc_pkcs15_object **);
+*/
extern int sc_pkcs15init_store_public_key(struct sc_pkcs15_card *,
struct sc_profile *,
struct sc_pkcs15init_pubkeyargs *,
@@ -352,10 +354,12 @@
struct sc_file *);
/* Helper function for CardOS */
+/* split-key related
extern int sc_pkcs15init_requires_restrictive_usage(
struct sc_pkcs15_card *,
struct sc_pkcs15init_prkeyargs *,
unsigned int);
+*/
extern int sc_pkcs15_create_pin_domain(struct sc_profile *, struct
sc_pkcs15_card *,
const struct sc_pkcs15_id *, struct sc_file **);
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
