[opensc-devel] Support for Secret Key Objects both session and on card

Thu, 11 Aug 2011 07:49:36 -0700 

Victor,
Martin points out that both your branch and my ecdh branch
at dengert/OpenSC define a struct sc_pkcs15_skey_info.
https://github.com/viktorTarasov/OpenSC/commit/819bd829563020c2abad7537a245d57604951aec

See my note of 8/5 "Mods to add C_DeriveKey and Session
based Secret Key Objects at GitHub"

In order to support C_DeriveKey, PKCS#11 session based secret
key objects, are needed, even if the card can not support
secret keys or even if the card is not a PKCS#15 card.
An skey_info structure is needed, and it also needs to
store the value, key-type and length.

Much of the code needed for session based objects, is provided
by the code controlled by #ifdef USE_PKCS15_INIT. (I only
needed secret key objects, so did not attempt to provide
support of other session based objects, but in the future
someone may want these too.

This code then assumes that a profile is required but a
session based object does not need a profile and the object
is never written to the card. For example in framework-pkcs15.c
pkcs15_create_objects it checks for a profile:
  rc = sc_pkcs15init_bind(p11card->card, "pkcs15", NULL, &profile);
then goes on to create the object calling one of the
pkcs15_create_* functions, assuming the object will be on
created on the card.

I have added a pkcs15_create_secret_key function, that
will create session based objects, and has the hooks to
allow one to write a sc_pkcs15init_store_secret_key.

Note that in my pkcs15_create_secret_key function, I have
initialized a skey_info structure, which in all the other
objects are initialized in the sc_pkcs15init_store_* functions.
The creation of the *_info structures for the other objects
could also be moved up a level.

This is what I found I needed in libopensc/pkcs15.h


struct sc_pkcs15_skey_info {
         struct sc_pkcs15_id id;
         unsigned int usage, access_flags;
         int native, key_reference;
         size_t value_len;
         unsigned long key_type;
         int algo_refs[SC_MAX_SUPPORTED_ALGORITHMS];
         struct sc_path path; /* if on card */
         struct sc_pkcs15_der data;
};
typedef struct sc_pkcs15_skey_info sc_pkcs15_skey_info_t;

#define sc_pkcs15_skey sc_pkcs15_data
#define sc_pkcs15_skey_t sc_pkcs15_data_t

-- 


  Douglas E. Engert  <deeng...@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to