rpms / opensc

Clone
Source Code
GIT

Blame SOURCES/opensc-0.16.0-piv-cardholder-name.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c2a5c7af31ef867c5f70ed1fbb8934263c9e00af
  2.   SOURCES
  3.   opensc-0.16.0-piv-cardholder-name.patch
Blob History Raw
c2a5c7 
From bac1ced89dde5780ecb5014b3887e4fd81c7d81c Mon Sep 17 00:00:00 2001
c2a5c7 
From: Jakub Jelen <jjelen@redhat.com>
c2a5c7 
Date: Fri, 18 Aug 2017 13:49:57 +0200
c2a5c7 
Subject: [PATCH 1/3] Use shorter PIN name for default PIN to accomodate Card
c2a5c7 
 Holder name in future
c2a5c7
c2a5c7 
---
c2a5c7 
 src/libopensc/pkcs15-piv.c | 4 ++--
c2a5c7 
 1 file changed, 2 insertions(+), 2 deletions(-)
c2a5c7
c2a5c7 
diff --git a/src/libopensc/pkcs15-piv.c b/src/libopensc/pkcs15-piv.c
c2a5c7 
index d38d7ba73..7f9015dcc 100644
c2a5c7 
--- a/src/libopensc/pkcs15-piv.c
c2a5c7 
+++ b/src/libopensc/pkcs15-piv.c
c2a5c7 
@@ -359,7 +359,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
c2a5c7 
 	};
c2a5c7
c2a5c7 
 	static const pindata pins[] = {
c2a5c7 
-		{ "01", "PIV Card Holder pin", "", 0x80,
c2a5c7 
+		{ "01", "PIN", "", 0x80,
c2a5c7 
 		  /* label, flag  and ref will change if using global pin */
c2a5c7 
 		  SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
c2a5c7 
 		  8, 4, 8,
c2a5c7 
@@ -932,7 +932,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
c2a5c7 
 			pin_info.attrs.pin.reference = pin_ref;
c2a5c7 
 			pin_info.attrs.pin.flags &= ~SC_PKCS15_PIN_FLAG_LOCAL;
c2a5c7 
 			label = "Global PIN";
c2a5c7 
-		}
c2a5c7 
+		}
c2a5c7 
 sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "DEE Adding pin %d label=%s",i, label);
c2a5c7 
 		strncpy(pin_obj.label, label, SC_PKCS15_MAX_LABEL_SIZE - 1);
c2a5c7 
 		pin_obj.flags = pins[i].obj_flags;
c2a5c7
c2a5c7 
From 74b070128c27e24aa67db041a049a9eee5dddcd6 Mon Sep 17 00:00:00 2001
c2a5c7 
From: Jakub Jelen <jjelen@redhat.com>
c2a5c7 
Date: Fri, 18 Aug 2017 14:18:00 +0200
c2a5c7 
Subject: [PATCH 2/3] Get cardholder name from the first certificate
c2a5c7
c2a5c7 
---
c2a5c7 
 src/libopensc/pkcs15-piv.c | 24 +++++++++++++++++++++++-
c2a5c7 
 1 file changed, 23 insertions(+), 1 deletion(-)
c2a5c7
c2a5c7 
diff --git a/src/libopensc/pkcs15-piv.c b/src/libopensc/pkcs15-piv.c
c2a5c7 
index 7f9015dcc..6f3c9199d 100644
c2a5c7 
--- a/src/libopensc/pkcs15-piv.c
c2a5c7 
+++ b/src/libopensc/pkcs15-piv.c
c2a5c7 
@@ -613,7 +613,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
c2a5c7 
 	char buf[SC_MAX_SERIALNR * 2 + 1];
c2a5c7 
 	common_key_info ckis[PIV_NUM_CERTS_AND_KEYS];
c2a5c7 
 	int follows_nist_fascn = 0;
c2a5c7 
-
c2a5c7 
+	char *token_name = NULL;
c2a5c7
c2a5c7 
 	SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
c2a5c7
c2a5c7 
@@ -765,6 +765,30 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
c2a5c7 
 				sc_pkcs15_free_certificate(cert_out);
c2a5c7 
 			continue;
c2a5c7 
 		}
c2a5c7 
+
c2a5c7 
+		/* set the token name to the name of the CN of the first certificate */
c2a5c7 
+		if (!token_name) {
c2a5c7 
+			u8 * cn_name = NULL;
c2a5c7 
+			size_t cn_len = 0;
c2a5c7 
+			static const struct sc_object_id cn_oid = {{ 2, 5, 4, 3, -1 }};
c2a5c7 
+			r = sc_pkcs15_get_name_from_dn(card->ctx, cert_out->subject,
c2a5c7 
+				cert_out->subject_len, &cn_oid, &cn_name, &cn_len);
c2a5c7 
+			if (r == SC_SUCCESS) {
c2a5c7 
+				token_name = malloc (cn_len+1);
c2a5c7 
+				if (!token_name) {
c2a5c7 
+					sc_pkcs15_free_certificate(cert_out);
c2a5c7 
+					free(cn_name);
c2a5c7 
+					SC_FUNC_RETURN(card->ctx,
c2a5c7 
+						SC_ERROR_OUT_OF_MEMORY, r);
c2a5c7 
+				}
c2a5c7 
+				memcpy(token_name, cn_name, cn_len);
c2a5c7 
+				free(cn_name);
c2a5c7 
+				token_name[cn_len] = 0;
c2a5c7 
+				free(p15card->tokeninfo->label);
c2a5c7 
+				p15card->tokeninfo->label = token_name;
c2a5c7 
+			}
c2a5c7 
+		}
c2a5c7 
+
c2a5c7 
 		/*
c2a5c7 
 		 * get keyUsage if present save in ckis[i]
c2a5c7 
 		 * Will only use it if this in a non FED issued card
c2a5c7
c2a5c7 
From 78c2b7b970a8c2d841552926a7f4c386c31abeb8 Mon Sep 17 00:00:00 2001
c2a5c7 
From: Jakub Jelen <jjelen@redhat.com>
c2a5c7 
Date: Mon, 21 Aug 2017 13:43:08 +0200
c2a5c7 
Subject: [PATCH 3/3] Do not add non-informative PIN to the token label
c2a5c7
c2a5c7 
---
c2a5c7 
 src/pkcs11/framework-pkcs15.c | 4 +++-
c2a5c7 
 1 file changed, 3 insertions(+), 1 deletion(-)
c2a5c7
c2a5c7 
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
c2a5c7 
index 5b3cb32e5..8ded1125b 100644
c2a5c7 
--- a/src/pkcs11/framework-pkcs15.c
c2a5c7 
+++ b/src/pkcs11/framework-pkcs15.c
c2a5c7 
@@ -1024,6 +1024,7 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
c2a5c7 
 	struct sc_pkcs15_auth_info *pin_info = NULL;
c2a5c7 
 	char label[64];
c2a5c7
c2a5c7 
+	sc_log(context, "Called");
c2a5c7 
 	pkcs15_init_token_info(p15card, &slot->token_info);
c2a5c7 
 	slot->token_info.flags |= CKF_TOKEN_INITIALIZED;
c2a5c7 
 	if (auth != NULL)
c2a5c7 
@@ -1048,9 +1049,10 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
c2a5c7 
 			pin_info = NULL;
c2a5c7 
 		}
c2a5c7 
 		else   {
c2a5c7 
-			if (auth->label[0])
c2a5c7 
+			if (auth->label[0] && strncmp(auth->label, "PIN", 4) != 0)
c2a5c7 
 				snprintf(label, sizeof(label), "%.*s (%s)", (int) sizeof auth->label, auth->label, p15card->tokeninfo->label);
c2a5c7 
 			else
c2a5c7 
+				/* The PIN label is empty or says just non-useful "PIN" */
c2a5c7 
 				snprintf(label, sizeof(label), "%s", p15card->tokeninfo->label);
c2a5c7 
 			slot->token_info.flags |= CKF_LOGIN_REQUIRED;
c2a5c7 
 		}
c2a5c7

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation