1
by Noah Meyerhans
Import upstream version 3.8.1p1 |
1 |
/*
|
2 |
* Copyright (c) 2002 Juha Yrjölä. All rights reserved.
|
|
3 |
* Copyright (c) 2001 Markus Friedl.
|
|
4 |
*
|
|
5 |
* Redistribution and use in source and binary forms, with or without
|
|
6 |
* modification, are permitted provided that the following conditions
|
|
7 |
* are met:
|
|
8 |
* 1. Redistributions of source code must retain the above copyright
|
|
9 |
* notice, this list of conditions and the following disclaimer.
|
|
10 |
* 2. Redistributions in binary form must reproduce the above copyright
|
|
11 |
* notice, this list of conditions and the following disclaimer in the
|
|
12 |
* documentation and/or other materials provided with the distribution.
|
|
13 |
*
|
|
14 |
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
15 |
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
16 |
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
17 |
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
18 |
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
19 |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
20 |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
21 |
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
22 |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
23 |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
24 |
*/
|
|
25 |
||
26 |
#include "includes.h" |
|
27 |
#if defined(SMARTCARD) && defined(USE_OPENSC)
|
|
28 |
||
1.13.1
by Colin Watson
Import upstream version 4.6p1 |
29 |
#include <sys/types.h> |
30 |
||
1
by Noah Meyerhans
Import upstream version 3.8.1p1 |
31 |
#include <openssl/evp.h> |
32 |
#include <openssl/x509.h> |
|
33 |
||
1.13.1
by Colin Watson
Import upstream version 4.6p1 |
34 |
#include <stdarg.h> |
1.13.2
by Colin Watson
Import upstream version 4.7p1 |
35 |
#include <string.h> |
1.13.1
by Colin Watson
Import upstream version 4.6p1 |
36 |
|
1
by Noah Meyerhans
Import upstream version 3.8.1p1 |
37 |
#include <opensc/opensc.h> |
38 |
#include <opensc/pkcs15.h> |
|
39 |
||
40 |
#include "key.h" |
|
41 |
#include "log.h" |
|
42 |
#include "xmalloc.h" |
|
1.1.1
by Colin Watson
Import upstream version 3.9p1 |
43 |
#include "misc.h" |
1
by Noah Meyerhans
Import upstream version 3.8.1p1 |
44 |
#include "scard.h" |
45 |
||
46 |
#if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE)
|
|
47 |
#define USE_ENGINE
|
|
48 |
#define RSA_get_default_method RSA_get_default_openssl_method
|
|
49 |
#else
|
|
50 |
#endif
|
|
51 |
||
52 |
#ifdef USE_ENGINE
|
|
53 |
#include <openssl/engine.h> |
|
54 |
#define sc_get_rsa sc_get_engine
|
|
55 |
#else
|
|
56 |
#define sc_get_rsa sc_get_rsa_method
|
|
57 |
#endif
|
|
58 |
||
59 |
static int sc_reader_id; |
|
60 |
static sc_context_t *ctx = NULL; |
|
61 |
static sc_card_t *card = NULL; |
|
62 |
static sc_pkcs15_card_t *p15card = NULL; |
|
63 |
||
64 |
static char *sc_pin = NULL; |
|
65 |
||
66 |
struct sc_priv_data |
|
67 |
{
|
|
68 |
struct sc_pkcs15_id cert_id; |
|
69 |
int ref_count; |
|
70 |
};
|
|
71 |
||
72 |
void
|
|
73 |
sc_close(void) |
|
74 |
{
|
|
75 |
if (p15card) { |
|
76 |
sc_pkcs15_unbind(p15card); |
|
77 |
p15card = NULL; |
|
78 |
}
|
|
79 |
if (card) { |
|
80 |
sc_disconnect_card(card, 0); |
|
81 |
card = NULL; |
|
82 |
}
|
|
83 |
if (ctx) { |
|
84 |
sc_release_context(ctx); |
|
85 |
ctx = NULL; |
|
86 |
}
|
|
87 |
}
|
|
88 |
||
89 |
static int |
|
90 |
sc_init(void) |
|
91 |
{
|
|
92 |
int r; |
|
93 |
||
94 |
r = sc_establish_context(&ctx, "openssh"); |
|
95 |
if (r) |
|
96 |
goto err; |
|
97 |
if (sc_reader_id >= ctx->reader_count) { |
|
98 |
r = SC_ERROR_NO_READERS_FOUND; |
|
99 |
error("Illegal reader number %d (max %d)", sc_reader_id, |
|
100 |
ctx->reader_count -1); |
|
101 |
goto err; |
|
102 |
}
|
|
103 |
r = sc_connect_card(ctx->reader[sc_reader_id], 0, &card); |
|
104 |
if (r) |
|
105 |
goto err; |
|
106 |
r = sc_pkcs15_bind(card, &p15card); |
|
107 |
if (r) |
|
108 |
goto err; |
|
109 |
return 0; |
|
110 |
err: |
|
111 |
sc_close(); |
|
112 |
return r; |
|
113 |
}
|
|
114 |
||
115 |
/* private key operations */
|
|
116 |
||
117 |
static int |
|
118 |
sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out, |
|
119 |
unsigned int usage) |
|
120 |
{
|
|
121 |
int r; |
|
122 |
struct sc_priv_data *priv; |
|
123 |
struct sc_pkcs15_object *key_obj; |
|
124 |
struct sc_pkcs15_prkey_info *key; |
|
125 |
struct sc_pkcs15_object *pin_obj; |
|
126 |
struct sc_pkcs15_pin_info *pin; |
|
127 |
||
128 |
priv = (struct sc_priv_data *) RSA_get_app_data(rsa); |
|
129 |
if (priv == NULL) |
|
130 |
return -1; |
|
131 |
if (p15card == NULL) { |
|
132 |
sc_close(); |
|
133 |
r = sc_init(); |
|
134 |
if (r) { |
|
135 |
error("SmartCard init failed: %s", sc_strerror(r)); |
|
136 |
goto err; |
|
137 |
}
|
|
138 |
}
|
|
139 |
r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id, |
|
140 |
usage, &key_obj); |
|
141 |
if (r) { |
|
142 |
error("Unable to find private key from SmartCard: %s", |
|
143 |
sc_strerror(r)); |
|
144 |
goto err; |
|
145 |
}
|
|
146 |
key = key_obj->data; |
|
147 |
r = sc_pkcs15_find_pin_by_auth_id(p15card, &key_obj->auth_id, |
|
148 |
&pin_obj); |
|
149 |
if (r == SC_ERROR_OBJECT_NOT_FOUND) { |
|
150 |
/* no pin required */
|
|
151 |
r = sc_lock(card); |
|
152 |
if (r) { |
|
153 |
error("Unable to lock smartcard: %s", sc_strerror(r)); |
|
154 |
goto err; |
|
155 |
}
|
|
156 |
*key_obj_out = key_obj; |
|
157 |
return 0; |
|
158 |
} else if (r) { |
|
159 |
error("Unable to find PIN object from SmartCard: %s", |
|
160 |
sc_strerror(r)); |
|
161 |
goto err; |
|
162 |
}
|
|
163 |
pin = pin_obj->data; |
|
164 |
r = sc_lock(card); |
|
165 |
if (r) { |
|
166 |
error("Unable to lock smartcard: %s", sc_strerror(r)); |
|
167 |
goto err; |
|
168 |
}
|
|
169 |
if (sc_pin != NULL) { |
|
170 |
r = sc_pkcs15_verify_pin(p15card, pin, sc_pin, |
|
171 |
strlen(sc_pin)); |
|
172 |
if (r) { |
|
173 |
sc_unlock(card); |
|
174 |
error("PIN code verification failed: %s", |
|
175 |
sc_strerror(r)); |
|
176 |
goto err; |
|
177 |
}
|
|
178 |
}
|
|
179 |
*key_obj_out = key_obj; |
|
180 |
return 0; |
|
181 |
err: |
|
182 |
sc_close(); |
|
183 |
return -1; |
|
184 |
}
|
|
185 |
||
186 |
#define SC_USAGE_DECRYPT SC_PKCS15_PRKEY_USAGE_DECRYPT | \
|
|
187 |
SC_PKCS15_PRKEY_USAGE_UNWRAP
|
|
188 |
||
189 |
static int |
|
190 |
sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, |
|
191 |
int padding) |
|
192 |
{
|
|
193 |
struct sc_pkcs15_object *key_obj; |
|
194 |
int r; |
|
195 |
||
196 |
if (padding != RSA_PKCS1_PADDING) |
|
197 |
return -1; |
|
198 |
r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_DECRYPT); |
|
199 |
if (r) |
|
200 |
return -1; |
|
201 |
r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1, |
|
202 |
from, flen, to, flen); |
|
203 |
sc_unlock(card); |
|
204 |
if (r < 0) { |
|
205 |
error("sc_pkcs15_decipher() failed: %s", sc_strerror(r)); |
|
206 |
goto err; |
|
207 |
}
|
|
208 |
return r; |
|
209 |
err: |
|
210 |
sc_close(); |
|
211 |
return -1; |
|
212 |
}
|
|
213 |
||
214 |
#define SC_USAGE_SIGN SC_PKCS15_PRKEY_USAGE_SIGN | \
|
|
215 |
SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
|
|
216 |
||
217 |
static int |
|
218 |
sc_sign(int type, u_char *m, unsigned int m_len, |
|
219 |
unsigned char *sigret, unsigned int *siglen, RSA *rsa) |
|
220 |
{
|
|
221 |
struct sc_pkcs15_object *key_obj; |
|
222 |
int r; |
|
223 |
unsigned long flags = 0; |
|
224 |
||
225 |
/* XXX: sc_prkey_op_init will search for a pkcs15 private
|
|
226 |
* key object with the sign or signrecover usage flag set.
|
|
227 |
* If the signing key has only the non-repudiation flag set
|
|
228 |
* the key will be rejected as using a non-repudiation key
|
|
229 |
* for authentication is not recommended. Note: This does not
|
|
230 |
* prevent the use of a non-repudiation key for authentication
|
|
231 |
* if the sign or signrecover flag is set as well.
|
|
232 |
*/
|
|
233 |
r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_SIGN); |
|
234 |
if (r) |
|
235 |
return -1; |
|
236 |
/* FIXME: length of sigret correct? */
|
|
237 |
/* FIXME: check 'type' and modify flags accordingly */
|
|
238 |
flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA1; |
|
239 |
r = sc_pkcs15_compute_signature(p15card, key_obj, flags, |
|
240 |
m, m_len, sigret, RSA_size(rsa)); |
|
241 |
sc_unlock(card); |
|
242 |
if (r < 0) { |
|
243 |
error("sc_pkcs15_compute_signature() failed: %s", |
|
244 |
sc_strerror(r)); |
|
245 |
goto err; |
|
246 |
}
|
|
247 |
*siglen = r; |
|
248 |
return 1; |
|
249 |
err: |
|
250 |
sc_close(); |
|
251 |
return 0; |
|
252 |
}
|
|
253 |
||
254 |
static int |
|
255 |
sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, |
|
256 |
int padding) |
|
257 |
{
|
|
258 |
error("Private key encryption not supported"); |
|
259 |
return -1; |
|
260 |
}
|
|
261 |
||
262 |
/* called on free */
|
|
263 |
||
264 |
static int (*orig_finish)(RSA *rsa) = NULL; |
|
265 |
||
266 |
static int |
|
267 |
sc_finish(RSA *rsa) |
|
268 |
{
|
|
269 |
struct sc_priv_data *priv; |
|
270 |
||
271 |
priv = RSA_get_app_data(rsa); |
|
272 |
priv->ref_count--; |
|
273 |
if (priv->ref_count == 0) { |
|
274 |
free(priv); |
|
275 |
sc_close(); |
|
276 |
}
|
|
277 |
if (orig_finish) |
|
278 |
orig_finish(rsa); |
|
279 |
return 1; |
|
280 |
}
|
|
281 |
||
282 |
/* engine for overloading private key operations */
|
|
283 |
||
284 |
static RSA_METHOD * |
|
285 |
sc_get_rsa_method(void) |
|
286 |
{
|
|
287 |
static RSA_METHOD smart_rsa; |
|
288 |
const RSA_METHOD *def = RSA_get_default_method(); |
|
289 |
||
290 |
/* use the OpenSSL version */
|
|
291 |
memcpy(&smart_rsa, def, sizeof(smart_rsa)); |
|
292 |
||
293 |
smart_rsa.name = "opensc"; |
|
294 |
||
295 |
/* overload */
|
|
296 |
smart_rsa.rsa_priv_enc = sc_private_encrypt; |
|
297 |
smart_rsa.rsa_priv_dec = sc_private_decrypt; |
|
298 |
smart_rsa.rsa_sign = sc_sign; |
|
299 |
||
300 |
/* save original */
|
|
301 |
orig_finish = def->finish; |
|
302 |
smart_rsa.finish = sc_finish; |
|
303 |
||
304 |
return &smart_rsa; |
|
305 |
}
|
|
306 |
||
307 |
#ifdef USE_ENGINE
|
|
308 |
static ENGINE * |
|
309 |
sc_get_engine(void) |
|
310 |
{
|
|
311 |
static ENGINE *smart_engine = NULL; |
|
312 |
||
313 |
if ((smart_engine = ENGINE_new()) == NULL) |
|
314 |
fatal("ENGINE_new failed"); |
|
315 |
||
316 |
ENGINE_set_id(smart_engine, "opensc"); |
|
317 |
ENGINE_set_name(smart_engine, "OpenSC"); |
|
318 |
||
319 |
ENGINE_set_RSA(smart_engine, sc_get_rsa_method()); |
|
320 |
ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method()); |
|
321 |
ENGINE_set_DH(smart_engine, DH_get_default_openssl_method()); |
|
322 |
ENGINE_set_RAND(smart_engine, RAND_SSLeay()); |
|
323 |
ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp); |
|
324 |
||
325 |
return smart_engine; |
|
326 |
}
|
|
327 |
#endif
|
|
328 |
||
329 |
static void |
|
330 |
convert_rsa_to_rsa1(Key * in, Key * out) |
|
331 |
{
|
|
332 |
struct sc_priv_data *priv; |
|
333 |
||
334 |
out->rsa->flags = in->rsa->flags; |
|
335 |
out->flags = in->flags; |
|
336 |
RSA_set_method(out->rsa, RSA_get_method(in->rsa)); |
|
337 |
BN_copy(out->rsa->n, in->rsa->n); |
|
338 |
BN_copy(out->rsa->e, in->rsa->e); |
|
339 |
priv = RSA_get_app_data(in->rsa); |
|
340 |
priv->ref_count++; |
|
341 |
RSA_set_app_data(out->rsa, priv); |
|
342 |
return; |
|
343 |
}
|
|
344 |
||
345 |
static int |
|
346 |
sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj) |
|
347 |
{
|
|
348 |
int r; |
|
349 |
sc_pkcs15_cert_t *cert = NULL; |
|
350 |
struct sc_priv_data *priv = NULL; |
|
351 |
sc_pkcs15_cert_info_t *cinfo = cert_obj->data; |
|
352 |
||
353 |
X509 *x509 = NULL; |
|
354 |
EVP_PKEY *pubkey = NULL; |
|
355 |
u8 *p; |
|
356 |
char *tmp; |
|
357 |
||
358 |
debug("sc_read_pubkey() with cert id %02X", cinfo->id.value[0]); |
|
359 |
r = sc_pkcs15_read_certificate(p15card, cinfo, &cert); |
|
360 |
if (r) { |
|
361 |
logit("Certificate read failed: %s", sc_strerror(r)); |
|
362 |
goto err; |
|
363 |
}
|
|
364 |
x509 = X509_new(); |
|
365 |
if (x509 == NULL) { |
|
366 |
r = -1; |
|
367 |
goto err; |
|
368 |
}
|
|
369 |
p = cert->data; |
|
370 |
if (!d2i_X509(&x509, &p, cert->data_len)) { |
|
371 |
logit("Unable to parse X.509 certificate"); |
|
372 |
r = -1; |
|
373 |
goto err; |
|
374 |
}
|
|
375 |
sc_pkcs15_free_certificate(cert); |
|
376 |
cert = NULL; |
|
377 |
pubkey = X509_get_pubkey(x509); |
|
378 |
X509_free(x509); |
|
379 |
x509 = NULL; |
|
380 |
if (pubkey->type != EVP_PKEY_RSA) { |
|
381 |
logit("Public key is of unknown type"); |
|
382 |
r = -1; |
|
383 |
goto err; |
|
384 |
}
|
|
385 |
k->rsa = EVP_PKEY_get1_RSA(pubkey); |
|
386 |
EVP_PKEY_free(pubkey); |
|
387 |
||
388 |
k->rsa->flags |= RSA_FLAG_SIGN_VER; |
|
389 |
RSA_set_method(k->rsa, sc_get_rsa_method()); |
|
390 |
priv = xmalloc(sizeof(struct sc_priv_data)); |
|
391 |
priv->cert_id = cinfo->id; |
|
392 |
priv->ref_count = 1; |
|
393 |
RSA_set_app_data(k->rsa, priv); |
|
394 |
||
395 |
k->flags = KEY_FLAG_EXT; |
|
396 |
tmp = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX); |
|
397 |
debug("fingerprint %d %s", key_size(k), tmp); |
|
398 |
xfree(tmp); |
|
399 |
||
400 |
return 0; |
|
401 |
err: |
|
402 |
if (cert) |
|
403 |
sc_pkcs15_free_certificate(cert); |
|
404 |
if (pubkey) |
|
405 |
EVP_PKEY_free(pubkey); |
|
406 |
if (x509) |
|
407 |
X509_free(x509); |
|
408 |
return r; |
|
409 |
}
|
|
410 |
||
411 |
Key ** |
|
412 |
sc_get_keys(const char *id, const char *pin) |
|
413 |
{
|
|
414 |
Key *k, **keys; |
|
415 |
int i, r, real_count = 0, key_count; |
|
416 |
sc_pkcs15_id_t cert_id; |
|
417 |
sc_pkcs15_object_t *certs[32]; |
|
418 |
char *buf = xstrdup(id), *p; |
|
419 |
||
420 |
debug("sc_get_keys called: id = %s", id); |
|
421 |
||
422 |
if (sc_pin != NULL) |
|
423 |
xfree(sc_pin); |
|
424 |
sc_pin = (pin == NULL) ? NULL : xstrdup(pin); |
|
425 |
||
426 |
cert_id.len = 0; |
|
427 |
if ((p = strchr(buf, ':')) != NULL) { |
|
428 |
*p = 0; |
|
429 |
p++; |
|
430 |
sc_pkcs15_hex_string_to_id(p, &cert_id); |
|
431 |
}
|
|
432 |
r = sscanf(buf, "%d", &sc_reader_id); |
|
433 |
xfree(buf); |
|
434 |
if (r != 1) |
|
435 |
goto err; |
|
436 |
if (p15card == NULL) { |
|
437 |
sc_close(); |
|
438 |
r = sc_init(); |
|
439 |
if (r) { |
|
440 |
error("Smartcard init failed: %s", sc_strerror(r)); |
|
441 |
goto err; |
|
442 |
}
|
|
443 |
}
|
|
444 |
if (cert_id.len) { |
|
445 |
r = sc_pkcs15_find_cert_by_id(p15card, &cert_id, &certs[0]); |
|
446 |
if (r < 0) |
|
447 |
goto err; |
|
448 |
key_count = 1; |
|
449 |
} else { |
|
450 |
r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_CERT_X509, |
|
451 |
certs, 32); |
|
452 |
if (r == 0) { |
|
453 |
logit("No certificates found on smartcard"); |
|
454 |
r = -1; |
|
455 |
goto err; |
|
456 |
} else if (r < 0) { |
|
457 |
error("Certificate enumeration failed: %s", |
|
458 |
sc_strerror(r)); |
|
459 |
goto err; |
|
460 |
}
|
|
461 |
key_count = r; |
|
462 |
}
|
|
1.13.1
by Colin Watson
Import upstream version 4.6p1 |
463 |
if (key_count > 1024) |
464 |
fatal("Too many keys (%u), expected <= 1024", key_count); |
|
465 |
keys = xcalloc(key_count * 2 + 1, sizeof(Key *)); |
|
1
by Noah Meyerhans
Import upstream version 3.8.1p1 |
466 |
for (i = 0; i < key_count; i++) { |
467 |
sc_pkcs15_object_t *tmp_obj = NULL; |
|
468 |
cert_id = ((sc_pkcs15_cert_info_t *)(certs[i]->data))->id; |
|
469 |
if (sc_pkcs15_find_prkey_by_id(p15card, &cert_id, &tmp_obj)) |
|
470 |
/* skip the public key (certificate) if no
|
|
471 |
* corresponding private key is present */
|
|
472 |
continue; |
|
473 |
k = key_new(KEY_RSA); |
|
474 |
if (k == NULL) |
|
475 |
break; |
|
476 |
r = sc_read_pubkey(k, certs[i]); |
|
477 |
if (r) { |
|
478 |
error("sc_read_pubkey failed: %s", sc_strerror(r)); |
|
479 |
key_free(k); |
|
480 |
continue; |
|
481 |
}
|
|
482 |
keys[real_count] = k; |
|
483 |
real_count++; |
|
484 |
k = key_new(KEY_RSA1); |
|
485 |
if (k == NULL) |
|
486 |
break; |
|
487 |
convert_rsa_to_rsa1(keys[real_count-1], k); |
|
488 |
keys[real_count] = k; |
|
489 |
real_count++; |
|
490 |
}
|
|
491 |
keys[real_count] = NULL; |
|
492 |
||
493 |
return keys; |
|
494 |
err: |
|
495 |
sc_close(); |
|
496 |
return NULL; |
|
497 |
}
|
|
498 |
||
499 |
int
|
|
500 |
sc_put_key(Key *prv, const char *id) |
|
501 |
{
|
|
502 |
error("key uploading not yet supported"); |
|
503 |
return -1; |
|
504 |
}
|
|
505 |
||
506 |
char * |
|
507 |
sc_get_key_label(Key *key) |
|
508 |
{
|
|
509 |
int r; |
|
510 |
const struct sc_priv_data *priv; |
|
511 |
struct sc_pkcs15_object *key_obj; |
|
512 |
||
513 |
priv = (const struct sc_priv_data *) RSA_get_app_data(key->rsa); |
|
514 |
if (priv == NULL || p15card == NULL) { |
|
515 |
logit("SmartCard key not loaded"); |
|
516 |
/* internal error => return default label */
|
|
517 |
return xstrdup("smartcard key"); |
|
518 |
}
|
|
519 |
r = sc_pkcs15_find_prkey_by_id(p15card, &priv->cert_id, &key_obj); |
|
520 |
if (r) { |
|
521 |
logit("Unable to find private key from SmartCard: %s", |
|
522 |
sc_strerror(r)); |
|
523 |
return xstrdup("smartcard key"); |
|
524 |
}
|
|
525 |
if (key_obj == NULL || key_obj->label == NULL) |
|
526 |
/* the optional PKCS#15 label does not exists
|
|
527 |
* => return the default label */
|
|
528 |
return xstrdup("smartcard key"); |
|
529 |
return xstrdup(key_obj->label); |
|
530 |
}
|
|
531 |
||
532 |
#endif /* SMARTCARD */ |