OpenSCKeyRecord::OpenSCKeyRecord(OpenSCToken *openSCToken,
const sc_pkcs15_object_t *objectOne,
const sc_pkcs15_object_t *objectTwo,
const Tokend::MetaRecord &metaRecord) :
OpenSCRecord(openSCToken, objectOne)
{
int decryptFlags = SC_PKCS15_PRKEY_USAGE_DECRYPT
| SC_PKCS15_PRKEY_USAGE_UNWRAP;
int signFlags = SC_PKCS15_PRKEY_USAGE_SIGN
| SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
| SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
sc_pkcs15_prkey_info_t *kOne = (sc_pkcs15_prkey_info_t *) objectOne->data;
sc_pkcs15_prkey_info_t *kTwo = (sc_pkcs15_prkey_info_t *) objectTwo->data;
// find out key attributes!
attributeAtIndex(metaRecord.metaAttribute(kSecKeyDecrypt).attributeIndex(),
new Tokend::Attribute(true));
attributeAtIndex(metaRecord.metaAttribute(kSecKeyUnwrap).attributeIndex(),
new Tokend::Attribute(true));
attributeAtIndex(metaRecord.metaAttribute(kSecKeySign).attributeIndex(),
new Tokend::Attribute(true));
mToken = openSCToken;
if ((kOne->usage & signFlags) && (kTwo->usage & decryptFlags)) {
mPrKeySign = objectOne;
mPrKeyDecrypt = objectTwo;
} else if ((kOne->usage & decryptFlags) && (kTwo->usage & signFlags)) {
mPrKeySign = objectTwo;
mPrKeyDecrypt = objectOne;
} else
PCSC::Error::throwMe(CSSM_ERRCODE_INTERNAL_ERROR);
mPrKeyObj = objectOne; // Could be objectTwo also, since both keys share the same attributes
}
//
// PIVKeyRecord
//
PIVKeyRecord::PIVKeyRecord(const unsigned char *application, size_t applicationSize,
const char *description, const Tokend::MetaRecord &metaRecord,
unsigned char keyRef, size_t keySize) :
PIVRecord(application, applicationSize, description),
keyRef(keyRef), keySize(keySize)
{
/* Allow all keys to decrypt, unwrap, sign */
attributeAtIndex(metaRecord.metaAttribute(kSecKeyDecrypt).attributeIndex(),
new Tokend::Attribute(true));
attributeAtIndex(metaRecord.metaAttribute(kSecKeyUnwrap).attributeIndex(),
new Tokend::Attribute(true));
attributeAtIndex(metaRecord.metaAttribute(kSecKeySign).attributeIndex(),
new Tokend::Attribute(true));
}
OpenSCKeyRecord::OpenSCKeyRecord(OpenSCToken *openSCToken, const sc_pkcs15_object_t *object,
const Tokend::MetaRecord &metaRecord) :
OpenSCRecord(openSCToken, object)
{
// find out key attributes!
attributeAtIndex(metaRecord.metaAttribute(kSecKeyDecrypt).attributeIndex(),
new Tokend::Attribute(true));
attributeAtIndex(metaRecord.metaAttribute(kSecKeyUnwrap).attributeIndex(),
new Tokend::Attribute(true));
attributeAtIndex(metaRecord.metaAttribute(kSecKeySign).attributeIndex(),
new Tokend::Attribute(true));
mToken = openSCToken;
mPrKeyObj = mPrKeySign = mPrKeyDecrypt = object;
}
//
// BELPICKeyRecord
//
BELPICKeyRecord::BELPICKeyRecord(const uint8_t * keyId,
const char *description, uint32_t keySize,
const Tokend::MetaRecord & metaRecord,
bool signOnly,
bool PPDU):BELPICRecord(description),
mKeyId(keyId), mKeySize(keySize), mSignOnly(signOnly), mPPDU(PPDU)
{
attributeAtIndex(metaRecord.metaAttribute(kSecKeyDecrypt).
attributeIndex(), new Tokend::Attribute(!signOnly));
attributeAtIndex(metaRecord.metaAttribute(kSecKeyUnwrap).
attributeIndex(), new Tokend::Attribute(!signOnly));
attributeAtIndex(metaRecord.metaAttribute(kSecKeySign).
attributeIndex(), new Tokend::Attribute(signOnly));
attributeAtIndex(metaRecord.metaAttribute(kSecKeyKeySizeInBits).
attributeIndex(), new Tokend::Attribute(keySize));
attributeAtIndex(metaRecord.metaAttribute(kSecKeyEffectiveKeySize).
attributeIndex(), new Tokend::Attribute(keySize));
}
EstEIDKeyRecord::EstEIDKeyRecord(const char *description, const Tokend::MetaRecord &metaRecord, bool signOnly) : EstEIDRecord(description), mSignOnly(signOnly) {
FLOG;
attributeAtIndex(metaRecord.metaAttribute(kSecKeyDecrypt).attributeIndex(), new Tokend::Attribute(true));
attributeAtIndex(metaRecord.metaAttribute(kSecKeyUnwrap).attributeIndex(), new Tokend::Attribute(true));
attributeAtIndex(metaRecord.metaAttribute(kSecKeySign).attributeIndex(), new Tokend::Attribute(true));
}
