Take the USE permission from the key object's auth-id (can be set in …

…pkcs15-init arguments) and all other permissions from the profile.
hhonkanen · Feb 16, 2024 · a60b8df · a60b8df
1 parent 675b336
commit a60b8df
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/src/pkcs15init/pkcs15-myeid.c b/src/pkcs15init/pkcs15-myeid.c
@@ -638,11 +638,13 @@ myeid_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
  LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_VALID, "NULL or invalid sc_pkcs15_auth_info in pin object");
  }
 
+ if (file->sec_attr_len >= 3) /* The security attributes should be filled from the profile at this point. */
+ memcpy(sec_attrs, file->sec_attr, 3);
+
  pin_reference = pkcs15_auth_info->attrs.pin.reference;
 
  if (pin_reference >= 1 && pin_reference < MYEID_MAX_PINS) {
- sec_attrs[0] = (pin_reference << 4 | (pin_reference & 0x0F));
- sec_attrs[1] = (pin_reference << 4 | (pin_reference & 0x0F));
+ sec_attrs[0] |= pin_reference << 4; /* Set USE permission according to auth_id of the key object, and leave other sec attrs as set in the profile. */
  sc_file_set_sec_attr(file, sec_attrs, sizeof(sec_attrs));
  }
  }