[Cryptech-Commits] [sw/pkcs11] 04/04: Fix RSA key length and CKA_ID lookup.

git at cryptech.is git at cryptech.is
Fri May 13 01:48:47 UTC 2016

Previous message (by thread): [Cryptech-Commits] [sw/pkcs11] 03/04: Remove vestigial KEK code, that's all handled by libhal now.
Next message (by thread): [Cryptech-Commits] [sw/libhal] branch rpc updated (a0d2fb9 -> 1a00bef)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch rpc
in repository sw/pkcs11.

commit f0556bb5c26c1d4198b0336be9f1f5dffcc3ea95
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Thu May 12 21:32:25 2016 -0400

    Fix RSA key length and CKA_ID lookup.
    
    libhal RPC API takes RSA key lengths in bits, not bytes.
    
    Insisting on receiving matching CKA_ID in both public and private
    templates on key generation is probably unwise, so back down using
    CKA_ID from private template if provided, otherwise from the public
    template, and only raise incompete template error if both are missing.
---
 pkcs11.c | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/pkcs11.c b/pkcs11.c
index d2f9f8a..dc14fd9 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -1928,7 +1928,7 @@ static CK_RV generate_keypair_rsa_pkcs(p11_session_t *session,
 
   if (!hal_check(hal_rpc_pkey_generate_rsa(p11_session_hal_client(session),
                                            p11_session_hal_session(session),
-                                           &pkey, id, id_len, keysize / 8,
+                                           &pkey, id, id_len, keysize,
                                            public_exponent, public_exponent_len, 0)))
     lose(CKR_FUNCTION_FAILED);
 
@@ -2089,26 +2089,23 @@ static CK_RV generate_keypair(p11_session_t *session,
     lose(CKR_FUNCTION_FAILED);
 
   {
-    size_t public_id_len = 0, private_id_len = 0;
+    size_t id_len = 0;
 
-    if (!p11_attribute_get(public_handle,  CKA_ID, NULL, &public_id_len, 0) ||
-        !p11_attribute_get(private_handle, CKA_ID, NULL, &public_id_len, 0))
+    if (!p11_attribute_get(private_handle, CKA_ID, NULL, &id_len, 0) &&
+        !p11_attribute_get(public_handle,  CKA_ID, NULL, &id_len, 0))
       lose(CKR_TEMPLATE_INCOMPLETE);
 
-    uint8_t public_id[public_id_len], private_id[private_id_len];
+    uint8_t id[id_len];
 
-    if (!p11_attribute_get(public_handle,  CKA_ID, public_id,  NULL, public_id_len) ||
-        !p11_attribute_get(private_handle, CKA_ID, private_id, NULL, public_id_len))
+    if (!p11_attribute_get(private_handle, CKA_ID, id, NULL, id_len) &&
+        !p11_attribute_get(public_handle,  CKA_ID, id,  NULL, id_len))
       lose(CKR_TEMPLATE_INCOMPLETE);
 
-    if (public_id_len != private_id_len || memcmp(public_id, private_id, public_id_len) != 0)
-      lose(CKR_TEMPLATE_INCONSISTENT);
-
     if ((rv = mechanism_handler(session,
                                 pPublicKeyTemplate, ulPublicKeyAttributeCount,
                                 pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
                                 private_handle, public_handle,
-                                public_id, public_id_len)) != CKR_OK)
+                                id, id_len)) != CKR_OK)
       goto fail;
   }

Previous message (by thread): [Cryptech-Commits] [sw/pkcs11] 03/04: Remove vestigial KEK code, that's all handled by libhal now.
Next message (by thread): [Cryptech-Commits] [sw/libhal] branch rpc updated (a0d2fb9 -> 1a00bef)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list