[Cryptech-Commits] [sw/pkcs11] 02/03: Translate more PKCS #11 attributes into HAL_KEY_FLAG_* settings.
git at cryptech.is
git at cryptech.is
Fri May 19 04:46:06 UTC 2017
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch master
in repository sw/pkcs11.
commit 7f02ceeefb8d9db0e62b32635afd319706b470f1
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Thu May 18 19:02:00 2017 -0400
Translate more PKCS #11 attributes into HAL_KEY_FLAG_* settings.
---
pkcs11.c | 41 ++++++++++++++++++++++++++++++++++++-----
1 file changed, 36 insertions(+), 5 deletions(-)
diff --git a/pkcs11.c b/pkcs11.c
index fbc0845..a17eec9 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -1794,6 +1794,7 @@ static CK_RV p11_check_keypair_attributes(const p11_session_t *session,
const CK_BBOOL * public_cka_private = NULL, * public_cka_token = NULL;
const CK_BBOOL *private_cka_private = NULL, *private_cka_token = NULL;
+ const CK_BBOOL *private_cka_extractable = NULL;
/*
* Check values provided in the public and private templates.
@@ -1827,10 +1828,13 @@ static CK_RV p11_check_keypair_attributes(const p11_session_t *session,
goto fail;
if (type == CKA_TOKEN)
- public_cka_token = val;
+ private_cka_token = val;
if (type == CKA_PRIVATE)
- public_cka_private = val;
+ private_cka_private = val;
+
+ if (type == CKA_EXTRACTABLE)
+ private_cka_extractable = val;
p11_attribute_apply_keyusage(private_flags, type, val);
}
@@ -1844,6 +1848,25 @@ static CK_RV p11_check_keypair_attributes(const p11_session_t *session,
lose(CKR_TEMPLATE_INCONSISTENT);
/*
+ * Pass PKCS #11's weird notion of "public" objects through to HSM.
+ */
+
+ if (public_cka_private != NULL && ! *public_cka_private)
+ *public_flags |= HAL_KEY_FLAG_PUBLIC;
+
+ if (private_cka_private != NULL && ! *private_cka_private)
+ *private_flags |= HAL_KEY_FLAG_PUBLIC;
+
+ /*
+ * Pass extractability through to HSM. Public keys are always extractable.
+ */
+
+ *public_flags |= HAL_KEY_FLAG_EXPORTABLE;
+
+ if (private_cka_extractable != NULL && *private_cka_extractable)
+ *private_flags |= HAL_KEY_FLAG_EXPORTABLE;
+
+ /*
* Check that all required attributes have been specified.
*/
@@ -3038,9 +3061,11 @@ CK_RV C_CreateObject(CK_SESSION_HANDLE hSession,
if (pTemplate == NULL || phObject == NULL)
lose(CKR_ARGUMENTS_BAD);
- const CK_OBJECT_CLASS * const cka_class = p11_attribute_find_value_in_template(CKA_CLASS, pTemplate, ulCount);
- const CK_KEY_TYPE * const cka_key_type = p11_attribute_find_value_in_template(CKA_KEY_TYPE, pTemplate, ulCount);
- const CK_BBOOL * const cka_token = p11_attribute_find_value_in_template(CKA_TOKEN, pTemplate, ulCount);
+ const CK_OBJECT_CLASS * const cka_class = p11_attribute_find_value_in_template(CKA_CLASS, pTemplate, ulCount);
+ const CK_KEY_TYPE * const cka_key_type = p11_attribute_find_value_in_template(CKA_KEY_TYPE, pTemplate, ulCount);
+ const CK_BBOOL * const cka_token = p11_attribute_find_value_in_template(CKA_TOKEN, pTemplate, ulCount);
+ const CK_BBOOL * const cka_private = p11_attribute_find_value_in_template(CKA_PRIVATE, pTemplate, ulCount);
+ const CK_BBOOL * const cka_extractable = p11_attribute_find_value_in_template(CKA_EXTRACTABLE, pTemplate, ulCount);
if (cka_class == NULL)
lose(CKR_TEMPLATE_INCOMPLETE);
@@ -3080,6 +3105,12 @@ CK_RV C_CreateObject(CK_SESSION_HANDLE hSession,
for (int i = 0; i < ulCount; i++)
p11_attribute_apply_keyusage(&flags, pTemplate[i].type, pTemplate[i].pValue);
+ if (cka_private != NULL && ! *cka_private)
+ flags |= HAL_KEY_FLAG_PUBLIC;
+
+ if (*cka_class == CKO_PUBLIC_KEY || (cka_extractable != NULL && *cka_extractable))
+ flags |= HAL_KEY_FLAG_EXPORTABLE;
+
int (*handler)(const p11_session_t *session,
const handle_flavor_t flavor,
const CK_ATTRIBUTE_PTR pTemplate,
More information about the Commits
mailing list