Fix RSA key length and CKA_ID lookup.

libhal RPC API takes RSA key lengths in bits, not bytes. Insisting on receiving matching CKA_ID in both public and private templates on key generation is probably unwise, so back down using CKA_ID from private template if provided, otherwise from the public template, and only raise incompete template error if both are missing.
author: Rob Austein <sra@hactrn.net> 2016-05-12 21:32:25 -0400
committer: Rob Austein <sra@hactrn.net> 2016-05-12 21:32:25 -0400
commit: f0556bb5c26c1d4198b0336be9f1f5dffcc3ea95 (patch)
tree: 8b2bb893702776a1bfc5615fe104477f5655de5e
parent: f5269ae7fe6ff845c396734be7ef0c807efc9bc7 (diff)
1 files changed, 8 insertions, 11 deletions
diff --git a/pkcs11.c b/pkcs11.c
index d2f9f8a..dc14fd9 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -1928,7 +1928,7 @@ static CK_RV generate_keypair_rsa_pkcs(p11_session_t *session,
 
   if (!hal_check(hal_rpc_pkey_generate_rsa(p11_session_hal_client(session),
                                            p11_session_hal_session(session),
-                                           &pkey, id, id_len, keysize / 8,
+                                           &pkey, id, id_len, keysize,
                                            public_exponent, public_exponent_len, 0)))
     lose(CKR_FUNCTION_FAILED);
 
@@ -2089,26 +2089,23 @@ static CK_RV generate_keypair(p11_session_t *session,
     lose(CKR_FUNCTION_FAILED);
 
   {
-    size_t public_id_len = 0, private_id_len = 0;
+    size_t id_len = 0;
 
-    if (!p11_attribute_get(public_handle,  CKA_ID, NULL, &public_id_len, 0) ||
-        !p11_attribute_get(private_handle, CKA_ID, NULL, &public_id_len, 0))
+    if (!p11_attribute_get(private_handle, CKA_ID, NULL, &id_len, 0) &&
+        !p11_attribute_get(public_handle,  CKA_ID, NULL, &id_len, 0))
       lose(CKR_TEMPLATE_INCOMPLETE);
 
-    uint8_t public_id[public_id_len], private_id[private_id_len];
+    uint8_t id[id_len];
 
-    if (!p11_attribute_get(public_handle,  CKA_ID, public_id,  NULL, public_id_len) ||
-        !p11_attribute_get(private_handle, CKA_ID, private_id, NULL, public_id_len))
+    if (!p11_attribute_get(private_handle, CKA_ID, id, NULL, id_len) &&
+        !p11_attribute_get(public_handle,  CKA_ID, id,  NULL, id_len))
       lose(CKR_TEMPLATE_INCOMPLETE);
 
-    if (public_id_len != private_id_len || memcmp(public_id, private_id, public_id_len) != 0)
-      lose(CKR_TEMPLATE_INCONSISTENT);
-
     if ((rv = mechanism_handler(session,
                                 pPublicKeyTemplate, ulPublicKeyAttributeCount,
                                 pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
                                 private_handle, public_handle,
-                                public_id, public_id_len)) != CKR_OK)
+                                id, id_len)) != CKR_OK)
       goto fail;
   }
author	Rob Austein <sra@hactrn.net>	2016-05-12 21:32:25 -0400
committer	Rob Austein <sra@hactrn.net>	2016-05-12 21:32:25 -0400
commit	f0556bb5c26c1d4198b0336be9f1f5dffcc3ea95 (patch)
tree	8b2bb893702776a1bfc5615fe104477f5655de5e
parent	f5269ae7fe6ff845c396734be7ef0c807efc9bc7 (diff)