diff options
| author | Rob Austein <sra@hactrn.net> | 2017-05-18 19:02:00 -0400 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2017-05-18 19:02:00 -0400 |
| commit | 7f02ceeefb8d9db0e62b32635afd319706b470f1 (patch) | |
| tree | 828e3451d858241684e88f20aae07dc42c156187 | |
| parent | fb454260b582d418671e8a1ff45092e27709cd6d (diff) | |
Translate more PKCS #11 attributes into HAL_KEY_FLAG_* settings.
| -rw-r--r-- | pkcs11.c | 41 |
1 files changed, 36 insertions, 5 deletions
@@ -1794,6 +1794,7 @@ static CK_RV p11_check_keypair_attributes(const p11_session_t *session, const CK_BBOOL * public_cka_private = NULL, * public_cka_token = NULL; const CK_BBOOL *private_cka_private = NULL, *private_cka_token = NULL; + const CK_BBOOL *private_cka_extractable = NULL; /* * Check values provided in the public and private templates. @@ -1827,10 +1828,13 @@ static CK_RV p11_check_keypair_attributes(const p11_session_t *session, goto fail; if (type == CKA_TOKEN) - public_cka_token = val; + private_cka_token = val; if (type == CKA_PRIVATE) - public_cka_private = val; + private_cka_private = val; + + if (type == CKA_EXTRACTABLE) + private_cka_extractable = val; p11_attribute_apply_keyusage(private_flags, type, val); } @@ -1844,6 +1848,25 @@ static CK_RV p11_check_keypair_attributes(const p11_session_t *session, lose(CKR_TEMPLATE_INCONSISTENT); /* + * Pass PKCS #11's weird notion of "public" objects through to HSM. + */ + + if (public_cka_private != NULL && ! *public_cka_private) + *public_flags |= HAL_KEY_FLAG_PUBLIC; + + if (private_cka_private != NULL && ! *private_cka_private) + *private_flags |= HAL_KEY_FLAG_PUBLIC; + + /* + * Pass extractability through to HSM. Public keys are always extractable. + */ + + *public_flags |= HAL_KEY_FLAG_EXPORTABLE; + + if (private_cka_extractable != NULL && *private_cka_extractable) + *private_flags |= HAL_KEY_FLAG_EXPORTABLE; + + /* * Check that all required attributes have been specified. */ @@ -3038,9 +3061,11 @@ CK_RV C_CreateObject(CK_SESSION_HANDLE hSession, if (pTemplate == NULL || phObject == NULL) lose(CKR_ARGUMENTS_BAD); - const CK_OBJECT_CLASS * const cka_class = p11_attribute_find_value_in_template(CKA_CLASS, pTemplate, ulCount); - const CK_KEY_TYPE * const cka_key_type = p11_attribute_find_value_in_template(CKA_KEY_TYPE, pTemplate, ulCount); - const CK_BBOOL * const cka_token = p11_attribute_find_value_in_template(CKA_TOKEN, pTemplate, ulCount); + const CK_OBJECT_CLASS * const cka_class = p11_attribute_find_value_in_template(CKA_CLASS, pTemplate, ulCount); + const CK_KEY_TYPE * const cka_key_type = p11_attribute_find_value_in_template(CKA_KEY_TYPE, pTemplate, ulCount); + const CK_BBOOL * const cka_token = p11_attribute_find_value_in_template(CKA_TOKEN, pTemplate, ulCount); + const CK_BBOOL * const cka_private = p11_attribute_find_value_in_template(CKA_PRIVATE, pTemplate, ulCount); + const CK_BBOOL * const cka_extractable = p11_attribute_find_value_in_template(CKA_EXTRACTABLE, pTemplate, ulCount); if (cka_class == NULL) lose(CKR_TEMPLATE_INCOMPLETE); @@ -3080,6 +3105,12 @@ CK_RV C_CreateObject(CK_SESSION_HANDLE hSession, for (int i = 0; i < ulCount; i++) p11_attribute_apply_keyusage(&flags, pTemplate[i].type, pTemplate[i].pValue); + if (cka_private != NULL && ! *cka_private) + flags |= HAL_KEY_FLAG_PUBLIC; + + if (*cka_class == CKO_PUBLIC_KEY || (cka_extractable != NULL && *cka_extractable)) + flags |= HAL_KEY_FLAG_EXPORTABLE; + int (*handler)(const p11_session_t *session, const handle_flavor_t flavor, const CK_ATTRIBUTE_PTR pTemplate, |