pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private key

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2015-03-26 16:21:28 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2015-03-26 16:21:53 +0100
commit: d0d3cb89a949d629016429ccf897dc4b90ef770e (patch)
tree: 0c19492da8f6d37fb7fb6dd98ffceb97e10fe213
parent: 560c727fabce611e90b6b3265710ab19382b6359 (diff)
download: gnutls-d0d3cb89a949d629016429ccf897dc4b90ef770e.tar.gz
1 files changed, 14 insertions, 1 deletions
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 34ff41c004..9630675a5b 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -282,6 +282,8 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url,
 		return ret;
 	}
 
+	pk = gnutls_x509_privkey_get_pk_algorithm(key);
+
 	/* FIXME: copy key usage flags */
 	a_val = 0;
 	a[a_val].type = CKA_CLASS;
@@ -294,6 +296,18 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url,
 	a[a_val].value_len = id_size;
 	a_val++;
 
+	a[a_val].type = CKA_SIGN;
+	a[a_val].value = (void*)&tval;
+	a[a_val].value_len = sizeof(tval);
+	a_val++;
+
+	if (pk == GNUTLS_PK_RSA) {
+		a[a_val].type = CKA_DECRYPT;
+		a[a_val].value = (void*)&tval;
+		a[a_val].value_len = sizeof(tval);
+		a_val++;
+	}
+
 	a[a_val].type = CKA_KEY_TYPE;
 	a[a_val].value = &type;
 	a[a_val].value_len = sizeof(type);
@@ -338,7 +352,6 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url,
 		a_val++;
 	}
 
-	pk = gnutls_x509_privkey_get_pk_algorithm(key);
 	switch (pk) {
 	case GNUTLS_PK_RSA:
 		{
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2015-03-26 16:21:28 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2015-03-26 16:21:53 +0100
commit	d0d3cb89a949d629016429ccf897dc4b90ef770e (patch)
tree	0c19492da8f6d37fb7fb6dd98ffceb97e10fe213
parent	560c727fabce611e90b6b3265710ab19382b6359 (diff)
download	gnutls-d0d3cb89a949d629016429ccf897dc4b90ef770e.tar.gz