diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-08-03 14:17:16 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-08-03 14:51:33 +0200 |
commit | f3e2c32948412fd4836f032dbb6a455476a47d0d (patch) | |
tree | 0b9999c8b40163b8eaa52f5834486358791ee414 | |
parent | f4673b987ac0f6a00f1c26a3bcef4520bcf7d8a3 (diff) | |
download | gnutls-f3e2c32948412fd4836f032dbb6a455476a47d0d.tar.gz |
pkcs11: set the CKA_TOKEN attribute on generated public keys
That also introduces the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY flag,
to simulate the previous behavior.
-rw-r--r-- | lib/includes/gnutls/pkcs11.h | 4 | ||||
-rw-r--r-- | lib/pkcs11_privkey.c | 9 |
2 files changed, 11 insertions, 2 deletions
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index 560ac0c12e..de703e11b5 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -109,6 +109,7 @@ void gnutls_pkcs11_obj_set_pin_function(gnutls_pkcs11_obj_t obj, * @GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Mark the object as a CA. * @GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP: Mark the generated key pair as wrapping and unwrapping keys. * @GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT: When an issuer is requested, override its extensions with the ones present in the trust module. + * @GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY: When generating a keypair don't store the public key (store). * * Enumeration of different PKCS #11 object flags. */ @@ -127,7 +128,8 @@ typedef enum gnutls_pkcs11_obj_flags { GNUTLS_PKCS11_OBJ_FLAG_MARK_CA = (1<<11), GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP = (1<<12), GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY = (1<<13), - GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT = (1<<14) + GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT = (1<<14), + GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY = (1<<20) /* flags 1<<29 and later are reserved - see pkcs11_int.h */ } gnutls_pkcs11_obj_flags; diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 5403692405..4cb22da091 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -614,7 +614,7 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk, struct pkcs11_session_info sinfo; struct p11_kit_uri *info = NULL; ck_rv_t rv; - struct ck_attribute a[20], p[20]; + struct ck_attribute a[22], p[22]; ck_object_handle_t pub, priv; unsigned long _bits = bits; int a_val, p_val; @@ -660,6 +660,13 @@ gnutls_pkcs11_privkey_generate2(const char *url, gnutls_pk_algorithm_t pk, goto cleanup; } + if (!(flags & GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY)) { + a[a_val].type = CKA_TOKEN; + a[a_val].value = (void *) &tval; + a[a_val].value_len = sizeof(tval); + a_val++; + } + a[a_val].type = CKA_ID; a[a_val].value = (void *) id; a[a_val].value_len = sizeof(id); |