diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-11-11 10:12:16 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-11-11 10:12:16 +0100 |
commit | e571991ce02d0de900d3ca4533500a86dba1eeb5 (patch) | |
tree | 0521c77779ab63ef2cf49f18066389eab8ed4baf /lib/pkcs11_secret.c | |
parent | 58e88a6ec16ab61c972f12e88e954ee4b48d00ca (diff) | |
download | gnutls-e571991ce02d0de900d3ca4533500a86dba1eeb5.tar.gz |
* Corrected flag conversion to internal representation.
* When generating secret keys include a generic key type and a random ID.
Diffstat (limited to 'lib/pkcs11_secret.c')
-rw-r--r-- | lib/pkcs11_secret.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/lib/pkcs11_secret.c b/lib/pkcs11_secret.c index 554359ea7a..056bad4f3c 100644 --- a/lib/pkcs11_secret.c +++ b/lib/pkcs11_secret.c @@ -27,6 +27,7 @@ #include <gnutls_errors.h> #include <gnutls_datum.h> #include <pkcs11_int.h> +#include <random.h> /** * gnutls_pkcs11_copy_x509_crt: @@ -53,11 +54,13 @@ int gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t* key, pakchois_session_t *pks; struct pkcs11_url_info info; ck_rv_t rv; - struct ck_attribute a[8]; + struct ck_attribute a[12]; ck_object_class_t class = CKO_SECRET_KEY; ck_object_handle_t obj; + ck_key_type_t keytype = CKK_GENERIC_SECRET; unsigned int tval = 1; int a_val; + opaque id[16]; ret = pkcs11_url_to_info (token_url, &info); if (ret < 0) @@ -66,6 +69,14 @@ int gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t* key, return ret; } + /* generate a unique ID */ + ret = _gnutls_rnd (GNUTLS_RND_NONCE, id, sizeof(id)); + if (ret < 0) + { + gnutls_assert(); + return ret; + } + ret = pkcs11_open_session (&pks, &info, SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); @@ -89,8 +100,14 @@ int gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t* key, a[3].type = CKA_PRIVATE; a[3].value = &tval; a[3].value_len = sizeof (tval); - - a_val = 4; + a[4].type = CKA_KEY_TYPE; + a[4].value = &keytype; + a[4].value_len = sizeof (keytype); + a[5].type = CKA_ID; + a[5].value = id; + a[5].value_len = sizeof(id); + + a_val = 6; if (label) { |