Merged. Thanks! regards, Joy
On Thu, 2015-07-02 at 15:00 +0200, Harald Freudenberger wrote: > Signed-off-by: Harald Freudenberger <[email protected]> > --- > usr/lib/pkcs11/cca_stdll/cca_specific.c | 86 > ++++++++++++++++++++++++++++++- > 1 file changed, 84 insertions(+), 2 deletions(-) > > diff --git a/usr/lib/pkcs11/cca_stdll/cca_specific.c > b/usr/lib/pkcs11/cca_stdll/cca_specific.c > index 312f0c0..f859fb0 100644 > --- a/usr/lib/pkcs11/cca_stdll/cca_specific.c > +++ b/usr/lib/pkcs11/cca_stdll/cca_specific.c > @@ -2323,8 +2323,73 @@ static CK_RV rsa_import_pubkey(TEMPLATE *publ_tmpl) > return CKR_OK; > } > > -CK_RV > -token_specific_object_add(OBJECT *object) > +static CK_RV import_aes_key(unsigned char *key, CK_ULONG keylen, > + TEMPLATE *obj_tmpl) > +{ > + CK_RV rc; > + long return_code, reason_code, rule_array_count; > + unsigned char key_type[CCA_KEYWORD_SIZE]; > + unsigned char key_token[CCA_KEY_TOKEN_SIZE] = { 0 }; > + unsigned char rule_array[CCA_RULE_ARRAY_SIZE] = { 0 }; > + long key_token_len = sizeof(key_token); > + long reserved_1 = 0; > + unsigned char token_data; > + unsigned char mk_pattern[256] = { 0 }; > + CK_ATTRIBUTE *opaque_key = NULL; > + > + memcpy(key_type, "CLRAES ", CCA_KEYWORD_SIZE); > + memcpy(rule_array, "INTERNALAES KEY ", 3 * CCA_KEYWORD_SIZE); > + switch (keylen) { > + case 16: > + memcpy(rule_array + 3*CCA_KEYWORD_SIZE, "KEYLN16 ", > CCA_KEYWORD_SIZE); > + break; > + case 24: > + memcpy(rule_array + 3*CCA_KEYWORD_SIZE, "KEYLN24 ", > CCA_KEYWORD_SIZE); > + break; > + case 32: > + memcpy(rule_array + 3*CCA_KEYWORD_SIZE, "KEYLN32 ", > CCA_KEYWORD_SIZE); > + break; > + default: > + TRACE_ERROR("Invalid AES key size %lu specified.", keylen); > + return CKR_FUNCTION_FAILED; > + } > + rule_array_count = 4; > + > + CSNBKTB( &return_code, &reason_code, > + NULL, NULL, > + key_token, key_type, > + &rule_array_count, rule_array, > + key, > + &reserved_1, > + NULL, /* reserved_2 */ > + &token_data, > + NULL, /* cv */ > + NULL, NULL, NULL, /* reserved 4,5,6 */ > + mk_pattern); > + if (return_code != CCA_SUCCESS) { > + TRACE_ERROR("CSNBKTB (AES KEY TOKEN BUILD) failed." > + " return:%ld, reason:%ld\n", > + return_code, reason_code); > + return CKR_FUNCTION_FAILED; > + } > + key_token_len = 64; > + > + /* Add the key object to the template */ > + if ((rc = build_attribute(CKA_IBM_OPAQUE, key_token, > + key_token_len, &opaque_key))) { > + TRACE_DEVEL("build_attribute(CKA_IBM_OPAQUE) failed\n"); > + return rc; > + } > + rc = template_update_attribute(obj_tmpl, opaque_key); > + if (rc != CKR_OK) { > + TRACE_DEVEL("template_update_attribute(CKA_IBM_OPAQUE) > failed\n"); > + return rc; > + } > + > + return CKR_OK; > +} > + > +CK_RV token_specific_object_add(OBJECT *object) > { > > CK_RV rc; > @@ -2347,6 +2412,7 @@ token_specific_object_add(OBJECT *object) > keytype = *(CK_KEY_TYPE *)attr->pValue; > > if (keytype == CKK_RSA) { > + > rc = template_attribute_find(object->template, CKA_CLASS, > &attr); > if (rc == FALSE) { > TRACE_ERROR("%s\n", ock_err(ERR_TEMPLATE_INCOMPLETE)); > @@ -2374,6 +2440,22 @@ token_specific_object_add(OBJECT *object) > TRACE_DEVEL("rsa import failed\n"); > return rc; > } > + > + } else if (keytype == CKK_AES) { > + > + rc = template_attribute_find(object->template, CKA_VALUE, > &attr); > + if (rc == FALSE) { > + TRACE_ERROR("Incomplete AES key template\n"); > + return CKR_TEMPLATE_INCOMPLETE; > + } > + rc = import_aes_key(attr->pValue, attr->ulValueLen, > + object->template); > + if (rc != CKR_OK) { > + TRACE_DEVEL("AES key import failed with rc=0x%lx\n", > rc); > + return CKR_FUNCTION_FAILED; > + } > + TRACE_INFO("AES key with len=%ld successful imported\n", > attr->ulValueLen); > + > } > > return CKR_OK; ------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 _______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
