Signed-off-by: Harald Freudenberger <fre...@linux.vnet.ibm.com>
---
usr/lib/pkcs11/cca_stdll/cca_specific.c | 86 ++++++++++++++++++++++++++++++-
1 file changed, 84 insertions(+), 2 deletions(-)
diff --git a/usr/lib/pkcs11/cca_stdll/cca_specific.c
b/usr/lib/pkcs11/cca_stdll/cca_specific.c
index 312f0c0..f859fb0 100644
--- a/usr/lib/pkcs11/cca_stdll/cca_specific.c
+++ b/usr/lib/pkcs11/cca_stdll/cca_specific.c
@@ -2323,8 +2323,73 @@ static CK_RV rsa_import_pubkey(TEMPLATE *publ_tmpl)
return CKR_OK;
}
-CK_RV
-token_specific_object_add(OBJECT *object)
+static CK_RV import_aes_key(unsigned char *key, CK_ULONG keylen,
+ TEMPLATE *obj_tmpl)
+{
+ CK_RV rc;
+ long return_code, reason_code, rule_array_count;
+ unsigned char key_type[CCA_KEYWORD_SIZE];
+ unsigned char key_token[CCA_KEY_TOKEN_SIZE] = { 0 };
+ unsigned char rule_array[CCA_RULE_ARRAY_SIZE] = { 0 };
+ long key_token_len = sizeof(key_token);
+ long reserved_1 = 0;
+ unsigned char token_data;
+ unsigned char mk_pattern[256] = { 0 };
+ CK_ATTRIBUTE *opaque_key = NULL;
+
+ memcpy(key_type, "CLRAES ", CCA_KEYWORD_SIZE);
+ memcpy(rule_array, "INTERNALAES KEY ", 3 * CCA_KEYWORD_SIZE);
+ switch (keylen) {
+ case 16:
+ memcpy(rule_array + 3*CCA_KEYWORD_SIZE, "KEYLN16 ",
CCA_KEYWORD_SIZE);
+ break;
+ case 24:
+ memcpy(rule_array + 3*CCA_KEYWORD_SIZE, "KEYLN24 ",
CCA_KEYWORD_SIZE);
+ break;
+ case 32:
+ memcpy(rule_array + 3*CCA_KEYWORD_SIZE, "KEYLN32 ",
CCA_KEYWORD_SIZE);
+ break;
+ default:
+ TRACE_ERROR("Invalid AES key size %lu specified.", keylen);
+ return CKR_FUNCTION_FAILED;
+ }
+ rule_array_count = 4;
+
+ CSNBKTB( &return_code, &reason_code,
+ NULL, NULL,
+ key_token, key_type,
+ &rule_array_count, rule_array,
+ key,
+ &reserved_1,
+ NULL, /* reserved_2 */
+ &token_data,
+ NULL, /* cv */
+ NULL, NULL, NULL, /* reserved 4,5,6 */
+ mk_pattern);
+ if (return_code != CCA_SUCCESS) {
+ TRACE_ERROR("CSNBKTB (AES KEY TOKEN BUILD) failed."
+ " return:%ld, reason:%ld\n",
+ return_code, reason_code);
+ return CKR_FUNCTION_FAILED;
+ }
+ key_token_len = 64;
+
+ /* Add the key object to the template */
+ if ((rc = build_attribute(CKA_IBM_OPAQUE, key_token,
+ key_token_len, &opaque_key))) {
+ TRACE_DEVEL("build_attribute(CKA_IBM_OPAQUE) failed\n");
+ return rc;
+ }
+ rc = template_update_attribute(obj_tmpl, opaque_key);
+ if (rc != CKR_OK) {
+ TRACE_DEVEL("template_update_attribute(CKA_IBM_OPAQUE)
failed\n");
+ return rc;
+ }
+
+ return CKR_OK;
+}
+
+CK_RV token_specific_object_add(OBJECT *object)
{
CK_RV rc;
@@ -2347,6 +2412,7 @@ token_specific_object_add(OBJECT *object)
keytype = *(CK_KEY_TYPE *)attr->pValue;
if (keytype == CKK_RSA) {
+
rc = template_attribute_find(object->template, CKA_CLASS,
&attr);
if (rc == FALSE) {
TRACE_ERROR("%s\n", ock_err(ERR_TEMPLATE_INCOMPLETE));
@@ -2374,6 +2440,22 @@ token_specific_object_add(OBJECT *object)
TRACE_DEVEL("rsa import failed\n");
return rc;
}
+
+ } else if (keytype == CKK_AES) {
+
+ rc = template_attribute_find(object->template, CKA_VALUE,
&attr);
+ if (rc == FALSE) {
+ TRACE_ERROR("Incomplete AES key template\n");
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+ rc = import_aes_key(attr->pValue, attr->ulValueLen,
+ object->template);
+ if (rc != CKR_OK) {
+ TRACE_DEVEL("AES key import failed with rc=0x%lx\n",
rc);
+ return CKR_FUNCTION_FAILED;
+ }
+ TRACE_INFO("AES key with len=%ld successful imported\n",
attr->ulValueLen);
+
}
return CKR_OK;
--
1.7.9.5
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Opencryptoki-tech mailing list
Opencryptoki-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
