From db68b31a967530cc146a9ec80a53b4462ad166a6 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 5 Aug 2022 18:37:01 -0400 Subject: [PATCH] Fix private key usage The EC private key was lacking EC_PARAMS parsing therefore key size was always reported as 0, additionally we were always return private key type when asking the keymgmt functions. Signed-off-by: Simo Sorce --- src/keys.c | 28 ++++++++++++++++------------ src/store.c | 2 +- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/src/keys.c b/src/keys.c index 676f6fac..94e05aa4 100644 --- a/src/keys.c +++ b/src/keys.c @@ -151,13 +151,14 @@ static int fetch_rsa_key(CK_FUNCTION_LIST *f, CK_SESSION_HANDLE session, return CKR_OK; } -static int fetch_ec_public_key(CK_FUNCTION_LIST *f, CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, P11PROV_KEY *key) +static int fetch_ec_key(CK_FUNCTION_LIST *f, CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, P11PROV_KEY *key) { struct fetch_attrs attrs[2]; unsigned long params_len = 0, point_len = 0; CK_BYTE *params = NULL, *point = NULL; size_t n_bytes = 0; + int nattrs; int ret; key->attrs = OPENSSL_zalloc(2 * sizeof(CK_ATTRIBUTE)); @@ -165,9 +166,14 @@ static int fetch_ec_public_key(CK_FUNCTION_LIST *f, CK_SESSION_HANDLE session, return CKR_HOST_MEMORY; } - FA_ASSIGN_ALL(attrs[0], CKA_EC_PARAMS, ¶ms, ¶ms_len, true, true); - FA_ASSIGN_ALL(attrs[1], CKA_EC_POINT, &point, &point_len, true, true); - ret = p11prov_fetch_attributes(f, session, object, attrs, 2); + nattrs = 0; + FA_ASSIGN_ALL(attrs[nattrs], CKA_EC_PARAMS, ¶ms, ¶ms_len, true, true); + nattrs++; + if (key->class == CKO_PUBLIC_KEY) { + FA_ASSIGN_ALL(attrs[nattrs], CKA_EC_POINT, &point, &point_len, true, true); + nattrs++; + } + ret = p11prov_fetch_attributes(f, session, object, attrs, nattrs); if (ret != CKR_OK) { /* free any allocated memory */ OPENSSL_free(params); @@ -206,8 +212,10 @@ static int fetch_ec_public_key(CK_FUNCTION_LIST *f, CK_SESSION_HANDLE session, key->key_size = n_bytes; CKATTR_ASSIGN_ALL(key->attrs[0], CKA_EC_PARAMS, params, params_len); - CKATTR_ASSIGN_ALL(key->attrs[1], CKA_EC_POINT, point, point_len); - key->numattrs = 2; + if (nattrs == 2) { + CKATTR_ASSIGN_ALL(key->attrs[1], CKA_EC_POINT, point, point_len); + } + key->numattrs = nattrs; return CKR_OK; } @@ -259,11 +267,7 @@ static P11PROV_KEY *object_handle_to_key(CK_FUNCTION_LIST *f, CK_SLOT_ID slotid, } break; case CKK_EC: - if (key->class == CKO_PRIVATE_KEY) { - /* no params to fetch */ - break; - } - ret = fetch_ec_public_key(f, session, object, key); + ret = fetch_ec_key(f, session, object, key); if (ret != CKR_OK) { p11prov_key_free(key); return NULL; diff --git a/src/store.c b/src/store.c index be217b94..3e6401b7 100644 --- a/src/store.c +++ b/src/store.c @@ -79,7 +79,7 @@ bool p11prov_object_check_key(P11PROV_OBJ *obj, bool priv) if (priv) { return obj->class == CKO_PRIVATE_KEY; } - return obj->class == CKO_PRIVATE_KEY; + return obj->class == CKO_PUBLIC_KEY; } P11PROV_KEY *p11prov_object_get_key(P11PROV_OBJ *obj, CK_OBJECT_CLASS class)