diff options
Diffstat (limited to 'testing/softhsm/01_aes_mac_fix.patch')
-rw-r--r-- | testing/softhsm/01_aes_mac_fix.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/testing/softhsm/01_aes_mac_fix.patch b/testing/softhsm/01_aes_mac_fix.patch new file mode 100644 index 0000000000..38d6c1fabf --- /dev/null +++ b/testing/softhsm/01_aes_mac_fix.patch @@ -0,0 +1,65 @@ +commit b8d509b24958756f845f17e95c9fb8c4f7eaacbc +Author: Scott Allan <scott.allan@securekey.com> +Date: Sun Aug 20 01:32:46 2017 -0500 + + Fix creating AES keys for MAC functions - Set Type to GENERIC_SECRET per spec 2.20 + +diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp +index ee94d3f..eb1bbfa 100644 +--- a/src/lib/SoftHSM.cpp ++++ b/src/lib/SoftHSM.cpp +@@ -5284,7 +5284,7 @@ CK_RV SoftHSM::C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha + (objClass != CKO_SECRET_KEY || keyType != CKK_DES3)) + return CKR_TEMPLATE_INCONSISTENT; + if (pMechanism->mechanism == CKM_AES_KEY_GEN && +- (objClass != CKO_SECRET_KEY || keyType != CKK_AES)) ++ (objClass != CKO_SECRET_KEY || (keyType != CKK_AES && keyType != CKK_GENERIC_SECRET))) + return CKR_TEMPLATE_INCONSISTENT; + + // Check authorization +@@ -5332,7 +5332,7 @@ CK_RV SoftHSM::C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha + // Generate AES secret key + if (pMechanism->mechanism == CKM_AES_KEY_GEN) + { +- return this->generateAES(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate); ++ return this->generateAES(hSession, pTemplate, ulCount, keyType, phKey, isOnToken, isPrivate); + } + + return CKR_GENERAL_ERROR; +@@ -6554,6 +6554,7 @@ CK_RV SoftHSM::generateAES + (CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, ++ CK_KEY_TYPE keyType, + CK_OBJECT_HANDLE_PTR phKey, + CK_BBOOL isOnToken, + CK_BBOOL isPrivate) +@@ -6642,7 +6643,6 @@ CK_RV SoftHSM::generateAES + // Create the secret key object using C_CreateObject + const CK_ULONG maxAttribs = 32; + CK_OBJECT_CLASS objClass = CKO_SECRET_KEY; +- CK_KEY_TYPE keyType = CKK_AES; + CK_ATTRIBUTE keyAttribs[maxAttribs] = { + { CKA_CLASS, &objClass, sizeof(objClass) }, + { CKA_TOKEN, &isOnToken, sizeof(isOnToken) }, +@@ -6651,7 +6651,7 @@ CK_RV SoftHSM::generateAES + }; + CK_ULONG keyAttribsCount = 4; + +- // Add the additional ++// Add the additional + if (ulCount > (maxAttribs - keyAttribsCount)) + rv = CKR_TEMPLATE_INCONSISTENT; + for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i) +diff --git a/src/lib/SoftHSM.h b/src/lib/SoftHSM.h +index 72092be..59ce7a2 100644 +--- a/src/lib/SoftHSM.h ++++ b/src/lib/SoftHSM.h +@@ -236,6 +236,7 @@ private: + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, ++ CK_KEY_TYPE, + CK_OBJECT_HANDLE_PTR phKey, + CK_BBOOL isOnToken, + CK_BBOOL isPrivate |