EP11: DH: Add CKA_VALUE_BITS after C_CreateObject and C_UnwrapKey

CKA_VALUE_BITS must not be specified for C_CreateObject and C_UnwrapKey, but it must be contributed by the token when importing or unwrapping a DH key. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
opencryptoki · Feb 2, 2022 · 8308d00 · 8308d00
1 parent b08b0ba
commit 8308d00
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 0 deletions.
diff --git a/usr/lib/common/key.c b/usr/lib/common/key.c
@@ -4510,6 +4510,8 @@ CK_RV dh_priv_unwrap_get_data(TEMPLATE *tmpl,
     CK_ATTRIBUTE *prime = NULL;
     CK_ATTRIBUTE *base = NULL;
     CK_ATTRIBUTE *value = NULL;
+    CK_ATTRIBUTE *value_bits = NULL;
+    CK_ULONG num_bits;
     CK_RV rc;
 
     rc = ber_decode_DHPublicKey(data, total_length, &prime, &base, &value);
@@ -4542,6 +4544,19 @@ CK_RV dh_priv_unwrap_get_data(TEMPLATE *tmpl,
     }
     value = NULL;
 
+    rc = build_attribute(CKA_VALUE_BITS, (CK_BYTE *)&num_bits, sizeof(num_bits),
+                         &value_bits);
+    if (rc != CKR_OK) {
+        TRACE_DEVEL("build_attribute failed\n");
+        goto error;
+    }
+    rc = template_update_attribute(tmpl, value_bits);
+    if (rc != CKR_OK) {
+        TRACE_ERROR("template_update_attribute failed\n");
+        goto error;
+    }
+    value_bits = NULL;
+
     return CKR_OK;
 
 error:
@@ -4551,6 +4566,8 @@ CK_RV dh_priv_unwrap_get_data(TEMPLATE *tmpl,
         free(base);
     if (value)
         free(value);
+    if (value_bits)
+        free(value_bits);
 
     return rc;
 }

diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
@@ -3313,6 +3313,9 @@ static CK_RV import_DH_key(STDLL_TokData_t * tokdata, SESSION * sess,
         }
 
     } else {
+        CK_ATTRIBUTE *value;
+        CK_ATTRIBUTE *value_bits;
+        CK_ULONG num_bits;
 
         /* imported private DH key goes here */
 
@@ -3326,6 +3329,15 @@ static CK_RV import_DH_key(STDLL_TokData_t * tokdata, SESSION * sess,
             goto import_DH_key_end;
         }
 
+        rc = template_attribute_get_non_empty(dh_key_obj->template, CKA_VALUE,
+                                              &value);
+        if (rc != CKR_OK) {
+            TRACE_ERROR("Could not find CKA_VALUE for the key.\n");
+            goto import_DH_key_end;
+        }
+
+        num_bits = value->ulValueLen * 8;
+
         /* encrypt */
         RETRY_START(rc, tokdata)
             rc = dll_m_EncryptSingle(ep11_data->raw2key_wrap_blob,
@@ -3379,6 +3391,21 @@ static CK_RV import_DH_key(STDLL_TokData_t * tokdata, SESSION * sess,
                        __func__, rc, *blob_size);
         }
 
+        rc = build_attribute(CKA_VALUE_BITS, (CK_BYTE *)&num_bits,
+                             sizeof(num_bits), &value_bits);
+        if (rc != CKR_OK) {
+            TRACE_ERROR("%s build_attribute failed with rc=0x%lx\n", __func__, rc);
+            goto import_DH_key_end;
+        }
+
+        rc = template_update_attribute(dh_key_obj->template, value_bits);
+        if (rc != CKR_OK) {
+            TRACE_ERROR("%s template_update_attribute failed with rc=0x%lx\n",
+                        __func__, rc);
+            free(value_bits);
+            goto import_DH_key_end;
+        }
+
         cleanse_attribute(dh_key_obj->template, CKA_VALUE);
     }