From 63a42a9398f5ec7b2b139810ee7b5beb7ad1abc3 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Fri, 4 Nov 2022 09:31:29 +0100 Subject: [PATCH 07/34] EP11: Supply CKA_PUBLIC_KEY_INFO with CKM_IBM_BTC_DERIVE of public key When deriving a public EC key with the CKM_IBM_BTC_DERIVE mechanism, also supply the SPKI in the CKA_PUBLIC_KEY_INFO attribute. Signed-off-by: Ingo Franzki --- usr/lib/ep11_stdll/ep11_specific.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c index a56b5b82..886692c4 100644 --- a/usr/lib/ep11_stdll/ep11_specific.c +++ b/usr/lib/ep11_stdll/ep11_specific.c @@ -4989,6 +4989,9 @@ CK_RV ep11tok_derive_key(STDLL_TokData_t * tokdata, SESSION * session, CK_MECHANISM_PTR mech_orig = mech; CK_ATTRIBUTE *ec_params; CK_IBM_BTC_DERIVE_PARAMS *btc_params = NULL; + CK_BYTE *spki = NULL; + CK_ULONG spki_length = 0; + CK_ATTRIBUTE *spki_attr = NULL; memset(newblob, 0, sizeof(newblob)); @@ -5329,6 +5332,29 @@ CK_RV ep11tok_derive_key(STDLL_TokData_t * tokdata, SESSION * session, __func__, rc); goto error; } + + /* Extract the SPKI and add CKA_PUBLIC_KEY_INFO to key */ + rc = publ_key_get_spki(key_obj->template, ktype, FALSE, + &spki, &spki_length); + if (rc != CKR_OK) { + TRACE_DEVEL("publ_key_get_spki failed\n"); + goto error; + } + + rc = build_attribute(CKA_PUBLIC_KEY_INFO, spki, spki_length, &spki_attr); + if (rc != CKR_OK) { + TRACE_ERROR("%s build_attribute failed with rc=0x%lx\n", + __func__, rc); + goto error; + } + + rc = template_update_attribute(key_obj->template, spki_attr); + if (rc != CKR_OK) { + TRACE_ERROR("%s template_update_attribute failed with " + "rc=0x%lx\n", __func__, rc); + goto error; + } + spki_attr = NULL; } if (class == CKO_SECRET_KEY || class == CKO_PRIVATE_KEY) { @@ -5381,6 +5407,8 @@ error: free(opaque_attr); if (chk_attr != NULL) free(chk_attr); + if (spki_attr != NULL) + free(spki_attr); if (new_attrs) free_attribute_array(new_attrs, new_attrs_len); if (new_attrs1) -- 2.16.2.windows.1