diff options
Diffstat (limited to 'ckcapi-key.c')
-rw-r--r-- | ckcapi-key.c | 51 |
1 files changed, 38 insertions, 13 deletions
diff --git a/ckcapi-key.c b/ckcapi-key.c index 89ef726..7618e1e 100644 --- a/ckcapi-key.c +++ b/ckcapi-key.c @@ -98,7 +98,8 @@ typedef struct _KeyObjectData KeyObjectData; static CK_RV -load_key_handle (CkCapiObjectData* objdata, HCRYPTKEY* ret_key) +load_key_handle (CkCapiObjectData* objdata, HCRYPTPROV* ret_prov, + HCRYPTKEY* ret_key) { KeyObjectData* kdata = (KeyObjectData*)objdata; HCRYPTPROV prov; @@ -106,6 +107,8 @@ load_key_handle (CkCapiObjectData* objdata, HCRYPTKEY* ret_key) DWORD error; ASSERT(kdata); + ASSERT(ret_key); + ASSERT(ret_prov); if(!CryptAcquireContextW(&prov, kdata->prov_info->pwszContainerName, kdata->prov_info->pwszProvName, @@ -121,12 +124,9 @@ load_key_handle (CkCapiObjectData* objdata, HCRYPTKEY* ret_key) return ckcapi_winerr_to_ckr(error); } - if(ret_key) - *ret_key = key; - else - CryptDestroyKey(key); + *ret_key = key; + *ret_prov = prov; - CryptReleaseContext(prov, 0); return CKR_OK; } @@ -135,6 +135,7 @@ static CK_RV load_raw_public_key(KeyObjectData* kdata) { BOOL success = FALSE; + HCRYPTPROV prov; HCRYPTKEY key; CK_RV ret; DWORD error; @@ -142,7 +143,7 @@ load_raw_public_key(KeyObjectData* kdata) ASSERT(kdata); ASSERT(!kdata->raw_public_key.pbData); - ret = load_key_handle(&kdata->base, &key); + ret = load_key_handle(&kdata->base, &prov, &key); if(ret != CKR_OK) return ret; @@ -161,6 +162,7 @@ load_raw_public_key(KeyObjectData* kdata) } } + CryptReleaseContext(prov, 0); CryptDestroyKey(key); if(success) @@ -237,12 +239,13 @@ key_bool_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr) { KeyObjectData* kdata = (KeyObjectData*)objdata; CK_BBOOL val; - CK_BBOOL is_private; + CK_BBOOL is_private, is_rsa; ASSERT(objdata); ASSERT(attr); is_private = (kdata->object_class == CKO_PRIVATE_KEY); + is_rsa = kdata->prov_info->dwProvType == PROV_RSA_FULL; switch(attr->type) { @@ -268,7 +271,7 @@ key_bool_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr) * - CKK_RSA but not CKK_DSA. */ case CKA_DECRYPT: - val = CK_TRUE; + val = is_private && is_rsa; break; /* @@ -281,6 +284,14 @@ key_bool_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr) break; /* + * Whether or not this key can be used to encrypt?. + * TODO: Support for RSA public keys. + */ + case CKA_ENCRYPT: + val = CK_FALSE; + break; + + /* * Whether this key can be exported or not. * TODO: We may want to support this for public keys. */ @@ -340,11 +351,10 @@ key_bool_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr) /* * Can this key sign recoverable. - * - Private RSA keys can sign recoverable. - * TODO: When implementing DSA more logic needed. + * TODO: Private RSA keys can sign recoverable. */ case CKA_SIGN_RECOVER: - val = is_private; + val = CK_FALSE; break; /* @@ -371,6 +381,21 @@ key_bool_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr) case CKA_WRAP_WITH_TRUSTED: return CKR_ATTRIBUTE_TYPE_INVALID; + /* + * Whether this key can be used to verify? + * TODO: Support for public keys. + */ + case CKA_VERIFY: + val = CK_FALSE; + break; + + /* + * Whether this key can be used to verify? + * TODO: Support for public keys. + */ + case CKA_VERIFY_RECOVER: + val = CK_FALSE; + break; default: return CKR_ATTRIBUTE_TYPE_INVALID; @@ -490,7 +515,7 @@ key_bytes_attribute(CkCapiObjectData* objdata, CK_ATTRIBUTE_PTR attr) case CKA_EXPONENT_1: case CKA_EXPONENT_2: case CKA_COEFFICIENT: - if(kdata->prov_info->dwProvType = PROV_RSA_FULL) + if(kdata->prov_info->dwProvType == PROV_RSA_FULL) return lookup_rsa_attribute(kdata, attr); else return CKR_ATTRIBUTE_TYPE_INVALID; |