[pkg-opensc-commit] [pkcs11-helper] 17/60: Unwrap fixups

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to tag pkcs11-helper-1.02
in repository pkcs11-helper.

commit a2dafc03163386db84176e5006c2274f01da6889
Author: alonbl <alonbl at 485eb718-1723-0410-b8a9-88cf21a28c35>
Date:   Tue Nov 28 21:02:32 2006 +0000

    Unwrap fixups
---
 ChangeLog                                   |  2 +-
 include/pkcs11-helper-1.0/pkcs11h-core.h    | 24 --------------------
 include/pkcs11-helper-1.0/pkcs11h-engines.h | 24 ++++++++++++++++++++
 lib/pkcs11h-certificate.c                   | 34 ++++++++++++++++++++---------
 4 files changed, 49 insertions(+), 35 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 6f4b7d9..9c80d53 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,7 +31,7 @@ $Id$
 
 * Added win32 crypto engine.
 
-* Added decrypt option using C_UnwrapKey.
+* Added decrypt option using C_UnwrapKey, thanks for Christoph Neerfeld.
 
 2006-06-26 - Version 1.01
 
diff --git a/include/pkcs11-helper-1.0/pkcs11h-core.h b/include/pkcs11-helper-1.0/pkcs11h-core.h
index 41a60a1..b63a5f4 100644
--- a/include/pkcs11-helper-1.0/pkcs11h-core.h
+++ b/include/pkcs11-helper-1.0/pkcs11h-core.h
@@ -317,30 +317,6 @@ pkcs11h_getMessage (
 );
 
 /**
- * @brief Set system engine to be used.
- * @param engine	Engine to use.
- * @return CK_RV.
- * @note Must be called before pkcs11h_initialize.
- * @note Default engine is libc functions.
- */
-CK_RV
-pkcs11h_engine_setSystem (
-	IN const pkcs11h_engine_system_t * const engine
-);
-
-/**
- * @brief Set crypto engine to be used.
- * @param engine	Engine to use.
- * @return CK_RV.
- * @note Must be called before pkcs11h_initialize.
- * @note Default is provided at configuration time.
- */
-CK_RV
-pkcs11h_engine_setCrypto (
-	IN const pkcs11h_engine_crypto_t * const engine
-);
-
-/**
  * @brief Get version of library.
  * @return version identifier.
  */
diff --git a/include/pkcs11-helper-1.0/pkcs11h-engines.h b/include/pkcs11-helper-1.0/pkcs11h-engines.h
index e8bedb8..180aeb5 100644
--- a/include/pkcs11-helper-1.0/pkcs11h-engines.h
+++ b/include/pkcs11-helper-1.0/pkcs11h-engines.h
@@ -200,6 +200,30 @@ typedef struct pkcs11h_crypto_engine_s {
 	);
 } pkcs11h_engine_crypto_t;
 
+/**
+ * @brief Set system engine to be used.
+ * @param engine	Engine to use.
+ * @return CK_RV.
+ * @note Must be called before pkcs11h_initialize.
+ * @note Default engine is libc functions.
+ */
+CK_RV
+pkcs11h_engine_setSystem (
+	IN const pkcs11h_engine_system_t * const engine
+);
+
+/**
+ * @brief Set crypto engine to be used.
+ * @param engine	Engine to use.
+ * @return CK_RV.
+ * @note Must be called before pkcs11h_initialize.
+ * @note Default is provided at configuration time.
+ */
+CK_RV
+pkcs11h_engine_setCrypto (
+	IN const pkcs11h_engine_crypto_t * const engine
+);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lib/pkcs11h-certificate.c b/lib/pkcs11h-certificate.c
index c6e00bf..8613082 100644
--- a/lib/pkcs11h-certificate.c
+++ b/lib/pkcs11h-certificate.c
@@ -784,14 +784,15 @@ __pkcs11h_certificate_doPrivateOperation (
 	};
 
 	CK_BBOOL wrap_attrs_false = CK_FALSE;
-	CK_BBOOL wrap_attrs_true = CK_TRUE;
+	CK_OBJECT_CLASS class = CKO_SECRET_KEY;
+	CK_KEY_TYPE keytype = CKK_GENERIC_SECRET;
 	CK_ATTRIBUTE wrap_attrs[] = {
-		{CKA_VALUE, target, *p_target_size},
-		{CKA_ALWAYS_SENSITIVE, &wrap_attrs_false, sizeof (wrap_attrs_false)},
-		{CKA_NEVER_EXTRACTABLE, &wrap_attrs_false, sizeof (wrap_attrs_false)},
-		{CKA_EXTRACTABLE, &wrap_attrs_true, sizeof (wrap_attrs_true)},
-		{CKA_LOCAL, &wrap_attrs_false, sizeof (wrap_attrs_false)},
-		{CKA_TOKEN, &wrap_attrs_false, sizeof (wrap_attrs_false)}
+		{CKA_CLASS, &class, sizeof (class)}, 
+		{CKA_KEY_TYPE, &keytype, sizeof (keytype)}
+/* OpenSC fail!	{CKA_TOKEN, &wrap_attrs_false, sizeof (wrap_attrs_false)} */
+	};
+	CK_ATTRIBUTE wrap_value[] = {
+		{CKA_VALUE, target, 0}
 	};
 	CK_OBJECT_HANDLE wrap_key = PKCS11H_INVALID_OBJECT_HANDLE;
 	
@@ -915,11 +916,16 @@ __pkcs11h_certificate_doPrivateOperation (
 					);
 				break;
 				case _pkcs11h_private_op_unwrap:
-					size = wrap_attrs[0].ulValueLen;
-					rv = certificate->session->provider->f->C_DestroyObject (
+					wrap_value[0].ulValueLen = size;
+
+					rv = certificate->session->provider->f->C_GetAttributeValue (
 						certificate->session->session_handle,
-						wrap_key
+						wrap_key,
+						wrap_value,
+						sizeof (wrap_value) / sizeof (CK_ATTRIBUTE)
 					);
+
+					size = wrap_value[0].ulValueLen;
 				break;
 				default:
 					rv = CKR_ARGUMENTS_BAD;
@@ -935,6 +941,14 @@ __pkcs11h_certificate_doPrivateOperation (
 			);
 		}
 		
+		if (wrap_key != PKCS11H_INVALID_OBJECT_HANDLE) {
+			certificate->session->provider->f->C_DestroyObject (
+				certificate->session->session_handle,
+				wrap_key
+			);
+			wrap_key = PKCS11H_INVALID_OBJECT_HANDLE;
+		}
+
 		if (
 			target == NULL &&
 			(

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/pkcs11-helper.git