[pkg-opensc-commit] [opensc] 232/295: pkcs11-tool: Set CKA_PRIVATE=false for new public keys

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository opensc.

commit c496af17d49606d5e3277595dad58ef24a822a30
Author: Jakub Jelen <jjelen at redhat.com>
Date:   Thu Apr 13 11:35:54 2017 +0200

    pkcs11-tool: Set CKA_PRIVATE=false for new public keys
    
    Keygen should write public keys with explicit CKA_PRIVATE=false by default (possibility to modify by --private switch)
    
    Related to 4df35b92 discussing writing separate objects years ago.
---
 src/tools/pkcs11-tool.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index 555029d..169ee8a 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -1721,6 +1721,7 @@ static int gen_keypair(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
 	CK_ULONG modulusBits = 1024;
 	CK_BYTE publicExponent[] = { 0x01, 0x00, 0x01 }; /* 65537 in bytes */
 	CK_BBOOL _true = TRUE;
+	CK_BBOOL _false = FALSE;
 	CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY;
 	CK_OBJECT_CLASS privkey_class = CKO_PRIVATE_KEY;
 	CK_ATTRIBUTE publicKeyTemplate[20] = {
@@ -1849,6 +1850,17 @@ static int gen_keypair(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
 		n_privkey_attr++;
 	}
 
+	if (opt_is_private != 0) {
+		FILL_ATTR(publicKeyTemplate[n_pubkey_attr], CKA_PRIVATE,
+			&_true, sizeof(_true));
+		n_pubkey_attr++;
+	}
+	else {
+		FILL_ATTR(publicKeyTemplate[n_pubkey_attr], CKA_PRIVATE,
+			&_false, sizeof(_false));
+		n_pubkey_attr++;
+	}
+
 	rv = p11->C_GenerateKeyPair(session, &mechanism,
 		publicKeyTemplate, n_pubkey_attr,
 		privateKeyTemplate, n_privkey_attr,

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git