projects / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 74d165a)
pkcs11: Add attributes to specify what we use the DH/ECDH keys for.
authorTobias Brunner <tobias@strongswan.org>
Tue, 1 Nov 2011 10:05:49 +0000 (11:05 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 2 Nov 2011 19:27:54 +0000 (20:27 +0100)
src/libstrongswan/plugins/pkcs11/pkcs11_dh.c patch | blob | history

diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
index e7cc222..f3fc030 100644 (file)
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
@@ -220,12 +220,15 @@ static bool generate_key_pair(private_pkcs11_dh_t *this, CK_ATTRIBUTE_PTR pub,
 static bool generate_key_pair_modp(private_pkcs11_dh_t *this, size_t exp_len,
                                                                   chunk_t g, chunk_t p)
 {
+       CK_BBOOL ck_true = CK_TRUE;
        CK_ATTRIBUTE pub_attr[] = {
+               { CKA_DERIVE, &ck_true, sizeof(ck_true) },
                { CKA_PRIME, p.ptr, p.len },
                { CKA_BASE, g.ptr, g.len },
        };
        CK_ULONG bits = exp_len * 8;
        CK_ATTRIBUTE pri_attr[] = {
+               { CKA_DERIVE, &ck_true, sizeof(ck_true) },
                { CKA_VALUE_BITS, &bits, sizeof(bits) },
        };
        return generate_key_pair(this, pub_attr, countof(pub_attr), pri_attr,
@@ -238,11 +241,16 @@ static bool generate_key_pair_modp(private_pkcs11_dh_t *this, size_t exp_len,
 static bool generate_key_pair_ecp(private_pkcs11_dh_t *this,
                                                                  chunk_t ecparams)
 {
+       CK_BBOOL ck_true = CK_TRUE;
        CK_ATTRIBUTE pub_attr[] = {
+               { CKA_DERIVE, &ck_true, sizeof(ck_true) },
                { CKA_EC_PARAMS, ecparams.ptr, ecparams.len },
        };
-       if (!generate_key_pair(this, pub_attr, countof(pub_attr), NULL, 0,
-                                                  CKA_EC_POINT))
+       CK_ATTRIBUTE pri_attr[] = {
+               { CKA_DERIVE, &ck_true, sizeof(ck_true) },
+       };
+       if (!generate_key_pair(this, pub_attr, countof(pub_attr), pri_attr,
+                                                  countof(pri_attr), CKA_EC_POINT))
        {
                return FALSE;
        }
strongSwan - IPsec VPN