From cf9d45ea08ca541e7b163ffd7c6daa3769785e48 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 1 Nov 2011 11:05:49 +0100
Subject: [PATCH] pkcs11: Add attributes to specify what we use the DH/ECDH
 keys for.

---
 src/libstrongswan/plugins/pkcs11/pkcs11_dh.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
index e7cc222348..f3fc0303dc 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
@@ -220,12 +220,15 @@ static bool generate_key_pair(private_pkcs11_dh_t *this, CK_ATTRIBUTE_PTR pub,
 static bool generate_key_pair_modp(private_pkcs11_dh_t *this, size_t exp_len,
 								   chunk_t g, chunk_t p)
 {
+	CK_BBOOL ck_true = CK_TRUE;
 	CK_ATTRIBUTE pub_attr[] = {
+		{ CKA_DERIVE, &ck_true, sizeof(ck_true) },
 		{ CKA_PRIME, p.ptr, p.len },
 		{ CKA_BASE, g.ptr, g.len },
 	};
 	CK_ULONG bits = exp_len * 8;
 	CK_ATTRIBUTE pri_attr[] = {
+		{ CKA_DERIVE, &ck_true, sizeof(ck_true) },
 		{ CKA_VALUE_BITS, &bits, sizeof(bits) },
 	};
 	return generate_key_pair(this, pub_attr, countof(pub_attr), pri_attr,
@@ -238,11 +241,16 @@ static bool generate_key_pair_modp(private_pkcs11_dh_t *this, size_t exp_len,
 static bool generate_key_pair_ecp(private_pkcs11_dh_t *this,
 								  chunk_t ecparams)
 {
+	CK_BBOOL ck_true = CK_TRUE;
 	CK_ATTRIBUTE pub_attr[] = {
+		{ CKA_DERIVE, &ck_true, sizeof(ck_true) },
 		{ CKA_EC_PARAMS, ecparams.ptr, ecparams.len },
 	};
-	if (!generate_key_pair(this, pub_attr, countof(pub_attr), NULL, 0,
-						   CKA_EC_POINT))
+	CK_ATTRIBUTE pri_attr[] = {
+		{ CKA_DERIVE, &ck_true, sizeof(ck_true) },
+	};
+	if (!generate_key_pair(this, pub_attr, countof(pub_attr), pri_attr,
+						   countof(pri_attr), CKA_EC_POINT))
 	{
 		return FALSE;
 	}
-- 
2.47.2