#define GNUTLS_PKCS11_OBJ_FLAG_COMPARE (1<<9) /* The object must be fully compared */
#define GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE (1<<10) /* The object must be present in a marked as trusted module */
#define GNUTLS_PKCS11_OBJ_FLAG_MARK_CA (1<<11) /* object marked as CA */
+#define GNUTLS_PKCS11_OBJ_FLAG_KEY_WRAP (1<<12) /* generated keypair shall support key wrap/unwrap */
/**
* gnutls_pkcs11_url_type_t:
gnutls_pkcs11_obj_t obj = NULL;
gnutls_datum_t der = {NULL, 0};
ck_key_type_t key_type;
+ char pubEx[3] = { 1,0,1 }; // 65537 = 0x10001
PKCS11_CHECK_INIT;
a[a_val].value = &_bits;
a[a_val].value_len = sizeof(_bits);
a_val++;
+
+ a[a_val].type = CKA_PUBLIC_EXPONENT;
+ a[a_val].value = pubEx;
+ a[a_val].value_len = sizeof(pubEx);
+ a_val++;
+
break;
case GNUTLS_PK_DSA:
p[p_val].type = CKA_SIGN;
goto cleanup;
}
+ /*
+ * on request, add the CKA_WRAP/CKA_UNWRAP key attribute
+ */
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_KEY_WRAP) {
+ p[p_val].type = CKA_UNWRAP;
+ p[p_val].value = (void*)&tval;
+ p[p_val].value_len = sizeof(tval);
+ p_val++;
+ a[a_val].type = CKA_WRAP;
+ a[a_val].value = (void*)&tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+ }
+
/* a private key is set always as private unless
* requested otherwise
*/