* @GNUTLS_PKCS11_OBJ_FLAG_CRT: When searching, restrict to certificates only (seek).
* @GNUTLS_PKCS11_OBJ_FLAG_PUBKEY: When searching, restrict to public key objects only (seek).
* @GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY: When searching, restrict to private key objects only (seek).
- * @GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY: When searching, restrict to objects which have a corresponding private key (seek).
+ * @GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY: When generating a keypair don't store the public key (store).
*
* Enumeration of different PKCS #11 object flags. Some flags are used
* to mark objects when storing, while others are also used while seeking
GNUTLS_PKCS11_OBJ_FLAG_CRT = (1<<18),
GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY = (1<<19),
GNUTLS_PKCS11_OBJ_FLAG_PUBKEY = (1<<20),
+ GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY = GNUTLS_PKCS11_OBJ_FLAG_PUBKEY,
GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY = (1<<21),
/* flags 1<<29 and later are reserved - see pkcs11_int.h */
} gnutls_pkcs11_obj_flags;
struct pkcs11_session_info sinfo;
struct p11_kit_uri *info = NULL;
ck_rv_t rv;
- struct ck_attribute a[20], p[20];
+ struct ck_attribute a[22], p[22];
ck_object_handle_t pub, priv;
unsigned long _bits = bits;
int a_val, p_val;
mech.parameter_len = 0;
mech.mechanism = pk_to_genmech(pk, &key_type);
+ if (!(flags & GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY)) {
+ a[a_val].type = CKA_TOKEN;
+ a[a_val].value = (void *) &tval;
+ a[a_val].value_len = sizeof(tval);
+ a_val++;
+ }
+
a[a_val].type = CKA_ID;
if (cid == NULL || cid->size == 0) {
ret = gnutls_rnd(GNUTLS_RND_NONCE, id, sizeof(id));
projects / thirdparty / gnutls.git / commitdiff
