pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private key

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 26 Mar 2015 15:21:28 +0000 (16:21 +0100)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 26 Mar 2015 15:21:28 +0000 (16:21 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 26 Mar 2015 15:21:28 +0000 (16:21 +0100)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 26 Mar 2015 15:21:28 +0000 (16:21 +0100)
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c

index 55fc6e52599b93da3b75820d7c6643233d22f4ab..f28f0cefe85034edf16c4b3c45d665df8314be60 100644 (file)
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -394,6 +394,8 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url,
                 return ret;
         }
  
+       pk = gnutls_x509_privkey_get_pk_algorithm(key);
+
         /* FIXME: copy key usage flags */
         a_val = 0;
         a[a_val].type = CKA_CLASS;
@@ -406,6 +408,18 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url,
         a[a_val].value_len = id_size;
         a_val++;
  
+       a[a_val].type = CKA_SIGN;
+       a[a_val].value = (void*)&tval;
+       a[a_val].value_len = sizeof(tval);
+       a_val++;
+
+       if (pk == GNUTLS_PK_RSA) {
+               a[a_val].type = CKA_DECRYPT;
+               a[a_val].value = (void*)&tval;
+               a[a_val].value_len = sizeof(tval);
+               a_val++;
+       }
+
         a[a_val].type = CKA_KEY_TYPE;
         a[a_val].value = &type;
         a[a_val].value_len = sizeof(type);
@@ -469,7 +483,6 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url,
                 a_val++;
         }
  
-       pk = gnutls_x509_privkey_get_pk_algorithm(key);
         switch (pk) {
         case GNUTLS_PK_RSA:
                 {
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 26 Mar 2015 15:21:28 +0000 (16:21 +0100)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 26 Mar 2015 15:21:28 +0000 (16:21 +0100)