Skip to content

Commit c6e9d55

Browse files
bryan-huntbryan-hunt
authored
Merge pull request #290 from JamieHunter/main
Add fixes to cryptoauthlib to support Java PKCS11 requirements, to support Greengrass V2
2 parents 50a11b1 + 6457c1c commit c6e9d55

File tree

3 files changed

+22
-7
lines changed

3 files changed

+22
-7
lines changed

lib/pkcs11/pkcs11_key.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -513,12 +513,12 @@ const pkcs11_attrib_model pkcs11_key_private_attributes[] = {
513513
{ CKA_SIGN_RECOVER, NULL_PTR },
514514
/** CK_TRUE if key supports unwrapping (i.e., can be used to unwrap other keys)9 */
515515
{ CKA_UNWRAP, NULL_PTR },
516-
/** CK_TRUE if key is extractable and can be wrapped 9 */
517-
{ CKA_EXTRACTABLE, NULL_PTR },
516+
/** CK_TRUE if key is extractable and can be wrapped */
517+
{ CKA_EXTRACTABLE, pkcs11_attrib_false },
518518
/** CK_TRUE if key has always had the CKA_SENSITIVE attribute set to CK_TRUE */
519519
{ CKA_ALWAYS_SENSITIVE, pkcs11_token_get_access_type },
520520
/** CK_TRUE if key has never had the CKA_EXTRACTABLE attribute set to CK_TRUE */
521-
{ CKA_NEVER_EXTRACTABLE, NULL_PTR },
521+
{ CKA_NEVER_EXTRACTABLE, pkcs11_token_get_access_type },
522522
/** CK_TRUE if the key can only be wrapped with a wrapping key that has CKA_TRUSTED set to CK_TRUE. Default is CK_FALSE. */
523523
{ CKA_WRAP_WITH_TRUSTED, NULL_PTR },
524524
/** For wrapping keys. The attribute template to match against any keys
@@ -639,11 +639,11 @@ const pkcs11_attrib_model pkcs11_key_secret_attributes[] = {
639639
/** CK_TRUE if key supports unwrapping (i.e., can be used to unwrap other keys) */
640640
{ CKA_UNWRAP, NULL_PTR },
641641
/** CK_TRUE if key is extractable and can be wrapped */
642-
{ CKA_EXTRACTABLE, NULL_PTR },
642+
{ CKA_EXTRACTABLE, pkcs11_attrib_false },
643643
/** CK_TRUE if key has always had the CKA_SENSITIVE attribute set to CK_TRUE */
644644
{ CKA_ALWAYS_SENSITIVE, pkcs11_token_get_access_type },
645645
/** CK_TRUE if key has never had the CKA_EXTRACTABLE attribute set to CK_TRUE */
646-
{ CKA_NEVER_EXTRACTABLE, NULL_PTR },
646+
{ CKA_NEVER_EXTRACTABLE, pkcs11_token_get_access_type },
647647
/** Key checksum */
648648
{ CKA_CHECK_VALUE, pkcs11_key_get_check_value },
649649
/** CK_TRUE if the key can only be wrapped with a wrapping key that has CKA_TRUSTED set to CK_TRUE. Default is CK_FALSE. */

lib/pkcs11/pkcs11_signature.c

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -148,6 +148,21 @@ CK_RV pkcs11_signature_sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_UL
148148
return pkcs11_util_convert_rv(status);
149149
}
150150
}
151+
else
152+
{
153+
switch (pSession->active_mech)
154+
{
155+
case CKM_SHA256_HMAC:
156+
*pulSignatureLen = ATCA_SHA256_DIGEST_SIZE;
157+
break;
158+
case CKM_ECDSA:
159+
*pulSignatureLen = ATCA_SIG_SIZE;
160+
break;
161+
default:
162+
status = ATCA_GEN_FAIL;
163+
break;
164+
}
165+
}
151166
}
152167
else
153168
{

lib/pkcs11/pkcs11_token.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -428,8 +428,8 @@ CK_RV pkcs11_token_get_info(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
428428
pInfo->ulMinPinLen = 0;
429429
pInfo->flags = CKF_RNG;// | CKF_LOGIN_REQUIRED;
430430

431-
pInfo->ulMaxSessionCount = 1;
432-
pInfo->ulMaxRwSessionCount = 1;
431+
pInfo->ulMaxSessionCount = PKCS11_MAX_SESSIONS_ALLOWED;
432+
pInfo->ulMaxRwSessionCount = PKCS11_MAX_SESSIONS_ALLOWED;
433433

434434
pInfo->ulSessionCount = (slot_ctx->session) ? TRUE : FALSE;
435435
pInfo->ulRwSessionCount = (slot_ctx->session) ? TRUE : FALSE;

0 commit comments

Comments
 (0)