diff options
author | Ruchika Gupta <ruchika.gupta@linaro.org> | 2020-12-24 12:11:41 +0530 |
---|---|---|
committer | Jérôme Forissier <jerome@forissier.org> | 2020-12-28 10:12:50 +0100 |
commit | b68aca61f70193c8715a49748d13c77afe43aa1c (patch) | |
tree | 48e97e39824be64c0826c6a9f405f1ff235fad8a | |
parent | 12f1ba8672b9a6498954f8843e8681691864174c (diff) |
ta: pkcs11: Check for CKA_PRIVATE when creating objects
PKCS#11 Specification[1] states that Private session/token objects
cannot be created in Public sessions. So, add a check for access
type when creating objects.
[1] PKCS #11 Cryptographic Token Interface Usage Guide Version 2.40
(Table 3 - ACCESS TO DIFFERENT TYPES OBJECTS BY DIFFERENT TYPES
OF SESSIONS)
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
-rw-r--r-- | ta/pkcs11/src/object.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ta/pkcs11/src/object.c b/ta/pkcs11/src/object.c index 74c7ed50..a9881260 100644 --- a/ta/pkcs11/src/object.c +++ b/ta/pkcs11/src/object.c @@ -333,6 +333,10 @@ enum pkcs11_rc entry_create_object(struct pkcs11_client *client, if (rc) goto out; + rc = check_access_attrs_against_token(session, head); + if (rc) + goto out; + /* * At this stage the object is almost created: all its attributes are * referenced in @head, including the key value and are assumed |