ta: pkcs11: Check for CKA_PRIVATE when creating objects

PKCS#11 Specification[1] states that Private session/token objects cannot be created in Public sessions. So, add a check for access type when creating objects. [1] PKCS #11 Cryptographic Token Interface Usage Guide Version 2.40 (Table 3 - ACCESS TO DIFFERENT TYPES OBJECTS BY DIFFERENT TYPES OF SESSIONS) Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
author: Ruchika Gupta <ruchika.gupta@linaro.org> 2020-12-24 12:11:41 +0530
committer: Jérôme Forissier <jerome@forissier.org> 2020-12-28 10:12:50 +0100
commit: b68aca61f70193c8715a49748d13c77afe43aa1c (patch)
tree: 48e97e39824be64c0826c6a9f405f1ff235fad8a
parent: 12f1ba8672b9a6498954f8843e8681691864174c (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/ta/pkcs11/src/object.c b/ta/pkcs11/src/object.c
index 74c7ed50..a9881260 100644
--- a/ta/pkcs11/src/object.c
+++ b/ta/pkcs11/src/object.c
@@ -333,6 +333,10 @@ enum pkcs11_rc entry_create_object(struct pkcs11_client *client,
 	if (rc)
 		goto out;
 
+	rc = check_access_attrs_against_token(session, head);
+	if (rc)
+		goto out;
+
 	/*
 	 * At this stage the object is almost created: all its attributes are
 	 * referenced in @head, including the key value and are assumed
author	Ruchika Gupta <ruchika.gupta@linaro.org>	2020-12-24 12:11:41 +0530
committer	Jérôme Forissier <jerome@forissier.org>	2020-12-28 10:12:50 +0100
commit	b68aca61f70193c8715a49748d13c77afe43aa1c (patch)
tree	48e97e39824be64c0826c6a9f405f1ff235fad8a
parent	12f1ba8672b9a6498954f8843e8681691864174c (diff)