Ignore CKA_TOKEN in pubkey template for RSA and EC key gen

Also fix some typos in debug logging
Yubico · Nov 4, 2024 · bc23bc7 · bc23bc7
1 parent fe0b127
commit bc23bc7
Showing 1 changed file with 9 additions and 9 deletions.
diff --git a/pkcs11/util_pkcs11.c b/pkcs11/util_pkcs11.c
@@ -4889,7 +4889,6 @@ CK_RV parse_rsa_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate,
         }
         break;
 
-      case CKA_TOKEN:
       case CKA_EXTRACTABLE:
       case CKA_DESTROYABLE:
         if ((rv = check_bool_attribute(pPublicKeyTemplate[i].pValue, true)) !=
@@ -4918,6 +4917,7 @@ CK_RV parse_rsa_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate,
         }
         break;
 
+      case CKA_TOKEN:
       case CKA_WRAP:   // pkcs11-tool sets this on public keys
       case CKA_UNWRAP: // pkcs11-tool sets this on public keys
       case CKA_VERIFY:
@@ -5119,7 +5119,7 @@ CK_RV parse_ec_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate,
           ecparams = (CK_BYTE_PTR) pPublicKeyTemplate[i].pValue;
           ecparams_len = pPublicKeyTemplate[i].ulValueLen;
         } else {
-          DBG_ERR("CKA_PUBLIC_EXPONENT inconsistent in PublicKeyTemplate");
+          DBG_ERR("CKA_EC_PARAMS inconsistent in PublicKeyTemplate");
           return CKR_TEMPLATE_INCONSISTENT;
         }
         break;
@@ -5133,7 +5133,6 @@ CK_RV parse_ec_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate,
         }
         break;
 
-      case CKA_TOKEN:
       case CKA_EXTRACTABLE:
       case CKA_DESTROYABLE:
         if ((rv = check_bool_attribute(pPublicKeyTemplate[i].pValue, true)) !=
@@ -5164,6 +5163,7 @@ CK_RV parse_ec_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate,
         }
         break;
 
+      case CKA_TOKEN:
       case CKA_VERIFY:
       case CKA_DERIVE: // pkcs11-tool sets this on public keys
         break;
@@ -5277,14 +5277,14 @@ CK_RV parse_ec_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate,
   }
 
   if (ecparams == NULL) {
-    DBG_ERR("CKA_ECPARAMS not set");
+    DBG_ERR("CKA_EC_PARAMS not set");
     return CKR_TEMPLATE_INCOMPLETE;
   }
 
   uint16_t key_len;
   rv = parse_ecparams(ecparams, ecparams_len, &template->algorithm, &key_len);
   if (rv != CKR_OK) {
-    DBG_ERR("Failed to parse CKA_ECPARAMS");
+    DBG_ERR("Failed to parse CKA_EC_PARAMS");
     return rv;
   }
 
@@ -5485,14 +5485,14 @@ CK_RV parse_ed_generate_template(CK_ATTRIBUTE_PTR pPublicKeyTemplate,
   }
 
   if (ecparams == NULL) {
-    DBG_ERR("CKA_ECPARAMS not set");
+    DBG_ERR("CKA_EC_PARAMS not set");
     return CKR_TEMPLATE_INCOMPLETE;
   }
 
   uint16_t key_len;
   rv = parse_edparams(ecparams, ecparams_len, &template->algorithm, &key_len);
   if (rv != CKR_OK) {
-    DBG_ERR("Failed to parse CKA_ECPARAMS");
+    DBG_ERR("Failed to parse CKA_EC_PARAMS");
     return rv;
   }
 
@@ -5725,7 +5725,7 @@ parse_rsa_wrappedkey_template(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
           ecparams = (CK_BYTE_PTR) pTemplate[i].pValue;
           ecparams_len = pTemplate[i].ulValueLen;
         } else {
-          DBG_ERR("CKA_PUBLIC_EXPONENT inconsistent in PublicKeyTemplate");
+          DBG_ERR("CKA_EC_PARAMS inconsistent in PublicKeyTemplate");
           return CKR_TEMPLATE_INCONSISTENT;
         }
         break;
@@ -5818,7 +5818,7 @@ parse_rsa_wrappedkey_template(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
       return CKR_TEMPLATE_INCONSISTENT;
     }
     if (rv != CKR_OK) {
-      DBG_ERR("Failed to parse CKA_ECPARAMS");
+      DBG_ERR("Failed to parse CKA_EC_PARAMS");
       return rv;
     }
   }