diff options
Diffstat (limited to 'pkcs11.c')
-rw-r--r-- | pkcs11.c | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -639,6 +639,8 @@ C_SignInit(CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mech, { if (obj_type(key) != KEY_PRIVATE || obj_to_section(key) != handle) return CKR_ARGUMENTS_BAD; + if (cache_get_by_secnum(handle, "CKA_SIGN", NULL) == NULL) + return CKR_KEY_FUNCTION_NOT_PERMITTED; opstate = crypto_sign_init(handle, mech); if (opstate) return CKR_OK; @@ -649,6 +651,8 @@ CK_RV C_Sign(CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, CK_BYTE_PTR sig, CK_ULONG_PTR sig_len) { + if (cache_get_by_secnum(handle, "CKA_SIGN", NULL) == NULL) + return CKR_KEY_FUNCTION_NOT_PERMITTED; if (crypto_sign(handle, opstate, data, data_len, sig, sig_len)) return CKR_ARGUMENTS_BAD; return CKR_OK; @@ -660,6 +664,8 @@ C_DecryptInit(CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mech, { if (obj_type(key) != KEY_PRIVATE || obj_to_section(key) != handle) return CKR_ARGUMENTS_BAD; + if (cache_get_by_secnum(handle, "CKA_DECRYPT", NULL) == NULL) + return CKR_KEY_FUNCTION_NOT_PERMITTED; opstate = crypto_decrypt_init(handle, mech); if (opstate) return CKR_OK; @@ -670,6 +676,8 @@ CK_RV C_Decrypt(CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_data, CK_ULONG enc_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len) { + if (cache_get_by_secnum(handle, "CKA_DECRYPT", NULL) == NULL) + return CKR_KEY_FUNCTION_NOT_PERMITTED; if (crypto_decrypt(opstate, enc_data, enc_len, data, data_len)) return CKR_ARGUMENTS_BAD; return CKR_OK; |