aboutsummaryrefslogtreecommitdiffstats
path: root/pkcs11.c
diff options
context:
space:
mode:
Diffstat (limited to 'pkcs11.c')
-rw-r--r--pkcs11.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/pkcs11.c b/pkcs11.c
index 7f90821..ef7e54d 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -639,6 +639,8 @@ C_SignInit(CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mech,
{
if (obj_type(key) != KEY_PRIVATE || obj_to_section(key) != handle)
return CKR_ARGUMENTS_BAD;
+ if (cache_get_by_secnum(handle, "CKA_SIGN", NULL) == NULL)
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
opstate = crypto_sign_init(handle, mech);
if (opstate)
return CKR_OK;
@@ -649,6 +651,8 @@ CK_RV
C_Sign(CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
CK_BYTE_PTR sig, CK_ULONG_PTR sig_len)
{
+ if (cache_get_by_secnum(handle, "CKA_SIGN", NULL) == NULL)
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
if (crypto_sign(handle, opstate, data, data_len, sig, sig_len))
return CKR_ARGUMENTS_BAD;
return CKR_OK;
@@ -660,6 +664,8 @@ C_DecryptInit(CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mech,
{
if (obj_type(key) != KEY_PRIVATE || obj_to_section(key) != handle)
return CKR_ARGUMENTS_BAD;
+ if (cache_get_by_secnum(handle, "CKA_DECRYPT", NULL) == NULL)
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
opstate = crypto_decrypt_init(handle, mech);
if (opstate)
return CKR_OK;
@@ -670,6 +676,8 @@ CK_RV
C_Decrypt(CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_data, CK_ULONG enc_len,
CK_BYTE_PTR data, CK_ULONG_PTR data_len)
{
+ if (cache_get_by_secnum(handle, "CKA_DECRYPT", NULL) == NULL)
+ return CKR_KEY_FUNCTION_NOT_PERMITTED;
if (crypto_decrypt(opstate, enc_data, enc_len, data, data_len))
return CKR_ARGUMENTS_BAD;
return CKR_OK;
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-31 14:14:36 +0000