fixup! Use Builder Pattern for HsmKeyParams

src/hsm.cpp

@@ -189,7 +189,7 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const RSASpec &spec,
                                                  const std::vector<uint8_t> &keyID)
 {
     HsmKeyParams hsmKeyParams =
-            HsmKeyParams::Builder().setCkaExtractable(false).setCkaSensitive(true).build();
+            HsmKeyParams::Builder{}.setExtractable(false).build();
     return generateKey(spec, keyLabel, keyID, hsmKeyParams);
 }
 
@@ -217,7 +217,7 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const RSASpec &spec,
 
     PKCS11_params _params;
     _params.extractable = static_cast<unsigned char>(params.isExtractable());
-    _params.sensitive = static_cast<unsigned char>(params.isSensitive());
+    _params.sensitive = static_cast<unsigned char>(!params.isExtractable());
 
     PKCS11_KGEN_ATTRS pkcs11RSAKeygen;
     pkcs11RSAKeygen.type = EVP_PKEY_RSA;
@@ -235,7 +235,7 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const ECCSpec &spec,
                                                  const std::vector<uint8_t> &keyID)
 {
     HsmKeyParams hsmKeyParams =
-            HsmKeyParams::Builder().setCkaExtractable(false).setCkaSensitive(true).build();
+            HsmKeyParams::Builder{}.setExtractable(false).build();
     return generateKey(spec, keyLabel, keyID, hsmKeyParams);
 }
 
@@ -263,8 +263,9 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const ECCSpec &spec,
     pkcs11ECCSpec.curve = curve.c_str();
 
     PKCS11_params _params;
+    // If the key is extractable it shouldn't be sensitive and vice versa
     _params.extractable = static_cast<unsigned char>(params.isExtractable());
-    _params.sensitive = static_cast<unsigned char>(params.isSensitive());
+    _params.sensitive = static_cast<unsigned char>(!params.isExtractable());
 
     PKCS11_KGEN_ATTRS pkcs11ECCKeygen;
     pkcs11ECCKeygen.type = EVP_PKEY_EC;

src/mococrw/hsm.h

@@ -36,32 +36,23 @@ class HsmKeyParams
 
     bool isExtractable() const { return cka_extractable; }
 
-    bool isSensitive() const { return cka_sensitive; }
-
 private:
-    bool cka_extractable;
-    bool cka_sensitive;
+    bool extractable;
 
     /* Default is that the key cannot be extracted and is marked as sensitive.
      * Check https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html
      * for more details.
      */
-    HsmKeyParams() : cka_extractable(false), cka_sensitive(true) {}
+    HsmKeyParams() : cka_extractable(false) {}
 };
 
 class HsmKeyParams::Builder
 {
 public:
     Builder() {}
-    Builder &setCkaExtractable(bool extractable)
-    {
-        params_.cka_extractable = extractable;
-        return *this;
-    }
-
-    Builder &setCkaSensitive(bool sensitive)
+    Builder &setExtractable(bool extractable)
     {
-        params_.cka_sensitive = sensitive;
+        params_.extractable = extractable;
         return *this;
     }
 

tests/integration/hsm-integration-test.cpp

@@ -453,9 +453,9 @@ int main(void)
          * Generate extractable and non-extractable keys for ECC and RSA
          */
         HsmKeyParams hsmKeyParamsExtract =
-                HsmKeyParams::Builder().setCkaExtractable(true).setCkaSensitive(false).build();
+                HsmKeyParams::Builder{}.setExtractable(true).build();
 
-        HsmKeyParams hsmKeyParamsDefault = HsmKeyParams::Builder().build();
+        HsmKeyParams hsmKeyParamsDefault = HsmKeyParams::Builder{}.build();
 
         /* We need a new token otherwise the keys generated before litter the slot */
 

tests/unit/test_hsm.cpp

@@ -154,7 +154,7 @@ TEST_F(HSMTest, testHSMKeygenWithParams)
     std::string keyLabel{"key-label"};
     std::vector<uint8_t> keyId{0x12};
     HsmKeyParams params =
-            HsmKeyParams::Builder().setCkaExtractable(true).setCkaSensitive(false).build();
+            HsmKeyParams::Builder{}.setExtractable(true).build();
     EXPECT_CALL(_mock(),
                 SSL_ENGINE_ctrl_cmd_string(
                         engine, StrEq("PIN"), StrEq(pin.c_str()), 0 /*non-optional*/))