From 12c147b646308bbc6af935054d7da969b92916eb Mon Sep 17 00:00:00 2001 From: cps-b <136316734+cps-b@users.noreply.github.com> Date: Tue, 31 Oct 2023 15:35:41 +0100 Subject: [PATCH] fixup! Use Builder Pattern for HsmKeyParams --- src/hsm.cpp | 9 +++++---- src/mococrw/hsm.h | 17 ++++------------- tests/integration/hsm-integration-test.cpp | 4 ++-- tests/unit/test_hsm.cpp | 2 +- 4 files changed, 12 insertions(+), 20 deletions(-) diff --git a/src/hsm.cpp b/src/hsm.cpp index 5ed87d02..b018c7e8 100644 --- a/src/hsm.cpp +++ b/src/hsm.cpp @@ -189,7 +189,7 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const RSASpec &spec, const std::vector &keyID) { HsmKeyParams hsmKeyParams = - HsmKeyParams::Builder().setCkaExtractable(false).setCkaSensitive(true).build(); + HsmKeyParams::Builder{}.setExtractable(false).build(); return generateKey(spec, keyLabel, keyID, hsmKeyParams); } @@ -217,7 +217,7 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const RSASpec &spec, PKCS11_params _params; _params.extractable = static_cast(params.isExtractable()); - _params.sensitive = static_cast(params.isSensitive()); + _params.sensitive = static_cast(!params.isExtractable()); PKCS11_KGEN_ATTRS pkcs11RSAKeygen; pkcs11RSAKeygen.type = EVP_PKEY_RSA; @@ -235,7 +235,7 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const ECCSpec &spec, const std::vector &keyID) { HsmKeyParams hsmKeyParams = - HsmKeyParams::Builder().setCkaExtractable(false).setCkaSensitive(true).build(); + HsmKeyParams::Builder{}.setExtractable(false).build(); return generateKey(spec, keyLabel, keyID, hsmKeyParams); } @@ -263,8 +263,9 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const ECCSpec &spec, pkcs11ECCSpec.curve = curve.c_str(); PKCS11_params _params; + // If the key is extractable it shouldn't be sensitive and vice versa _params.extractable = static_cast(params.isExtractable()); - _params.sensitive = static_cast(params.isSensitive()); + _params.sensitive = static_cast(!params.isExtractable()); PKCS11_KGEN_ATTRS pkcs11ECCKeygen; pkcs11ECCKeygen.type = EVP_PKEY_EC; diff --git a/src/mococrw/hsm.h b/src/mococrw/hsm.h index 3ff325e6..004a013f 100644 --- a/src/mococrw/hsm.h +++ b/src/mococrw/hsm.h @@ -36,32 +36,23 @@ class HsmKeyParams bool isExtractable() const { return cka_extractable; } - bool isSensitive() const { return cka_sensitive; } - private: - bool cka_extractable; - bool cka_sensitive; + bool extractable; /* Default is that the key cannot be extracted and is marked as sensitive. * Check https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html * for more details. */ - HsmKeyParams() : cka_extractable(false), cka_sensitive(true) {} + HsmKeyParams() : cka_extractable(false) {} }; class HsmKeyParams::Builder { public: Builder() {} - Builder &setCkaExtractable(bool extractable) - { - params_.cka_extractable = extractable; - return *this; - } - - Builder &setCkaSensitive(bool sensitive) + Builder &setExtractable(bool extractable) { - params_.cka_sensitive = sensitive; + params_.extractable = extractable; return *this; } diff --git a/tests/integration/hsm-integration-test.cpp b/tests/integration/hsm-integration-test.cpp index 967e95f3..f04fb781 100644 --- a/tests/integration/hsm-integration-test.cpp +++ b/tests/integration/hsm-integration-test.cpp @@ -453,9 +453,9 @@ int main(void) * Generate extractable and non-extractable keys for ECC and RSA */ HsmKeyParams hsmKeyParamsExtract = - HsmKeyParams::Builder().setCkaExtractable(true).setCkaSensitive(false).build(); + HsmKeyParams::Builder{}.setExtractable(true).build(); - HsmKeyParams hsmKeyParamsDefault = HsmKeyParams::Builder().build(); + HsmKeyParams hsmKeyParamsDefault = HsmKeyParams::Builder{}.build(); /* We need a new token otherwise the keys generated before litter the slot */ diff --git a/tests/unit/test_hsm.cpp b/tests/unit/test_hsm.cpp index 58e29815..df37bc25 100644 --- a/tests/unit/test_hsm.cpp +++ b/tests/unit/test_hsm.cpp @@ -154,7 +154,7 @@ TEST_F(HSMTest, testHSMKeygenWithParams) std::string keyLabel{"key-label"}; std::vector keyId{0x12}; HsmKeyParams params = - HsmKeyParams::Builder().setCkaExtractable(true).setCkaSensitive(false).build(); + HsmKeyParams::Builder{}.setExtractable(true).build(); EXPECT_CALL(_mock(), SSL_ENGINE_ctrl_cmd_string( engine, StrEq("PIN"), StrEq(pin.c_str()), 0 /*non-optional*/))