in src/wrapping/rsa_wrapping.c [230:289]
CK_RV rsa_aes_unwrap_key(
CK_SESSION_HANDLE session,
CK_OBJECT_HANDLE wrapping_key,
CK_KEY_TYPE wrapped_key_type,
CK_BYTE_PTR wrapped_bytes,
CK_ULONG wrapped_bytes_len,
CK_OBJECT_HANDLE_PTR unwrapped_key_handle) {
CK_ULONG aes_key_bits = 256;
CK_RSA_PKCS_OAEP_PARAMS oaep_params = { CKM_SHA256, CKG_MGF1_SHA256 };
CK_RSA_AES_KEY_WRAP_PARAMS params = { aes_key_bits, &oaep_params };
CK_MECHANISM mech = { CKM_RSA_AES_KEY_WRAP, ¶ms, sizeof(params) };
CK_OBJECT_CLASS key_class = CKO_SECRET_KEY;
CK_ATTRIBUTE *template = NULL;
CK_ULONG template_count = 0;
switch (wrapped_key_type) {
case CKK_DES3:
case CKK_AES:
template = (CK_ATTRIBUTE[]) {
{CKA_CLASS, &key_class, sizeof(key_class)},
{CKA_KEY_TYPE, &wrapped_key_type, sizeof(wrapped_key_type)},
{CKA_TOKEN, &false_val, sizeof(CK_BBOOL)},
{CKA_EXTRACTABLE, &true_val, sizeof(CK_BBOOL)}
};
template_count = 4;
break;
case CKK_RSA:
key_class = CKO_PRIVATE_KEY;
template = (CK_ATTRIBUTE[]) {
{CKA_CLASS, &key_class, sizeof(key_class)},
{CKA_KEY_TYPE, &wrapped_key_type, sizeof(wrapped_key_type)},
{CKA_TOKEN, &false_val, sizeof(CK_BBOOL)},
{CKA_EXTRACTABLE, &true_val, sizeof(CK_BBOOL)},
};
template_count = 4;
break;
case CKK_EC:
key_class = CKO_PRIVATE_KEY;
template = (CK_ATTRIBUTE[]) {
{CKA_CLASS, &key_class, sizeof(key_class)},
{CKA_KEY_TYPE, &wrapped_key_type, sizeof(wrapped_key_type)},
{CKA_TOKEN, &false_val, sizeof(CK_BBOOL)},
{CKA_EXTRACTABLE, &true_val, sizeof(CK_BBOOL)},
};
template_count = 4;
break;
}
return funcs->C_UnwrapKey(
session,
&mech,
wrapping_key,
wrapped_bytes,
wrapped_bytes_len,
template,
template_count,
unwrapped_key_handle);
}