in source/portable/mbedtls/core_pkcs11_mbedtls.c [923:1021]
static CK_RV prvEcKeyAttParse( const CK_ATTRIBUTE * pxAttribute,
const mbedtls_pk_context * pxMbedContext,
CK_BBOOL xIsPrivate )
{
CK_RV xResult = CKR_OK;
/* See explanation in prvCheckValidSessionAndModule for this exception. */
/* coverity[misra_c_2012_rule_10_5_violation] */
CK_BBOOL xBool = ( CK_BBOOL ) CK_FALSE;
const CK_BYTE pxEcCurve[] = pkcs11DER_ENCODED_OID_P256;
const CK_BYTE * pxEcAttVal = NULL;
const CK_BBOOL * pxEcBoolAtt = NULL;
/* Common EC key attributes. */
switch( pxAttribute->type )
{
case ( CKA_CLASS ):
case ( CKA_KEY_TYPE ):
case ( CKA_LABEL ):
break;
case ( CKA_TOKEN ):
pxEcBoolAtt = ( CK_BBOOL * ) pxAttribute->pValue;
if( pxAttribute->ulValueLen == sizeof( CK_BBOOL ) )
{
( void ) memcpy( &xBool, pxEcBoolAtt, sizeof( CK_BBOOL ) );
}
/* See explanation in prvCheckValidSessionAndModule for this exception. */
/* coverity[misra_c_2012_rule_10_5_violation] */
if( xBool != ( CK_BBOOL ) CK_TRUE )
{
LogError( ( "Failed parsing EC key template. Expected token type to be true, but it was false." ) );
xResult = CKR_ATTRIBUTE_VALUE_INVALID;
}
break;
case ( CKA_EC_PARAMS ):
pxEcAttVal = ( CK_BYTE * ) pxAttribute->pValue;
if( pxAttribute->ulValueLen == sizeof( pxEcCurve ) )
{
if( memcmp( pxEcCurve, pxEcAttVal, sizeof( pxEcCurve ) ) != 0 )
{
xResult = CKR_TEMPLATE_INCONSISTENT;
LogError( ( "Failed parsing EC key template. The elliptic curve was wrong. Expected elliptic curve P-256." ) );
}
}
break;
case ( CKA_VERIFY ):
case ( CKA_EC_POINT ):
/* See explanation in prvCheckValidSessionAndModule for this exception. */
/* coverity[misra_c_2012_rule_10_5_violation] */
if( xIsPrivate == ( CK_BBOOL ) CK_FALSE )
{
xResult = prvEcPubKeyAttParse( pxAttribute, pxMbedContext );
}
else
{
LogError( ( "Failed parsing EC key template. The key type "
"did not match the template parameters. Expected "
"a public key for CKA_VERIFY or CKA_EC_POINT." ) );
xResult = CKR_ATTRIBUTE_VALUE_INVALID;
}
break;
case ( CKA_SIGN ):
case ( CKA_VALUE ):
/* See explanation in prvCheckValidSessionAndModule for this exception. */
/* coverity[misra_c_2012_rule_10_5_violation] */
if( xIsPrivate == ( CK_BBOOL ) CK_TRUE )
{
xResult = prvEcPrivKeyAttParse( pxAttribute, pxMbedContext );
}
else
{
LogError( ( "Failed parsing EC key template. The key type "
"did not match the template parameters. Expected "
"a private key for CKA_SIGN or CKA_VALUE." ) );
xResult = CKR_ATTRIBUTE_VALUE_INVALID;
}
break;
default:
LogError( ( "Failed parsing EC key template. Unknown attribute "
"0x%0lX found for an EC key.", ( unsigned long int ) pxAttribute->type ) );
xResult = CKR_ATTRIBUTE_TYPE_INVALID;
break;
}
return xResult;
}