static CK_RV prvCheckGenerateKeyPairPrivateTemplate()

in source/portable/mbedtls/core_pkcs11_mbedtls.c [5064:5164]

• 74 lines of code
• 14 McCabe index (conditional complexity)

static CK_RV prvCheckGenerateKeyPairPrivateTemplate( CK_ATTRIBUTE ** ppxLabel,
                                                     CK_ATTRIBUTE * pxAttribute,
                                                     uint32_t * pulAttributeMap )
{
    CK_RV xResult = CKR_OK;
    /* See explanation in prvCheckValidSessionAndModule for this exception. */
    /* coverity[misra_c_2012_rule_10_5_violation] */
    CK_BBOOL xBool = ( CK_BBOOL ) CK_FALSE;
    CK_ULONG xTemp = 0;

    switch( pxAttribute->type )
    {
        case ( CKA_LABEL ):
            *ppxLabel = pxAttribute;
            *pulAttributeMap |= LABEL_IN_TEMPLATE;
            break;

        case ( CKA_KEY_TYPE ):

            if( pxAttribute->ulValueLen == sizeof( CK_ULONG ) )
            {
                ( void ) memcpy( &xTemp, pxAttribute->pValue, sizeof( CK_ULONG ) );
            }

            if( xTemp != CKK_EC )
            {
                LogError( ( "Failed parsing private key template. Only EC key "
                            "pair generation is supported." ) );
                xResult = CKR_TEMPLATE_INCONSISTENT;
            }

            break;

        case ( CKA_SIGN ):

            if( pxAttribute->ulValueLen == sizeof( CK_BBOOL ) )
            {
                ( void ) memcpy( &xBool, pxAttribute->pValue, sizeof( CK_BBOOL ) );
            }

            /* See explanation in prvCheckValidSessionAndModule for this exception. */
            /* coverity[misra_c_2012_rule_10_5_violation] */
            if( xBool != ( CK_BBOOL ) CK_TRUE )
            {
                LogError( ( "Failed parsing private key template. Generating "
                            "private keys that cannot sign is not supported." ) );
                xResult = CKR_TEMPLATE_INCONSISTENT;
            }

            LogDebug( ( "CKA_SIGN was in template." ) );
            *pulAttributeMap |= SIGN_IN_TEMPLATE;
            break;

        case ( CKA_PRIVATE ):

            if( pxAttribute->ulValueLen == sizeof( CK_BBOOL ) )
            {
                ( void ) memcpy( &xBool, pxAttribute->pValue, sizeof( CK_BBOOL ) );
            }

            /* See explanation in prvCheckValidSessionAndModule for this exception. */
            /* coverity[misra_c_2012_rule_10_5_violation] */
            if( xBool != ( CK_BBOOL ) CK_TRUE )
            {
                LogError( ( "Failed parsing private key template. Private must "
                            "be set to true in order to generate a private key." ) );
                xResult = CKR_TEMPLATE_INCONSISTENT;
            }

            LogDebug( ( "CKA_PRIVATE was in template." ) );
            *pulAttributeMap |= PRIVATE_IN_TEMPLATE;
            break;

        case ( CKA_TOKEN ):

            if( pxAttribute->ulValueLen == sizeof( CK_BBOOL ) )
            {
                ( void ) memcpy( &xBool, pxAttribute->pValue, sizeof( CK_BBOOL ) );
            }

            /* See explanation in prvCheckValidSessionAndModule for this exception. */
            /* coverity[misra_c_2012_rule_10_5_violation] */
            if( xBool != ( CK_BBOOL ) CK_TRUE )
            {
                LogError( ( "Failed parsing private key template. Generating "
                            "private keys that are false for attribute CKA_TOKEN "
                            "is not supported." ) );
                xResult = CKR_TEMPLATE_INCONSISTENT;
            }

            break;

        default:
            LogError( ( "Failed parsing private key template. Found an unknown "
                        "attribute type." ) );
            xResult = CKR_ATTRIBUTE_TYPE_INVALID;
            break;
    }

    return xResult;
}