in platform/posix/transport/src/mbedtls_pkcs11_posix.c [597:662]
static bool initializeClientKeys( MbedtlsPkcs11Context_t * pContext,
const char * pPrivateKeyLabel )
{
CK_RV ret = CKR_OK;
CK_ATTRIBUTE template[ 2 ] = { 0 };
mbedtls_pk_type_t keyAlgo = 0;
assert( pContext != NULL );
assert( pPrivateKeyLabel != NULL );
/* Get the handle of the device private key. */
ret = xFindObjectWithLabelAndClass( pContext->p11Session,
( char * ) pPrivateKeyLabel,
strlen( pPrivateKeyLabel ),
CKO_PRIVATE_KEY,
&pContext->p11PrivateKey );
if( ( ret == CKR_OK ) && ( pContext->p11PrivateKey == CK_INVALID_HANDLE ) )
{
ret = CK_INVALID_HANDLE;
LogError( ( "Could not find private key." ) );
}
/* Query the device private key type. */
if( ret == CKR_OK )
{
template[ 0 ].type = CKA_KEY_TYPE;
template[ 0 ].pValue = &pContext->keyType;
template[ 0 ].ulValueLen = sizeof( &pContext->keyType );
ret = pContext->pP11FunctionList->C_GetAttributeValue( pContext->p11Session,
pContext->p11PrivateKey,
template,
1 );
}
/* Map the PKCS #11 key type to an mbedTLS algorithm. */
if( ret == CKR_OK )
{
switch( pContext->keyType )
{
case CKK_RSA:
keyAlgo = MBEDTLS_PK_RSA;
break;
case CKK_EC:
keyAlgo = MBEDTLS_PK_ECKEY;
break;
default:
ret = CKR_ATTRIBUTE_VALUE_INVALID;
break;
}
}
/* Map the mbedTLS algorithm to its internal metadata. */
if( ret == CKR_OK )
{
memcpy( &pContext->privKeyInfo, mbedtls_pk_info_from_type( keyAlgo ), sizeof( mbedtls_pk_info_t ) );
pContext->privKeyInfo.sign_func = privateKeySigningCallback;
pContext->privKey.pk_info = &pContext->privKeyInfo;
pContext->privKey.pk_ctx = pContext;
}
return( ret == CKR_OK );
}