CK_RV gkm_crypto_unwrap_key (GkmSession *session, CK_MECHANISM_PTR mech, GkmObject *wrapper, CK_VOID_PTR input, CK_ULONG n_input, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs, GkmObject **unwrapped) { g_return_val_if_fail (GKM_IS_SESSION (session), CKR_GENERAL_ERROR); g_return_val_if_fail (GKM_IS_OBJECT (wrapper), CKR_GENERAL_ERROR); g_return_val_if_fail (mech, CKR_GENERAL_ERROR); g_return_val_if_fail (unwrapped, CKR_GENERAL_ERROR); if (!gkm_object_has_attribute_ulong (wrapper, session, CKA_ALLOWED_MECHANISMS, mech->mechanism)) return CKR_KEY_TYPE_INCONSISTENT; if (!gkm_object_has_attribute_boolean (wrapper, session, CKA_UNWRAP, TRUE)) return CKR_KEY_FUNCTION_NOT_PERMITTED; switch (mech->mechanism) { case CKM_AES_CBC_PAD: return gkm_aes_mechanism_unwrap (session, mech, wrapper, input, n_input, attrs, n_attrs, unwrapped); case CKM_G_NULL: return gkm_null_mechanism_unwrap (session, mech, wrapper, input, n_input, attrs, n_attrs, unwrapped); default: return CKR_MECHANISM_INVALID; } }
CK_RV gkm_crypto_derive_key (GkmSession *session, CK_MECHANISM_PTR mech, GkmObject *base, CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs, GkmObject **derived) { g_return_val_if_fail (GKM_IS_SESSION (session), CKR_GENERAL_ERROR); g_return_val_if_fail (GKM_IS_OBJECT (base), CKR_GENERAL_ERROR); g_return_val_if_fail (derived, CKR_GENERAL_ERROR); if (!gkm_object_has_attribute_ulong (base, session, CKA_ALLOWED_MECHANISMS, mech->mechanism)) return CKR_KEY_TYPE_INCONSISTENT; if (!gkm_object_has_attribute_boolean (base, session, CKA_DERIVE, TRUE)) return CKR_KEY_FUNCTION_NOT_PERMITTED; switch (mech->mechanism) { case CKM_DH_PKCS_DERIVE: return gkm_dh_mechanism_derive (session, mech, base, attrs, n_attrs, derived); case CKM_G_HKDF_SHA256_DERIVE: return gkm_hkdf_mechanism_derive (session, "sha256", mech, base, attrs, n_attrs, derived); default: return CKR_MECHANISM_INVALID; } }