CK_RV
gkm_crypto_unwrap_key (GkmSession *session, CK_MECHANISM_PTR mech, GkmObject *wrapper,
CK_VOID_PTR input, CK_ULONG n_input, CK_ATTRIBUTE_PTR attrs,
CK_ULONG n_attrs, GkmObject **unwrapped)
{
g_return_val_if_fail (GKM_IS_SESSION (session), CKR_GENERAL_ERROR);
g_return_val_if_fail (GKM_IS_OBJECT (wrapper), CKR_GENERAL_ERROR);
g_return_val_if_fail (mech, CKR_GENERAL_ERROR);
g_return_val_if_fail (unwrapped, CKR_GENERAL_ERROR);
if (!gkm_object_has_attribute_ulong (wrapper, session, CKA_ALLOWED_MECHANISMS, mech->mechanism))
return CKR_KEY_TYPE_INCONSISTENT;
if (!gkm_object_has_attribute_boolean (wrapper, session, CKA_UNWRAP, TRUE))
return CKR_KEY_FUNCTION_NOT_PERMITTED;
switch (mech->mechanism) {
case CKM_AES_CBC_PAD:
return gkm_aes_mechanism_unwrap (session, mech, wrapper, input,
n_input, attrs, n_attrs, unwrapped);
case CKM_G_NULL:
return gkm_null_mechanism_unwrap (session, mech, wrapper, input,
n_input, attrs, n_attrs, unwrapped);
default:
return CKR_MECHANISM_INVALID;
}
}
CK_RV
gkm_crypto_derive_key (GkmSession *session, CK_MECHANISM_PTR mech, GkmObject *base,
CK_ATTRIBUTE_PTR attrs, CK_ULONG n_attrs, GkmObject **derived)
{
g_return_val_if_fail (GKM_IS_SESSION (session), CKR_GENERAL_ERROR);
g_return_val_if_fail (GKM_IS_OBJECT (base), CKR_GENERAL_ERROR);
g_return_val_if_fail (derived, CKR_GENERAL_ERROR);
if (!gkm_object_has_attribute_ulong (base, session, CKA_ALLOWED_MECHANISMS, mech->mechanism))
return CKR_KEY_TYPE_INCONSISTENT;
if (!gkm_object_has_attribute_boolean (base, session, CKA_DERIVE, TRUE))
return CKR_KEY_FUNCTION_NOT_PERMITTED;
switch (mech->mechanism) {
case CKM_DH_PKCS_DERIVE:
return gkm_dh_mechanism_derive (session, mech, base, attrs,
n_attrs, derived);
case CKM_G_HKDF_SHA256_DERIVE:
return gkm_hkdf_mechanism_derive (session, "sha256", mech, base,
attrs, n_attrs, derived);
default:
return CKR_MECHANISM_INVALID;
}
}
