ta: pkcs11: pkcs11_attributes.c: calculate KCV on key derivation/unwr…

…apping On client calls to C_UnwrapKey() and C_DeriveKey(): Modify set_secret_key_data() to set CKA_CHECK_VALUE attribute after setting key value CKA_VALUE. Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
OP-TEE · Dec 1, 2023 · d7ef888 · d7ef888
1 parent 3507ddf
commit d7ef888
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/ta/pkcs11/src/pkcs11_attributes.c b/ta/pkcs11/src/pkcs11_attributes.c
@@ -2480,7 +2480,16 @@ static enum pkcs11_rc set_secret_key_data(struct obj_attrs **head, void *data,
 	if (rc != PKCS11_CKR_OK && rc != PKCS11_RV_NOT_FOUND)
 		return PKCS11_CKR_GENERAL_ERROR;
 
-	return add_attribute(head, PKCS11_CKA_VALUE, data, key_length);
+	rc = add_attribute(head, PKCS11_CKA_VALUE, data, key_length);
+	if (rc)
+		return rc;
+
+#ifdef CFG_PKCS11_TA_CHECK_VALUE_ATTRIBUTE
+	/* Set key check value attribute */
+	rc = set_check_value_attr(*head);
+#endif
+
+	return rc;
 }
 
 static enum pkcs11_rc set_private_key_data_rsa(struct obj_attrs **head,