Fix handling of imported keys with RSA

Signed-off-by: Simo Sorce <[email protected]>

src/keymgmt.c

@@ -690,7 +690,8 @@ static void *p11prov_rsa_new(void *provctx)
     }
 
     return p11prov_obj_new(provctx, CK_UNAVAILABLE_INFORMATION,
-                           CK_INVALID_HANDLE, CK_UNAVAILABLE_INFORMATION);
+                           CK_P11PROV_IMPORTED_HANDLE,
+                           CK_UNAVAILABLE_INFORMATION);
 }
 
 static void p11prov_rsa_free(void *key)

src/objects.c

@@ -3292,6 +3292,8 @@ static CK_RV p11prov_obj_store_public_key(P11PROV_OBJ *key)
 {
     int rv;
 
+    P11PROV_debug("Store imported public key=%p", key);
+
     if (key->class != CKO_PUBLIC_KEY) {
         P11PROV_raise(key->ctx, CKR_OBJECT_HANDLE_INVALID, "Invalid key type");
         return CKR_OBJECT_HANDLE_INVALID;

tests/timported

@@ -7,7 +7,7 @@ source "${TESTSSRCDIR}/helpers.sh"
 
 title PARA "Test imported key in token session"
 
-title LINE "Generate keypair in files"
+title LINE "Generate EC keypair in files"
 # older versions of openssl don't support -outpubkey ...
 #ossl 'genpkey -algorithm EC -out ${TMPPDIR}/file.ec.key.pem
 #              -pkeyopt ec_paramgen_curve:P-256
@@ -19,24 +19,50 @@ ossl 'genpkey -algorithm EC -out ${TMPPDIR}/file.ec.key.pem
 ossl 'pkey -in ${TMPPDIR}/file.ec.key.pem
            -pubout -out ${TMPPDIR}/file.ec.pub.key.pem'
 
+title LINE "Generate RSA keypair in files"
+# older versions of openssl don't support -outpubkey ...
+# .. so we'll use two steps
+ossl 'genpkey -algorithm RSA -out ${TMPPDIR}/file.rsa.key.pem
+              -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3'
+ossl 'pkey -in ${TMPPDIR}/file.rsa.key.pem
+           -pubout -out ${TMPPDIR}/file.rsa.pub.key.pem'
+
 #After key generation force all operations to happen on the token
 ORIG_OPENSSL_CONF=${OPENSSL_CONF}
 sed -e "s/#MORECONF/alg_section = algorithm_sec\n\n[algorithm_sec]\ndefault_properties = ?provider=pkcs11/" \
     "${OPENSSL_CONF}" > "${OPENSSL_CONF}.forcetoken"
 OPENSSL_CONF=${OPENSSL_CONF}.forcetoken
 
-title LINE "Test Signing with private key imported from file"
+title LINE "Test Signing with private EC key imported from file"
 ossl 'pkeyutl -sign
               -inkey ${TMPPDIR}/file.ec.key.pem
               -in ${TMPPDIR}/sha256.bin
               -out ${TMPPDIR}/file.ec.sig.bin'
 
-title LINE "Test Verifying with public key imported from file"
+title LINE "Test Verifying with public EC key imported from file"
 ossl 'pkeyutl -verify -pubin
               -inkey ${TMPPDIR}/file.ec.pub.key.pem
               -sigfile ${TMPPDIR}/file.ec.sig.bin
               -in ${TMPPDIR}/sha256.bin'
 
+#After key generation force all operations to happen on the token
+ORIG_OPENSSL_CONF=${OPENSSL_CONF}
+sed -e "s/#MORECONF/alg_section = algorithm_sec\n\n[algorithm_sec]\ndefault_properties = ?provider=pkcs11/" \
+    "${OPENSSL_CONF}" > "${OPENSSL_CONF}.forcetoken"
+OPENSSL_CONF=${OPENSSL_CONF}.forcetoken
+
+title LINE "Test Signing with private RSA key imported from file"
+ossl 'pkeyutl -sign
+              -inkey ${TMPPDIR}/file.rsa.key.pem
+              -in ${TMPPDIR}/sha256.bin
+              -out ${TMPPDIR}/file.rsa.sig.bin'
+
+title LINE "Test Verifying with public RSA key imported from file"
+ossl 'pkeyutl -verify -pubin
+              -inkey ${TMPPDIR}/file.rsa.pub.key.pem
+              -sigfile ${TMPPDIR}/file.rsa.sig.bin
+              -in ${TMPPDIR}/sha256.bin'
+
 OPENSSL_CONF=${ORIG_OPENSSL_CONF}
 
 exit 0