From 391cd328f0fb1cb26f9edc2d74b04651be413551 Mon Sep 17 00:00:00 2001 From: S-P Chan Date: Wed, 21 Feb 2024 23:06:43 +0800 Subject: [PATCH] For RSA keys it is sufficient to check CKA_MODULUS & CKA_PUBLIC_EXPONENT Addresses #345. Signed-off-by: S-P Chan --- src/objects.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/src/objects.c b/src/objects.c index 6efa5eb2..9fe0f33b 100644 --- a/src/objects.c +++ b/src/objects.c @@ -2161,7 +2161,14 @@ static int cmp_public_key_values(P11PROV_OBJ *pub_key1, P11PROV_OBJ *pub_key2) switch (pub_key1->data.key.type) { case CKK_RSA: + /* pub_key1 pub_key2 could be CKO_PRIVATE_KEY here but + * nevertheless contain these two attributes + */ ret = cmp_attr(pub_key1, pub_key2, CKA_MODULUS); + if (ret == RET_OSSL_ERR) { + break; + } + ret = cmp_attr(pub_key1, pub_key2, CKA_PUBLIC_EXPONENT); break; case CKK_EC: case CKK_EC_EDWARDS: @@ -2180,8 +2187,13 @@ static int match_public_keys(P11PROV_OBJ *key1, P11PROV_OBJ *key2) P11PROV_OBJ *priv_key; int ret = RET_OSSL_ERR; - if (key1->class == CKO_PUBLIC_KEY && key2->class == CKO_PUBLIC_KEY) { - /* both keys are public, match directly their public values */ + if ((key1->class == CKO_PUBLIC_KEY && key2->class == CKO_PUBLIC_KEY) + || key1->data.key.type == CKK_RSA) { + /* either keys are public, match directly their public values + * OR + * CKA_RSA keys (private/public) contain CKA_MODULUS / CKA_PUBLIC_EXPONENT + * - no need to find_associated_obj + */ return cmp_public_key_values(key1, key2); } @@ -2261,10 +2273,6 @@ int p11prov_obj_key_cmp(P11PROV_OBJ *key1, P11PROV_OBJ *key2, CK_KEY_TYPE type, switch (key1->data.key.type) { case CKK_RSA: - ret = cmp_attr(key1, key2, CKA_PUBLIC_EXPONENT); - if (ret != RET_OSSL_OK) { - return ret; - } if (cmp_type & OBJ_CMP_KEY_PRIVATE) { /* unfortunately we can't really read private attributes * and there is no comparison function int he PKCS11 API.