ta: pkcs11: Temporary workaround in sanitize_indirect_attr()

Since the type of key to be generated is implicit in the key generation
mechanism, the template does not need to supply a key type or class.
(CKA_CLASS and CKA_KEY_TYPE attributes). sanitize_indirect_attr()
expects these attributes to be available else gives an error.

The right way of handling this would be perhaps passing a hint
of the class and key type to this function if key is being generated
using key generated mechanisms. However, we don't have support for
wrap/derive key which uses the indirect attributes at present in the
code. So, we would not be able to test it. For now, just move the class
checking afer the attribute checking which helps avoid this error.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

1 files changed, 6 insertions, 3 deletions

diff --git a/ta/pkcs11/src/sanitize_object.c b/ta/pkcs11/src/sanitize_object.c
index de9eaa98..38b0d892 100644
--- a/ta/pkcs11/src/sanitize_object.c
+++ b/ta/pkcs11/src/sanitize_object.c
@@ -214,9 +214,6 @@ static uint32_t sanitize_indirect_attr(struct obj_attrs **dst,
 	enum pkcs11_rc rc = PKCS11_CKR_OK;
 	enum pkcs11_class_id class = get_class(*dst);
 
-	if (class == PKCS11_CKO_UNDEFINED_ID)
-		return PKCS11_CKR_GENERAL_ERROR;
-
 	/*
 	 * Serialized attributes: current applicable only to the key
 	 * templates which are tables of attributes.
@@ -229,6 +226,12 @@ static uint32_t sanitize_indirect_attr(struct obj_attrs **dst,
 	default:
 		return PKCS11_RV_NOT_FOUND;
 	}
+
+	if (class == PKCS11_CKO_UNDEFINED_ID) {
+		DMSG("Template without CLASS not supported yet");
+		return PKCS11_CKR_TEMPLATE_INCOMPLETE;
+	}
+
 	/* Such attributes are expected only for keys (and vendor defined) */
 	if (pkcs11_attr_class_is_key(class))
 		return PKCS11_CKR_TEMPLATE_INCONSISTENT;