add support for CKA_MODIFIABLE and CKA_DESTROYABLE attributes

LudovicRousseau · May 23, 2024 · 47365e7 · 47365e7
1 parent a841fa7
commit 47365e7
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 0 deletions.
diff --git a/PyKCS11/__init__.py b/PyKCS11/__init__.py
@@ -1395,6 +1395,8 @@ def isBool(self, type):
                     CKA_HAS_RESET,
                     CKA_LOCAL,
                     CKA_MODIFIABLE,
+                    CKA_COPYABLE,
+                    CKA_DESTROYABLE,
                     CKA_NEVER_EXTRACTABLE,
                     CKA_PRIVATE,
                     CKA_RESET_ON_INIT,

diff --git a/src/ck_attribute_smart.cpp b/src/ck_attribute_smart.cpp
@@ -102,6 +102,8 @@
 		case CKA_HAS_RESET:
 		case CKA_LOCAL:
 		case CKA_MODIFIABLE:
+		case CKA_COPYABLE:
+		case CKA_DESTROYABLE:
 		case CKA_NEVER_EXTRACTABLE:
 		case CKA_PRIVATE:
 		case CKA_RESET_ON_INIT:

diff --git a/src/opensc/pkcs11.h b/src/opensc/pkcs11.h
@@ -429,6 +429,8 @@ typedef unsigned long ck_attribute_type_t;
 #define CKA_ALWAYS_SENSITIVE		(0x165)
 #define CKA_KEY_GEN_MECHANISM		(0x166)
 #define CKA_MODIFIABLE			(0x170)
+#define CKA_COPYABLE			(0x171)
+#define CKA_DESTROYABLE			(0x172)
 #define CKA_ECDSA_PARAMS		(0x180)
 #define CKA_EC_PARAMS			(0x180)
 #define CKA_EC_POINT			(0x181)

diff --git a/test/test_objects.py b/test/test_objects.py
@@ -93,6 +93,41 @@ def test_objects(self):
         template = [(PyKCS11.CKA_HW_FEATURE_TYPE, PyKCS11.CKH_USER_INTERFACE)]
         o = self.session.findObjects(template)
 
+    def test_BoolAttributes(self):
+        # dictionary of attributes expected to be bool and their expected values
+        boolAttributes = {
+            PyKCS11.CKA_TOKEN : PyKCS11.CK_FALSE,
+            PyKCS11.CKA_PRIVATE : PyKCS11.CK_FALSE,
+            # The attributes below are defaulted to CK_TRUE
+            # ( according to the PKCS#11 standard )
+            PyKCS11.CKA_MODIFIABLE : PyKCS11.CK_TRUE,
+            PyKCS11.CKA_COPYABLE : PyKCS11.CK_TRUE,
+            PyKCS11.CKA_DESTROYABLE : PyKCS11.CK_TRUE,
+        }
+
+        CkoDataTemplate = [
+            (PyKCS11.CKA_CLASS, PyKCS11.CKO_DATA),
+            (PyKCS11.CKA_TOKEN, PyKCS11.CK_FALSE),
+            (PyKCS11.CKA_PRIVATE, PyKCS11.CK_FALSE),
+            (PyKCS11.CKA_LABEL, "TestData"),
+        ]
+
+        # create a CKO_DATA object
+        ckoData = self.session.createObject(CkoDataTemplate)
+        self.assertIsNotNone(ckoData)
+
+        attrValues = self.session.getAttributeValue(
+            ckoData, list(boolAttributes.keys())
+        )
+
+        # check that attributes are of bool type
+        # and have expected values
+        for i, attr in enumerate(boolAttributes):
+            self.assertIsInstance(attrValues[i], bool)
+            self.assertEqual(attrValues[i], boolAttributes[attr])
+
+        # clean up
+        self.session.destroyObject(ckoData)
 
 class TestGetSetAttributeValues(unittest.TestCase):