Implement update attributes for objects

baloo · baloo · commit 5b28163e039e · 2023-01-24T09:26:07.000-08:00
Signed-off-by: Arthur Gautier &lt;arthur.gautier@arista.com&gt;
diff --git a/cryptoki/src/session/object_management.rs b/cryptoki/src/session/object_management.rs
@@ -194,3 +194,22 @@ pub(super) fn get_attributes(
     // Convert from CK_ATTRIBUTE to Attribute
     template.into_iter().map(|attr| attr.try_into()).collect()
 }
+
+impl Session {
+    /// Sets the attributes of an object
+    pub fn update_attributes(&self, object: ObjectHandle, template: &[Attribute]) -> Result<()> {
+        let mut template: Vec<CK_ATTRIBUTE> = template.iter().map(|attr| attr.into()).collect();
+
+        unsafe {
+            Rv::from(get_pkcs11!(self.client(), C_SetAttributeValue)(
+                self.handle(),
+                object.handle(),
+                template.as_mut_ptr(),
+                template.len().try_into()?,
+            ))
+            .into_result()?;
+        }
+
+        Ok(())
+    }
+}
diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs
@@ -826,3 +826,46 @@ fn aes_cbc_pad_encrypt() -> TestResult {
     assert_eq!(expected_cipher[..], cipher[..]);
     Ok(())
 }
+
+#[test]
+#[serial]
+fn update_attributes_key() -> Result<()> {
+    let (pkcs11, slot) = init_pins();
+    // open a session
+    let session = pkcs11.open_rw_session(slot)?;
+
+    // log in the session
+    session.login(UserType::User, Some(USER_PIN))?;
+
+    // pub key template
+    let pub_key_template = vec![
+        Attribute::Token(true),
+        Attribute::Private(true),
+        Attribute::PublicExponent(vec![0x01, 0x00, 0x01]),
+        Attribute::ModulusBits(1024.into()),
+    ];
+
+    // priv key template
+    let priv_key_template = vec![Attribute::Token(true), Attribute::Extractable(true)];
+
+    let (_public_key, private_key) = session.generate_key_pair(
+        &Mechanism::RsaPkcsKeyPairGen,
+        &pub_key_template,
+        &priv_key_template,
+    )?;
+
+    let updated_attributes = vec![Attribute::Extractable(false)];
+
+    session.update_attributes(private_key, &updated_attributes)?;
+
+    let mut attributes_result =
+        session.get_attributes(private_key, &[AttributeType::Extractable])?;
+
+    if let Some(Attribute::Extractable(ext)) = attributes_result.pop() {
+        assert!(ext == false);
+    } else {
+        panic!("Last attribute was not extractable");
+    }
+
+    Ok(())
+}
