bmwcarit · cps-b · Oct 30, 2023 · Oct 30, 2023 · Oct 30, 2023 · Oct 30, 2023
diff --git a/src/hsm.cpp b/src/hsm.cpp
@@ -188,8 +188,7 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const RSASpec &spec,
                                                  const std::string &keyLabel,
                                                  const std::vector<uint8_t> &keyID)
 {
-    HsmKeyParams hsmKeyParams =
-            HsmKeyParams::Builder().setCkaExtractable(false).setCkaSensitive(true).build();
+    HsmKeyParams hsmKeyParams = HsmKeyParams::Builder{}.setExtractable(false).build();
     return generateKey(spec, keyLabel, keyID, hsmKeyParams);
 }
 
@@ -217,7 +216,7 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const RSASpec &spec,
 
     PKCS11_params _params;
     _params.extractable = static_cast<unsigned char>(params.isExtractable());
-    _params.sensitive = static_cast<unsigned char>(params.isSensitive());
+    _params.sensitive = static_cast<unsigned char>(!params.isExtractable());
 
     PKCS11_KGEN_ATTRS pkcs11RSAKeygen;
     pkcs11RSAKeygen.type = EVP_PKEY_RSA;
@@ -234,8 +233,7 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const ECCSpec &spec,
                                                  const std::string &keyLabel,
                                                  const std::vector<uint8_t> &keyID)
 {
-    HsmKeyParams hsmKeyParams =
-            HsmKeyParams::Builder().setCkaExtractable(false).setCkaSensitive(true).build();
+    HsmKeyParams hsmKeyParams = HsmKeyParams::Builder{}.setExtractable(false).build();
     return generateKey(spec, keyLabel, keyID, hsmKeyParams);
 }
 
@@ -263,8 +261,9 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const ECCSpec &spec,
     pkcs11ECCSpec.curve = curve.c_str();
 
     PKCS11_params _params;
+    // If the key is extractable it shouldn't be sensitive and vice versa
     _params.extractable = static_cast<unsigned char>(params.isExtractable());
-    _params.sensitive = static_cast<unsigned char>(params.isSensitive());
+    _params.sensitive = static_cast<unsigned char>(!params.isExtractable());
 
     PKCS11_KGEN_ATTRS pkcs11ECCKeygen;
     pkcs11ECCKeygen.type = EVP_PKEY_EC;

diff --git a/src/mococrw/hsm.h b/src/mococrw/hsm.h
@@ -34,34 +34,25 @@ class HsmKeyParams
 public:
     class Builder;
 
-    bool isExtractable() const { return cka_extractable; }
-
-    bool isSensitive() const { return cka_sensitive; }
+    bool isExtractable() const { return extractable; }
 
 private:
-    bool cka_extractable;
-    bool cka_sensitive;
+    bool extractable;
 
     /* Default is that the key cannot be extracted and is marked as sensitive.
      * Check https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html
      * for more details.
      */
-    HsmKeyParams() : cka_extractable(false), cka_sensitive(true) {}
+    HsmKeyParams() : extractable(false) {}
 };
 
 class HsmKeyParams::Builder
 {
 public:
     Builder() {}
-    Builder &setCkaExtractable(bool extractable)
-    {
-        params_.cka_extractable = extractable;
-        return *this;
-    }
-
-    Builder &setCkaSensitive(bool sensitive)
+    Builder &setExtractable(bool extractable)
     {
-        params_.cka_sensitive = sensitive;
+        params_.extractable = extractable;
         return *this;
     }
 

diff --git a/tests/integration/hsm-integration-test.cpp b/tests/integration/hsm-integration-test.cpp
@@ -453,9 +453,9 @@ int main(void)
          * Generate extractable and non-extractable keys for ECC and RSA
          */
         HsmKeyParams hsmKeyParamsExtract =
-                HsmKeyParams::Builder().setCkaExtractable(true).setCkaSensitive(false).build();
+                HsmKeyParams::Builder{}.setExtractable(true).build();
 
-        HsmKeyParams hsmKeyParamsDefault = HsmKeyParams::Builder().build();
+        HsmKeyParams hsmKeyParamsDefault = HsmKeyParams::Builder{}.build();
 
         /* We need a new token otherwise the keys generated before litter the slot */
 

diff --git a/tests/unit/test_hsm.cpp b/tests/unit/test_hsm.cpp
@@ -154,7 +154,7 @@ TEST_F(HSMTest, testHSMKeygenWithParams)
     std::string keyLabel{"key-label"};
     std::vector<uint8_t> keyId{0x12};
     HsmKeyParams params =
-            HsmKeyParams::Builder().setCkaExtractable(true).setCkaSensitive(false).build();
+            HsmKeyParams::Builder{}.setExtractable(true).build();
     EXPECT_CALL(_mock(),
                 SSL_ENGINE_ctrl_cmd_string(
                         engine, StrEq("PIN"), StrEq(pin.c_str()), 0 /*non-optional*/))