Use Builder Pattern for HsmKeyParams (#156)

Use Builder Pattern for HsmKeyParams
bmwcarit · Nov 13, 2023 · 0169669 · 0169669
1 parent 8e2036c
commit 0169669
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 14 deletions.
diff --git a/src/hsm.cpp b/src/hsm.cpp
@@ -188,7 +188,7 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const RSASpec &spec,
                                                  const std::string &keyLabel,
                                                  const std::vector<uint8_t> &keyID)
 {
-    HsmKeyParams hsmKeyParams;
+    HsmKeyParams hsmKeyParams = HsmKeyParams::Builder{}.setExtractable(false).build();
     return generateKey(spec, keyLabel, keyID, hsmKeyParams);
 }
 
@@ -215,8 +215,8 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const RSASpec &spec,
     pkcs11RSASpec.bits = spec.numberOfBits();
 
     PKCS11_params _params;
-    _params.extractable = static_cast<unsigned char>(params.cka_extractable);
-    _params.sensitive = static_cast<unsigned char>(params.cka_sensitive);
+    _params.extractable = static_cast<unsigned char>(params.isExtractable());
+    _params.sensitive = static_cast<unsigned char>(!params.isExtractable());
 
     PKCS11_KGEN_ATTRS pkcs11RSAKeygen;
     pkcs11RSAKeygen.type = EVP_PKEY_RSA;
@@ -233,7 +233,7 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const ECCSpec &spec,
                                                  const std::string &keyLabel,
                                                  const std::vector<uint8_t> &keyID)
 {
-    HsmKeyParams hsmKeyParams;
+    HsmKeyParams hsmKeyParams = HsmKeyParams::Builder{}.setExtractable(false).build();
     return generateKey(spec, keyLabel, keyID, hsmKeyParams);
 }
 
@@ -261,8 +261,9 @@ openssl::SSL_EVP_PKEY_Ptr HsmEngine::generateKey(const ECCSpec &spec,
     pkcs11ECCSpec.curve = curve.c_str();
 
     PKCS11_params _params;
-    _params.extractable = static_cast<unsigned char>(params.cka_extractable);
-    _params.sensitive = static_cast<unsigned char>(params.cka_sensitive);
+    // If the key is extractable it shouldn't be sensitive and vice versa
+    _params.extractable = static_cast<unsigned char>(params.isExtractable());
+    _params.sensitive = static_cast<unsigned char>(!params.isExtractable());
 
     PKCS11_KGEN_ATTRS pkcs11ECCKeygen;
     pkcs11ECCKeygen.type = EVP_PKEY_EC;

diff --git a/src/mococrw/hsm.h b/src/mococrw/hsm.h
@@ -26,17 +26,40 @@ class ECCSpec;
 class RSASpec;
 
 /**
- * This struct currently contains PKCS#11 attributes which are changeable on key creation.
+ * This class currently contains PKCS#11 attributes which are changeable on key creation.
  * In the future also parameters for other keystorage interfaces can be added.
  */
-struct HsmKeyParams
+class HsmKeyParams
 {
+public:
+    class Builder;
+
+    bool isExtractable() const { return _extractable; }
+
+private:
+    bool _extractable;
+
     /* Default is that the key cannot be extracted and is marked as sensitive.
      * Check https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html
      * for more details.
      */
-    bool cka_extractable = false;
-    bool cka_sensitive = true;
+    HsmKeyParams() : _extractable(false) {}
+};
+
+class HsmKeyParams::Builder
+{
+public:
+    Builder() {}
+    Builder &setExtractable(bool extractable)
+    {
+        params_._extractable = extractable;
+        return *this;
+    }
+
+    HsmKeyParams build() { return params_; }
+
+private:
+    HsmKeyParams params_;
 };
 
 /**

diff --git a/tests/integration/hsm-integration-test.cpp b/tests/integration/hsm-integration-test.cpp
@@ -452,9 +452,9 @@ int main(void)
         /**
          * Generate extractable and non-extractable keys for ECC and RSA
          */
-        HsmKeyParams hsmKeyParamsExtract = {/*.cka_extractable =*/true,
-                                            /* .cka_sensitive = */ false};
-        HsmKeyParams hsmKeyParamsDefault;
+        HsmKeyParams hsmKeyParamsExtract = HsmKeyParams::Builder{}.setExtractable(true).build();
+
+        HsmKeyParams hsmKeyParamsDefault = HsmKeyParams::Builder{}.build();
 
         /* We need a new token otherwise the keys generated before litter the slot */
 

diff --git a/tests/unit/test_hsm.cpp b/tests/unit/test_hsm.cpp
@@ -153,7 +153,7 @@ TEST_F(HSMTest, testHSMKeygenWithParams)
     auto hsm = initialiseEngine();
     std::string keyLabel{"key-label"};
     std::vector<uint8_t> keyId{0x12};
-    HsmKeyParams params{true, false};
+    HsmKeyParams params = HsmKeyParams::Builder{}.setExtractable(true).build();
     EXPECT_CALL(_mock(),
                 SSL_ENGINE_ctrl_cmd_string(
                         engine, StrEq("PIN"), StrEq(pin.c_str()), 0 /*non-optional*/))