From e2491a7d7fb4d8eb9cf831ca62578397ec0d5a6f Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Tue, 1 Oct 2019 11:51:55 +0200
Subject: [PATCH] pkcs11-tool: fixed displaying secret key attributes (#1807)

fixes https://github.com/OpenSC/OpenSC/issues/1805
---
 src/pkcs11/framework-pkcs15.c | 16 ++++++++++++++++
 src/tools/pkcs11-tool.c       | 15 ++++++++++-----
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index 3c845a71..527c1b14 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -4948,6 +4948,22 @@ pkcs15_skey_get_attribute(struct sc_pkcs11_session *session,
 					&& (skey->base.p15_object->flags & SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE) == 0
 					&& (skey->base.p15_object->flags & SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE) == 0) ? CK_TRUE : CK_FALSE;
 		break;
+	case CKA_ALWAYS_SENSITIVE:
+		check_attribute_buffer(attr, sizeof(CK_BBOOL));
+		*(CK_BBOOL*)attr->pValue = (skey->info->access_flags & SC_PKCS15_PRKEY_ACCESS_ALWAYSSENSITIVE) != 0;
+		break;
+	case CKA_NEVER_EXTRACTABLE:
+		check_attribute_buffer(attr, sizeof(CK_BBOOL));
+		*(CK_BBOOL*)attr->pValue = (skey->info->access_flags & SC_PKCS15_PRKEY_ACCESS_NEVEREXTRACTABLE) != 0;
+		break;
+	case CKA_SENSITIVE:
+		check_attribute_buffer(attr, sizeof(CK_BBOOL));
+		*(CK_BBOOL*)attr->pValue = (skey->info->access_flags & SC_PKCS15_PRKEY_ACCESS_SENSITIVE) != 0;
+		break;
+	case CKA_LOCAL:
+		check_attribute_buffer(attr, sizeof(CK_BBOOL));
+		*(CK_BBOOL*)attr->pValue = (skey->info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL) != 0;
+		break;
 	case CKA_OPENSC_ALWAYS_AUTH_ANY_OBJECT:
 		check_attribute_buffer(attr, sizeof(CK_BBOOL));
 		*(CK_BBOOL*)attr->pValue = skey->base.p15_object->user_consent >= 1 ? CK_TRUE : CK_FALSE;
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index 4a99c76b..1e859754 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -3886,11 +3886,16 @@ show_key(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)
 
 	switch (key_type) {
 	case CKK_RSA:
-		if (pub)
-			printf("; RSA %lu bits\n",
-				(unsigned long) getMODULUS_BITS(sess, obj));
-		else
-			printf("; RSA \n");
+		if (sec) {
+			/* uninitialized secret key (type 0) */
+			printf("\n");
+		} else {
+			if (pub)
+				printf("; RSA %lu bits\n",
+						(unsigned long) getMODULUS_BITS(sess, obj));
+			else
+				printf("; RSA \n");
+		}
 		break;
 	case CKK_GOSTR3410:
 	case CKK_GOSTR3410_512: