From 53ed60ed897ab9d3fcdbeb5c68497643786f6d43 Mon Sep 17 00:00:00 2001
From: Diogo Monica <diogo@docker.com>
Date: Fri, 30 Oct 2015 15:38:57 -0700
Subject: [PATCH] Adding mandatory touch for signatures

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
---
 signer/api/ecdsa_hardware_crypto_service.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/signer/api/ecdsa_hardware_crypto_service.go b/signer/api/ecdsa_hardware_crypto_service.go
index a76d21e8b1..25ce36f85a 100644
--- a/signer/api/ecdsa_hardware_crypto_service.go
+++ b/signer/api/ecdsa_hardware_crypto_service.go
@@ -124,6 +124,10 @@ func addECDSAKey(ctx *pkcs11.Ctx, session pkcs11.SessionHandle, privKey data.Pri
 		pkcs11.NewAttribute(pkcs11.CKA_ID, pkcs11KeyID),
 		pkcs11.NewAttribute(pkcs11.CKA_EC_PARAMS, []byte{0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07}),
 		pkcs11.NewAttribute(pkcs11.CKA_VALUE, ecdsaPrivKeyD),
+		// 1 is touch enabled
+		// 2 is pin once
+		// 4 is pin always
+		pkcs11.NewAttribute(pkcs11.CKA_VENDOR_DEFINED, 3),
 	}
 
 	fmt.Println("About to import the certificate")