giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs11-tool: add --usage-wrap (disabled by default) 

fixes https://github.com/OpenSC/OpenSC/issues/1913
This commit is contained in:
Frank Morgner 2020-01-27 10:54:50 +01:00
parent 7e0465370f
commit 0cd19b59e1
2 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/tools/pkcs11-tool.1.xml
View File

@ -170,6 +170,13 @@
<listitem><para>Specify 'derive' key usage flag (EC only).</para></listitem>
</varlistentry>
<varlistentry>
<term>
<option>--usage-wrap</option>
</term>
<listitem><para>Specify 'wrap' key usage flag.</para></listitem>
</varlistentry>
<varlistentry>
<term>
<option>--label</option> <replaceable>name</replaceable>,

17
src/tools/pkcs11-tool.c
View File

@ -137,6 +137,7 @@ enum {
OPT_KEY_USAGE_SIGN,
OPT_KEY_USAGE_DECRYPT,
OPT_KEY_USAGE_DERIVE,
OPT_KEY_USAGE_WRAP,
OPT_PRIVATE,
OPT_SENSITIVE,
OPT_EXTRACTABLE,
@ -197,6 +198,7 @@ static const struct option options[] = {
{ "usage-sign", 0, NULL, OPT_KEY_USAGE_SIGN },
{ "usage-decrypt", 0, NULL, OPT_KEY_USAGE_DECRYPT },
{ "usage-derive", 0, NULL, OPT_KEY_USAGE_DERIVE },
{ "usage-wrap", 0, NULL, OPT_KEY_USAGE_WRAP },
{ "write-object", 1, NULL, 'w' },
{ "read-object", 0, NULL, 'r' },
{ "delete-object", 0, NULL, 'b' },
@ -355,6 +357,7 @@ static int opt_login_type = -1;
static int opt_key_usage_sign = 0;
static int opt_key_usage_decrypt = 0;
static int opt_key_usage_derive = 0;
static int opt_key_usage_wrap = 0;
static int opt_key_usage_default = 1; /* uses defaults if no opt_key_usage options */
static int opt_derive_pass_der = 0;
static unsigned long opt_random_bytes = 0;
@ -879,6 +882,10 @@ int main(int argc, char * argv[])
opt_key_usage_derive = 1;
opt_key_usage_default = 0;
break;
case OPT_KEY_USAGE_WRAP:
opt_key_usage_wrap = 1;
opt_key_usage_default = 0;
break;
case OPT_PRIVATE:
opt_is_private = 1;
break;
@ -2326,10 +2333,12 @@ static int gen_keypair(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
n_privkey_attr++;
}
FILL_ATTR(publicKeyTemplate[n_pubkey_attr], CKA_WRAP, &_true, sizeof(_true));
n_pubkey_attr++;
FILL_ATTR(privateKeyTemplate[n_privkey_attr], CKA_UNWRAP, &_true, sizeof(_true));
n_privkey_attr++;
if (opt_key_usage_wrap) {
FILL_ATTR(publicKeyTemplate[n_pubkey_attr], CKA_WRAP, &_true, sizeof(_true));
n_pubkey_attr++;
FILL_ATTR(privateKeyTemplate[n_privkey_attr], CKA_UNWRAP, &_true, sizeof(_true));
n_privkey_attr++;
}
}
else if (!strncmp(type, "EC:", 3)) {
CK_MECHANISM_TYPE mtypes[] = {CKM_EC_KEY_PAIR_GEN};