sensitive flag added to generate key with CKA_SENSITIVE flag
This commit is contained in:
parent
00535f0174
commit
2cf0a119f4
|
@ -134,6 +134,7 @@ enum {
|
|||
OPT_KEY_USAGE_DECRYPT,
|
||||
OPT_KEY_USAGE_DERIVE,
|
||||
OPT_PRIVATE,
|
||||
OPT_SENSITIVE,
|
||||
OPT_TEST_HOTPLUG,
|
||||
OPT_UNLOCK_PIN,
|
||||
OPT_PUK,
|
||||
|
@ -204,6 +205,7 @@ static const struct option options[] = {
|
|||
{ "moz-cert", 1, NULL, 'z' },
|
||||
{ "verbose", 0, NULL, 'v' },
|
||||
{ "private", 0, NULL, OPT_PRIVATE },
|
||||
{ "sensitive", 0, NULL, OPT_SENSITIVE },
|
||||
{ "test-ec", 0, NULL, OPT_TEST_EC },
|
||||
#ifndef _WIN32
|
||||
{ "test-fork", 0, NULL, OPT_TEST_FORK },
|
||||
|
@ -269,6 +271,7 @@ static const char *option_help[] = {
|
|||
"Test Mozilla-like keypair gen and cert req, <arg>=certfile",
|
||||
"Verbose operation. (Set OPENSC_DEBUG to enable OpenSC specific debugging)",
|
||||
"Set the CKA_PRIVATE attribute (object is only viewable after a login)",
|
||||
"Set the CKA_SENSITIVE attribute (object is protected by HSM)",
|
||||
"Test EC (best used with the --login or --pin option)",
|
||||
#ifndef _WIN32
|
||||
"Test forking and calling C_Initialize() in the child",
|
||||
|
@ -308,6 +311,7 @@ static char * opt_subject = NULL;
|
|||
static char * opt_key_type = NULL;
|
||||
static char * opt_sig_format = NULL;
|
||||
static int opt_is_private = 0;
|
||||
static int opt_is_sensitive = 0;
|
||||
static int opt_test_hotplug = 0;
|
||||
static int opt_login_type = -1;
|
||||
static int opt_key_usage_sign = 0;
|
||||
|
@ -808,6 +812,9 @@ int main(int argc, char * argv[])
|
|||
case OPT_PRIVATE:
|
||||
opt_is_private = 1;
|
||||
break;
|
||||
case OPT_SENSITIVE:
|
||||
opt_is_sensitive = 1;
|
||||
break;
|
||||
case OPT_TEST_HOTPLUG:
|
||||
opt_test_hotplug = 1;
|
||||
action_count++;
|
||||
|
@ -1329,7 +1336,7 @@ static int login(CK_SESSION_HANDLE session, int login_type)
|
|||
pin_flags=info.flags & (
|
||||
CKF_SO_PIN_COUNT_LOW |
|
||||
CKF_SO_PIN_FINAL_TRY |
|
||||
CKF_SO_PIN_LOCKED |
|
||||
CKF_SO_PIN_LOCKED |
|
||||
CKF_SO_PIN_TO_BE_CHANGED);
|
||||
if(pin_flags)
|
||||
printf("WARNING: %s\n",p11_token_info_flags(pin_flags));
|
||||
|
@ -1340,7 +1347,7 @@ static int login(CK_SESSION_HANDLE session, int login_type)
|
|||
pin_flags=info.flags & (
|
||||
CKF_USER_PIN_COUNT_LOW |
|
||||
CKF_USER_PIN_FINAL_TRY |
|
||||
CKF_USER_PIN_LOCKED |
|
||||
CKF_USER_PIN_LOCKED |
|
||||
CKF_USER_PIN_TO_BE_CHANGED);
|
||||
if(pin_flags)
|
||||
printf("WARNING: %s\n",p11_token_info_flags(pin_flags));
|
||||
|
@ -2039,6 +2046,7 @@ gen_key(CK_SLOT_ID slot, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hSecretKey
|
|||
CK_MECHANISM mechanism = {CKM_AES_KEY_GEN, NULL_PTR, 0};
|
||||
CK_OBJECT_CLASS secret_key_class = CKO_SECRET_KEY;
|
||||
CK_BBOOL _true = TRUE;
|
||||
CK_BBOOL _false = FALSE;
|
||||
CK_KEY_TYPE key_type = CKK_AES;
|
||||
CK_ULONG key_length;
|
||||
CK_ATTRIBUTE keyTemplate[20] = {
|
||||
|
@ -2113,6 +2121,15 @@ gen_key(CK_SLOT_ID slot, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hSecretKey
|
|||
util_fatal("Unknown key type %s", type);
|
||||
}
|
||||
|
||||
if (opt_is_sensitive != 0) {
|
||||
FILL_ATTR(keyTemplate[n_attr], CKA_SENSITIVE, &_true, sizeof(_true));
|
||||
n_attr++;
|
||||
}
|
||||
else {
|
||||
FILL_ATTR(keyTemplate[n_attr], CKA_SENSITIVE, &_false, sizeof(_false));
|
||||
n_attr++;
|
||||
}
|
||||
|
||||
FILL_ATTR(keyTemplate[n_attr], CKA_ENCRYPT, &_true, sizeof(_true));
|
||||
n_attr++;
|
||||
FILL_ATTR(keyTemplate[n_attr], CKA_DECRYPT, &_true, sizeof(_true));
|
||||
|
|
Loading…
Reference in New Issue