giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs11-tool: Add extractable option to key import 

Signed-off-by: Raul Metsma <raul@metsma.ee>
This commit is contained in:
Raul Metsma 2019-05-09 14:55:25 +03:00 committed by Frank Morgner
parent a2dd500624
commit 3a192e2c87
2 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/tools/pkcs11-tool.1.xml
View File

@ -319,6 +319,13 @@
<listitem><para>Set the CKA_SENSITIVE attribute (object cannot be revealed in plaintext).</para></listitem> <listitem><para>Set the CKA_SENSITIVE attribute (object cannot be revealed in plaintext).</para></listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>
<option>--extractable</option>
</term>
<listitem><para>Set the CKA_EXTRACTABLE attribute (object can be extracted)</para></listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term> <term>
<option>--set-id</option> <replaceable>id</replaceable>, <option>--set-id</option> <replaceable>id</replaceable>,
@ -460,7 +467,7 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term> <term>
<option>--allowed-mechanisms</option> <replaceable>mechanisms</replaceable> <option>--allowed-mechanisms</option> <replaceable>mechanisms</replaceable>
</term> </term>

21
src/tools/pkcs11-tool.c
View File

@ -141,6 +141,7 @@ enum {
OPT_KEY_USAGE_DERIVE, OPT_KEY_USAGE_DERIVE,
OPT_PRIVATE, OPT_PRIVATE,
OPT_SENSITIVE, OPT_SENSITIVE,
OPT_EXTRACTABLE,
OPT_TEST_HOTPLUG, OPT_TEST_HOTPLUG,
OPT_UNLOCK_PIN, OPT_UNLOCK_PIN,
OPT_PUK, OPT_PUK,
@ -227,6 +228,7 @@ static const struct option options[] = {
{ "verbose", 0, NULL, 'v' }, { "verbose", 0, NULL, 'v' },
{ "private", 0, NULL, OPT_PRIVATE }, { "private", 0, NULL, OPT_PRIVATE },
{ "sensitive", 0, NULL, OPT_SENSITIVE }, { "sensitive", 0, NULL, OPT_SENSITIVE },
{ "extractable", 0, NULL, OPT_EXTRACTABLE },
{ "always-auth", 0, NULL, OPT_ALWAYS_AUTH }, { "always-auth", 0, NULL, OPT_ALWAYS_AUTH },
{ "test-ec", 0, NULL, OPT_TEST_EC }, { "test-ec", 0, NULL, OPT_TEST_EC },
#ifndef _WIN32 #ifndef _WIN32
@ -301,6 +303,7 @@ static const char *option_help[] = {
"Verbose operation. (Set OPENSC_DEBUG to enable OpenSC specific debugging)", "Verbose operation. (Set OPENSC_DEBUG to enable OpenSC specific debugging)",
"Set the CKA_PRIVATE attribute (object is only viewable after a login)", "Set the CKA_PRIVATE attribute (object is only viewable after a login)",
"Set the CKA_SENSITIVE attribute (object cannot be revealed in plaintext)", "Set the CKA_SENSITIVE attribute (object cannot be revealed in plaintext)",
"Set the CKA_EXTRACTABLE attribute (object can be extracted)",
"Set the CKA_ALWAYS_AUTHENTICATE attribute to a key object (require PIN verification for each use)", "Set the CKA_ALWAYS_AUTHENTICATE attribute to a key object (require PIN verification for each use)",
"Test EC (best used with the --login or --pin option)", "Test EC (best used with the --login or --pin option)",
#ifndef _WIN32 #ifndef _WIN32
@ -348,6 +351,7 @@ static CK_MECHANISM_TYPE opt_allowed_mechanisms[MAX_ALLOWED_MECHANISMS];
static size_t opt_allowed_mechanisms_len = 0; static size_t opt_allowed_mechanisms_len = 0;
static int opt_is_private = 0; static int opt_is_private = 0;
static int opt_is_sensitive = 0; static int opt_is_sensitive = 0;
static int opt_is_extractable = 0;
static int opt_test_hotplug = 0; static int opt_test_hotplug = 0;
static int opt_login_type = -1; static int opt_login_type = -1;
static int opt_key_usage_sign = 0; static int opt_key_usage_sign = 0;
@ -883,6 +887,9 @@ int main(int argc, char * argv[])
case OPT_SENSITIVE: case OPT_SENSITIVE:
opt_is_sensitive = 1; opt_is_sensitive = 1;
break; break;
case OPT_EXTRACTABLE:
opt_is_extractable = 1;
break;
case OPT_TEST_HOTPLUG: case OPT_TEST_HOTPLUG:
opt_test_hotplug = 1; opt_test_hotplug = 1;
action_count++; action_count++;
@ -3136,6 +3143,10 @@ static int write_object(CK_SESSION_HANDLE session)
&_true, sizeof(_true)); &_true, sizeof(_true));
n_privkey_attr++; n_privkey_attr++;
} }
if (opt_is_extractable != 0) {
FILL_ATTR(privkey_templ[n_privkey_attr], CKA_EXTRACTABLE, &_true, sizeof(_true));
n_privkey_attr++;
}
if (opt_allowed_mechanisms_len > 0) { if (opt_allowed_mechanisms_len > 0) {
FILL_ATTR(privkey_templ[n_privkey_attr], FILL_ATTR(privkey_templ[n_privkey_attr],
CKA_ALLOWED_MECHANISMS, opt_allowed_mechanisms, CKA_ALLOWED_MECHANISMS, opt_allowed_mechanisms,
@ -3302,7 +3313,7 @@ static int write_object(CK_SESSION_HANDLE session)
break; break;
case CKO_SECRET_KEY: case CKO_SECRET_KEY:
clazz = CKO_SECRET_KEY; clazz = CKO_SECRET_KEY;
type = CKK_AES; type = CKK_GENERIC_SECRET;
if (opt_key_type != 0) { if (opt_key_type != 0) {
if (strncasecmp(opt_key_type, "AES:", strlen("AES:")) == 0) if (strncasecmp(opt_key_type, "AES:", strlen("AES:")) == 0)
@ -3336,6 +3347,14 @@ static int write_object(CK_SESSION_HANDLE session)
FILL_ATTR(seckey_templ[n_seckey_attr], CKA_SENSITIVE, &_false, sizeof(_false)); FILL_ATTR(seckey_templ[n_seckey_attr], CKA_SENSITIVE, &_false, sizeof(_false));
n_seckey_attr++; n_seckey_attr++;
} }
if (opt_is_extractable != 0) {
FILL_ATTR(seckey_templ[n_seckey_attr], CKA_EXTRACTABLE, &_true, sizeof(_true));
n_seckey_attr++;
}
else {
FILL_ATTR(seckey_templ[n_seckey_attr], CKA_EXTRACTABLE, &_false, sizeof(_false));
n_seckey_attr++;
}
if (opt_object_label != NULL) { if (opt_object_label != NULL) {
FILL_ATTR(seckey_templ[n_seckey_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label)); FILL_ATTR(seckey_templ[n_seckey_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label));