giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs11-tool: align output for test_signature 

Before it was a bit confusing, e.g.:
```
  testing key 1 (2048 bits, label=IDKey2) with 1 signature mechanism
    RSA-X-509: OK
couldn't find the corresponding pubkey
  testing key 2 (0 bits, label=IDKey3) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
```

The error message in line 3 is for IDKey3 and not for IDKey2.

With this patch the output is aligned with `test_verify`:
```
  testing key 1 (IDKey2) with 1 mechanism
    RSA-X-509: OK
  testing key 2 (IDKey3) with 1 mechanism -- can't find corresponding public key, skipping
```
This commit is contained in:
Julian Strobl 2019-12-19 16:42:28 +01:00 committed by Frank Morgner
parent 9eed40ea31
commit 81940e123b
1 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/tools/pkcs11-tool.c
View File

@ -4937,7 +4937,7 @@ static int test_signature(CK_SESSION_HANDLE sess)
{ {
int errors = 0; int errors = 0;
CK_RV rv; CK_RV rv;
CK_OBJECT_HANDLE privKeyObject; CK_OBJECT_HANDLE pubKeyObject, privKeyObject;
CK_MECHANISM ck_mech = { CKM_MD5, NULL, 0 }; CK_MECHANISM ck_mech = { CKM_MD5, NULL, 0 };
CK_MECHANISM_TYPE firstMechType; CK_MECHANISM_TYPE firstMechType;
CK_SESSION_INFO sessionInfo; CK_SESSION_INFO sessionInfo;
@ -5170,19 +5170,17 @@ static int test_signature(CK_SESSION_HANDLE sess)
ck_mech.mechanism = mechTypes[i]; ck_mech.mechanism = mechTypes[i];
j = 1; /* j-th signature key */ j = 1; /* j-th signature key */
while (find_object(sess, CKO_PRIVATE_KEY, &privKeyObject, NULL, 0, j++) != 0) { while (find_object(sess, CKO_PRIVATE_KEY, &privKeyObject, NULL, 0, j++) != 0) {
unsigned char *id;
CK_ULONG idLen;
CK_ULONG modLenBits; CK_ULONG modLenBits;
label = getLABEL(sess, privKeyObject, NULL); printf(" testing key %d", (int) (j-1));
modLenBits = get_private_key_length(sess, privKeyObject); if ((label = getLABEL(sess, privKeyObject, NULL)) != NULL) {
modLenBytes = (modLenBits + 7) / 8; printf(" (%s)", label);
printf(" testing key %d (%u bits%s%s) with 1 signature mechanism",
(int) (j-1),
(int) modLenBits,
label? ", label=" : "",
label? label : "");
if (label)
free(label); free(label);
}
if ((int) (j-1) != 0)
printf(" with 1 mechanism");
if (getKEY_TYPE(sess, privKeyObject) != CKK_RSA) { if (getKEY_TYPE(sess, privKeyObject) != CKK_RSA) {
printf(" -- non-RSA, skipping\n"); printf(" -- non-RSA, skipping\n");
@ -5192,13 +5190,28 @@ static int test_signature(CK_SESSION_HANDLE sess)
printf(" -- can't be used to sign/verify, skipping\n"); printf(" -- can't be used to sign/verify, skipping\n");
continue; continue;
} }
else if (!modLenBytes) { if ((id = getID(sess, privKeyObject, &idLen)) != NULL) {
int r;
r = find_object(sess, CKO_PUBLIC_KEY, &pubKeyObject, id, idLen, 0);
free(id);
if (r == 0) {
printf(" -- can't find corresponding public key, skipping\n");
continue;
}
}
else {
printf(" -- can't get the ID for looking up the public key, skipping\n");
continue;
}
modLenBits = get_private_key_length(sess, privKeyObject);
modLenBytes = (modLenBits + 7) / 8;
if (!modLenBytes) {
printf(" -- can't be used to sign/verify, skipping: can't obtain modulus\n"); printf(" -- can't be used to sign/verify, skipping: can't obtain modulus\n");
continue; continue;
} }
else { printf("\n");
printf("\n");
}
/* Fill in data[0] and dataLens[0] */ /* Fill in data[0] and dataLens[0] */
dataLen = modLenBytes; dataLen = modLenBytes;