pkcs11-tool support key-gen for GENERIC secret key
Fixes #2139 Added code to support mechanism GENERIC-SECRET-KEY-GEN. Improved --help and doc/tools/pkcs11-tool.1.xml because key gen of symmetric keys pass CKA_VALUE_LEN which is length of key in bytes. Tested with: ./pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so \ --login --label generic-64 --keygen --key-type GENERIC:64 \ --mechanism GENERIC-SECRET-KEY-GEN ./pkcs11-tool --module /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so --login -O
This commit is contained in:
parent
e1c8361ff3
commit
d369965a7f
|
@ -146,7 +146,9 @@
|
|||
<term>
|
||||
<option>--key-type</option> <replaceable>specification</replaceable>
|
||||
</term>
|
||||
<listitem><para>Specify the type and length of the key to create, for example rsa:1024 or EC:prime256v1.</para></listitem>
|
||||
<listitem><para>Specify the type and length (bytes if symmetric) of the key to create,
|
||||
for example RSA:1024, EC:prime256v1, GOSTR3410-2012-256:B,
|
||||
DES:8, DES3:24, AES:16 or GENERIC:64.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
@ -275,7 +275,7 @@ static const char *option_help[] = {
|
|||
"Unlock User PIN (without '--login' unlock in logged in session; otherwise '--login-type' has to be 'context-specific')",
|
||||
"Key pair generation",
|
||||
"Key generation",
|
||||
"Specify the type and length of the key to create, for example rsa:1024 or EC:prime256v1 or GOSTR3410-2012-256:B",
|
||||
"Specify the type and length (bytes if symmetric) of the key to create, for example rsa:1024, EC:prime256v1, GOSTR3410-2012-256:B, AES:16 or GENERIC:64",
|
||||
"Specify 'sign' key usage flag (sets SIGN in privkey, sets VERIFY in pubkey)",
|
||||
"Specify 'decrypt' key usage flag (RSA only, set DECRYPT privkey, ENCRYPT in pubkey)",
|
||||
"Specify 'derive' key usage flag (EC only)",
|
||||
|
@ -2390,7 +2390,7 @@ static int gen_keypair(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
|||
n_privkey_attr++;
|
||||
}
|
||||
}
|
||||
else if (!strncmp(type, "EC:", 3)) {
|
||||
else if (strncmp(type, "EC:", strlen("EC:")) == 0 || strncmp(type, "ec:", strlen("ec:")) == 0) {
|
||||
CK_MECHANISM_TYPE mtypes[] = {CKM_EC_KEY_PAIR_GEN};
|
||||
size_t mtypes_num = sizeof(mtypes)/sizeof(mtypes[0]);
|
||||
int ii;
|
||||
|
@ -2693,6 +2693,26 @@ gen_key(CK_SLOT_ID slot, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hSecretKey
|
|||
FILL_ATTR(keyTemplate[n_attr], CKA_KEY_TYPE, &key_type, sizeof(key_type));
|
||||
n_attr++;
|
||||
}
|
||||
else if (strncasecmp(type, "GENERIC:", strlen("GENERIC:")) == 0) {
|
||||
CK_MECHANISM_TYPE mtypes[] = {CKM_GENERIC_SECRET_KEY_GEN};
|
||||
size_t mtypes_num = sizeof(mtypes)/sizeof(mtypes[0]);
|
||||
const char *size = type + strlen("GENERIC:");
|
||||
|
||||
key_type = CKK_GENERIC_SECRET;
|
||||
|
||||
if (!opt_mechanism_used)
|
||||
if (!find_mechanism(slot, CKF_GENERATE, mtypes, mtypes_num, &opt_mechanism))
|
||||
util_fatal("Generate Key mechanism not supported\n");
|
||||
|
||||
if (size == NULL)
|
||||
util_fatal("Unknown key type %s", type);
|
||||
key_length = (unsigned long)atol(size);
|
||||
if (key_length == 0)
|
||||
key_length = 32;
|
||||
|
||||
FILL_ATTR(keyTemplate[n_attr], CKA_KEY_TYPE, &key_type, sizeof(key_type));
|
||||
n_attr++;
|
||||
}
|
||||
else {
|
||||
util_fatal("Unknown key type %s", type);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue