pkcs11-tool: option to 'decrypt some data'
This commit is contained in:
parent
0dba2d453f
commit
f0189e8378
|
@ -236,6 +236,13 @@
|
||||||
<listitem><para>Sign some data.</para></listitem>
|
<listitem><para>Sign some data.</para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>--decrypt</option>,
|
||||||
|
</term>
|
||||||
|
<listitem><para>Decrypt some data.</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>
|
<term>
|
||||||
<option>--slot</option> <replaceable>id</replaceable>
|
<option>--slot</option> <replaceable>id</replaceable>
|
||||||
|
|
|
@ -117,7 +117,8 @@ enum {
|
||||||
OPT_NEW_PIN,
|
OPT_NEW_PIN,
|
||||||
OPT_LOGIN_TYPE,
|
OPT_LOGIN_TYPE,
|
||||||
OPT_TEST_EC,
|
OPT_TEST_EC,
|
||||||
OPT_DERIVE
|
OPT_DERIVE,
|
||||||
|
OPT_DECRYPT
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct option options[] = {
|
static const struct option options[] = {
|
||||||
|
@ -129,6 +130,7 @@ static const struct option options[] = {
|
||||||
{ "list-objects", 0, NULL, 'O' },
|
{ "list-objects", 0, NULL, 'O' },
|
||||||
|
|
||||||
{ "sign", 0, NULL, 's' },
|
{ "sign", 0, NULL, 's' },
|
||||||
|
{ "decrypt", 0, NULL, OPT_DECRYPT },
|
||||||
{ "hash", 0, NULL, 'h' },
|
{ "hash", 0, NULL, 'h' },
|
||||||
{ "derive", 0, NULL, OPT_DERIVE },
|
{ "derive", 0, NULL, OPT_DERIVE },
|
||||||
{ "mechanism", 1, NULL, 'm' },
|
{ "mechanism", 1, NULL, 'm' },
|
||||||
|
@ -187,6 +189,7 @@ static const char *option_help[] = {
|
||||||
"Show objects on token",
|
"Show objects on token",
|
||||||
|
|
||||||
"Sign some data",
|
"Sign some data",
|
||||||
|
"Decrypt some data",
|
||||||
"Hash some data",
|
"Hash some data",
|
||||||
"Derive a secret key using another key and some data",
|
"Derive a secret key using another key and some data",
|
||||||
"Specify mechanism (use -M for a list of supported mechanisms)",
|
"Specify mechanism (use -M for a list of supported mechanisms)",
|
||||||
|
@ -334,8 +337,8 @@ static void show_object(CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
|
||||||
static void show_key(CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
|
static void show_key(CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
|
||||||
static void show_cert(CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
|
static void show_cert(CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
|
||||||
static void show_dobj(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj);
|
static void show_dobj(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj);
|
||||||
static void sign_data(CK_SLOT_ID,
|
static void sign_data(CK_SLOT_ID, CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
|
||||||
CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
|
static void decrypt_data(CK_SLOT_ID, CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
|
||||||
static void hash_data(CK_SLOT_ID, CK_SESSION_HANDLE);
|
static void hash_data(CK_SLOT_ID, CK_SESSION_HANDLE);
|
||||||
static void derive_key(CK_SLOT_ID, CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
|
static void derive_key(CK_SLOT_ID, CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
|
||||||
static int gen_keypair(CK_SESSION_HANDLE,
|
static int gen_keypair(CK_SESSION_HANDLE,
|
||||||
|
@ -388,6 +391,7 @@ int main(int argc, char * argv[])
|
||||||
int do_list_mechs = 0;
|
int do_list_mechs = 0;
|
||||||
int do_list_objects = 0;
|
int do_list_objects = 0;
|
||||||
int do_sign = 0;
|
int do_sign = 0;
|
||||||
|
int do_decrypt = 0;
|
||||||
int do_hash = 0;
|
int do_hash = 0;
|
||||||
int do_derive = 0;
|
int do_derive = 0;
|
||||||
int do_gen_keypair = 0;
|
int do_gen_keypair = 0;
|
||||||
|
@ -546,6 +550,11 @@ int main(int argc, char * argv[])
|
||||||
do_sign = 1;
|
do_sign = 1;
|
||||||
action_count++;
|
action_count++;
|
||||||
break;
|
break;
|
||||||
|
case OPT_DECRYPT:
|
||||||
|
need_session |= NEED_SESSION_RW;
|
||||||
|
do_decrypt = 1;
|
||||||
|
action_count++;
|
||||||
|
break;
|
||||||
case 'f':
|
case 'f':
|
||||||
opt_sig_format = optarg;
|
opt_sig_format = optarg;
|
||||||
break;
|
break;
|
||||||
|
@ -754,7 +763,7 @@ int main(int argc, char * argv[])
|
||||||
if (do_list_mechs)
|
if (do_list_mechs)
|
||||||
list_mechs(opt_slot);
|
list_mechs(opt_slot);
|
||||||
|
|
||||||
if (do_sign) {
|
if (do_sign || do_decrypt) {
|
||||||
CK_TOKEN_INFO info;
|
CK_TOKEN_INFO info;
|
||||||
|
|
||||||
get_token_info(opt_slot, &info);
|
get_token_info(opt_slot, &info);
|
||||||
|
@ -811,7 +820,7 @@ int main(int argc, char * argv[])
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (do_sign || do_derive) {
|
if (do_sign || do_derive || do_decrypt) {
|
||||||
if (!find_object(session, CKO_PRIVATE_KEY, &object,
|
if (!find_object(session, CKO_PRIVATE_KEY, &object,
|
||||||
opt_object_id_len ? opt_object_id : NULL,
|
opt_object_id_len ? opt_object_id : NULL,
|
||||||
opt_object_id_len, 0))
|
opt_object_id_len, 0))
|
||||||
|
@ -828,6 +837,9 @@ int main(int argc, char * argv[])
|
||||||
if (do_sign)
|
if (do_sign)
|
||||||
sign_data(opt_slot, session, object);
|
sign_data(opt_slot, session, object);
|
||||||
|
|
||||||
|
if (do_decrypt)
|
||||||
|
decrypt_data(opt_slot, session, object);
|
||||||
|
|
||||||
if (do_hash)
|
if (do_hash)
|
||||||
hash_data(opt_slot, session);
|
hash_data(opt_slot, session);
|
||||||
|
|
||||||
|
@ -1453,6 +1465,63 @@ static void sign_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
||||||
close(fd);
|
close(fd);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void decrypt_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
||||||
|
CK_OBJECT_HANDLE key)
|
||||||
|
{
|
||||||
|
unsigned char in_buffer[1024], out_buffer[1024];
|
||||||
|
CK_MECHANISM mech;
|
||||||
|
CK_RV rv;
|
||||||
|
CK_ULONG in_len, out_len;
|
||||||
|
int fd, r;
|
||||||
|
|
||||||
|
if (!opt_mechanism_used)
|
||||||
|
if (!find_mechanism(slot, CKF_DECRYPT|CKF_HW, NULL, 0, &opt_mechanism))
|
||||||
|
util_fatal("Decrypt mechanism not supported\n");
|
||||||
|
|
||||||
|
printf("Using decrypt algorithm %s\n", p11_mechanism_to_name(opt_mechanism));
|
||||||
|
memset(&mech, 0, sizeof(mech));
|
||||||
|
mech.mechanism = opt_mechanism;
|
||||||
|
|
||||||
|
if (opt_input == NULL)
|
||||||
|
fd = 0;
|
||||||
|
else if ((fd = open(opt_input, O_RDONLY|O_BINARY)) < 0)
|
||||||
|
util_fatal("Cannot open %s: %m", opt_input);
|
||||||
|
|
||||||
|
r = read(fd, in_buffer, sizeof(in_buffer));
|
||||||
|
if (r < 0)
|
||||||
|
util_fatal("Cannot read from %s: %m", opt_input);
|
||||||
|
in_len = r;
|
||||||
|
|
||||||
|
rv = p11->C_DecryptInit(session, &mech, key);
|
||||||
|
if (rv != CKR_OK)
|
||||||
|
p11_fatal("C_DecryptInit", rv);
|
||||||
|
|
||||||
|
out_len = sizeof(out_buffer);
|
||||||
|
rv = p11->C_Decrypt(session, in_buffer, in_len, out_buffer, &out_len);
|
||||||
|
if (rv != CKR_OK)
|
||||||
|
p11_fatal("C_Decrypt", rv);
|
||||||
|
|
||||||
|
if (fd != 0)
|
||||||
|
close(fd);
|
||||||
|
|
||||||
|
if (opt_output == NULL) {
|
||||||
|
fd = 1;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
fd = open(opt_output, O_CREAT|O_TRUNC|O_WRONLY|O_BINARY, S_IRUSR|S_IWUSR);
|
||||||
|
if (fd < 0)
|
||||||
|
util_fatal("failed to open %s: %m", opt_output);
|
||||||
|
}
|
||||||
|
|
||||||
|
r = write(fd, out_buffer, out_len);
|
||||||
|
if (r < 0)
|
||||||
|
util_fatal("Failed to write to %s: %m", opt_output);
|
||||||
|
if (fd != 1)
|
||||||
|
close(fd);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static void hash_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
static void hash_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
||||||
{
|
{
|
||||||
unsigned char buffer[64];
|
unsigned char buffer[64];
|
||||||
|
|
Loading…
Reference in New Issue