Commit f1a2709a authored by Evan Hunt's avatar Evan Hunt

[master] add extractability to pkcs11-list

4354.	[func]		"pkcs11-list" now displays the extractability
			attribute of private or secret keys stored in
			an HSM, as either "true", "false", or "never"
			Thanks to Daniel Stirnimann. [RT #36557]
parent b0ffe328
4355. [func] "pkcs11-list" now displays the extractability
attribute of private or secret keys stored in
an HSM, as either "true", "false", or "never"
Thanks to Daniel Stirnimann. [RT #36557]
4354. [bug] Check that the received HMAC length matches the
expected length prior to check the contents on the
control channel. This prevents a OOB read error.
......
/*
* Copyright (C) 2009, 2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
......@@ -196,11 +196,17 @@ main(int argc, char *argv[]) {
CK_OBJECT_CLASS oclass = 0;
CK_BYTE labelbuf[64 + 1];
CK_BYTE idbuf[64];
CK_BBOOL extract = TRUE;
CK_BBOOL never = FALSE;
CK_ATTRIBUTE template[] = {
{CKA_CLASS, &oclass, sizeof(oclass)},
{CKA_LABEL, labelbuf, sizeof(labelbuf) - 1},
{CKA_ID, idbuf, sizeof(idbuf)}
};
CK_ATTRIBUTE priv_template[] = {
{CKA_EXTRACTABLE, &extract, sizeof(extract)},
{CKA_NEVER_EXTRACTABLE, &never, sizeof(never)}
};
memset(labelbuf, 0, sizeof(labelbuf));
memset(idbuf, 0, sizeof(idbuf));
......@@ -233,7 +239,7 @@ main(int argc, char *argv[]) {
if (len == 2) {
id = (idbuf[0] << 8) & 0xff00;
id |= idbuf[1] & 0xff;
printf("%u\n", id);
printf("%u", id);
} else {
if (len > 8)
len = 8;
......@@ -242,10 +248,17 @@ main(int argc, char *argv[]) {
for (j = 0; j < len; j++)
printf("%02x", idbuf[j]);
if (template[2].ulValueLen > len)
printf("...\n");
else
printf("\n");
printf("...");
}
if ((oclass == CKO_PRIVATE_KEY ||
oclass == CKO_SECRET_KEY) &&
pkcs_C_GetAttributeValue(hSession, akey[i],
priv_template, 2) == CKR_OK) {
printf(" E:%s",
extract ? "true" :
(never ? "never" : "false"));
}
printf("\n");
}
}
......
<!--
- Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
......@@ -40,6 +40,7 @@
<year>2009</year>
<year>2014</year>
<year>2015</year>
<year>2016</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
......@@ -62,6 +63,10 @@
<command>pkcs11-list</command>
lists the PKCS#11 objects with <option>ID</option> or
<option>label</option> or by default all objects.
The object class, label, and ID are displayed for all
keys. For private or secret keys, the extractability
attribute is also displayed, as either <literal>true</literal>,
<literal>false</literal>, or <literal>never</literal>.
</para>
</refsection>
......
......@@ -333,8 +333,8 @@
./bin/pkcs11/pkcs11-keygen.docbook SGML 2009,2014,2015
./bin/pkcs11/pkcs11-keygen.html HTML DOCBOOK
./bin/pkcs11/pkcs11-list.8 MAN DOCBOOK
./bin/pkcs11/pkcs11-list.c X 2009,2014,2015
./bin/pkcs11/pkcs11-list.docbook SGML 2009,2014,2015
./bin/pkcs11/pkcs11-list.c C 2009,2014,2015,2016
./bin/pkcs11/pkcs11-list.docbook SGML 2009,2014,2015,2016
./bin/pkcs11/pkcs11-list.html HTML DOCBOOK
./bin/pkcs11/pkcs11-tokens.8 MAN DOCBOOK
./bin/pkcs11/pkcs11-tokens.c C 2014,2015
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment