Commit f1a2709a authored by Evan Hunt's avatar Evan Hunt

[master] add extractability to pkcs11-list

4354.	[func]		"pkcs11-list" now displays the extractability
			attribute of private or secret keys stored in
			an HSM, as either "true", "false", or "never"
			Thanks to Daniel Stirnimann. [RT #36557]
parent b0ffe328
4355. [func] "pkcs11-list" now displays the extractability
attribute of private or secret keys stored in
an HSM, as either "true", "false", or "never"
Thanks to Daniel Stirnimann. [RT #36557]
4354. [bug] Check that the received HMAC length matches the 4354. [bug] Check that the received HMAC length matches the
expected length prior to check the contents on the expected length prior to check the contents on the
control channel. This prevents a OOB read error. control channel. This prevents a OOB read error.
......
/* /*
* Copyright (C) 2009, 2015 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
* *
* Permission to use, copy, modify, and/or distribute this software for any * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above * purpose with or without fee is hereby granted, provided that the above
...@@ -196,11 +196,17 @@ main(int argc, char *argv[]) { ...@@ -196,11 +196,17 @@ main(int argc, char *argv[]) {
CK_OBJECT_CLASS oclass = 0; CK_OBJECT_CLASS oclass = 0;
CK_BYTE labelbuf[64 + 1]; CK_BYTE labelbuf[64 + 1];
CK_BYTE idbuf[64]; CK_BYTE idbuf[64];
CK_BBOOL extract = TRUE;
CK_BBOOL never = FALSE;
CK_ATTRIBUTE template[] = { CK_ATTRIBUTE template[] = {
{CKA_CLASS, &oclass, sizeof(oclass)}, {CKA_CLASS, &oclass, sizeof(oclass)},
{CKA_LABEL, labelbuf, sizeof(labelbuf) - 1}, {CKA_LABEL, labelbuf, sizeof(labelbuf) - 1},
{CKA_ID, idbuf, sizeof(idbuf)} {CKA_ID, idbuf, sizeof(idbuf)}
}; };
CK_ATTRIBUTE priv_template[] = {
{CKA_EXTRACTABLE, &extract, sizeof(extract)},
{CKA_NEVER_EXTRACTABLE, &never, sizeof(never)}
};
memset(labelbuf, 0, sizeof(labelbuf)); memset(labelbuf, 0, sizeof(labelbuf));
memset(idbuf, 0, sizeof(idbuf)); memset(idbuf, 0, sizeof(idbuf));
...@@ -233,7 +239,7 @@ main(int argc, char *argv[]) { ...@@ -233,7 +239,7 @@ main(int argc, char *argv[]) {
if (len == 2) { if (len == 2) {
id = (idbuf[0] << 8) & 0xff00; id = (idbuf[0] << 8) & 0xff00;
id |= idbuf[1] & 0xff; id |= idbuf[1] & 0xff;
printf("%u\n", id); printf("%u", id);
} else { } else {
if (len > 8) if (len > 8)
len = 8; len = 8;
...@@ -242,10 +248,17 @@ main(int argc, char *argv[]) { ...@@ -242,10 +248,17 @@ main(int argc, char *argv[]) {
for (j = 0; j < len; j++) for (j = 0; j < len; j++)
printf("%02x", idbuf[j]); printf("%02x", idbuf[j]);
if (template[2].ulValueLen > len) if (template[2].ulValueLen > len)
printf("...\n"); printf("...");
else }
printf("\n"); if ((oclass == CKO_PRIVATE_KEY ||
oclass == CKO_SECRET_KEY) &&
pkcs_C_GetAttributeValue(hSession, akey[i],
priv_template, 2) == CKR_OK) {
printf(" E:%s",
extract ? "true" :
(never ? "never" : "false"));
} }
printf("\n");
} }
} }
......
<!-- <!--
- Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
- -
- Permission to use, copy, modify, and/or distribute this software for any - Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above - purpose with or without fee is hereby granted, provided that the above
...@@ -40,6 +40,7 @@ ...@@ -40,6 +40,7 @@
<year>2009</year> <year>2009</year>
<year>2014</year> <year>2014</year>
<year>2015</year> <year>2015</year>
<year>2016</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder> <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright> </copyright>
</docinfo> </docinfo>
...@@ -62,6 +63,10 @@ ...@@ -62,6 +63,10 @@
<command>pkcs11-list</command> <command>pkcs11-list</command>
lists the PKCS#11 objects with <option>ID</option> or lists the PKCS#11 objects with <option>ID</option> or
<option>label</option> or by default all objects. <option>label</option> or by default all objects.
The object class, label, and ID are displayed for all
keys. For private or secret keys, the extractability
attribute is also displayed, as either <literal>true</literal>,
<literal>false</literal>, or <literal>never</literal>.
</para> </para>
</refsection> </refsection>
......
...@@ -333,8 +333,8 @@ ...@@ -333,8 +333,8 @@
./bin/pkcs11/pkcs11-keygen.docbook SGML 2009,2014,2015 ./bin/pkcs11/pkcs11-keygen.docbook SGML 2009,2014,2015
./bin/pkcs11/pkcs11-keygen.html HTML DOCBOOK ./bin/pkcs11/pkcs11-keygen.html HTML DOCBOOK
./bin/pkcs11/pkcs11-list.8 MAN DOCBOOK ./bin/pkcs11/pkcs11-list.8 MAN DOCBOOK
./bin/pkcs11/pkcs11-list.c X 2009,2014,2015 ./bin/pkcs11/pkcs11-list.c C 2009,2014,2015,2016
./bin/pkcs11/pkcs11-list.docbook SGML 2009,2014,2015 ./bin/pkcs11/pkcs11-list.docbook SGML 2009,2014,2015,2016
./bin/pkcs11/pkcs11-list.html HTML DOCBOOK ./bin/pkcs11/pkcs11-list.html HTML DOCBOOK
./bin/pkcs11/pkcs11-tokens.8 MAN DOCBOOK ./bin/pkcs11/pkcs11-tokens.8 MAN DOCBOOK
./bin/pkcs11/pkcs11-tokens.c C 2014,2015 ./bin/pkcs11/pkcs11-tokens.c C 2014,2015
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment