Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 600184 Details for
Bug 820684
certutil support for EC on HSMs - need to call PK11_GenerateKeyPairWithOpFlags()
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Adds ability to specify opFlags and attrFlags in certutil
nss-ecc-certutil-834219.patch (text/plain), 8.46 KB, created by
Bob Relyea
on 2012-07-25 00:13:20 UTC
(
hide
)
Description:
Adds ability to specify opFlags and attrFlags in certutil
Filename:
MIME Type:
Creator:
Bob Relyea
Created:
2012-07-25 00:13:20 UTC
Size:
8.46 KB
patch
obsolete
>diff -up ./mozilla/security/nss/cmd/certutil/certutil.c.orig ./mozilla/security/nss/cmd/certutil/certutil.c >--- ./mozilla/security/nss/cmd/certutil/certutil.c.orig 2012-07-24 15:19:10.118146000 -0700 >+++ ./mozilla/security/nss/cmd/certutil/certutil.c 2012-07-24 15:20:12.376020000 -0700 >@@ -1244,6 +1244,19 @@ static void luG(enum usage_level ul, con > " -d keydir"); > FPS "%-20s Cert & Key database prefix\n", > " -P dbprefix"); >+ FPS "%-20s PKCS #11 key Attributes\n", >+ " --keyAttrFlags attrflags."); >+ FPS "%-20s Comma sparated list of the following pairs\n", ""); >+ FPS "%-20s (one pair member per list):\n", ""); >+ FPS "%-20s {token,session} {public,private} {sensitive,insenstive}\n", ""); >+ FPS "%-20s {modifiable,unmodifiable} {extractable,unextractable}\n", ""); >+ FPS "%-20s PKCS #11 key Operation Flags\n", >+ " --keyOpFlagsOn opflags."); >+ FPS "%-20s PKCS #11 key Operation Flags\n", >+ " --keyOpFlagsOff opflags."); >+ FPS "%-20s Comma sparated list of one or more of the following:\n", ""); >+ FPS "%-20s encrypt, decrypt, sign, sign_recover, verify,\n", ""); >+ FPS "%-20s verify_recover, wrap, unwrap, derive\n", ""); > FPS "\n"); > } > >@@ -1457,6 +1470,8 @@ static void luR(enum usage_level ul, con > " -a"); > FPS "%-20s \n", > " See -S for available extension options"); >+ FPS "%-20s \n", >+ " See -G for available key flag options"); > FPS "\n"); > } > >@@ -1639,6 +1654,8 @@ static void luS(enum usage_level ul, con > " --extIA "); > FPS "%-20s Create a subject key ID extension\n", > " --extSKID "); >+ FPS "%-20s \n", >+ " See -G for available key flag options"); > FPS "\n"); > } > >@@ -1952,6 +1969,103 @@ getObjectClass(CK_ULONG classType) > return buf; > } > >+typedef struct { >+ char *name; >+ int nameSize; >+ CK_ULONG value; >+} flagArray; >+ >+#define NAME_SIZE(x) #x,sizeof(#x)-1 >+ >+flagArray opFlagsArray[] = >+{ >+ {NAME_SIZE(encrypt), CKF_ENCRYPT}, >+ {NAME_SIZE(decrypt), CKF_DECRYPT}, >+ {NAME_SIZE(sign), CKF_SIGN}, >+ {NAME_SIZE(sign_recover), CKF_SIGN_RECOVER}, >+ {NAME_SIZE(verify), CKF_VERIFY}, >+ {NAME_SIZE(verify_recover), CKF_VERIFY_RECOVER}, >+ {NAME_SIZE(wrap), CKF_WRAP}, >+ {NAME_SIZE(unwrap), CKF_UNWRAP}, >+ {NAME_SIZE(derive), CKF_DERIVE}, >+}; >+ >+int opFlagsCount = sizeof(opFlagsArray)/sizeof(flagArray); >+ >+flagArray attrFlagsArray[] = >+{ >+ {NAME_SIZE(token), PK11_ATTR_TOKEN}, >+ {NAME_SIZE(session), PK11_ATTR_SESSION}, >+ {NAME_SIZE(private), PK11_ATTR_PRIVATE}, >+ {NAME_SIZE(public), PK11_ATTR_PUBLIC}, >+ {NAME_SIZE(modifiable), PK11_ATTR_MODIFIABLE}, >+ {NAME_SIZE(unmodifiable), PK11_ATTR_UNMODIFIABLE}, >+ {NAME_SIZE(sensitive), PK11_ATTR_SENSITIVE}, >+ {NAME_SIZE(insensitive), PK11_ATTR_INSENSITIVE}, >+ {NAME_SIZE(extractable), PK11_ATTR_EXTRACTABLE}, >+ {NAME_SIZE(unextractable), PK11_ATTR_EXTRACTABLE} >+ >+}; >+ >+int attrFlagsCount = sizeof(attrFlagsArray)/sizeof(flagArray); >+ >+#define MAX_STRING 30 >+CK_ULONG >+GetFlags(char *flagsString, flagArray *flagArray, int count) >+{ >+ CK_ULONG flagsValue = strtol(flagsString, NULL, 0); >+ int i; >+ >+fprintf(stderr, "parsing flags <%s>\n", flagsString); >+ >+ if ((flagsValue != 0) || (*flagsString == 0)) { >+ return flagsValue; >+ } >+ while (*flagsString) { >+ for (i=0; i < count; i++) { >+ if (strncmp(flagsString, flagArray[i].name, flagArray[i].nameSize) >+ == 0) { >+ flagsValue |= flagArray[i].value; >+ flagsString += flagArray[i].nameSize; >+ if (*flagsString != 0) { >+ flagsString++; >+ } >+ break; >+ } >+ } >+ if (i == count) { >+ char name[MAX_STRING]; >+ char *tok; >+ >+ strncpy(name,flagsString, MAX_STRING); >+ name[MAX_STRING-1] = 0; >+ tok = strchr(name, ','); >+ if (tok) { >+ *tok = 0; >+ } >+ fprintf(stderr,"Unknown flag (%s)\n",name); >+ tok = strchr(flagsString, ','); >+ if (tok == NULL) { >+ break; >+ } >+ flagsString = tok+1; >+ } >+ } >+ return flagsValue; >+} >+ >+CK_FLAGS >+GetOpFlags(char *flags) >+{ >+ return GetFlags(flags, opFlagsArray, opFlagsCount); >+} >+ >+PK11AttrFlags >+GetAttrFlags(char *flags) >+{ >+ return GetFlags(flags, attrFlagsArray, attrFlagsCount); >+} >+ > char *mkNickname(unsigned char *data, int len) > { > char *nick = PORT_Alloc(len+1); >@@ -2090,6 +2204,9 @@ enum certutilOpts { > opt_SourcePrefix, > opt_UpgradeID, > opt_UpgradeTokenName, >+ opt_KeyOpFlagsOn, >+ opt_KeyOpFlagsOff, >+ opt_KeyAttrFlags, > opt_Help > }; > >@@ -2190,6 +2307,12 @@ secuCommandFlag options_init[] = > "upgrade-id"}, > { /* opt_UpgradeTokenName */ 0, PR_TRUE, 0, PR_FALSE, > "upgrade-token-name"}, >+ { /* opt_KeyOpFlagsOn */ 0, PR_TRUE, 0, PR_FALSE, >+ "keyOpFlagsOn"}, >+ { /* opt_KeyOpFlagsOff */ 0, PR_TRUE, 0, PR_FALSE, >+ "keyOpFlagsOff"}, >+ { /* opt_KeyAttrFlags */ 0, PR_TRUE, 0, PR_FALSE, >+ "keyAttrFlags"}, > }; > #define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0])) > >@@ -2237,6 +2360,10 @@ certutil_main(int argc, char **argv, PRB > secuPWData pwdata2 = { PW_NONE, 0 }; > PRBool readOnly = PR_FALSE; > PRBool initialized = PR_FALSE; >+ CK_FLAGS keyOpFlagsOn = 0; >+ CK_FLAGS keyOpFlagsOff = 0; >+ PK11AttrFlags keyAttrFlags = >+ PK11_ATTR_TOKEN | PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE; > > SECKEYPrivateKey *privkey = NULL; > SECKEYPublicKey *pubkey = NULL; >@@ -2359,6 +2486,17 @@ certutil_main(int argc, char **argv, PRB > keytype = nullKey; > } > >+ if (certutil.options[opt_KeyOpFlagsOn].activated) { >+ keyOpFlagsOn = GetOpFlags(certutil.options[opt_KeyOpFlagsOn].arg); >+ } >+ if (certutil.options[opt_KeyOpFlagsOff].activated) { >+ keyOpFlagsOff = GetOpFlags(certutil.options[opt_KeyOpFlagsOff].arg); >+ keyOpFlagsOn &=~keyOpFlagsOff; /* make off override on */ >+ } >+ if (certutil.options[opt_KeyAttrFlags].activated) { >+ keyAttrFlags = GetAttrFlags(certutil.options[opt_KeyAttrFlags].arg); >+ } >+ > /* -m serial number */ > if (certutil.options[opt_SerialNumber].activated) { > int sn = PORT_Atoi(certutil.options[opt_SerialNumber].arg); >@@ -2968,6 +3106,9 @@ merge_fail: > certutil.options[opt_NoiseFile].arg, > &pubkey, > certutil.options[opt_PQGFile].arg, >+ keyAttrFlags, >+ keyOpFlagsOn, >+ keyOpFlagsOff, > &pwdata); > if (privkey == NULL) { > SECU_PrintError(progName, "unable to generate key(s)\n"); >diff -up ./mozilla/security/nss/cmd/certutil/certutil.h.orig ./mozilla/security/nss/cmd/certutil/certutil.h >--- ./mozilla/security/nss/cmd/certutil/certutil.h.orig 2012-07-24 15:19:10.135146000 -0700 >+++ ./mozilla/security/nss/cmd/certutil/certutil.h 2012-07-24 15:20:12.386020000 -0700 >@@ -46,6 +46,9 @@ CERTUTIL_GeneratePrivateKey(KeyType keyt > char *noise, > SECKEYPublicKey **pubkeyp, > char *pqgFile, >+ PK11AttrFlags attrFlags, >+ CK_FLAGS opFlagsOn, >+ CK_FLAGS opFlagsOff, > secuPWData *pwdata); > > extern char *progName; >diff -up ./mozilla/security/nss/cmd/certutil/keystuff.c.orig ./mozilla/security/nss/cmd/certutil/keystuff.c >--- ./mozilla/security/nss/cmd/certutil/keystuff.c.orig 2012-07-24 15:19:10.146146000 -0700 >+++ ./mozilla/security/nss/cmd/certutil/keystuff.c 2012-07-24 15:20:12.397020000 -0700 >@@ -525,7 +525,8 @@ SECKEYPrivateKey * > CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, > int publicExponent, const char *noise, > SECKEYPublicKey **pubkeyp, const char *pqgFile, >- secuPWData *pwdata) >+ PK11AttrFlags attrFlags, CK_FLAGS opFlagsOn, >+ CK_FLAGS opFlagsOff, secuPWData *pwdata) > { > CK_MECHANISM_TYPE mechanism; > SECOidTag algtag; >@@ -594,8 +595,8 @@ CERTUTIL_GeneratePrivateKey(KeyType keyt > fprintf(stderr, "\n\n"); > fprintf(stderr, "Generating key. This may take a few moments...\n\n"); > >- privKey = PK11_GenerateKeyPair(slot, mechanism, params, pubkeyp, >- PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, >+ privKey = PK11_GenerateKeyPairWithOpFlags(slot, mechanism, params, pubkeyp, >+ attrFlags, opFlagsOn, opFlagsOn|opFlagsOff, > pwdata /*wincx*/); > /* free up the params */ > switch (keytype) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=600184">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 820684
:
600161
| 600184