Code updated with recent PKCS11 API
new args added accordingly to generically support all mechanisms and types. Change-Id: Id2a441ec772074df86fc796bd1d33a20344e4ce5
This commit is contained in:
parent
4c0ddda941
commit
1e301cf7c9
@ -36,7 +36,8 @@ class KeyGenerator(object):
|
|||||||
login_passphrase=self.args.passphrase or password,
|
login_passphrase=self.args.passphrase or password,
|
||||||
rw_session=True,
|
rw_session=True,
|
||||||
slot_id=int(self.args.slot_id),
|
slot_id=int(self.args.slot_id),
|
||||||
ffi=ffi
|
ffi=ffi,
|
||||||
|
encryption_mechanism='CKM_AES_CBC'
|
||||||
)
|
)
|
||||||
self.session = self.pkcs11.get_session()
|
self.session = self.pkcs11.get_session()
|
||||||
|
|
||||||
@ -77,14 +78,24 @@ class KeyGenerator(object):
|
|||||||
"""Create HMAC generation parser and arguments."""
|
"""Create HMAC generation parser and arguments."""
|
||||||
create_parser = self.subparsers.add_parser('hmac', help='Generates a '
|
create_parser = self.subparsers.add_parser('hmac', help='Generates a '
|
||||||
'new HMAC.')
|
'new HMAC.')
|
||||||
|
create_parser.add_argument('--type', '-t', default='CKK_AES',
|
||||||
|
help='HMAC key type, one of: '
|
||||||
|
'\'CKK_AES\', \'CKK_GENERIC_SECRET\' or '
|
||||||
|
'\'CKK_SHA256_HMAC\'')
|
||||||
|
create_parser.add_argument('--keygen', '-g',
|
||||||
|
default='CKM_AES_KEY_GEN',
|
||||||
|
help='HMAC key generation mechanism, '
|
||||||
|
'one of: \'CKM_AES_KEY_GEN\' '
|
||||||
|
'\'CKM_NC_SHA256_HMAC_KEY_GEN\' or '
|
||||||
|
'\'CKM_GENERIC_SECRET_KEY_GEN\'')
|
||||||
create_parser.add_argument('--length', '-l', default=32,
|
create_parser.add_argument('--length', '-l', default=32,
|
||||||
help='the length of the HMACKEY')
|
help='the length of the HMACKEY')
|
||||||
create_parser.add_argument('--label', '-L', default='primaryhmac',
|
create_parser.add_argument('--label', '-L', default='primaryhmac',
|
||||||
help='the label for the HMAC')
|
help='the label for the HMAC')
|
||||||
create_parser.set_defaults(func=self.generate_hmac)
|
create_parser.set_defaults(func=self.generate_hmac)
|
||||||
|
|
||||||
def verify_label_does_not_exist(self, label, session):
|
def verify_label_does_not_exist(self, key_type, label, session):
|
||||||
key_handle = self.pkcs11.get_key_handle(label, session)
|
key_handle = self.pkcs11.get_key_handle(key_type, label, session)
|
||||||
if key_handle:
|
if key_handle:
|
||||||
print(
|
print(
|
||||||
"The label {label} already exists! "
|
"The label {label} already exists! "
|
||||||
@ -94,17 +105,19 @@ class KeyGenerator(object):
|
|||||||
|
|
||||||
def generate_mkek(self, args):
|
def generate_mkek(self, args):
|
||||||
"""Process the generate MKEK with given arguments"""
|
"""Process the generate MKEK with given arguments"""
|
||||||
self.verify_label_does_not_exist(args.label, self.session)
|
self.verify_label_does_not_exist(args.type, args.label, self.session)
|
||||||
self.pkcs11.generate_key(int(args.length), self.session, args.label,
|
self.pkcs11.generate_key('CKK_AES', int(args.length),
|
||||||
|
'CKM_AES_KEY_GEN',
|
||||||
|
self.session, args.label,
|
||||||
encrypt=True, wrap=True, master_key=True)
|
encrypt=True, wrap=True, master_key=True)
|
||||||
print("MKEK successfully generated!")
|
print("MKEK successfully generated!")
|
||||||
|
|
||||||
def generate_hmac(self, args):
|
def generate_hmac(self, args):
|
||||||
"""Process the generate HMAC with given arguments"""
|
"""Process the generate HMAC with given arguments"""
|
||||||
self.verify_label_does_not_exist(args.label, self.session)
|
self.verify_label_does_not_exist(args.type, args.label, self.session)
|
||||||
self.pkcs11.generate_key(int(args.length), self.session,
|
self.pkcs11.generate_key(args.type, int(args.length), args.keygen,
|
||||||
args.label, sign=True,
|
self.session, args.label,
|
||||||
master_key=True)
|
sign=True, master_key=True)
|
||||||
print("HMAC successfully generated!")
|
print("HMAC successfully generated!")
|
||||||
|
|
||||||
def execute(self):
|
def execute(self):
|
||||||
|
Loading…
Reference in New Issue
Block a user