From 50b4a1ae69feb9407cd0d7941066e09bf9e32167 Mon Sep 17 00:00:00 2001
From: Andreas Scheuring <andreas.scheuring@de.ibm.com>
Date: Wed, 22 Jun 2016 17:06:59 +0200
Subject: [PATCH] pkcs11-key-generation: convert mkek length to int

When specifying the mkek length via the cli, the key generation fails
as the length is being passed as string instead of int.

Co-Authored-By: Jan Stodt <stodtj@de.ibm.com>
Change-Id: If41d13bb4c99b8823642920d894900a9ce33294a
---
 barbican/cmd/pkcs11_key_generation.py      |  7 +++---
 barbican/tests/cmd/test_barbican_manage.py | 25 ++++++++++++++++++++++
 2 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/barbican/cmd/pkcs11_key_generation.py b/barbican/cmd/pkcs11_key_generation.py
index 530b4929b..7877d1e57 100644
--- a/barbican/cmd/pkcs11_key_generation.py
+++ b/barbican/cmd/pkcs11_key_generation.py
@@ -95,15 +95,16 @@ class KeyGenerator(object):
     def generate_mkek(self, args):
         """Process the generate MKEK with given arguments"""
         self.verify_label_does_not_exist(args.label, self.session)
-        self.pkcs11.generate_key(args.length, self.session, args.label,
+        self.pkcs11.generate_key(int(args.length), self.session, args.label,
                                  encrypt=True, wrap=True, master_key=True)
         print ("MKEK successfully generated!")
 
     def generate_hmac(self, args):
         """Process the generate HMAC with given arguments"""
         self.verify_label_does_not_exist(args.label, self.session)
-        self.pkcs11.generate_key(args.length, self.session, args.label,
-                                 sign=True, master_key=True)
+        self.pkcs11.generate_key(int(args.length), self.session,
+                                 args.label, sign=True,
+                                 master_key=True)
         print ("HMAC successfully generated!")
 
     def execute(self):
diff --git a/barbican/tests/cmd/test_barbican_manage.py b/barbican/tests/cmd/test_barbican_manage.py
index 82b09a088..bfe5ed5b0 100644
--- a/barbican/tests/cmd/test_barbican_manage.py
+++ b/barbican/tests/cmd/test_barbican_manage.py
@@ -154,3 +154,28 @@ class TestBarbicanManage(TestBarbicanManageBase):
              '--library-path', 'mocklib', '--passphrase', 'mockpassewd',
              '--label', 'mocklabel'], mock_genkey,
             32, 1, 'mocklabel', sign=True, master_key=True)
+
+    @mock.patch('barbican.plugin.crypto.pkcs11.PKCS11')
+    def test_hsm_gen_mkek_non_default_length(self, mock_pkcs11):
+        mock_pkcs11.return_value.get_session.return_value = 1
+        mock_pkcs11.return_value.get_key_handle.return_value = None
+        mock_pkcs11.return_value.generate_key.return_value = 0
+        mock_genkey = mock_pkcs11.return_value.generate_key
+        self._main_test_helper(
+            ['barbican.cmd.barbican_manage', 'hsm', 'gen_mkek',
+             '--length', '48', '--library-path', 'mocklib',
+             '--passphrase', 'mockpassewd', '--label', 'mocklabel'],
+            mock_genkey, 48, 1, 'mocklabel', encrypt=True, wrap=True,
+            master_key=True)
+
+    @mock.patch('barbican.plugin.crypto.pkcs11.PKCS11')
+    def test_hsm_gen_hmac_non_default_length(self, mock_pkcs11):
+        mock_pkcs11.return_value.get_session.return_value = 1
+        mock_pkcs11.return_value.get_key_handle.return_value = None
+        mock_pkcs11.return_value.generate_key.return_value = 0
+        mock_genkey = mock_pkcs11.return_value.generate_key
+        self._main_test_helper(
+            ['barbican.cmd.barbican_manage', 'hsm', 'gen_hmac',
+             '--length', '48', '--library-path', 'mocklib',
+             '--passphrase', 'mockpassewd', '--label', 'mocklabel'],
+            mock_genkey, 48, 1, 'mocklabel', sign=True, master_key=True)