From 1e301cf7c9a7d638db19257fa59361b3399b5475 Mon Sep 17 00:00:00 2001
From: Ori Pugatzky <ori.pugatzky@nokia.com>
Date: Mon, 18 Mar 2019 17:16:58 +0000
Subject: [PATCH] Code updated with recent PKCS11 API new args added
accordingly to generically support all mechanisms and types.
Change-Id: Id2a441ec772074df86fc796bd1d33a20344e4ce5
---
barbican/cmd/pkcs11_key_generation.py | 31 +++++++++++++++++++--------
1 file changed, 22 insertions(+), 9 deletions(-)
diff --git a/barbican/cmd/pkcs11_key_generation.py b/barbican/cmd/pkcs11_key_generation.py
index ae96a5a79..e75100ee1 100644
--- a/barbican/cmd/pkcs11_key_generation.py
+++ b/barbican/cmd/pkcs11_key_generation.py
@@ -36,7 +36,8 @@ class KeyGenerator(object):
login_passphrase=self.args.passphrase or password,
rw_session=True,
slot_id=int(self.args.slot_id),
- ffi=ffi
+ ffi=ffi,
+ encryption_mechanism='CKM_AES_CBC'
)
self.session = self.pkcs11.get_session()
@@ -77,14 +78,24 @@ class KeyGenerator(object):
"""Create HMAC generation parser and arguments."""
create_parser = self.subparsers.add_parser('hmac', help='Generates a '
'new HMAC.')
+ create_parser.add_argument('--type', '-t', default='CKK_AES',
+ help='HMAC key type, one of: '
+ '\'CKK_AES\', \'CKK_GENERIC_SECRET\' or '
+ '\'CKK_SHA256_HMAC\'')
+ create_parser.add_argument('--keygen', '-g',
+ default='CKM_AES_KEY_GEN',
+ help='HMAC key generation mechanism, '
+ 'one of: \'CKM_AES_KEY_GEN\' '
+ '\'CKM_NC_SHA256_HMAC_KEY_GEN\' or '
+ '\'CKM_GENERIC_SECRET_KEY_GEN\'')
create_parser.add_argument('--length', '-l', default=32,
help='the length of the HMACKEY')
create_parser.add_argument('--label', '-L', default='primaryhmac',
help='the label for the HMAC')
create_parser.set_defaults(func=self.generate_hmac)
- def verify_label_does_not_exist(self, label, session):
- key_handle = self.pkcs11.get_key_handle(label, session)
+ def verify_label_does_not_exist(self, key_type, label, session):
+ key_handle = self.pkcs11.get_key_handle(key_type, label, session)
if key_handle:
print(
"The label {label} already exists! "
@@ -94,17 +105,19 @@ class KeyGenerator(object):
def generate_mkek(self, args):
"""Process the generate MKEK with given arguments"""
- self.verify_label_does_not_exist(args.label, self.session)
- self.pkcs11.generate_key(int(args.length), self.session, args.label,
+ self.verify_label_does_not_exist(args.type, args.label, self.session)
+ self.pkcs11.generate_key('CKK_AES', int(args.length),
+ 'CKM_AES_KEY_GEN',
+ self.session, args.label,
encrypt=True, wrap=True, master_key=True)
print("MKEK successfully generated!")
def generate_hmac(self, args):
"""Process the generate HMAC with given arguments"""
- self.verify_label_does_not_exist(args.label, self.session)
- self.pkcs11.generate_key(int(args.length), self.session,
- args.label, sign=True,
- master_key=True)
+ self.verify_label_does_not_exist(args.type, args.label, self.session)
+ self.pkcs11.generate_key(args.type, int(args.length), args.keygen,
+ self.session, args.label,
+ sign=True, master_key=True)
print("HMAC successfully generated!")
def execute(self):