Re: [Opencryptoki-tech] [PATCH 1/1] Print readable mechanism info in pkcsconf -m output

[Klaus Heinrich Kiwi]

On Tue, 22 Jun 2010 14:52:48 -0500
Kent Yoder <k...@linux.vnet.ibm.com> wrote:

> This patch adds the text of the mechanism type to the output of
> pkcsconf -m output.

Kent,

 thanks for the patch. A few comments:

> Old:
> Mechanism #2
>         Mechanism: 0x131
>         Key Size: 24-24
>         Flags: 0x8001
> Mechanism #3
>         Mechanism: 0x1
>         Key Size: 512-2048
>         Flags: 0x67B01
> 
> New:
> Mechanism #2
>         Mechanism: 0x131 (CKM_DES3_KEY_GEN)
>         Key Size: 24-24
>         Flags: 0x8001 (CKF_HW|CKF_GENERATE)
> Mechanism #3
>         Mechanism: 0x1 (CKM_RSA_PKCS)
>         Key Size: 512-2048
>         Flags: 0x67B01
> (CKF_HW|CKF_ENCRYPT|CKF_DECRYPT|CKF_SIGN|CKF_SIGN_RECOVER|CKF_VERIFY|CKF_VERIFY_RECOVER|CKF_WRAP|CKF_UNWRAP)
> 
> Tested on s390.
> 
> signed-off-by: Kent Yoder <k...@linux.vnet.ibm.com>
> 
> diff --git a/usr/sbin/pkcsconf/pkcsconf.c
> b/usr/sbin/pkcsconf/pkcsconf.c index 30a143a..3dff85a 100755
> --- a/usr/sbin/pkcsconf/pkcsconf.c
> +++ b/usr/sbin/pkcsconf/pkcsconf.c
> @@ -844,6 +844,39 @@ get_slot_list(int cond, CK_CHAR_PTR slot){
>     return CKR_OK;
>  }
> 
> +void
> +display_mechanism_name(CK_MECHANISM_TYPE mech)
> +{
> +     CK_ULONG i;
> +
> +     for (i = 0; pkcs11_mech_list[i].name; i++) {
> +             if (pkcs11_mech_list[i].mech == mech) {
> +                     printf("(%s)", pkcs11_mech_list[i].name);
> +             }
> +     }
> +}
> +
> +void
> +display_mechanism_flags(CK_FLAGS flags)
> +{
> +     CK_ULONG i, firsties = 1;
> +
> +     for (i = 0; pkcs11_mech_flags[i].name; i++) {
> +             if (pkcs11_mech_flags[i].flag & flags) {
> +                     if (firsties) {
> +                             printf("(");
> +                             firsties = 0;
> +                     }
> +
> +                     printf("%s|", pkcs11_mech_flags[i].name);
> +             }
> +     }
> +
> +     if (!firsties) {
> +             printf(")");
                        ^^^
What's ""? encoding error?


> diff --git a/usr/sbin/pkcsconf/pkcsconf_msg.h
> b/usr/sbin/pkcsconf/pkcsconf_msg.h index 1ca9c04..efeb42e 100755
> --- a/usr/sbin/pkcsconf/pkcsconf_msg.h
> +++ b/usr/sbin/pkcsconf/pkcsconf_msg.h
> @@ -378,4 +378,239 @@
>  #define USAGE7 68
>  #define USAGE8 69
>  #define USAGE9 70
> +
> +
> +
> +/* list of mechanism flags and their printable string names */
> +struct _pkcs11_mech_flags {
> +     char *name;
> +     CK_FLAGS flag;
> +} pkcs11_mech_flags[] = {
> +     { "CKF_HW", 0x00000001 },
> +     { "CKF_ENCRYPT", 0x00000100 },
> +     { "CKF_DECRYPT", 0x00000200 },
> +     { "CKF_DIGEST", 0x00000400 },
> +     { "CKF_SIGN", 0x00000800 },
...
> +
> +
> +/* list of mechanisms and their printable string names */
> +struct _pkcs11_mech_list {
> +     char *name;
> +     CK_MECHANISM_TYPE mech;
> +} pkcs11_mech_list[] = {
> +     { "CKM_RSA_PKCS_KEY_PAIR_GEN", 0x00000000 },
> +     { "CKM_RSA_PKCS", 0x00000001 },

For both pkcs11_mech_flags[] and pkcs11_mech_list[], we probably want
to use real pkcs11types.h macros. e.g.:

#include <pkcs11types.h>
{"CKM_RSA_PKCS_KEY_PAIR_GEN", CKM_RSA_PKCS_KEY_PAR_GEN },


Ideally we could have a macro that would able to generate such lists
automatically. pkcsconf also lacks human-readable error codes after
all. But we can address this later.

For the moment, can you take re-format the patch to apply on top of the
opencryptoki-next branch?

Thanks,

 -Klaus


-- 
Klaus Heinrich Kiwi | kla...@br.ibm.com | http://blog.klauskiwi.com
Open Source Security blog :     http://www.ratliff.net/blog
IBM Linux Technology Center :   http://www.ibm.com/linux/ltc

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Opencryptoki-tech mailing list
Opencryptoki-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech