Merge #52: p11mod: Implement GenerateKeyPair

1d119ad p11mod: Implement GenerateKeyPair (Jeremy Rand) 10bb088 Add p11proxy to OpenDNSSEC "test-rsapub" tests (Jeremy Rand) Pull request description: Refs #46 Top commit has no ACKs. Tree-SHA512: 8aa9f084f0e675a4f1a4173ebdc6cb5e819c791dcbab57fb0d7ba028e2d0dd8d9776a15ed2e4a234f1fd2942710e4ae1974a603027799c26dd20789b6a620152
namecoin · Feb 23, 2022 · 0c79ce8 · 0c79ce8
2 parents a9e055c + 1d119ad
commit 0c79ce8
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 4 deletions.
diff --git a/p11mod/p11mod.go b/p11mod/p11mod.go
@@ -1,4 +1,4 @@
-// Copyright 2021 Namecoin Developers LGPLv3+
+// Copyright 2021-2022 Namecoin Developers LGPLv3+
 
 package p11mod
 
@@ -733,9 +733,47 @@ func (ll *llBackend) GenerateKey(sh pkcs11.SessionHandle, m []*pkcs11.Mechanism,
 }
 
 func (ll *llBackend) GenerateKeyPair(sh pkcs11.SessionHandle, m []*pkcs11.Mechanism, public, private []*pkcs11.Attribute) (pkcs11.ObjectHandle, pkcs11.ObjectHandle, error) {
-	// TODO
-	log.Println("p11mod GenerateKeyPair: not implemented")
-	return 0, 0, pkcs11.Error(pkcs11.CKR_FUNCTION_NOT_SUPPORTED)
+	session, err := ll.getSessionByHandle(sh)
+	if err != nil {
+		return 0, 0, err
+	}
+
+	if len(m) != 1 {
+		log.Println("p11mod GenerateKeyPair: expected exactly one mechanism")
+		return 0, 0, pkcs11.Error(pkcs11.CKR_MECHANISM_INVALID)
+	}
+
+	if m[0] == nil {
+		log.Println("p11mod GenerateKeyPair: nil mechanism")
+		return 0, 0, pkcs11.Error(pkcs11.CKR_MECHANISM_INVALID)
+	}
+
+	request := p11.GenerateKeyPairRequest{
+		Mechanism:            *m[0],
+		PublicKeyAttributes:  public,
+		PrivateKeyAttributes: private,
+	}
+
+	pair, err := session.session.GenerateKeyPair(request)
+	if err != nil {
+		return 0, 0, err
+	}
+
+	session.objects = append(session.objects, p11.Object(pair.Public))
+
+	// 0 is never a valid object handle, as per PKCS#11 spec.  So the object
+	// handle of the final object is its index + 1, which is the same as the
+	// length of the objects slice.
+	publicHandle := len(session.objects)
+
+	session.objects = append(session.objects, p11.Object(pair.Private))
+
+	// 0 is never a valid object handle, as per PKCS#11 spec.  So the object
+	// handle of the final object is its index + 1, which is the same as the
+	// length of the objects slice.
+	privateHandle := len(session.objects)
+
+	return pkcs11.ObjectHandle(publicHandle), pkcs11.ObjectHandle(privateHandle), nil
 }
 
 func (ll *llBackend) WrapKey(sh pkcs11.SessionHandle, m []*pkcs11.Mechanism, wrappingkey, key pkcs11.ObjectHandle) ([]byte, error) {

diff --git a/testdata/ci-opendnssec-tests.bash b/testdata/ci-opendnssec-tests.bash
@@ -34,6 +34,18 @@ echo "===== test-rsaimport slot 0 (diff via p11proxy) ====="
 
 diff -I '^Modulus: [0-9A-F]\+$' test-rsaimport-default.txt test-rsaimport-p11proxy.txt || testdata/dump-proxy-log-fail.bash
 
+echo "===== test-rsapub slot 0 (default) ====="
+
+pkcs11-testing --module "$PKCS11PROXY_CKBI_TARGET" --slot "$SLOT_ID" --pin 1234 --test-rsapub | tee test-rsapub-default.txt || true
+
+echo "===== test-rsapub slot 0 (via p11proxy) ====="
+
+pkcs11-testing --module ./libp11proxy.so --slot "$SLOT_ID" --pin 1234 --test-rsapub | tee test-rsapub-p11proxy.txt || true
+
+echo "===== test-rsapub slot 0 (diff via p11proxy) ====="
+
+diff -I '^Modulus: [0-9A-F]\+$' test-rsapub-default.txt test-rsapub-p11proxy.txt || testdata/dump-proxy-log-fail.bash
+
 echo "===== init slot 1 ====="
 
 SLOT_ID=$(softhsm2-util --init-token --slot 1 --label softhsm --so-pin 1234 --pin 1234 | grep -oE '[^ ]+$')