github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 10:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
labca/patches/ceremony_rsa.patch
Arjan H 407a08a1a3 Bump boulder version to release-2025-03-10
2025-03-13 21:20:26 +01:00

40 lines
2.1 KiB
Diff
Raw Permalink Blame History

diff --git a/cmd/ceremony/rsa.go b/cmd/ceremony/rsa.go
index 7d0eb4b30..465857f3a 100644
--- a/cmd/ceremony/rsa.go
+++ b/cmd/ceremony/rsa.go
@@ -19,7 +19,7 @@ const (
// device and specifies which mechanism should be used. modulusLen specifies the
// length of the modulus to be generated on the device in bits and exponent
// specifies the public exponent that should be used.
-func rsaArgs(label string, modulusLen int, keyID []byte) generateArgs {
+func rsaArgs(label string, modulusLen int, keyID []byte, extractable bool) generateArgs {
// Encode as unpadded big endian encoded byte slice
expSlice := big.NewInt(rsaExp).Bytes()
log.Printf("\tEncoded public exponent (%d) as: %0X\n", rsaExp, expSlice)
@@ -45,7 +45,7 @@ func rsaArgs(label string, modulusLen int, keyID []byte) generateArgs {
// Prevent attributes being retrieved
pkcs11.NewAttribute(pkcs11.CKA_SENSITIVE, true),
// Prevent the key being extracted from the device
- pkcs11.NewAttribute(pkcs11.CKA_EXTRACTABLE, false),
+ pkcs11.NewAttribute(pkcs11.CKA_EXTRACTABLE, extractable),
// Allow the key to create signatures
pkcs11.NewAttribute(pkcs11.CKA_SIGN, true),
},
@@ -76,14 +76,14 @@ func rsaPub(session *pkcs11helpers.Session, object pkcs11.ObjectHandle, modulusL
// specified by modulusLen and with the exponent 65537.
// It returns the public part of the generated key pair as a rsa.PublicKey
// and the random key ID that the HSM uses to identify the key pair.
-func rsaGenerate(session *pkcs11helpers.Session, label string, modulusLen int) (*rsa.PublicKey, []byte, error) {
+func rsaGenerate(session *pkcs11helpers.Session, label string, modulusLen int, extractable bool) (*rsa.PublicKey, []byte, error) {
keyID := make([]byte, 4)
_, err := newRandReader(session).Read(keyID)
if err != nil {
return nil, nil, err
}
log.Printf("Generating RSA key with %d bit modulus and public exponent %d and ID %x\n", modulusLen, rsaExp, keyID)
- args := rsaArgs(label, modulusLen, keyID)
+ args := rsaArgs(label, modulusLen, keyID, extractable)
pub, _, err := session.GenerateKeyPair(args.mechanism, args.publicAttrs, args.privateAttrs)
if err != nil {
return nil, nil, err
Reference in New Issue View Git Blame Copy Permalink