From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Mon, 6 Mar 2017 11:53:48 +0000 (+0100)
Subject: pki: Add key object handle of smartcard or TPM private key as an argument to pki... 
X-Git-Tag: 5.5.2dr7~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ab94f76df6b69abe9e5bd6f138f4ea9991c8f463;p=thirdparty%2Fstrongswan.git

pki: Add key object handle of smartcard or TPM private key as an argument to pki --keyid
---

diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c
index f79120b319..001b9ff5c1 100644
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@@ -1,6 +1,7 @@
 /*
  * Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2017 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -30,7 +31,7 @@ static int keyid()
 	certificate_t *cert;
 	private_key_t *private;
 	public_key_t *public;
-	char *file = NULL;
+	char *file = NULL, *keyid = NULL;
 	void *cred;
 	chunk_t id;
 	char *arg;
@@ -88,6 +89,9 @@ static int keyid()
 			case 'i':
 				file = arg;
 				continue;
+			case 'x':
+				keyid = arg;
+				continue;
 			case EOF:
 				break;
 			default:
@@ -100,6 +104,15 @@ static int keyid()
 		cred = lib->creds->create(lib->creds, type, subtype,
 								  BUILD_FROM_FILE, file, BUILD_END);
 	}
+	else if (keyid)
+	{
+		chunk_t chunk;
+
+		chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
+		cred = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
+								  BUILD_PKCS11_KEYID, chunk, BUILD_END);
+		free(chunk.ptr);
+	}
 	else
 	{
 		chunk_t chunk;
@@ -177,10 +190,11 @@ static void __attribute__ ((constructor))reg()
 	command_register((command_t)
 		{ keyid, 'k', "keyid",
 		"calculate key identifiers of a key/certificate",
-		{"[--in file] [--type priv|rsa|ecdsa|bliss|pub|pkcs10|x509]"},
+		{"[--in file|--keyid hex] [--type priv|rsa|ecdsa|bliss|pub|pkcs10|x509]"},
 		{
 			{"help",	'h', 0, "show usage information"},
 			{"in",		'i', 1, "input file, default: stdin"},
+			{"keyid",	'x', 1, "smartcard or TPM private key object handle"},
 			{"type",	't', 1, "type of key, default: priv"},
 		}
 	});
diff --git a/src/pki/man/pki---keyid.1.in b/src/pki/man/pki---keyid.1.in
index c69f7cbc7c..148b95ec3c 100644
--- a/src/pki/man/pki---keyid.1.in
+++ b/src/pki/man/pki---keyid.1.in
@@ -7,7 +7,9 @@ pki \-\-keyid \- Calculate key identifiers of a key or certificate
 .SH "SYNOPSIS"
 .
 .SY pki\ \-\-keyid
-.OP \-\-in file
+.RB [ \-\-in
+.IR file | \fB\-\-keyid\fR
+.IR hex ]
 .OP \-\-type type
 .OP \-\-debug level
 .YS
@@ -43,6 +45,10 @@ Read command line options from \fIfile\fR.
 .BI "\-i, \-\-in " file
 Input file. If not given the input is read from \fISTDIN\fR.
 .TP
+.BI "\-x, \-\-keyid " hex
+Smartcard or TPM private key object handle in hex format with an optional
+0x prefix.
+.TP
 .BI "\-t, \-\-type " type
 Type of input. One of \fIpriv\fR (private key), \fIrsa\fR (RSA private key),
 \fIecdsa\fR (ECDSA private key), \fIbliss\fR (BLISS private key),
@@ -70,4 +76,4 @@ Calculate key identifiers of an X.509 certificate:
 .
 .SH "SEE ALSO"
 .
-.BR pki (1)
\ No newline at end of file
+.BR pki (1)