Implement more options, for p11kcv (#60)

* CKA_CHECK_VALUE can be used (when present)
* support for CMAC
* support for XCBC-MAC and XBCB-MAC-96
* support for legacy (FIPS PUB 113) MAC on 3DES keys
* attributes (signing and encryption) are checked before respective functions are invoked
* documentation changes.

---------

Co-authored-by: Pat Buah <[email protected]>

CHANGELOG.md

@@ -6,6 +6,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 # [UNPUBLISHED]
 ### Added
+- `p11kcv` beefed up, to support multiple MACing algorithms, as well as displaying the value of `CKA_CHECK_VALUE`
 - support for wrapping keys in JOSE Web Key format (JWK, RFC 7178)
 - new option `--enable-duplicate`, to override duplicate label protection when creating or importing a key (must be enabled at compile time)
 - search templates: it is now possible to add other attributes in a search, to filter out on more than one attribute

bootstrap.sh

@@ -60,7 +60,7 @@ else
 fi
 
 # invoke gnulib
-.gnulib/gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=. --no-conditional-dependencies --no-libtool --macro-prefix=gl byteswap gethostname getline getopt-gnu malloc-gnu calloc-gnu realloc-gnu regex strcase strsep termios time sysexits
+.gnulib/gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=. --no-conditional-dependencies --no-libtool --macro-prefix=gl byteswap gethostname getline getopt-gnu malloc-gnu calloc-gnu realloc-gnu regex strcase strsep termios time sysexits minmax
 
 # create configure scripts
 autoreconf -vfi

docs/MANUAL.md

@@ -836,18 +836,33 @@ To prevent this (some PKCS\#11 library do not support this), add the `-r` option
 ## p11kcv
 
 Computes the key check value of a symmetric key and prints it. This will work only on secret keys, i.e. DES, AES and
-HMAC keys.
+HMAC keys. Keys must have `CKA_SIGN` enabled, except for the 'ecb' method, where `CKA_ENCRYPT` must be enabled.
 
 The key check value is computed as follows:
 
-- For DES keys, it performs a signature (MACing) or an encryption on a block of 8 zeroised bytes, and outputs the
-  first 3 bytes.
-- For AES keys, it performs a signature (MACing) or an encryption on a block of 16 zeroised bytes, and outputs the
-  first 3 bytes.
+- For all keys:
+  - kcv: if `CKA_CHECK_VALUE` attribute is present on the key, and `kcv` is specified as the algorithm, the key check value is retrieved from the attribute value.
+
+- For DES keys:
+  - legacy: signature or encryption on a block of 8 zeroized bytes, using ECB mode
+  - mac: FIPS PUB 113 MAC computation on a block of 8 zeroized bytes
+
+- In addition, for 3DES keys:
+  - cmac: RFC4493 CMAC computation on a block of 16 zeroized bytes
+
+- For AES keys:
+  - legacy: signature or encryption on a block of 16 zeroized bytes, using ECB mode
+  - cmac: RFC4493 CMAC computation on a block of 16 zeroized bytes
+  - aes-xcbc-mac: RFC3566 XCBC-MAC computation on a block of 16 zeroized bytes
+  - aes-xcbc-mac-16: RFC3566 XCBC-MAC-16 computation on a block of 16 zeroized bytes
+
 - For HMAC keys, the key check value is computed by HMACing a null-length buffer. Alternatively, it is possible to
   specify a length, using the `-b` optional argument, in which case a zeroised buffer of the specified length is used as
   input to the HMAC.
 
+The KCV algorithm can be set using the `-f` optional argument.
+By default, 3 bytes are printed, but this value can be adjusted using the `-n` optional argument.
+
 ## p11req
 
 Generate a PKCS\#10 CSR. Important options are:

include/pkcs11lib.h

@@ -749,8 +749,24 @@ func_rc pkcs11_info_ecsupport(pkcs11Context *p11Context);
 func_rc pkcs11_change_object_attributes(pkcs11Context *p11Context, char *label, CK_ATTRIBUTE *attr, size_t cnt, int interactive );
 
 /* kcv functions */
+
+/* supported MAC algorithms, for p11kcv */
+typedef enum {
+    legacy,			/* legacy is used to behave like before: it picks the old algorithm, based upon the key type */
+    kcv,            /* tries to use CKA_CHECK_VALUE attribute if found */
+    hash_sha1,
+    hash_sha256,
+    hash_sha384,
+    hash_sha512,
+    ecb,			/* CKM_XXX_ECB method - can be used with an encryption key instead */
+    mac,			/* CKM_XXX_MAC */
+    cmac,			/* CKM_XXX_CMAC */
+    aes_xcbc_mac,		/* CKM_AES_XCBC_MAC */
+    aes_xcbc_mac_96,		/* CKM_AES_XCBC_MAC_96 */
+} mac_alg_t;
+
 #define MAX_KCV_CLEARTEXT_SIZE 256
-void pkcs11_display_kcv( pkcs11Context *p11Context, char *label, unsigned hmacdatasize );
+void pkcs11_display_kcv( pkcs11Context *p11Context, char *label, unsigned hmacdatasize, mac_alg_t algo, size_t kcvsize);
 
 /* wrap/unwrap functions */
 func_rc pkcs11_prepare_wrappingctx(wrappedKeyCtx *wctx, char *wrappingjob);