Add support for ECDSA_SHA256.
This commit is contained in:
+9
-2
@@ -19,7 +19,8 @@ static const CK_MECHANISM_TYPE sign_mechanisms[] = {
|
|||||||
CKM_SHA384_RSA_PKCS_PSS,
|
CKM_SHA384_RSA_PKCS_PSS,
|
||||||
CKM_SHA512_RSA_PKCS_PSS,
|
CKM_SHA512_RSA_PKCS_PSS,
|
||||||
CKM_ECDSA,
|
CKM_ECDSA,
|
||||||
CKM_ECDSA_SHA1
|
CKM_ECDSA_SHA1,
|
||||||
|
CKM_ECDSA_SHA256
|
||||||
};
|
};
|
||||||
|
|
||||||
// Supported mechanisms for key pair generation
|
// Supported mechanisms for key pair generation
|
||||||
@@ -126,6 +127,7 @@ CK_BBOOL is_hashed_mechanism(CK_MECHANISM_TYPE m) {
|
|||||||
case CKM_SHA384_RSA_PKCS_PSS:
|
case CKM_SHA384_RSA_PKCS_PSS:
|
||||||
case CKM_SHA512_RSA_PKCS_PSS:
|
case CKM_SHA512_RSA_PKCS_PSS:
|
||||||
case CKM_ECDSA_SHA1:
|
case CKM_ECDSA_SHA1:
|
||||||
|
case CKM_ECDSA_SHA256:
|
||||||
case CKM_SHA_1:
|
case CKM_SHA_1:
|
||||||
case CKM_SHA256:
|
case CKM_SHA256:
|
||||||
case CKM_SHA384:
|
case CKM_SHA384:
|
||||||
@@ -160,6 +162,7 @@ CK_RV apply_sign_mechanism_init(op_info_t *op_info) {
|
|||||||
|
|
||||||
case CKM_SHA256_RSA_PKCS:
|
case CKM_SHA256_RSA_PKCS:
|
||||||
case CKM_SHA256_RSA_PKCS_PSS:
|
case CKM_SHA256_RSA_PKCS_PSS:
|
||||||
|
case CKM_ECDSA_SHA256:
|
||||||
return do_md_init(YKCS11_SHA256, &op_info->op.sign.md_ctx);
|
return do_md_init(YKCS11_SHA256, &op_info->op.sign.md_ctx);
|
||||||
|
|
||||||
case CKM_SHA384_RSA_PKCS:
|
case CKM_SHA384_RSA_PKCS:
|
||||||
@@ -201,6 +204,7 @@ CK_RV apply_sign_mechanism_update(op_info_t *op_info, CK_BYTE_PTR in, CK_ULONG i
|
|||||||
case CKM_SHA384_RSA_PKCS_PSS:
|
case CKM_SHA384_RSA_PKCS_PSS:
|
||||||
case CKM_SHA512_RSA_PKCS_PSS:
|
case CKM_SHA512_RSA_PKCS_PSS:
|
||||||
case CKM_ECDSA_SHA1:
|
case CKM_ECDSA_SHA1:
|
||||||
|
case CKM_ECDSA_SHA256:
|
||||||
rv = do_md_update(op_info->op.sign.md_ctx, in, in_len);
|
rv = do_md_update(op_info->op.sign.md_ctx, in, in_len);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
@@ -278,6 +282,7 @@ CK_RV apply_sign_mechanism_finalize(op_info_t *op_info) {
|
|||||||
return do_pkcs_1_t1(op_info->buf, len, op_info->buf, &op_info->buf_len, op_info->op.sign.key_len);
|
return do_pkcs_1_t1(op_info->buf, len, op_info->buf, &op_info->buf_len, op_info->op.sign.key_len);
|
||||||
|
|
||||||
case CKM_ECDSA_SHA1:
|
case CKM_ECDSA_SHA1:
|
||||||
|
case CKM_ECDSA_SHA256:
|
||||||
// Finalize the hash
|
// Finalize the hash
|
||||||
rv = do_md_finalize(op_info->op.sign.md_ctx, op_info->buf, &op_info->buf_len, &nid);
|
rv = do_md_finalize(op_info->op.sign.md_ctx, op_info->buf, &op_info->buf_len, &nid);
|
||||||
if (rv != CKR_OK)
|
if (rv != CKR_OK)
|
||||||
@@ -358,7 +363,7 @@ CK_RV check_pubkey_template(op_info_t *op_info, CK_ATTRIBUTE_PTR templ, CK_ULONG
|
|||||||
if (op_info->op.gen.rsa == CK_FALSE)
|
if (op_info->op.gen.rsa == CK_FALSE)
|
||||||
return CKR_ATTRIBUTE_VALUE_INVALID;
|
return CKR_ATTRIBUTE_VALUE_INVALID;
|
||||||
|
|
||||||
if (*((CK_ULONG_PTR)templ[i].pValue) != 1024 &&
|
if (*((CK_ULONG_PTR) templ[i].pValue) != 1024 &&
|
||||||
*((CK_ULONG_PTR) templ[i].pValue) != 2048) { // TODO: make define?
|
*((CK_ULONG_PTR) templ[i].pValue) != 2048) { // TODO: make define?
|
||||||
DBG(("Unsupported MODULUS_BITS (key length)"));
|
DBG(("Unsupported MODULUS_BITS (key length)"));
|
||||||
return CKR_ATTRIBUTE_VALUE_INVALID;
|
return CKR_ATTRIBUTE_VALUE_INVALID;
|
||||||
@@ -386,6 +391,7 @@ CK_RV check_pubkey_template(op_info_t *op_info, CK_ATTRIBUTE_PTR templ, CK_ULONG
|
|||||||
case CKA_ENCRYPT:
|
case CKA_ENCRYPT:
|
||||||
case CKA_VERIFY:
|
case CKA_VERIFY:
|
||||||
case CKA_WRAP:
|
case CKA_WRAP:
|
||||||
|
case CKA_DERIVE:
|
||||||
// Ignore these attributes for now
|
// Ignore these attributes for now
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -451,6 +457,7 @@ CK_RV check_pvtkey_template(op_info_t *op_info, CK_ATTRIBUTE_PTR templ, CK_ULONG
|
|||||||
case CKA_SIGN:
|
case CKA_SIGN:
|
||||||
case CKA_PRIVATE:
|
case CKA_PRIVATE:
|
||||||
case CKA_TOKEN:
|
case CKA_TOKEN:
|
||||||
|
case CKA_DERIVE:
|
||||||
// Ignore these attributes for now
|
// Ignore these attributes for now
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|||||||
@@ -647,6 +647,12 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
|||||||
//#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 // Deprecated in 2.11
|
//#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 // Deprecated in 2.11
|
||||||
#define CKM_ECDSA 0x00001041UL
|
#define CKM_ECDSA 0x00001041UL
|
||||||
#define CKM_ECDSA_SHA1 0x00001042UL
|
#define CKM_ECDSA_SHA1 0x00001042UL
|
||||||
|
/* NOT STANDARD */
|
||||||
|
#define CKM_ECDSA_SHA224 0x00001043UL
|
||||||
|
#define CKM_ECDSA_SHA256 0x00001044UL
|
||||||
|
#define CKM_ECDSA_SHA384 0x00001045UL
|
||||||
|
#define CKM_ECDSA_SHA512 0x00001046UL
|
||||||
|
/* NOT STANDARD */
|
||||||
|
|
||||||
/* Added for 2.4 */
|
/* Added for 2.4 */
|
||||||
#define CKM_ECDH1_DERIVE 0x00001050UL
|
#define CKM_ECDH1_DERIVE 0x00001050UL
|
||||||
|
|||||||
@@ -32,6 +32,7 @@ static const CK_MECHANISM_TYPE token_mechanisms[] = { // KEEP ALIGNED WITH token
|
|||||||
//CKM_ECDSA_KEY_PAIR_GEN, Same as CKM_EC_KEY_PAIR_GEN, deprecated in 2.11
|
//CKM_ECDSA_KEY_PAIR_GEN, Same as CKM_EC_KEY_PAIR_GEN, deprecated in 2.11
|
||||||
CKM_ECDSA,
|
CKM_ECDSA,
|
||||||
CKM_ECDSA_SHA1,
|
CKM_ECDSA_SHA1,
|
||||||
|
CKM_ECDSA_SHA256,
|
||||||
CKM_SHA_1,
|
CKM_SHA_1,
|
||||||
CKM_SHA256,
|
CKM_SHA256,
|
||||||
CKM_SHA384,
|
CKM_SHA384,
|
||||||
@@ -57,6 +58,7 @@ static const CK_MECHANISM_INFO token_mechanism_infos[] = { // KEEP ALIGNED WITH
|
|||||||
//{, , }, // CKM_ECDSA_KEY_PAIR_GEN Same as CKM_EC_KEY_PAIR_GEN deprecated in 2.11
|
//{, , }, // CKM_ECDSA_KEY_PAIR_GEN Same as CKM_EC_KEY_PAIR_GEN deprecated in 2.11
|
||||||
{MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN}, // CKM_ECDSA
|
{MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN}, // CKM_ECDSA
|
||||||
{MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN}, // CKM_ECDSA_SHA1
|
{MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN}, // CKM_ECDSA_SHA1
|
||||||
|
{MIN_ECC_KEY_SIZE, MAX_ECC_KEY_SIZE, CKF_HW | CKF_SIGN}, // CKM_ECDSA_SHA256
|
||||||
{0, 0, CKF_DIGEST}, // CKM_SHA_1
|
{0, 0, CKF_DIGEST}, // CKM_SHA_1
|
||||||
{0, 0, CKF_DIGEST}, // CKM_SHA256
|
{0, 0, CKF_DIGEST}, // CKM_SHA256
|
||||||
{0, 0, CKF_DIGEST}, // CKM_SHA384
|
{0, 0, CKF_DIGEST}, // CKM_SHA384
|
||||||
|
|||||||
Reference in New Issue
Block a user