From 5a2c00deb777730a7e9b0c42a39e8815e4e2b928 Mon Sep 17 00:00:00 2001 From: Alessio Di Mauro Date: Tue, 25 Aug 2015 15:55:52 +0200 Subject: [PATCH] Add of DigestInit. --- ykcs11/mechanisms.c | 37 +++++++++++++++++++++++++++++++++++++ ykcs11/mechanisms.h | 2 ++ ykcs11/ykcs11.c | 44 ++++++++++++++++++++++++++++++++++++++------ 3 files changed, 77 insertions(+), 6 deletions(-) diff --git a/ykcs11/mechanisms.c b/ykcs11/mechanisms.c index fd85abd..a469574 100644 --- a/ykcs11/mechanisms.c +++ b/ykcs11/mechanisms.c @@ -30,6 +30,14 @@ static const CK_MECHANISM_TYPE generation_mechanisms[] = { CKM_EC_KEY_PAIR_GEN }; +// Supported mechanisms for hashing +static const CK_MECHANISM_TYPE hash_mechanisms[] = { + CKM_SHA_1, + CKM_SHA256, + CKM_SHA384, + CKM_SHA512 +}; + CK_RV check_sign_mechanism(const ykcs11_session_t *s, const CK_MECHANISM_PTR m) { CK_ULONG i; @@ -470,3 +478,32 @@ CK_RV check_pvtkey_template(op_info_t *op_info, CK_ATTRIBUTE_PTR templ, CK_ULONG return CKR_OK; } + +CK_RV check_hash_mechanism(const ykcs11_session_t *s, CK_MECHANISM_PTR m) { + + CK_ULONG i; + CK_BBOOL supported = CK_FALSE; + token_vendor_t token; + CK_MECHANISM_INFO info; + + // Check if the mechanism is supported by the module + for (i = 0; i < sizeof(hash_mechanisms) / sizeof(CK_MECHANISM_TYPE); i++) { + if (m->mechanism == hash_mechanisms[i]) { + supported = CK_TRUE; + break; + } + } + if (supported == CK_FALSE) + return CKR_MECHANISM_INVALID; + + // Check if the mechanism is supported by the token + token = get_token_vendor(s->slot->token->vid); + + if (token.get_token_mechanism_info(m->mechanism, &info) != CKR_OK) + return CKR_MECHANISM_INVALID; + + // TODO: also check that parametes make sense if any? And key size is in [min max] + + return CKR_OK; + +} diff --git a/ykcs11/mechanisms.h b/ykcs11/mechanisms.h index c49ca04..af00225 100644 --- a/ykcs11/mechanisms.h +++ b/ykcs11/mechanisms.h @@ -16,4 +16,6 @@ CK_RV check_generation_mechanism(const ykcs11_session_t *s, CK_MECHANISM_PTR m); CK_RV check_pubkey_template(op_info_t *op_info, CK_ATTRIBUTE_PTR templ, CK_ULONG n); CK_RV check_pvtkey_template(op_info_t *op_info, CK_ATTRIBUTE_PTR templ, CK_ULONG n); +CK_RV check_hash_mechanism(const ykcs11_session_t *s, CK_MECHANISM_PTR m); + #endif diff --git a/ykcs11/ykcs11.c b/ykcs11/ykcs11.c index 6a83375..9e6920f 100644 --- a/ykcs11/ykcs11.c +++ b/ykcs11/ykcs11.c @@ -217,8 +217,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)( ) { DIN; - CK_VERSION ver = {0, 0}; - token_vendor_t token; CK_BYTE buf[64]; if (piv_state == NULL) { @@ -246,8 +244,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)( return CKR_TOKEN_NOT_RECOGNIZED; } - token = get_token_vendor(slots[slotID].token->vid); - memcpy(pInfo, &slots[slotID].token->info, sizeof(CK_TOKEN_INFO)); // Overwrite values that are application specific @@ -686,7 +682,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Login)( ) { DIN; - CK_ULONG tries; + CK_ULONG tries = 0; if (piv_state == NULL) { DBG(("libykpiv is not initialized or already finalized")); @@ -1219,7 +1215,43 @@ CK_DEFINE_FUNCTION(CK_RV, C_DigestInit)( ) { DIN; - DBG(("TODO!!!")); + + if (piv_state == NULL) { + DBG(("libykpiv is not initialized or already finalized")); + return CKR_CRYPTOKI_NOT_INITIALIZED; + } + + if (session.handle != YKCS11_SESSION_ID) { + DBG(("Session is not open")); + return CKR_SESSION_CLOSED; + } + + if (hSession != session.handle) { + DBG(("Unknown session %lu", hSession)); + return CKR_SESSION_HANDLE_INVALID; + } + + if (op_info.type != YKCS11_NOOP) { + DBG(("Other operation in process")); + return CKR_OPERATION_ACTIVE; + } + + if (pMechanism == NULL_PTR) { + DBG(("Wrong/Missing parameter")); + return CKR_ARGUMENTS_BAD; + } + + DBG(("Trying to hash some data with mechanism %lu", pMechanism->mechanism)); + + // Check if mechanism is supported + if (check_hash_mechanism(&session, pMechanism) != CKR_OK) { + DBG(("Mechanism %lu is not supported either by the token or the module", pMechanism->mechanism)); + return CKR_MECHANISM_INVALID; + } + memcpy(&op_info.mechanism, pMechanism, sizeof(CK_MECHANISM)); + + op_info.type = YKCS11_HASH; + DOUT; return CKR_OK; }