Fixed unhashed sign mechanisms.

This commit is contained in:
Alessio Di Mauro
2015-08-19 15:20:27 +02:00
parent 6a60c779da
commit a792e16333
2 changed files with 25 additions and 4 deletions
+24 -3
View File
@@ -1319,8 +1319,9 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(
}
// The buffer contains an uncompressed point of the form 04, len, 04, x, y
// Where len is the |x| + |y| + 1 bytes
op_info.op.sign.key_len = ((template[3].ulValueLen - 1) / 2) * 8;
op_info.op.sign.key_len = ((buf[1] - 1) / 2) * 8;
if (op_info.op.sign.key_len == 256)
op_info.op.sign.algo = YKPIV_ALGO_ECCP256;
@@ -1385,7 +1386,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)(
DOUT;
return CKR_OK;
}
DBG(("Sending %lu bytes to sign", ulDataLen));
dump_hex(pData, ulDataLen, stderr, CK_TRUE);
@@ -1396,13 +1396,34 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)(
return CKR_FUNCTION_FAILED; // TODO: every error in here must stop and clear the signing operation
}
}
else {
if (is_RSA_mechanism(op_info.mechanism.mechanism)) {
// RSA_X_509
if (ulDataLen > (op_info.op.sign.key_len / 8)) {
DBG(("Data must be shorter than key length (%lu bits)", op_info.op.sign.key_len));
return CKR_FUNCTION_FAILED;
}
}
else {
// ECDSA
if (ulDataLen > 128) {
// Specs say ECDSA only supports 1024 bit
DBG(("Meximum data length for ECDSA is 128 bytes"));
return CKR_FUNCTION_FAILED;
}
}
op_info.buf_len = ulDataLen;
memcpy(op_info.buf, pData, ulDataLen);
}
if (apply_sign_mechanism_finalize(&op_info) != CKR_OK) {
DBG(("Unable to finalize signing operation"));
return CKR_FUNCTION_FAILED;
}
DBG(("Using key %lx", op_info.op.sign.key_id)); // TODO: test what happens if there is no key on the card
DBG(("Using key %lx", op_info.op.sign.key_id));
DBG(("After padding and transformation there are %lu bytes", op_info.buf_len));
dump_hex(op_info.buf, op_info.buf_len, stderr, CK_TRUE);