Fixed unhashed sign mechanisms.
This commit is contained in:
+1
-1
@@ -199,7 +199,7 @@ CK_RV apply_sign_mechanism_update(op_info_t *op_info, CK_BYTE_PTR in, CK_ULONG i
|
|||||||
// Mechanism not suitable for multipart signatures
|
// Mechanism not suitable for multipart signatures
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|
||||||
case CKM_RSA_X_509:
|
case CKM_RSA_X_509: // TODO: shouldn't this be in the group above?
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|
||||||
case CKM_SHA1_RSA_PKCS:
|
case CKM_SHA1_RSA_PKCS:
|
||||||
|
|||||||
+24
-3
@@ -1319,8 +1319,9 @@ CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(
|
|||||||
}
|
}
|
||||||
|
|
||||||
// The buffer contains an uncompressed point of the form 04, len, 04, x, y
|
// The buffer contains an uncompressed point of the form 04, len, 04, x, y
|
||||||
|
// Where len is the |x| + |y| + 1 bytes
|
||||||
|
|
||||||
op_info.op.sign.key_len = ((template[3].ulValueLen - 1) / 2) * 8;
|
op_info.op.sign.key_len = ((buf[1] - 1) / 2) * 8;
|
||||||
|
|
||||||
if (op_info.op.sign.key_len == 256)
|
if (op_info.op.sign.key_len == 256)
|
||||||
op_info.op.sign.algo = YKPIV_ALGO_ECCP256;
|
op_info.op.sign.algo = YKPIV_ALGO_ECCP256;
|
||||||
@@ -1385,7 +1386,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)(
|
|||||||
DOUT;
|
DOUT;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
DBG(("Sending %lu bytes to sign", ulDataLen));
|
DBG(("Sending %lu bytes to sign", ulDataLen));
|
||||||
dump_hex(pData, ulDataLen, stderr, CK_TRUE);
|
dump_hex(pData, ulDataLen, stderr, CK_TRUE);
|
||||||
@@ -1396,13 +1396,34 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)(
|
|||||||
return CKR_FUNCTION_FAILED; // TODO: every error in here must stop and clear the signing operation
|
return CKR_FUNCTION_FAILED; // TODO: every error in here must stop and clear the signing operation
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
if (is_RSA_mechanism(op_info.mechanism.mechanism)) {
|
||||||
|
// RSA_X_509
|
||||||
|
if (ulDataLen > (op_info.op.sign.key_len / 8)) {
|
||||||
|
DBG(("Data must be shorter than key length (%lu bits)", op_info.op.sign.key_len));
|
||||||
|
return CKR_FUNCTION_FAILED;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// ECDSA
|
||||||
|
if (ulDataLen > 128) {
|
||||||
|
// Specs say ECDSA only supports 1024 bit
|
||||||
|
DBG(("Meximum data length for ECDSA is 128 bytes"));
|
||||||
|
return CKR_FUNCTION_FAILED;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
op_info.buf_len = ulDataLen;
|
||||||
|
memcpy(op_info.buf, pData, ulDataLen);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
if (apply_sign_mechanism_finalize(&op_info) != CKR_OK) {
|
if (apply_sign_mechanism_finalize(&op_info) != CKR_OK) {
|
||||||
DBG(("Unable to finalize signing operation"));
|
DBG(("Unable to finalize signing operation"));
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
}
|
}
|
||||||
|
|
||||||
DBG(("Using key %lx", op_info.op.sign.key_id)); // TODO: test what happens if there is no key on the card
|
DBG(("Using key %lx", op_info.op.sign.key_id));
|
||||||
DBG(("After padding and transformation there are %lu bytes", op_info.buf_len));
|
DBG(("After padding and transformation there are %lu bytes", op_info.buf_len));
|
||||||
dump_hex(op_info.buf, op_info.buf_len, stderr, CK_TRUE);
|
dump_hex(op_info.buf, op_info.buf_len, stderr, CK_TRUE);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user