Fixed RSA_X_509 padding.
This commit is contained in:
+8
-13
@@ -1,5 +1,6 @@
|
|||||||
#include "mechanisms.h"
|
#include "mechanisms.h"
|
||||||
#include "debug.h"
|
#include "debug.h"
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
#define F4 "\x01\x00\x01"
|
#define F4 "\x01\x00\x01"
|
||||||
#define PRIME256V1 "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07"
|
#define PRIME256V1 "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07"
|
||||||
@@ -146,14 +147,9 @@ CK_RV apply_sign_mechanism_init(op_info_t *op_info) {
|
|||||||
|
|
||||||
switch (op_info->mechanism.mechanism) {
|
switch (op_info->mechanism.mechanism) {
|
||||||
case CKM_RSA_PKCS:
|
case CKM_RSA_PKCS:
|
||||||
// No hash required for this mechanism
|
|
||||||
return CKR_OK;
|
|
||||||
|
|
||||||
case CKM_RSA_PKCS_PSS:
|
case CKM_RSA_PKCS_PSS:
|
||||||
// No hash required for this mechanism
|
|
||||||
return CKR_OK;
|
|
||||||
|
|
||||||
case CKM_RSA_X_509:
|
case CKM_RSA_X_509:
|
||||||
|
case CKM_ECDSA:
|
||||||
// No hash required for this mechanism
|
// No hash required for this mechanism
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|
||||||
@@ -174,10 +170,6 @@ CK_RV apply_sign_mechanism_init(op_info_t *op_info) {
|
|||||||
case CKM_SHA512_RSA_PKCS_PSS:
|
case CKM_SHA512_RSA_PKCS_PSS:
|
||||||
return do_md_init(YKCS11_SHA512, &op_info->op.sign.md_ctx);
|
return do_md_init(YKCS11_SHA512, &op_info->op.sign.md_ctx);
|
||||||
|
|
||||||
case CKM_ECDSA:
|
|
||||||
// No hash required for this mechanism
|
|
||||||
return CKR_OK;
|
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
}
|
}
|
||||||
@@ -196,12 +188,10 @@ CK_RV apply_sign_mechanism_update(op_info_t *op_info, CK_BYTE_PTR in, CK_ULONG i
|
|||||||
case CKM_RSA_PKCS:
|
case CKM_RSA_PKCS:
|
||||||
case CKM_RSA_PKCS_PSS:
|
case CKM_RSA_PKCS_PSS:
|
||||||
case CKM_ECDSA:
|
case CKM_ECDSA:
|
||||||
|
case CKM_RSA_X_509:
|
||||||
// Mechanism not suitable for multipart signatures
|
// Mechanism not suitable for multipart signatures
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|
||||||
case CKM_RSA_X_509: // TODO: shouldn't this be in the group above?
|
|
||||||
return CKR_OK;
|
|
||||||
|
|
||||||
case CKM_SHA1_RSA_PKCS:
|
case CKM_SHA1_RSA_PKCS:
|
||||||
case CKM_SHA256_RSA_PKCS:
|
case CKM_SHA256_RSA_PKCS:
|
||||||
case CKM_SHA384_RSA_PKCS:
|
case CKM_SHA384_RSA_PKCS:
|
||||||
@@ -258,6 +248,11 @@ CK_RV apply_sign_mechanism_finalize(op_info_t *op_info) {
|
|||||||
return rv;
|
return rv;
|
||||||
|
|
||||||
case CKM_RSA_X_509:
|
case CKM_RSA_X_509:
|
||||||
|
// Padding in this case consists of prepending zeroes
|
||||||
|
len = (op_info->op.sign.key_len / 8) - op_info->buf_len;
|
||||||
|
memmove(op_info->buf + len, op_info->buf, op_info->buf_len);
|
||||||
|
memset(op_info->buf, 0, len);
|
||||||
|
op_info->buf_len = op_info->op.sign.key_len / 8;
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|
||||||
case CKM_SHA1_RSA_PKCS:
|
case CKM_SHA1_RSA_PKCS:
|
||||||
|
|||||||
Reference in New Issue
Block a user