Fixed object attribute matching.
Added ECDSA.
This commit is contained in:
+36
-6
@@ -102,6 +102,32 @@ CK_BBOOL is_PSS_mechanism(CK_MECHANISM_TYPE m) {
|
|||||||
return CK_FALSE;
|
return CK_FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CK_BBOOL is_hashed_mechanism(CK_MECHANISM_TYPE m) {
|
||||||
|
|
||||||
|
switch (m) {
|
||||||
|
case CKM_SHA1_RSA_PKCS:
|
||||||
|
case CKM_SHA256_RSA_PKCS:
|
||||||
|
case CKM_SHA384_RSA_PKCS:
|
||||||
|
case CKM_SHA512_RSA_PKCS:
|
||||||
|
case CKM_SHA1_RSA_PKCS_PSS:
|
||||||
|
case CKM_SHA256_RSA_PKCS_PSS:
|
||||||
|
case CKM_SHA384_RSA_PKCS_PSS:
|
||||||
|
case CKM_SHA512_RSA_PKCS_PSS:
|
||||||
|
case CKM_ECDSA_SHA1:
|
||||||
|
case CKM_SHA_1:
|
||||||
|
case CKM_SHA256:
|
||||||
|
case CKM_SHA384:
|
||||||
|
case CKM_SHA512:
|
||||||
|
return CK_TRUE;
|
||||||
|
|
||||||
|
default:
|
||||||
|
return CK_FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Not reached
|
||||||
|
return CK_FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
CK_RV apply_sign_mechanism_init(op_info_t *op_info) {
|
CK_RV apply_sign_mechanism_init(op_info_t *op_info) {
|
||||||
|
|
||||||
if (op_info->type != YKCS11_SIGN)
|
if (op_info->type != YKCS11_SIGN)
|
||||||
@@ -138,7 +164,8 @@ CK_RV apply_sign_mechanism_init(op_info_t *op_info) {
|
|||||||
return do_md_init(YKCS11_SHA512, &op_info->op.sign.md_ctx);
|
return do_md_init(YKCS11_SHA512, &op_info->op.sign.md_ctx);
|
||||||
|
|
||||||
case CKM_ECDSA:
|
case CKM_ECDSA:
|
||||||
return CKR_FUNCTION_FAILED; // TODO: but no hash needed
|
// No hash required for this mechanism
|
||||||
|
return CKR_OK;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
@@ -157,6 +184,7 @@ CK_RV apply_sign_mechanism_update(op_info_t *op_info, CK_BYTE_PTR in, CK_ULONG i
|
|||||||
switch (op_info->mechanism.mechanism) {
|
switch (op_info->mechanism.mechanism) {
|
||||||
case CKM_RSA_PKCS:
|
case CKM_RSA_PKCS:
|
||||||
case CKM_RSA_PKCS_PSS:
|
case CKM_RSA_PKCS_PSS:
|
||||||
|
case CKM_ECDSA:
|
||||||
// Mechanism not suitable for multipart signatures
|
// Mechanism not suitable for multipart signatures
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|
||||||
@@ -178,9 +206,6 @@ CK_RV apply_sign_mechanism_update(op_info_t *op_info, CK_BYTE_PTR in, CK_ULONG i
|
|||||||
|
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|
||||||
case CKM_ECDSA:
|
|
||||||
return CKR_FUNCTION_FAILED;
|
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
}
|
}
|
||||||
@@ -251,9 +276,14 @@ CK_RV apply_sign_mechanism_finalize(op_info_t *op_info) {
|
|||||||
op_info->buf_len = sizeof(op_info->buf);
|
op_info->buf_len = sizeof(op_info->buf);
|
||||||
return do_pkcs_1_t1(op_info->buf, len, op_info->buf, &op_info->buf_len, op_info->op.sign.key_len);
|
return do_pkcs_1_t1(op_info->buf, len, op_info->buf, &op_info->buf_len, op_info->op.sign.key_len);
|
||||||
|
|
||||||
case CKM_ECDSA_SHA1: // TODO:
|
case CKM_ECDSA_SHA1:
|
||||||
|
// Finalize the hash
|
||||||
|
rv = do_md_finalize(op_info->op.sign.md_ctx, op_info->buf, &op_info->buf_len, &nid);
|
||||||
|
if (rv != CKR_OK)
|
||||||
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|
||||||
case CKM_ECDSA:
|
case CKM_ECDSA:
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_OK;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return CKR_FUNCTION_FAILED;
|
return CKR_FUNCTION_FAILED;
|
||||||
|
|||||||
@@ -6,6 +6,7 @@
|
|||||||
CK_RV check_sign_mechanism(const ykcs11_session_t *s, CK_MECHANISM_PTR m);
|
CK_RV check_sign_mechanism(const ykcs11_session_t *s, CK_MECHANISM_PTR m);
|
||||||
CK_BBOOL is_RSA_mechanism(CK_MECHANISM_TYPE m);
|
CK_BBOOL is_RSA_mechanism(CK_MECHANISM_TYPE m);
|
||||||
CK_BBOOL is_PSS_mechanism(CK_MECHANISM_TYPE m);
|
CK_BBOOL is_PSS_mechanism(CK_MECHANISM_TYPE m);
|
||||||
|
CK_BBOOL is_hashed_mechanism(CK_MECHANISM_TYPE m);
|
||||||
|
|
||||||
CK_RV apply_sign_mechanism_init(op_info_t *op_info);
|
CK_RV apply_sign_mechanism_init(op_info_t *op_info);
|
||||||
CK_RV apply_sign_mechanism_update(op_info_t *op_info, CK_BYTE_PTR in, CK_ULONG in_len);
|
CK_RV apply_sign_mechanism_update(op_info_t *op_info, CK_BYTE_PTR in, CK_ULONG in_len);
|
||||||
|
|||||||
+8
-9
@@ -927,6 +927,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(
|
|||||||
if (is_private_object(&session, find_obj.objects[i]) == CK_TRUE) {
|
if (is_private_object(&session, find_obj.objects[i]) == CK_TRUE) {
|
||||||
DBG(("Stripping away private object %u", find_obj.objects[i]));
|
DBG(("Stripping away private object %u", find_obj.objects[i]));
|
||||||
find_obj.objects[i] = OBJECT_INVALID;
|
find_obj.objects[i] = OBJECT_INVALID;
|
||||||
|
total--;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -937,6 +938,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(
|
|||||||
DBG(("Removing object %u from the list", find_obj.objects[i]));
|
DBG(("Removing object %u from the list", find_obj.objects[i]));
|
||||||
find_obj.objects[i] = OBJECT_INVALID; // Object not matching, mark it
|
find_obj.objects[i] = OBJECT_INVALID; // Object not matching, mark it
|
||||||
total--;
|
total--;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
DBG(("Keeping object %u in the list", find_obj.objects[i]));
|
DBG(("Keeping object %u in the list", find_obj.objects[i]));
|
||||||
@@ -945,11 +947,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(
|
|||||||
|
|
||||||
DBG(("%lu object(s) left after attribute matching", total));
|
DBG(("%lu object(s) left after attribute matching", total));
|
||||||
|
|
||||||
// TODO: do it properly here, just a test now
|
|
||||||
//find_obj.objects = session.slot->token->objects + 3;
|
|
||||||
/*memmove(find_obj.objects, find_obj.objects + 12, sizeof(piv_obj_id_t) * (find_obj.num - 12));
|
|
||||||
find_obj.num = 1;*/
|
|
||||||
|
|
||||||
find_obj.active = CK_TRUE;
|
find_obj.active = CK_TRUE;
|
||||||
|
|
||||||
DOUT;
|
DOUT;
|
||||||
@@ -1358,10 +1355,12 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)(
|
|||||||
DBG(("Sending %lu bytes to sign", ulDataLen));
|
DBG(("Sending %lu bytes to sign", ulDataLen));
|
||||||
dump_hex(pData, ulDataLen, stderr, CK_TRUE);
|
dump_hex(pData, ulDataLen, stderr, CK_TRUE);
|
||||||
|
|
||||||
if (apply_sign_mechanism_update(&op_info, pData, ulDataLen) != CKR_OK) {
|
if (is_hashed_mechanism(op_info.mechanism.mechanism) == CK_TRUE) {
|
||||||
DBG(("Unable to perform signing operation step"));
|
if (apply_sign_mechanism_update(&op_info, pData, ulDataLen) != CKR_OK) {
|
||||||
return CKR_FUNCTION_FAILED;
|
DBG(("Unable to perform signing operation step"));
|
||||||
}
|
return CKR_FUNCTION_FAILED;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (apply_sign_mechanism_finalize(&op_info) != CKR_OK) {
|
if (apply_sign_mechanism_finalize(&op_info) != CKR_OK) {
|
||||||
DBG(("Unable to finalize signing operation"));
|
DBG(("Unable to finalize signing operation"));
|
||||||
|
|||||||
Reference in New Issue
Block a user