#include "mechanisms.h" // Supported mechanisms for signature static const CK_MECHANISM_TYPE sign_mechanisms[] = { CKM_RSA_PKCS, CKM_RSA_PKCS_PSS, CKM_RSA_X_509, CKM_SHA1_RSA_PKCS, CKM_SHA256_RSA_PKCS, CKM_SHA384_RSA_PKCS, CKM_SHA512_RSA_PKCS, CKM_SHA1_RSA_PKCS_PSS, CKM_SHA256_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS_PSS, CKM_SHA512_RSA_PKCS_PSS, CKM_ECDSA, CKM_ECDSA_SHA1 }; CK_RV check_sign_mechanism(const ykcs11_session_t *s, const CK_MECHANISM_PTR m) { CK_ULONG i; CK_BBOOL supported = CK_FALSE; token_vendor_t token; CK_MECHANISM_INFO info; // Check if the mechanism is supported by the module for (i = 0; i < sizeof(sign_mechanisms) / sizeof(CK_MECHANISM_TYPE); i++) { if (m->mechanism == sign_mechanisms[i]) { supported = CK_TRUE; break; } } if (supported == CK_FALSE) return CKR_MECHANISM_INVALID; // Check if the mechanism is supported by the token token = get_token_vendor(s->slot->token->vid); if (token.get_token_mechanism_info(m->mechanism, &info) != CKR_OK) return CKR_MECHANISM_INVALID; // TODO: also check that parametes make sense if any? CKR_OK; } CK_BBOOL is_RSA_mechanism(CK_MECHANISM_TYPE m) { switch (m) { case CKM_RSA_PKCS_KEY_PAIR_GEN: case CKM_RSA_PKCS: case CKM_RSA_9796: case CKM_RSA_X_509: case CKM_MD2_RSA_PKCS: case CKM_MD5_RSA_PKCS: case CKM_SHA1_RSA_PKCS: // case CKM_SHA224_RSA_PKCS: case CKM_SHA256_RSA_PKCS: case CKM_SHA384_RSA_PKCS: case CKM_SHA512_RSA_PKCS: // case CKM_RIPEMD128_RSA_PKCS: // case CKM_RIPEMD160_RSA_PKCS: // case CKM_RSA_PKCS_OAEP: // case CKM_RSA_X9_31_KEY_PAIR_GEN: // case CKM_RSA_X9_31: // case CKM_SHA1_RSA_X9_31: case CKM_RSA_PKCS_PSS: case CKM_SHA1_RSA_PKCS_PSS: // case CKM_SHA224_RSA_PKCS_PSS: case CKM_SHA256_RSA_PKCS_PSS: case CKM_SHA512_RSA_PKCS_PSS: case CKM_SHA384_RSA_PKCS_PSS: // case CKM_RSA_PKCS_TPM_1_1: // case CKM_RSA_PKCS_OAEP_TPM_1_1: // case CKM_RSA_AES_KEY_WRAP: return CK_TRUE; default: return CK_FALSE; } // Not reached return CK_FALSE; } CK_RV apply_sign_mechanism(CK_MECHANISM_PTR m, CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG out_len, CK_ULONG key_len) { switch (m->mechanism) { case CKM_RSA_PKCS: return do_pkcs_t1(in, in_len, out, out_len, key_len); case CKM_RSA_PKCS_PSS: return CKR_FUNCTION_FAILED; case CKM_RSA_X_509: return CKR_OK; case CKM_SHA1_RSA_PKCS: case CKM_SHA256_RSA_PKCS: case CKM_SHA384_RSA_PKCS: case CKM_SHA512_RSA_PKCS: return CKR_FUNCTION_FAILED; } }