108 lines
2.6 KiB
C
108 lines
2.6 KiB
C
#include "mechanisms.h"
|
|
|
|
// Supported mechanisms for signature
|
|
static const CK_MECHANISM_TYPE sign_mechanisms[] = {
|
|
CKM_RSA_PKCS,
|
|
CKM_RSA_PKCS_PSS,
|
|
CKM_RSA_X_509,
|
|
CKM_SHA1_RSA_PKCS,
|
|
CKM_SHA256_RSA_PKCS,
|
|
CKM_SHA384_RSA_PKCS,
|
|
CKM_SHA512_RSA_PKCS,
|
|
CKM_SHA1_RSA_PKCS_PSS,
|
|
CKM_SHA256_RSA_PKCS_PSS,
|
|
CKM_SHA384_RSA_PKCS_PSS,
|
|
CKM_SHA512_RSA_PKCS_PSS,
|
|
CKM_ECDSA,
|
|
CKM_ECDSA_SHA1
|
|
};
|
|
|
|
CK_RV check_sign_mechanism(const ykcs11_session_t *s, const CK_MECHANISM_PTR m) {
|
|
|
|
CK_ULONG i;
|
|
CK_BBOOL supported = CK_FALSE;
|
|
token_vendor_t token;
|
|
CK_MECHANISM_INFO info;
|
|
|
|
// Check if the mechanism is supported by the module
|
|
for (i = 0; i < sizeof(sign_mechanisms) / sizeof(CK_MECHANISM_TYPE); i++) {
|
|
if (m->mechanism == sign_mechanisms[i]) {
|
|
supported = CK_TRUE;
|
|
break;
|
|
}
|
|
}
|
|
if (supported == CK_FALSE)
|
|
return CKR_MECHANISM_INVALID;
|
|
|
|
// Check if the mechanism is supported by the token
|
|
token = get_token_vendor(s->slot->token->vid);
|
|
|
|
if (token.get_token_mechanism_info(m->mechanism, &info) != CKR_OK)
|
|
return CKR_MECHANISM_INVALID;
|
|
|
|
// TODO: also check that parametes make sense if any?
|
|
|
|
CKR_OK;
|
|
|
|
}
|
|
|
|
CK_BBOOL is_RSA_mechanism(CK_MECHANISM_TYPE m) {
|
|
|
|
switch (m) {
|
|
case CKM_RSA_PKCS_KEY_PAIR_GEN:
|
|
case CKM_RSA_PKCS:
|
|
case CKM_RSA_9796:
|
|
case CKM_RSA_X_509:
|
|
case CKM_MD2_RSA_PKCS:
|
|
case CKM_MD5_RSA_PKCS:
|
|
case CKM_SHA1_RSA_PKCS:
|
|
// case CKM_SHA224_RSA_PKCS:
|
|
case CKM_SHA256_RSA_PKCS:
|
|
case CKM_SHA384_RSA_PKCS:
|
|
case CKM_SHA512_RSA_PKCS:
|
|
// case CKM_RIPEMD128_RSA_PKCS:
|
|
// case CKM_RIPEMD160_RSA_PKCS:
|
|
// case CKM_RSA_PKCS_OAEP:
|
|
// case CKM_RSA_X9_31_KEY_PAIR_GEN:
|
|
// case CKM_RSA_X9_31:
|
|
// case CKM_SHA1_RSA_X9_31:
|
|
case CKM_RSA_PKCS_PSS:
|
|
case CKM_SHA1_RSA_PKCS_PSS:
|
|
// case CKM_SHA224_RSA_PKCS_PSS:
|
|
case CKM_SHA256_RSA_PKCS_PSS:
|
|
case CKM_SHA512_RSA_PKCS_PSS:
|
|
case CKM_SHA384_RSA_PKCS_PSS:
|
|
// case CKM_RSA_PKCS_TPM_1_1:
|
|
// case CKM_RSA_PKCS_OAEP_TPM_1_1:
|
|
// case CKM_RSA_AES_KEY_WRAP:
|
|
return CK_TRUE;
|
|
|
|
default:
|
|
return CK_FALSE;
|
|
}
|
|
|
|
// Not reached
|
|
return CK_FALSE;
|
|
}
|
|
|
|
CK_RV apply_sign_mechanism(CK_MECHANISM_PTR m, CK_BYTE_PTR in, CK_ULONG in_len,
|
|
CK_BYTE_PTR out, CK_ULONG out_len, CK_ULONG key_len) {
|
|
switch (m->mechanism) {
|
|
case CKM_RSA_PKCS:
|
|
return do_pkcs_t1(in, in_len, out, out_len, key_len);
|
|
|
|
case CKM_RSA_PKCS_PSS:
|
|
return CKR_FUNCTION_FAILED;
|
|
|
|
case CKM_RSA_X_509:
|
|
return CKR_OK;
|
|
|
|
case CKM_SHA1_RSA_PKCS:
|
|
case CKM_SHA256_RSA_PKCS:
|
|
case CKM_SHA384_RSA_PKCS:
|
|
case CKM_SHA512_RSA_PKCS:
|
|
return CKR_FUNCTION_FAILED;
|
|
}
|
|
|
|
}
|