[Cryptech-Commits] [sw/pkcs11] branch master updated: Add a few missing informational functions that pkcs11-tool wanted.

git at cryptech.is git at cryptech.is
Tue Jul 12 04:52:53 UTC 2016


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/pkcs11.

The following commit(s) were added to refs/heads/master by this push:
       new  cb5d8f4   Add a few missing informational functions that pkcs11-tool wanted.
cb5d8f4 is described below

commit cb5d8f43f43f7b9261c7ab2d42979ea625986f4c
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Tue Jul 12 00:46:39 2016 -0400

    Add a few missing informational functions that pkcs11-tool wanted.
    
    opensc's pkcs11-tool wants to use C_GetInfo(), C_GetSlotInfo(), and
    C_GetMechanismList().  All are trivial functions, but we hadn't
    implemented any of them.  As with most of the informational functions,
    some of the returned values are nonsense: in the long run, fixing this
    just means adding one or more new informational queries to the RPC
    protocol, but I'm not going to do that while we're in, well, not code
    freeze, but at least code jello.
    
    Adding C_GetMechanismList() exposed that we had never added all the
    SHA-224 variants to pkcs11.c: since these are just a pass-through to
    libhal, adding them now seems low-risk (famous last words).
    
    Closes #40.
---
 pkcs11.c | 129 ++++++++++++++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 104 insertions(+), 25 deletions(-)

diff --git a/pkcs11.c b/pkcs11.c
index 52e5e47..6b32440 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -82,9 +82,9 @@
 
 #warning Figure out hardware and software version numbers
 #define P11_VERSION_SW_MAJOR    0
-#define P11_VERSION_SW_MINOR    0
+#define P11_VERSION_SW_MINOR    1
 #define P11_VERSION_HW_MAJOR    0
-#define P11_VERSION_HW_MINOR    0
+#define P11_VERSION_HW_MINOR    1
 
 /*
  * Debugging control.
@@ -1592,7 +1592,7 @@ static inline int p11_object_create_ec_public_key(const p11_session_t * const se
 static inline int p11_object_create_rsa_private_key(const p11_session_t * const session,
                                                     const CK_OBJECT_HANDLE object_handle,
                                                     const hal_key_flags_t flags,
-                                                    const CK_ATTRIBUTE_PTR const template,
+                                                    const CK_ATTRIBUTE_PTR template,
                                                     const CK_ULONG template_len)
 {
   static const char select_format[] =
@@ -1680,7 +1680,7 @@ static inline int p11_object_create_rsa_private_key(const p11_session_t * const
 static inline int p11_object_create_ec_private_key(const p11_session_t * const session,
                                                    const CK_OBJECT_HANDLE object_handle,
                                                    const hal_key_flags_t flags,
-                                                   const CK_ATTRIBUTE_PTR const template,
+                                                   const CK_ATTRIBUTE_PTR template,
                                                    const CK_ULONG template_len)
 {
   static const char select_format[] =
@@ -3794,6 +3794,7 @@ CK_RV C_DigestInit(CK_SESSION_HANDLE hSession,
 
   switch (pMechanism->mechanism) {
   case CKM_SHA_1:       algorithm = hal_digest_algorithm_sha1;   break;
+  case CKM_SHA224:      algorithm = hal_digest_algorithm_sha224; break;
   case CKM_SHA256:      algorithm = hal_digest_algorithm_sha256; break;
   case CKM_SHA384:      algorithm = hal_digest_algorithm_sha384; break;
   case CKM_SHA512:      algorithm = hal_digest_algorithm_sha512; break;
@@ -3982,6 +3983,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession,
   switch (pMechanism->mechanism) {
   case CKM_RSA_PKCS:
   case CKM_SHA1_RSA_PKCS:
+  case CKM_SHA224_RSA_PKCS:
   case CKM_SHA256_RSA_PKCS:
   case CKM_SHA384_RSA_PKCS:
   case CKM_SHA512_RSA_PKCS:
@@ -3989,6 +3991,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession,
       lose(CKR_KEY_TYPE_INCONSISTENT);
     break;
   case CKM_ECDSA:
+  case CKM_ECDSA_SHA224:
   case CKM_ECDSA_SHA256:
   case CKM_ECDSA_SHA384:
   case CKM_ECDSA_SHA512:
@@ -4009,6 +4012,10 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession,
   case CKM_SHA1_RSA_PKCS:
     session->sign_digest_algorithm = hal_digest_algorithm_sha1;
     break;
+  case CKM_SHA224_RSA_PKCS:
+  case CKM_ECDSA_SHA224:
+    session->sign_digest_algorithm = hal_digest_algorithm_sha224;
+    break;
   case CKM_SHA256_RSA_PKCS:
   case CKM_ECDSA_SHA256:
     session->sign_digest_algorithm = hal_digest_algorithm_sha256;
@@ -4215,6 +4222,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
   switch (pMechanism->mechanism) {
   case CKM_RSA_PKCS:
   case CKM_SHA1_RSA_PKCS:
+  case CKM_SHA224_RSA_PKCS:
   case CKM_SHA256_RSA_PKCS:
   case CKM_SHA384_RSA_PKCS:
   case CKM_SHA512_RSA_PKCS:
@@ -4222,6 +4230,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
       lose(CKR_KEY_TYPE_INCONSISTENT);
     break;
   case CKM_ECDSA:
+  case CKM_ECDSA_SHA224:
   case CKM_ECDSA_SHA256:
   case CKM_ECDSA_SHA384:
   case CKM_ECDSA_SHA512:
@@ -4242,6 +4251,10 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
   case CKM_SHA1_RSA_PKCS:
     session->verify_digest_algorithm = hal_digest_algorithm_sha1;
     break;
+  case CKM_SHA224_RSA_PKCS:
+  case CKM_ECDSA_SHA224:
+    session->verify_digest_algorithm = hal_digest_algorithm_sha224;
+    break;
   case CKM_SHA256_RSA_PKCS:
   case CKM_ECDSA_SHA256:
     session->verify_digest_algorithm = hal_digest_algorithm_sha256;
@@ -4539,6 +4552,13 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
     algorithm = hal_digest_algorithm_sha1;
     break;
 
+  case CKM_SHA224:
+  case CKM_SHA224_RSA_PKCS:
+  case CKM_SHA224_HMAC:
+  case CKM_ECDSA_SHA224:
+    algorithm = hal_digest_algorithm_sha224;
+    break;
+
   case CKM_SHA256:
   case CKM_SHA256_RSA_PKCS:
   case CKM_SHA256_HMAC:
@@ -4584,6 +4604,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
 
   case CKM_RSA_PKCS:
   case CKM_SHA1_RSA_PKCS:
+  case CKM_SHA224_RSA_PKCS:
   case CKM_SHA256_RSA_PKCS:
   case CKM_SHA384_RSA_PKCS:
   case CKM_SHA512_RSA_PKCS:
@@ -4593,6 +4614,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
     break;
 
   case CKM_ECDSA:
+  case CKM_ECDSA_SHA224:
   case CKM_ECDSA_SHA256:
   case CKM_ECDSA_SHA384:
   case CKM_ECDSA_SHA512:
@@ -4602,6 +4624,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
     break;
 
   case CKM_SHA_1:
+  case CKM_SHA224:
   case CKM_SHA256:
   case CKM_SHA384:
   case CKM_SHA512:
@@ -4615,6 +4638,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
      * We have Verilog and libhal for these, but no PKCS #11 support (yet).
      */
   case CKM_SHA_1_HMAC:
+  case CKM_SHA224_HMAC:
   case CKM_SHA256_HMAC:
   case CKM_SHA384_HMAC:
   case CKM_SHA512_HMAC:
@@ -4661,6 +4685,82 @@ CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession,
   mutex_unlock_return_with_rv(rv, p11_global_mutex);
 }
 
+CK_RV C_GetInfo(CK_INFO_PTR pInfo)
+{
+  ENTER_PUBLIC_FUNCTION(C_GetInfo);
+
+  if (pInfo == NULL)
+    return CKR_ARGUMENTS_BAD;
+
+  memset(pInfo, 0, sizeof(*pInfo));
+  pInfo->cryptokiVersion.major = 2;
+  pInfo->cryptokiVersion.minor = 30;
+  psnprintf(pInfo->manufacturerID,     sizeof(pInfo->manufacturerID),           "cryptech.is project");
+  psnprintf(pInfo->libraryDescription, sizeof(pInfo->libraryDescription),       "cryptech.is pkcs11");
+  pInfo->libraryVersion.major = P11_VERSION_SW_MAJOR;
+  pInfo->libraryVersion.minor = P11_VERSION_SW_MINOR;
+
+  return CKR_OK;
+}
+
+CK_RV C_GetSlotInfo(CK_SLOT_ID slotID,
+                    CK_SLOT_INFO_PTR pInfo)
+{
+  ENTER_PUBLIC_FUNCTION(C_GetSlotInfo);
+
+  if (pInfo == NULL)
+    return CKR_ARGUMENTS_BAD;
+
+  if (slotID != P11_ONE_AND_ONLY_SLOT)
+    return CKR_SLOT_ID_INVALID;
+
+  memset(pInfo, 0, sizeof(*pInfo));
+  psnprintf(pInfo->slotDescription, sizeof(pInfo->slotDescription), "cryptech.is slot on alpha");
+  psnprintf(pInfo->manufacturerID,  sizeof(pInfo->manufacturerID),  "cryptech.is project");
+  pInfo->flags = CKF_TOKEN_PRESENT | CKF_HW_SLOT;
+  pInfo->hardwareVersion.major = 0;
+  pInfo->hardwareVersion.minor = 2;
+  pInfo->firmwareVersion.major = P11_VERSION_HW_MAJOR;
+  pInfo->firmwareVersion.minor = P11_VERSION_HW_MINOR;
+  return CKR_OK;
+}
+
+CK_RV C_GetMechanismList(CK_SLOT_ID slotID,
+                         CK_MECHANISM_TYPE_PTR pMechanismList,
+                         CK_ULONG_PTR pulCount)
+{
+  static const CK_MECHANISM_TYPE mechanisms[] = {
+    CKM_ECDSA_SHA1,    CKM_ECDSA_SHA224,       CKM_ECDSA_SHA256,    CKM_ECDSA_SHA384,    CKM_ECDSA_SHA512,    CKM_ECDSA,    CKM_EC_KEY_PAIR_GEN,
+    CKM_SHA1_RSA_PKCS, CKM_SHA224_RSA_PKCS,    CKM_SHA256_RSA_PKCS, CKM_SHA384_RSA_PKCS, CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_PKCS_KEY_PAIR_GEN,
+    CKM_SHA_1,         CKM_SHA224, 	       CKM_SHA256,          CKM_SHA384,          CKM_SHA512,
+#if 0
+    /* libhal support these but pkcs11 doesn't, yet */
+    CKM_SHA_1_HMAC,    CKM_SHA224_HMAC,        CKM_SHA256_HMAC,     CKM_SHA384_HMAC,     CKM_SHA512_HMAC,
+#endif
+  };
+  const CK_ULONG mechanisms_len = sizeof(mechanisms)/sizeof(*mechanisms);
+
+  ENTER_PUBLIC_FUNCTION(C_GetMechanismList);
+
+  if (pulCount == NULL)
+    return CKR_ARGUMENTS_BAD;
+
+  if (slotID != P11_ONE_AND_ONLY_SLOT)
+    return CKR_SLOT_ID_INVALID;
+
+  CK_RV rv = CKR_OK;
+
+  if (pMechanismList != NULL && *pulCount < mechanisms_len)
+    rv = CKR_BUFFER_TOO_SMALL;
+
+  else if (pMechanismList != NULL)
+    memcpy(pMechanismList, mechanisms, sizeof(mechanisms));
+
+  *pulCount = mechanisms_len;
+
+  return rv;
+}
+
 

 
 /*
@@ -4686,27 +4786,6 @@ CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession,
   return CKR_FUNCTION_NOT_SUPPORTED;
 }
 
-CK_RV C_GetInfo(CK_INFO_PTR pInfo)
-{
-  ENTER_PUBLIC_FUNCTION(C_GetInfo);
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV C_GetSlotInfo(CK_SLOT_ID slotID,
-                    CK_SLOT_INFO_PTR pInfo)
-{
-  ENTER_PUBLIC_FUNCTION(C_GetSlotInfo);
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV C_GetMechanismList(CK_SLOT_ID slotID,
-                         CK_MECHANISM_TYPE_PTR pMechanismList,
-                         CK_ULONG_PTR pulCount)
-{
-  ENTER_PUBLIC_FUNCTION(C_GetMechanismList);
-  return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
 CK_RV C_InitToken(CK_SLOT_ID slotID,
                   CK_UTF8CHAR_PTR pPin,
                   CK_ULONG ulPinLen,

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the Commits mailing list