aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pkcs11.c129
1 files changed, 104 insertions, 25 deletions
diff --git a/pkcs11.c b/pkcs11.c
index 52e5e47..6b32440 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -82,9 +82,9 @@
#warning Figure out hardware and software version numbers
#define P11_VERSION_SW_MAJOR 0
-#define P11_VERSION_SW_MINOR 0
+#define P11_VERSION_SW_MINOR 1
#define P11_VERSION_HW_MAJOR 0
-#define P11_VERSION_HW_MINOR 0
+#define P11_VERSION_HW_MINOR 1
/*
* Debugging control.
@@ -1592,7 +1592,7 @@ static inline int p11_object_create_ec_public_key(const p11_session_t * const se
static inline int p11_object_create_rsa_private_key(const p11_session_t * const session,
const CK_OBJECT_HANDLE object_handle,
const hal_key_flags_t flags,
- const CK_ATTRIBUTE_PTR const template,
+ const CK_ATTRIBUTE_PTR template,
const CK_ULONG template_len)
{
static const char select_format[] =
@@ -1680,7 +1680,7 @@ static inline int p11_object_create_rsa_private_key(const p11_session_t * const
static inline int p11_object_create_ec_private_key(const p11_session_t * const session,
const CK_OBJECT_HANDLE object_handle,
const hal_key_flags_t flags,
- const CK_ATTRIBUTE_PTR const template,
+ const CK_ATTRIBUTE_PTR template,
const CK_ULONG template_len)
{
static const char select_format[] =
@@ -3794,6 +3794,7 @@ CK_RV C_DigestInit(CK_SESSION_HANDLE hSession,
switch (pMechanism->mechanism) {
case CKM_SHA_1: algorithm = hal_digest_algorithm_sha1; break;
+ case CKM_SHA224: algorithm = hal_digest_algorithm_sha224; break;
case CKM_SHA256: algorithm = hal_digest_algorithm_sha256; break;
case CKM_SHA384: algorithm = hal_digest_algorithm_sha384; break;
case CKM_SHA512: algorithm = hal_digest_algorithm_sha512; break;
@@ -3982,6 +3983,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession,
switch (pMechanism->mechanism) {
case CKM_RSA_PKCS:
case CKM_SHA1_RSA_PKCS:
+ case CKM_SHA224_RSA_PKCS:
case CKM_SHA256_RSA_PKCS:
case CKM_SHA384_RSA_PKCS:
case CKM_SHA512_RSA_PKCS:
@@ -3989,6 +3991,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession,
lose(CKR_KEY_TYPE_INCONSISTENT);
break;
case CKM_ECDSA:
+ case CKM_ECDSA_SHA224:
case CKM_ECDSA_SHA256:
case CKM_ECDSA_SHA384:
case CKM_ECDSA_SHA512:
@@ -4009,6 +4012,10 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession,
case CKM_SHA1_RSA_PKCS:
session->sign_digest_algorithm = hal_digest_algorithm_sha1;
break;
+ case CKM_SHA224_RSA_PKCS:
+ case CKM_ECDSA_SHA224:
+ session->sign_digest_algorithm = hal_digest_algorithm_sha224;
+ break;
case CKM_SHA256_RSA_PKCS:
case CKM_ECDSA_SHA256:
session->sign_digest_algorithm = hal_digest_algorithm_sha256;
@@ -4215,6 +4222,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
switch (pMechanism->mechanism) {
case CKM_RSA_PKCS:
case CKM_SHA1_RSA_PKCS:
+ case CKM_SHA224_RSA_PKCS:
case CKM_SHA256_RSA_PKCS:
case CKM_SHA384_RSA_PKCS:
case CKM_SHA512_RSA_PKCS:
@@ -4222,6 +4230,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
lose(CKR_KEY_TYPE_INCONSISTENT);
break;
case CKM_ECDSA:
+ case CKM_ECDSA_SHA224:
case CKM_ECDSA_SHA256:
case CKM_ECDSA_SHA384:
case CKM_ECDSA_SHA512:
@@ -4242,6 +4251,10 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
case CKM_SHA1_RSA_PKCS:
session->verify_digest_algorithm = hal_digest_algorithm_sha1;
break;
+ case CKM_SHA224_RSA_PKCS:
+ case CKM_ECDSA_SHA224:
+ session->verify_digest_algorithm = hal_digest_algorithm_sha224;
+ break;
case CKM_SHA256_RSA_PKCS:
case CKM_ECDSA_SHA256:
session->verify_digest_algorithm = hal_digest_algorithm_sha256;
@@ -4539,6 +4552,13 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
algorithm = hal_digest_algorithm_sha1;
break;
+ case CKM_SHA224:
+ case CKM_SHA224_RSA_PKCS:
+ case CKM_SHA224_HMAC:
+ case CKM_ECDSA_SHA224:
+ algorithm = hal_digest_algorithm_sha224;
+ break;
+
case CKM_SHA256:
case CKM_SHA256_RSA_PKCS:
case CKM_SHA256_HMAC:
@@ -4584,6 +4604,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
case CKM_RSA_PKCS:
case CKM_SHA1_RSA_PKCS:
+ case CKM_SHA224_RSA_PKCS:
case CKM_SHA256_RSA_PKCS:
case CKM_SHA384_RSA_PKCS:
case CKM_SHA512_RSA_PKCS:
@@ -4593,6 +4614,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
break;
case CKM_ECDSA:
+ case CKM_ECDSA_SHA224:
case CKM_ECDSA_SHA256:
case CKM_ECDSA_SHA384:
case CKM_ECDSA_SHA512:
@@ -4602,6 +4624,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
break;
case CKM_SHA_1:
+ case CKM_SHA224:
case CKM_SHA256:
case CKM_SHA384:
case CKM_SHA512:
@@ -4615,6 +4638,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
* We have Verilog and libhal for these, but no PKCS #11 support (yet).
*/
case CKM_SHA_1_HMAC:
+ case CKM_SHA224_HMAC:
case CKM_SHA256_HMAC:
case CKM_SHA384_HMAC:
case CKM_SHA512_HMAC:
@@ -4661,6 +4685,82 @@ CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession,
mutex_unlock_return_with_rv(rv, p11_global_mutex);
}
+CK_RV C_GetInfo(CK_INFO_PTR pInfo)
+{
+ ENTER_PUBLIC_FUNCTION(C_GetInfo);
+
+ if (pInfo == NULL)
+ return CKR_ARGUMENTS_BAD;
+
+ memset(pInfo, 0, sizeof(*pInfo));
+ pInfo->cryptokiVersion.major = 2;
+ pInfo->cryptokiVersion.minor = 30;
+ psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), "cryptech.is project");
+ psnprintf(pInfo->libraryDescription, sizeof(pInfo->libraryDescription), "cryptech.is pkcs11");
+ pInfo->libraryVersion.major = P11_VERSION_SW_MAJOR;
+ pInfo->libraryVersion.minor = P11_VERSION_SW_MINOR;
+
+ return CKR_OK;
+}
+
+CK_RV C_GetSlotInfo(CK_SLOT_ID slotID,
+ CK_SLOT_INFO_PTR pInfo)
+{
+ ENTER_PUBLIC_FUNCTION(C_GetSlotInfo);
+
+ if (pInfo == NULL)
+ return CKR_ARGUMENTS_BAD;
+
+ if (slotID != P11_ONE_AND_ONLY_SLOT)
+ return CKR_SLOT_ID_INVALID;
+
+ memset(pInfo, 0, sizeof(*pInfo));
+ psnprintf(pInfo->slotDescription, sizeof(pInfo->slotDescription), "cryptech.is slot on alpha");
+ psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), "cryptech.is project");
+ pInfo->flags = CKF_TOKEN_PRESENT | CKF_HW_SLOT;
+ pInfo->hardwareVersion.major = 0;
+ pInfo->hardwareVersion.minor = 2;
+ pInfo->firmwareVersion.major = P11_VERSION_HW_MAJOR;
+ pInfo->firmwareVersion.minor = P11_VERSION_HW_MINOR;
+ return CKR_OK;
+}
+
+CK_RV C_GetMechanismList(CK_SLOT_ID slotID,
+ CK_MECHANISM_TYPE_PTR pMechanismList,
+ CK_ULONG_PTR pulCount)
+{
+ static const CK_MECHANISM_TYPE mechanisms[] = {
+ CKM_ECDSA_SHA1, CKM_ECDSA_SHA224, CKM_ECDSA_SHA256, CKM_ECDSA_SHA384, CKM_ECDSA_SHA512, CKM_ECDSA, CKM_EC_KEY_PAIR_GEN,
+ CKM_SHA1_RSA_PKCS, CKM_SHA224_RSA_PKCS, CKM_SHA256_RSA_PKCS, CKM_SHA384_RSA_PKCS, CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_PKCS_KEY_PAIR_GEN,
+ CKM_SHA_1, CKM_SHA224, CKM_SHA256, CKM_SHA384, CKM_SHA512,
+#if 0
+ /* libhal support these but pkcs11 doesn't, yet */
+ CKM_SHA_1_HMAC, CKM_SHA224_HMAC, CKM_SHA256_HMAC, CKM_SHA384_HMAC, CKM_SHA512_HMAC,
+#endif
+ };
+ const CK_ULONG mechanisms_len = sizeof(mechanisms)/sizeof(*mechanisms);
+
+ ENTER_PUBLIC_FUNCTION(C_GetMechanismList);
+
+ if (pulCount == NULL)
+ return CKR_ARGUMENTS_BAD;
+
+ if (slotID != P11_ONE_AND_ONLY_SLOT)
+ return CKR_SLOT_ID_INVALID;
+
+ CK_RV rv = CKR_OK;
+
+ if (pMechanismList != NULL && *pulCount < mechanisms_len)
+ rv = CKR_BUFFER_TOO_SMALL;
+
+ else if (pMechanismList != NULL)
+ memcpy(pMechanismList, mechanisms, sizeof(mechanisms));
+
+ *pulCount = mechanisms_len;
+
+ return rv;
+}
+
/*
@@ -4686,27 +4786,6 @@ CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession,
return CKR_FUNCTION_NOT_SUPPORTED;
}
-CK_RV C_GetInfo(CK_INFO_PTR pInfo)
-{
- ENTER_PUBLIC_FUNCTION(C_GetInfo);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV C_GetSlotInfo(CK_SLOT_ID slotID,
- CK_SLOT_INFO_PTR pInfo)
-{
- ENTER_PUBLIC_FUNCTION(C_GetSlotInfo);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV C_GetMechanismList(CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE_PTR pMechanismList,
- CK_ULONG_PTR pulCount)
-{
- ENTER_PUBLIC_FUNCTION(C_GetMechanismList);
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
CK_RV C_InitToken(CK_SLOT_ID slotID,
CK_UTF8CHAR_PTR pPin,
CK_ULONG ulPinLen,