diff options
-rw-r--r-- | pkcs11.c | 72 |
1 files changed, 66 insertions, 6 deletions
@@ -3396,7 +3396,7 @@ CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, /* * Supply information about a particular mechanism. We may want a * more generic structure for this, for the moment, just answer the - * questions hsmbully is asking. + * questions that applications we care about are asking. * * Not really sure whether I should be setting CKF_HW here or not, RSA * is a mix of hardware and software at the moment, but I'm also a @@ -3411,6 +3411,9 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, { ENTER_PUBLIC_FUNCTION(C_GetMechanismInfo); + const CK_ULONG rsa_key_min = 1024; + const CK_ULONG rsa_key_max = 8192; + /* * No locking here, no obvious need for it. */ @@ -3423,18 +3426,75 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, switch (type) { + case CKM_SHA_1: + case CKM_SHA1_RSA_PKCS: + case CKM_SHA_1_HMAC: + if (hal_has_core_present(hal_hash_sha1) != HAL_OK) + return CKR_MECHANISM_INVALID; + break; + + case CKM_SHA256: + case CKM_SHA256_RSA_PKCS: + case CKM_SHA256_HMAC: + if (hal_has_core_present(hal_hash_sha256) != HAL_OK) + return CKR_MECHANISM_INVALID; + break; + + case CKM_SHA384: + case CKM_SHA384_RSA_PKCS: + case CKM_SHA384_HMAC: + if (hal_has_core_present(hal_hash_sha384) != HAL_OK) + return CKR_MECHANISM_INVALID; + break; + + case CKM_SHA512: + case CKM_SHA512_RSA_PKCS: + case CKM_SHA512_HMAC: + if (hal_has_core_present(hal_hash_sha512) != HAL_OK) + return CKR_MECHANISM_INVALID; + break; + + default: + break; + } + + switch (type) { + case CKM_RSA_PKCS_KEY_PAIR_GEN: - pInfo->ulMinKeySize = 1024; - pInfo->ulMaxKeySize = 8192; + pInfo->ulMinKeySize = rsa_key_min; + pInfo->ulMaxKeySize = rsa_key_max; pInfo->flags = CKF_HW | CKF_GENERATE_KEY_PAIR; break; case CKM_RSA_PKCS: - pInfo->ulMinKeySize = 1024; - pInfo->ulMaxKeySize = 8192; - pInfo->flags = CKF_HW | CKF_SIGN; + case CKM_SHA1_RSA_PKCS: + case CKM_SHA256_RSA_PKCS: + case CKM_SHA384_RSA_PKCS: + case CKM_SHA512_RSA_PKCS: + pInfo->ulMinKeySize = rsa_key_min; + pInfo->ulMaxKeySize = rsa_key_max; + pInfo->flags = CKF_HW | CKF_SIGN | CKF_VERIFY; + break; + + case CKM_SHA_1: + case CKM_SHA256: + case CKM_SHA384: + case CKM_SHA512: + pInfo->ulMinKeySize = 0; + pInfo->ulMaxKeySize = 0; + pInfo->flags = CKF_HW | CKF_DIGEST; break; +#if 0 + /* + * We have Verilog and libhal for these, but no PKCS #11 support (yet). + */ + case CKM_SHA_1_HMAC: + case CKM_SHA256_HMAC: + case CKM_SHA384_HMAC: + case CKM_SHA512_HMAC: +#endif + default: return CKR_MECHANISM_INVALID; } |