aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pkcs11.c72
1 files changed, 66 insertions, 6 deletions
diff --git a/pkcs11.c b/pkcs11.c
index ff86b70..1d50ddc 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -3396,7 +3396,7 @@ CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession,
/*
* Supply information about a particular mechanism. We may want a
* more generic structure for this, for the moment, just answer the
- * questions hsmbully is asking.
+ * questions that applications we care about are asking.
*
* Not really sure whether I should be setting CKF_HW here or not, RSA
* is a mix of hardware and software at the moment, but I'm also a
@@ -3411,6 +3411,9 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
{
ENTER_PUBLIC_FUNCTION(C_GetMechanismInfo);
+ const CK_ULONG rsa_key_min = 1024;
+ const CK_ULONG rsa_key_max = 8192;
+
/*
* No locking here, no obvious need for it.
*/
@@ -3423,18 +3426,75 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
switch (type) {
+ case CKM_SHA_1:
+ case CKM_SHA1_RSA_PKCS:
+ case CKM_SHA_1_HMAC:
+ if (hal_has_core_present(hal_hash_sha1) != HAL_OK)
+ return CKR_MECHANISM_INVALID;
+ break;
+
+ case CKM_SHA256:
+ case CKM_SHA256_RSA_PKCS:
+ case CKM_SHA256_HMAC:
+ if (hal_has_core_present(hal_hash_sha256) != HAL_OK)
+ return CKR_MECHANISM_INVALID;
+ break;
+
+ case CKM_SHA384:
+ case CKM_SHA384_RSA_PKCS:
+ case CKM_SHA384_HMAC:
+ if (hal_has_core_present(hal_hash_sha384) != HAL_OK)
+ return CKR_MECHANISM_INVALID;
+ break;
+
+ case CKM_SHA512:
+ case CKM_SHA512_RSA_PKCS:
+ case CKM_SHA512_HMAC:
+ if (hal_has_core_present(hal_hash_sha512) != HAL_OK)
+ return CKR_MECHANISM_INVALID;
+ break;
+
+ default:
+ break;
+ }
+
+ switch (type) {
+
case CKM_RSA_PKCS_KEY_PAIR_GEN:
- pInfo->ulMinKeySize = 1024;
- pInfo->ulMaxKeySize = 8192;
+ pInfo->ulMinKeySize = rsa_key_min;
+ pInfo->ulMaxKeySize = rsa_key_max;
pInfo->flags = CKF_HW | CKF_GENERATE_KEY_PAIR;
break;
case CKM_RSA_PKCS:
- pInfo->ulMinKeySize = 1024;
- pInfo->ulMaxKeySize = 8192;
- pInfo->flags = CKF_HW | CKF_SIGN;
+ case CKM_SHA1_RSA_PKCS:
+ case CKM_SHA256_RSA_PKCS:
+ case CKM_SHA384_RSA_PKCS:
+ case CKM_SHA512_RSA_PKCS:
+ pInfo->ulMinKeySize = rsa_key_min;
+ pInfo->ulMaxKeySize = rsa_key_max;
+ pInfo->flags = CKF_HW | CKF_SIGN | CKF_VERIFY;
+ break;
+
+ case CKM_SHA_1:
+ case CKM_SHA256:
+ case CKM_SHA384:
+ case CKM_SHA512:
+ pInfo->ulMinKeySize = 0;
+ pInfo->ulMaxKeySize = 0;
+ pInfo->flags = CKF_HW | CKF_DIGEST;
break;
+#if 0
+ /*
+ * We have Verilog and libhal for these, but no PKCS #11 support (yet).
+ */
+ case CKM_SHA_1_HMAC:
+ case CKM_SHA256_HMAC:
+ case CKM_SHA384_HMAC:
+ case CKM_SHA512_HMAC:
+#endif
+
default:
return CKR_MECHANISM_INVALID;
}