diff options
| -rw-r--r-- | pkcs11.c | 129 |
1 files changed, 104 insertions, 25 deletions
@@ -82,9 +82,9 @@ #warning Figure out hardware and software version numbers #define P11_VERSION_SW_MAJOR 0 -#define P11_VERSION_SW_MINOR 0 +#define P11_VERSION_SW_MINOR 1 #define P11_VERSION_HW_MAJOR 0 -#define P11_VERSION_HW_MINOR 0 +#define P11_VERSION_HW_MINOR 1 /* * Debugging control. @@ -1592,7 +1592,7 @@ static inline int p11_object_create_ec_public_key(const p11_session_t * const se static inline int p11_object_create_rsa_private_key(const p11_session_t * const session, const CK_OBJECT_HANDLE object_handle, const hal_key_flags_t flags, - const CK_ATTRIBUTE_PTR const template, + const CK_ATTRIBUTE_PTR template, const CK_ULONG template_len) { static const char select_format[] = @@ -1680,7 +1680,7 @@ static inline int p11_object_create_rsa_private_key(const p11_session_t * const static inline int p11_object_create_ec_private_key(const p11_session_t * const session, const CK_OBJECT_HANDLE object_handle, const hal_key_flags_t flags, - const CK_ATTRIBUTE_PTR const template, + const CK_ATTRIBUTE_PTR template, const CK_ULONG template_len) { static const char select_format[] = @@ -3794,6 +3794,7 @@ CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, switch (pMechanism->mechanism) { case CKM_SHA_1: algorithm = hal_digest_algorithm_sha1; break; + case CKM_SHA224: algorithm = hal_digest_algorithm_sha224; break; case CKM_SHA256: algorithm = hal_digest_algorithm_sha256; break; case CKM_SHA384: algorithm = hal_digest_algorithm_sha384; break; case CKM_SHA512: algorithm = hal_digest_algorithm_sha512; break; @@ -3982,6 +3983,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, switch (pMechanism->mechanism) { case CKM_RSA_PKCS: case CKM_SHA1_RSA_PKCS: + case CKM_SHA224_RSA_PKCS: case CKM_SHA256_RSA_PKCS: case CKM_SHA384_RSA_PKCS: case CKM_SHA512_RSA_PKCS: @@ -3989,6 +3991,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, lose(CKR_KEY_TYPE_INCONSISTENT); break; case CKM_ECDSA: + case CKM_ECDSA_SHA224: case CKM_ECDSA_SHA256: case CKM_ECDSA_SHA384: case CKM_ECDSA_SHA512: @@ -4009,6 +4012,10 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, case CKM_SHA1_RSA_PKCS: session->sign_digest_algorithm = hal_digest_algorithm_sha1; break; + case CKM_SHA224_RSA_PKCS: + case CKM_ECDSA_SHA224: + session->sign_digest_algorithm = hal_digest_algorithm_sha224; + break; case CKM_SHA256_RSA_PKCS: case CKM_ECDSA_SHA256: session->sign_digest_algorithm = hal_digest_algorithm_sha256; @@ -4215,6 +4222,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, switch (pMechanism->mechanism) { case CKM_RSA_PKCS: case CKM_SHA1_RSA_PKCS: + case CKM_SHA224_RSA_PKCS: case CKM_SHA256_RSA_PKCS: case CKM_SHA384_RSA_PKCS: case CKM_SHA512_RSA_PKCS: @@ -4222,6 +4230,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, lose(CKR_KEY_TYPE_INCONSISTENT); break; case CKM_ECDSA: + case CKM_ECDSA_SHA224: case CKM_ECDSA_SHA256: case CKM_ECDSA_SHA384: case CKM_ECDSA_SHA512: @@ -4242,6 +4251,10 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, case CKM_SHA1_RSA_PKCS: session->verify_digest_algorithm = hal_digest_algorithm_sha1; break; + case CKM_SHA224_RSA_PKCS: + case CKM_ECDSA_SHA224: + session->verify_digest_algorithm = hal_digest_algorithm_sha224; + break; case CKM_SHA256_RSA_PKCS: case CKM_ECDSA_SHA256: session->verify_digest_algorithm = hal_digest_algorithm_sha256; @@ -4539,6 +4552,13 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, algorithm = hal_digest_algorithm_sha1; break; + case CKM_SHA224: + case CKM_SHA224_RSA_PKCS: + case CKM_SHA224_HMAC: + case CKM_ECDSA_SHA224: + algorithm = hal_digest_algorithm_sha224; + break; + case CKM_SHA256: case CKM_SHA256_RSA_PKCS: case CKM_SHA256_HMAC: @@ -4584,6 +4604,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, case CKM_RSA_PKCS: case CKM_SHA1_RSA_PKCS: + case CKM_SHA224_RSA_PKCS: case CKM_SHA256_RSA_PKCS: case CKM_SHA384_RSA_PKCS: case CKM_SHA512_RSA_PKCS: @@ -4593,6 +4614,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, break; case CKM_ECDSA: + case CKM_ECDSA_SHA224: case CKM_ECDSA_SHA256: case CKM_ECDSA_SHA384: case CKM_ECDSA_SHA512: @@ -4602,6 +4624,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, break; case CKM_SHA_1: + case CKM_SHA224: case CKM_SHA256: case CKM_SHA384: case CKM_SHA512: @@ -4615,6 +4638,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, * We have Verilog and libhal for these, but no PKCS #11 support (yet). */ case CKM_SHA_1_HMAC: + case CKM_SHA224_HMAC: case CKM_SHA256_HMAC: case CKM_SHA384_HMAC: case CKM_SHA512_HMAC: @@ -4661,6 +4685,82 @@ CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, mutex_unlock_return_with_rv(rv, p11_global_mutex); } +CK_RV C_GetInfo(CK_INFO_PTR pInfo) +{ + ENTER_PUBLIC_FUNCTION(C_GetInfo); + + if (pInfo == NULL) + return CKR_ARGUMENTS_BAD; + + memset(pInfo, 0, sizeof(*pInfo)); + pInfo->cryptokiVersion.major = 2; + pInfo->cryptokiVersion.minor = 30; + psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), "cryptech.is project"); + psnprintf(pInfo->libraryDescription, sizeof(pInfo->libraryDescription), "cryptech.is pkcs11"); + pInfo->libraryVersion.major = P11_VERSION_SW_MAJOR; + pInfo->libraryVersion.minor = P11_VERSION_SW_MINOR; + + return CKR_OK; +} + +CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo) +{ + ENTER_PUBLIC_FUNCTION(C_GetSlotInfo); + + if (pInfo == NULL) + return CKR_ARGUMENTS_BAD; + + if (slotID != P11_ONE_AND_ONLY_SLOT) + return CKR_SLOT_ID_INVALID; + + memset(pInfo, 0, sizeof(*pInfo)); + psnprintf(pInfo->slotDescription, sizeof(pInfo->slotDescription), "cryptech.is slot on alpha"); + psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), "cryptech.is project"); + pInfo->flags = CKF_TOKEN_PRESENT | CKF_HW_SLOT; + pInfo->hardwareVersion.major = 0; + pInfo->hardwareVersion.minor = 2; + pInfo->firmwareVersion.major = P11_VERSION_HW_MAJOR; + pInfo->firmwareVersion.minor = P11_VERSION_HW_MINOR; + return CKR_OK; +} + +CK_RV C_GetMechanismList(CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount) +{ + static const CK_MECHANISM_TYPE mechanisms[] = { + CKM_ECDSA_SHA1, CKM_ECDSA_SHA224, CKM_ECDSA_SHA256, CKM_ECDSA_SHA384, CKM_ECDSA_SHA512, CKM_ECDSA, CKM_EC_KEY_PAIR_GEN, + CKM_SHA1_RSA_PKCS, CKM_SHA224_RSA_PKCS, CKM_SHA256_RSA_PKCS, CKM_SHA384_RSA_PKCS, CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_PKCS_KEY_PAIR_GEN, + CKM_SHA_1, CKM_SHA224, CKM_SHA256, CKM_SHA384, CKM_SHA512, +#if 0 + /* libhal support these but pkcs11 doesn't, yet */ + CKM_SHA_1_HMAC, CKM_SHA224_HMAC, CKM_SHA256_HMAC, CKM_SHA384_HMAC, CKM_SHA512_HMAC, +#endif + }; + const CK_ULONG mechanisms_len = sizeof(mechanisms)/sizeof(*mechanisms); + + ENTER_PUBLIC_FUNCTION(C_GetMechanismList); + + if (pulCount == NULL) + return CKR_ARGUMENTS_BAD; + + if (slotID != P11_ONE_AND_ONLY_SLOT) + return CKR_SLOT_ID_INVALID; + + CK_RV rv = CKR_OK; + + if (pMechanismList != NULL && *pulCount < mechanisms_len) + rv = CKR_BUFFER_TOO_SMALL; + + else if (pMechanismList != NULL) + memcpy(pMechanismList, mechanisms, sizeof(mechanisms)); + + *pulCount = mechanisms_len; + + return rv; +} + /* @@ -4686,27 +4786,6 @@ CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession, return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_GetInfo(CK_INFO_PTR pInfo) -{ - ENTER_PUBLIC_FUNCTION(C_GetInfo); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, - CK_SLOT_INFO_PTR pInfo) -{ - ENTER_PUBLIC_FUNCTION(C_GetSlotInfo); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -CK_RV C_GetMechanismList(CK_SLOT_ID slotID, - CK_MECHANISM_TYPE_PTR pMechanismList, - CK_ULONG_PTR pulCount) -{ - ENTER_PUBLIC_FUNCTION(C_GetMechanismList); - return CKR_FUNCTION_NOT_SUPPORTED; -} - CK_RV C_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, |