From cb5d8f43f43f7b9261c7ab2d42979ea625986f4c Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 12 Jul 2016 00:46:39 -0400 Subject: Add a few missing informational functions that pkcs11-tool wanted. opensc's pkcs11-tool wants to use C_GetInfo(), C_GetSlotInfo(), and C_GetMechanismList(). All are trivial functions, but we hadn't implemented any of them. As with most of the informational functions, some of the returned values are nonsense: in the long run, fixing this just means adding one or more new informational queries to the RPC protocol, but I'm not going to do that while we're in, well, not code freeze, but at least code jello. Adding C_GetMechanismList() exposed that we had never added all the SHA-224 variants to pkcs11.c: since these are just a pass-through to libhal, adding them now seems low-risk (famous last words). Closes #40. --- pkcs11.c | 129 ++++++++++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 104 insertions(+), 25 deletions(-) diff --git a/pkcs11.c b/pkcs11.c index 52e5e47..6b32440 100644 --- a/pkcs11.c +++ b/pkcs11.c @@ -82,9 +82,9 @@ #warning Figure out hardware and software version numbers #define P11_VERSION_SW_MAJOR 0 -#define P11_VERSION_SW_MINOR 0 +#define P11_VERSION_SW_MINOR 1 #define P11_VERSION_HW_MAJOR 0 -#define P11_VERSION_HW_MINOR 0 +#define P11_VERSION_HW_MINOR 1 /* * Debugging control. @@ -1592,7 +1592,7 @@ static inline int p11_object_create_ec_public_key(const p11_session_t * const se static inline int p11_object_create_rsa_private_key(const p11_session_t * const session, const CK_OBJECT_HANDLE object_handle, const hal_key_flags_t flags, - const CK_ATTRIBUTE_PTR const template, + const CK_ATTRIBUTE_PTR template, const CK_ULONG template_len) { static const char select_format[] = @@ -1680,7 +1680,7 @@ static inline int p11_object_create_rsa_private_key(const p11_session_t * const static inline int p11_object_create_ec_private_key(const p11_session_t * const session, const CK_OBJECT_HANDLE object_handle, const hal_key_flags_t flags, - const CK_ATTRIBUTE_PTR const template, + const CK_ATTRIBUTE_PTR template, const CK_ULONG template_len) { static const char select_format[] = @@ -3794,6 +3794,7 @@ CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, switch (pMechanism->mechanism) { case CKM_SHA_1: algorithm = hal_digest_algorithm_sha1; break; + case CKM_SHA224: algorithm = hal_digest_algorithm_sha224; break; case CKM_SHA256: algorithm = hal_digest_algorithm_sha256; break; case CKM_SHA384: algorithm = hal_digest_algorithm_sha384; break; case CKM_SHA512: algorithm = hal_digest_algorithm_sha512; break; @@ -3982,6 +3983,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, switch (pMechanism->mechanism) { case CKM_RSA_PKCS: case CKM_SHA1_RSA_PKCS: + case CKM_SHA224_RSA_PKCS: case CKM_SHA256_RSA_PKCS: case CKM_SHA384_RSA_PKCS: case CKM_SHA512_RSA_PKCS: @@ -3989,6 +3991,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, lose(CKR_KEY_TYPE_INCONSISTENT); break; case CKM_ECDSA: + case CKM_ECDSA_SHA224: case CKM_ECDSA_SHA256: case CKM_ECDSA_SHA384: case CKM_ECDSA_SHA512: @@ -4009,6 +4012,10 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, case CKM_SHA1_RSA_PKCS: session->sign_digest_algorithm = hal_digest_algorithm_sha1; break; + case CKM_SHA224_RSA_PKCS: + case CKM_ECDSA_SHA224: + session->sign_digest_algorithm = hal_digest_algorithm_sha224; + break; case CKM_SHA256_RSA_PKCS: case CKM_ECDSA_SHA256: session->sign_digest_algorithm = hal_digest_algorithm_sha256; @@ -4215,6 +4222,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, switch (pMechanism->mechanism) { case CKM_RSA_PKCS: case CKM_SHA1_RSA_PKCS: + case CKM_SHA224_RSA_PKCS: case CKM_SHA256_RSA_PKCS: case CKM_SHA384_RSA_PKCS: case CKM_SHA512_RSA_PKCS: @@ -4222,6 +4230,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, lose(CKR_KEY_TYPE_INCONSISTENT); break; case CKM_ECDSA: + case CKM_ECDSA_SHA224: case CKM_ECDSA_SHA256: case CKM_ECDSA_SHA384: case CKM_ECDSA_SHA512: @@ -4242,6 +4251,10 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, case CKM_SHA1_RSA_PKCS: session->verify_digest_algorithm = hal_digest_algorithm_sha1; break; + case CKM_SHA224_RSA_PKCS: + case CKM_ECDSA_SHA224: + session->verify_digest_algorithm = hal_digest_algorithm_sha224; + break; case CKM_SHA256_RSA_PKCS: case CKM_ECDSA_SHA256: session->verify_digest_algorithm = hal_digest_algorithm_sha256; @@ -4539,6 +4552,13 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, algorithm = hal_digest_algorithm_sha1; break; + case CKM_SHA224: + case CKM_SHA224_RSA_PKCS: + case CKM_SHA224_HMAC: + case CKM_ECDSA_SHA224: + algorithm = hal_digest_algorithm_sha224; + break; + case CKM_SHA256: case CKM_SHA256_RSA_PKCS: case CKM_SHA256_HMAC: @@ -4584,6 +4604,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, case CKM_RSA_PKCS: case CKM_SHA1_RSA_PKCS: + case CKM_SHA224_RSA_PKCS: case CKM_SHA256_RSA_PKCS: case CKM_SHA384_RSA_PKCS: case CKM_SHA512_RSA_PKCS: @@ -4593,6 +4614,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, break; case CKM_ECDSA: + case CKM_ECDSA_SHA224: case CKM_ECDSA_SHA256: case CKM_ECDSA_SHA384: case CKM_ECDSA_SHA512: @@ -4602,6 +4624,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, break; case CKM_SHA_1: + case CKM_SHA224: case CKM_SHA256: case CKM_SHA384: case CKM_SHA512: @@ -4615,6 +4638,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, * We have Verilog and libhal for these, but no PKCS #11 support (yet). */ case CKM_SHA_1_HMAC: + case CKM_SHA224_HMAC: case CKM_SHA256_HMAC: case CKM_SHA384_HMAC: case CKM_SHA512_HMAC: @@ -4661,6 +4685,82 @@ CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, mutex_unlock_return_with_rv(rv, p11_global_mutex); } +CK_RV C_GetInfo(CK_INFO_PTR pInfo) +{ + ENTER_PUBLIC_FUNCTION(C_GetInfo); + + if (pInfo == NULL) + return CKR_ARGUMENTS_BAD; + + memset(pInfo, 0, sizeof(*pInfo)); + pInfo->cryptokiVersion.major = 2; + pInfo->cryptokiVersion.minor = 30; + psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), "cryptech.is project"); + psnprintf(pInfo->libraryDescription, sizeof(pInfo->libraryDescription), "cryptech.is pkcs11"); + pInfo->libraryVersion.major = P11_VERSION_SW_MAJOR; + pInfo->libraryVersion.minor = P11_VERSION_SW_MINOR; + + return CKR_OK; +} + +CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, + CK_SLOT_INFO_PTR pInfo) +{ + ENTER_PUBLIC_FUNCTION(C_GetSlotInfo); + + if (pInfo == NULL) + return CKR_ARGUMENTS_BAD; + + if (slotID != P11_ONE_AND_ONLY_SLOT) + return CKR_SLOT_ID_INVALID; + + memset(pInfo, 0, sizeof(*pInfo)); + psnprintf(pInfo->slotDescription, sizeof(pInfo->slotDescription), "cryptech.is slot on alpha"); + psnprintf(pInfo->manufacturerID, sizeof(pInfo->manufacturerID), "cryptech.is project"); + pInfo->flags = CKF_TOKEN_PRESENT | CKF_HW_SLOT; + pInfo->hardwareVersion.major = 0; + pInfo->hardwareVersion.minor = 2; + pInfo->firmwareVersion.major = P11_VERSION_HW_MAJOR; + pInfo->firmwareVersion.minor = P11_VERSION_HW_MINOR; + return CKR_OK; +} + +CK_RV C_GetMechanismList(CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount) +{ + static const CK_MECHANISM_TYPE mechanisms[] = { + CKM_ECDSA_SHA1, CKM_ECDSA_SHA224, CKM_ECDSA_SHA256, CKM_ECDSA_SHA384, CKM_ECDSA_SHA512, CKM_ECDSA, CKM_EC_KEY_PAIR_GEN, + CKM_SHA1_RSA_PKCS, CKM_SHA224_RSA_PKCS, CKM_SHA256_RSA_PKCS, CKM_SHA384_RSA_PKCS, CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_PKCS_KEY_PAIR_GEN, + CKM_SHA_1, CKM_SHA224, CKM_SHA256, CKM_SHA384, CKM_SHA512, +#if 0 + /* libhal support these but pkcs11 doesn't, yet */ + CKM_SHA_1_HMAC, CKM_SHA224_HMAC, CKM_SHA256_HMAC, CKM_SHA384_HMAC, CKM_SHA512_HMAC, +#endif + }; + const CK_ULONG mechanisms_len = sizeof(mechanisms)/sizeof(*mechanisms); + + ENTER_PUBLIC_FUNCTION(C_GetMechanismList); + + if (pulCount == NULL) + return CKR_ARGUMENTS_BAD; + + if (slotID != P11_ONE_AND_ONLY_SLOT) + return CKR_SLOT_ID_INVALID; + + CK_RV rv = CKR_OK; + + if (pMechanismList != NULL && *pulCount < mechanisms_len) + rv = CKR_BUFFER_TOO_SMALL; + + else if (pMechanismList != NULL) + memcpy(pMechanismList, mechanisms, sizeof(mechanisms)); + + *pulCount = mechanisms_len; + + return rv; +} + /* @@ -4686,27 +4786,6 @@ CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession, return CKR_FUNCTION_NOT_SUPPORTED; } -CK_RV C_GetInfo(CK_INFO_PTR pInfo) -{ - ENTER_PUBLIC_FUNCTION(C_GetInfo); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, - CK_SLOT_INFO_PTR pInfo) -{ - ENTER_PUBLIC_FUNCTION(C_GetSlotInfo); - return CKR_FUNCTION_NOT_SUPPORTED; -} - -CK_RV C_GetMechanismList(CK_SLOT_ID slotID, - CK_MECHANISM_TYPE_PTR pMechanismList, - CK_ULONG_PTR pulCount) -{ - ENTER_PUBLIC_FUNCTION(C_GetMechanismList); - return CKR_FUNCTION_NOT_SUPPORTED; -} - CK_RV C_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, -- cgit v1.2.3