From f09fbb355ff03d52bbf4920f36fda2982246aad4 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Thu, 9 Jul 2015 00:00:58 -0400
Subject: Add hashes to C_GetMechanismInfo().

---
 pkcs11.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 66 insertions(+), 6 deletions(-)

diff --git a/pkcs11.c b/pkcs11.c
index ff86b70..1d50ddc 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -3396,7 +3396,7 @@ CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession,
 /*
  * Supply information about a particular mechanism.  We may want a
  * more generic structure for this, for the moment, just answer the
- * questions hsmbully is asking.
+ * questions that applications we care about are asking.
  *
  * Not really sure whether I should be setting CKF_HW here or not, RSA
  * is a mix of hardware and software at the moment, but I'm also a
@@ -3411,6 +3411,9 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
 {
   ENTER_PUBLIC_FUNCTION(C_GetMechanismInfo);
 
+  const CK_ULONG rsa_key_min = 1024;
+  const CK_ULONG rsa_key_max = 8192;
+
   /*
    * No locking here, no obvious need for it.
    */
@@ -3423,18 +3426,75 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID,
 
   switch (type) {
 
+  case CKM_SHA_1:
+  case CKM_SHA1_RSA_PKCS:
+  case CKM_SHA_1_HMAC:
+    if (hal_has_core_present(hal_hash_sha1) != HAL_OK)
+      return CKR_MECHANISM_INVALID;
+    break;
+
+  case CKM_SHA256:
+  case CKM_SHA256_RSA_PKCS:
+  case CKM_SHA256_HMAC:
+    if (hal_has_core_present(hal_hash_sha256) != HAL_OK)
+      return CKR_MECHANISM_INVALID;
+    break;
+
+  case CKM_SHA384:
+  case CKM_SHA384_RSA_PKCS:
+  case CKM_SHA384_HMAC:
+    if (hal_has_core_present(hal_hash_sha384) != HAL_OK)
+      return CKR_MECHANISM_INVALID;
+    break;
+
+  case CKM_SHA512:
+  case CKM_SHA512_RSA_PKCS:
+  case CKM_SHA512_HMAC:
+    if (hal_has_core_present(hal_hash_sha512) != HAL_OK)
+      return CKR_MECHANISM_INVALID;
+    break;
+
+  default:
+    break;
+  }
+
+  switch (type) {
+
   case CKM_RSA_PKCS_KEY_PAIR_GEN:
-    pInfo->ulMinKeySize = 1024;
-    pInfo->ulMaxKeySize = 8192;
+    pInfo->ulMinKeySize = rsa_key_min;
+    pInfo->ulMaxKeySize = rsa_key_max;
     pInfo->flags = CKF_HW | CKF_GENERATE_KEY_PAIR;
     break;
 
   case CKM_RSA_PKCS:
-    pInfo->ulMinKeySize = 1024;
-    pInfo->ulMaxKeySize = 8192;
-    pInfo->flags = CKF_HW | CKF_SIGN;
+  case CKM_SHA1_RSA_PKCS:
+  case CKM_SHA256_RSA_PKCS:
+  case CKM_SHA384_RSA_PKCS:
+  case CKM_SHA512_RSA_PKCS:
+    pInfo->ulMinKeySize = rsa_key_min;
+    pInfo->ulMaxKeySize = rsa_key_max;
+    pInfo->flags = CKF_HW | CKF_SIGN | CKF_VERIFY;
+    break;
+
+  case CKM_SHA_1:
+  case CKM_SHA256:
+  case CKM_SHA384:
+  case CKM_SHA512:
+    pInfo->ulMinKeySize = 0;
+    pInfo->ulMaxKeySize = 0;
+    pInfo->flags = CKF_HW | CKF_DIGEST;
     break;
 
+#if 0
+    /*
+     * We have Verilog and libhal for these, but no PKCS #11 support (yet).
+     */
+  case CKM_SHA_1_HMAC:
+  case CKM_SHA256_HMAC:
+  case CKM_SHA384_HMAC:
+  case CKM_SHA512_HMAC:
+#endif
+
   default:
     return CKR_MECHANISM_INVALID;
   }
-- 
cgit v1.2.3