ECDSA-SHA1: Apply SHA1 to input data before PSO compute signature.

CKM_ECDSA and CKM_ECDSA_SHA1 cannot be registered in the same way. We need to use sc_pkcs11_register_sign_and_hash_mechanism () for CKM_ECDSA_SHA1. This fix also enables more ECDSA-SHAxxx mechanisms in framework-pkcs15.c Tested: MyEID 4.0.1 (secp256r1 with SHA1, SHA224, SHA256, SHA384, SHA512) CI tests (Travis + OsEID) for ECDSA-SHAxxx mechanisms are also enabled.
2020-12-10 08:45:43 +01:00 · 2020-12-10 08:45:43 +01:00 · 6049cb926c
parent 5f16ffae84
commit 6049cb926c
4 changed files with 45 additions and 11 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -323,6 +323,7 @@ script:
      ./OsEID-tool EC-CREATE-KEYS;
      ./OsEID-tool EC-UPLOAD-KEYS;
      ./OsEID-tool EC-SIGN-TEST;
+      ./OsEID-tool EC-SIGN-PKCS11-TEST;
      ./OsEID-tool EC-ECDH-TEST;
      kill -9 $PID;

--- a/src/libopensc/card-myeid.c
+++ b/src/libopensc/card-myeid.c
@ -246,6 +246,8 @@ static int myeid_init(struct sc_card *card)

 		flags = SC_ALGORITHM_ECDSA_RAW | SC_ALGORITHM_ECDH_CDH_RAW | SC_ALGORITHM_ONBOARD_KEY_GEN;
 		flags |= SC_ALGORITHM_ECDSA_HASH_NONE | SC_ALGORITHM_ECDSA_HASH_SHA1;
+		flags |= SC_ALGORITHM_ECDSA_HASH_SHA224 | SC_ALGORITHM_ECDSA_HASH_SHA256;
+		flags |= SC_ALGORITHM_ECDSA_HASH_SHA384 | SC_ALGORITHM_ECDSA_HASH_SHA512;
 		ext_flags = SC_ALGORITHM_EXT_EC_NAMEDCURVE | SC_ALGORITHM_EXT_EC_UNCOMPRESES;

 		for (i=0; ec_curves[i].curve_name != NULL; i++) {
--- a/src/libopensc/pkcs15-sec.c
+++ b/src/libopensc/pkcs15-sec.c
@ -697,7 +697,7 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
 	 * truncation is done by the token.
 	 */
 	else if (senv.algorithm == SC_ALGORITHM_EC &&
-			(flags & SC_ALGORITHM_ECDSA_HASH_NONE) != 0) {
+			(flags & SC_ALGORITHM_ECDSA_HASHES)) {
 		inlen = MIN(inlen, (prkey->field_length+7)/8);
 	}

--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@ -4119,6 +4119,18 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj,
 	case CKM_ECDSA_SHA1:
 		flags = SC_ALGORITHM_ECDSA_HASH_SHA1;
 		break;
+	case CKM_ECDSA_SHA224:
+		flags = SC_ALGORITHM_ECDSA_HASH_SHA224;
+		break;
+	case CKM_ECDSA_SHA256:
+		flags = SC_ALGORITHM_ECDSA_HASH_SHA256;
+		break;
+	case CKM_ECDSA_SHA384:
+		flags = SC_ALGORITHM_ECDSA_HASH_SHA384;
+		break;
+	case CKM_ECDSA_SHA512:
+		flags = SC_ALGORITHM_ECDSA_HASH_SHA512;
+		break;
 	default:
 		sc_log(context, "DEE - need EC for %lu", pMechanism->mechanism);
 		return CKR_MECHANISM_INVALID;
@ -5642,26 +5654,45 @@ static CK_RV register_ec_mechanisms(struct sc_pkcs11_card *p11card, int flags,
 	mech_info.ulMinKeySize = min_key_size;
 	mech_info.ulMaxKeySize = max_key_size;

-	if(flags & SC_ALGORITHM_ECDSA_HASH_NONE) {
+	if (flags & SC_ALGORITHM_ECDSA_RAW) {
 		mt = sc_pkcs11_new_fw_mechanism(CKM_ECDSA, &mech_info, CKK_EC, NULL, NULL);
 		if (!mt)
 			return CKR_HOST_MEMORY;
 		rc = sc_pkcs11_register_mechanism(p11card, mt);
 		if (rc != CKR_OK)
 			return rc;
-	}

 #ifdef ENABLE_OPENSSL
-	if(flags & SC_ALGORITHM_ECDSA_HASH_SHA1) {
-		mt = sc_pkcs11_new_fw_mechanism(CKM_ECDSA_SHA1, &mech_info, CKK_EC, NULL, NULL);
-		if (!mt)
-			return CKR_HOST_MEMORY;
-		rc = sc_pkcs11_register_mechanism(p11card, mt);
-		if (rc != CKR_OK)
-			return rc;
-	}
+		/* Hashing is always done in openssl, if the card driver requests hashes, we enable them here. */
+
+		if (flags & SC_ALGORITHM_ECDSA_HASH_SHA1) {
+			rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_ECDSA_SHA1, CKM_SHA_1, mt);
+			if (rc != CKR_OK)
+				return rc;
+		}
+		if (flags & SC_ALGORITHM_ECDSA_HASH_SHA224) {
+			rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_ECDSA_SHA224, CKM_SHA224, mt);
+			if (rc != CKR_OK)
+				return rc;
+		}
+		if (flags & SC_ALGORITHM_ECDSA_HASH_SHA256) {
+			rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_ECDSA_SHA256, CKM_SHA256, mt);
+			if (rc != CKR_OK)
+				return rc;
+		}
+		if (flags & SC_ALGORITHM_ECDSA_HASH_SHA384) {
+			rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_ECDSA_SHA384, CKM_SHA384, mt);
+			if (rc != CKR_OK)
+				return rc;
+		}
+		if (flags & SC_ALGORITHM_ECDSA_HASH_SHA512) {
+			rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_ECDSA_SHA512, CKM_SHA512, mt);
+			if (rc != CKR_OK)
+				return rc;
+		}
 #endif

+	}
 	/* ADD ECDH mechanisms */
 	/* The PIV uses curves where CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE produce the same results */
 	if(flags & SC_ALGORITHM_ECDH_CDH_RAW) {