pkcs11: clean up mechanism registration
* check for out of memory conditions * register SHA256 as well * key generation depends on onboard key generation capabilities, not OpenSSL Further adjustments are needed. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4894 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
113dfda494
commit
b33a44fdf0
|
@ -3114,13 +3114,13 @@ static int register_mechanisms(struct sc_pkcs11_card *p11card)
|
||||||
num = card->algorithm_count;
|
num = card->algorithm_count;
|
||||||
alg_info = card->algorithms;
|
alg_info = card->algorithms;
|
||||||
while (num--) {
|
while (num--) {
|
||||||
if (alg_info->algorithm == SC_ALGORITHM_RSA) {
|
if (alg_info->algorithm == SC_ALGORITHM_RSA) {
|
||||||
if (alg_info->key_length < mech_info.ulMinKeySize)
|
if (alg_info->key_length < mech_info.ulMinKeySize)
|
||||||
mech_info.ulMinKeySize = alg_info->key_length;
|
mech_info.ulMinKeySize = alg_info->key_length;
|
||||||
if (alg_info->key_length > mech_info.ulMaxKeySize)
|
if (alg_info->key_length > mech_info.ulMaxKeySize)
|
||||||
mech_info.ulMaxKeySize = alg_info->key_length;
|
mech_info.ulMaxKeySize = alg_info->key_length;
|
||||||
|
|
||||||
flags |= alg_info->flags;
|
flags |= alg_info->flags;
|
||||||
}
|
}
|
||||||
if (alg_info->algorithm == SC_ALGORITHM_GOSTR3410)
|
if (alg_info->algorithm == SC_ALGORITHM_GOSTR3410)
|
||||||
flags |= alg_info->flags;
|
flags |= alg_info->flags;
|
||||||
|
@ -3139,8 +3139,7 @@ static int register_mechanisms(struct sc_pkcs11_card *p11card)
|
||||||
|
|
||||||
/* Check if we support raw RSA */
|
/* Check if we support raw RSA */
|
||||||
if (flags & SC_ALGORITHM_RSA_RAW) {
|
if (flags & SC_ALGORITHM_RSA_RAW) {
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_X_509,
|
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_X_509, &mech_info, CKK_RSA, NULL);
|
||||||
&mech_info, CKK_RSA, NULL);
|
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
if (rc != CKR_OK)
|
if (rc != CKR_OK)
|
||||||
return rc;
|
return rc;
|
||||||
|
@ -3149,14 +3148,12 @@ static int register_mechanisms(struct sc_pkcs11_card *p11card)
|
||||||
* have registered everything else, too. If it didn't
|
* have registered everything else, too. If it didn't
|
||||||
* we help it a little
|
* we help it a little
|
||||||
*/
|
*/
|
||||||
flags |= SC_ALGORITHM_RSA_PAD_PKCS1
|
flags |= SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASHES;
|
||||||
|SC_ALGORITHM_RSA_HASHES;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check for PKCS1 */
|
/* Check for PKCS1 */
|
||||||
if (flags & SC_ALGORITHM_RSA_PAD_PKCS1) {
|
if (flags & SC_ALGORITHM_RSA_PAD_PKCS1) {
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS,
|
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS, &mech_info, CKK_RSA, NULL);
|
||||||
&mech_info, CKK_RSA, NULL);
|
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
if (rc != CKR_OK)
|
if (rc != CKR_OK)
|
||||||
return rc;
|
return rc;
|
||||||
|
@ -3166,29 +3163,36 @@ static int register_mechanisms(struct sc_pkcs11_card *p11card)
|
||||||
if (!(flags & SC_ALGORITHM_RSA_HASHES))
|
if (!(flags & SC_ALGORITHM_RSA_HASHES))
|
||||||
flags |= SC_ALGORITHM_RSA_HASHES;
|
flags |= SC_ALGORITHM_RSA_HASHES;
|
||||||
|
|
||||||
if (flags & SC_ALGORITHM_RSA_HASH_SHA1)
|
if (flags & SC_ALGORITHM_RSA_HASH_SHA1) {
|
||||||
sc_pkcs11_register_sign_and_hash_mechanism(p11card,
|
rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_SHA1_RSA_PKCS, CKM_SHA_1, mt);
|
||||||
CKM_SHA1_RSA_PKCS, CKM_SHA_1, mt);
|
if (rc != CKR_OK)
|
||||||
if (flags & SC_ALGORITHM_RSA_HASH_MD5)
|
return rc;
|
||||||
sc_pkcs11_register_sign_and_hash_mechanism(p11card,
|
}
|
||||||
CKM_MD5_RSA_PKCS, CKM_MD5, mt);
|
if (flags & SC_ALGORITHM_RSA_HASH_SHA256) {
|
||||||
if (flags & SC_ALGORITHM_RSA_HASH_RIPEMD160)
|
rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_SHA256_RSA_PKCS, CKM_SHA256, mt);
|
||||||
sc_pkcs11_register_sign_and_hash_mechanism(p11card,
|
if (rc != CKR_OK)
|
||||||
CKM_RIPEMD160_RSA_PKCS, CKM_RIPEMD160, mt);
|
return rc;
|
||||||
#if 0
|
}
|
||||||
/* Does this correspond to any defined CKM_XXX value? */
|
if (flags & SC_ALGORITHM_RSA_HASH_MD5) {
|
||||||
if (flags & SC_ALGORITHM_RSA_HASH_MD5_SHA1)
|
rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_MD5_RSA_PKCS, CKM_MD5, mt);
|
||||||
sc_pkcs11_register_sign_and_hash_mechanism(p11card,
|
if (rc != CKR_OK)
|
||||||
CKM_XXX_RSA_PKCS, CKM_XXX, mt);
|
return rc;
|
||||||
#endif
|
}
|
||||||
#ifdef ENABLE_OPENSSL
|
if (flags & SC_ALGORITHM_RSA_HASH_RIPEMD160) {
|
||||||
mech_info.flags = CKF_GENERATE_KEY_PAIR;
|
rc = sc_pkcs11_register_sign_and_hash_mechanism(p11card, CKM_RIPEMD160_RSA_PKCS, CKM_RIPEMD160, mt);
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS_KEY_PAIR_GEN,
|
if (rc != CKR_OK)
|
||||||
&mech_info, CKK_RSA, NULL);
|
return rc;
|
||||||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
}
|
||||||
if (rc != CKR_OK)
|
|
||||||
return rc;
|
if (flags & SC_ALGORITHM_ONBOARD_KEY_GEN) {
|
||||||
#endif
|
mech_info.flags = CKF_GENERATE_KEY_PAIR;
|
||||||
|
mt = sc_pkcs11_new_fw_mechanism(CKM_RSA_PKCS_KEY_PAIR_GEN, &mech_info, CKK_RSA, NULL);
|
||||||
|
if (!mt)
|
||||||
|
return CKR_HOST_MEMORY;
|
||||||
|
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||||
|
if (rc != CKR_OK)
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
|
|
|
@ -812,7 +812,6 @@ sc_pkcs11_register_generic_mechanisms(struct sc_pkcs11_card *p11card)
|
||||||
#ifdef ENABLE_OPENSSL
|
#ifdef ENABLE_OPENSSL
|
||||||
sc_pkcs11_register_openssl_mechanisms(p11card);
|
sc_pkcs11_register_openssl_mechanisms(p11card);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return CKR_OK;
|
return CKR_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -843,9 +842,9 @@ sc_pkcs11_register_sign_and_hash_mechanism(struct sc_pkcs11_card *p11card,
|
||||||
info->sign_mech = sign_type->mech;
|
info->sign_mech = sign_type->mech;
|
||||||
info->hash_mech = hash_mech;
|
info->hash_mech = hash_mech;
|
||||||
|
|
||||||
new_type = sc_pkcs11_new_fw_mechanism(mech, &mech_info,
|
new_type = sc_pkcs11_new_fw_mechanism(mech, &mech_info, sign_type->key_type, info);
|
||||||
sign_type->key_type, info);
|
|
||||||
if (new_type)
|
if (!new_type)
|
||||||
sc_pkcs11_register_mechanism(p11card, new_type);
|
return CKR_HOST_MEMORY;
|
||||||
return CKR_OK;
|
return sc_pkcs11_register_mechanism(p11card, new_type);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue