From f412995811084e60c069b3befeabfd1a8f2089d1 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Fri, 1 Feb 2019 09:10:02 +0100 Subject: [PATCH 01/22] Bug fix in verify_signature() when the buffer to verify is larger than 1025 bytes. In this case, the signature length given to C_VerifyFinal() was incorrect. --- src/tools/pkcs11-tool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 561da149..ceb6ea15 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -1985,7 +1985,7 @@ static void verify_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session, r = read(fd, in_buffer, sizeof(in_buffer)); } while (r > 0); - sig_len = sizeof(sig_buffer); + sig_len = r2; rv = p11->C_VerifyFinal(session, sig_buffer, sig_len); if (rv != CKR_OK) p11_fatal("C_VerifyFinal", rv); From ff3448fb18c007dae05c9ef543de29a311251b43 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Fri, 1 Feb 2019 09:13:21 +0100 Subject: [PATCH 02/22] Fix build when OPENSSL_NO_RIPEMD and OPENSSL_NO_CAST are defined. --- src/tools/pkcs11-tool.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index ceb6ea15..f3432269 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -4567,7 +4567,9 @@ static int sign_verify_openssl(CK_SESSION_HANDLE session, EVP_sha1(), EVP_sha1(), EVP_md5(), +#ifndef OPENSSL_NO_RIPEMD EVP_ripemd160(), +#endif EVP_sha256(), }; #endif @@ -4650,7 +4652,9 @@ static int test_signature(CK_SESSION_HANDLE sess) CKM_RSA_PKCS, CKM_SHA1_RSA_PKCS, CKM_MD5_RSA_PKCS, + #ifndef OPENSSL_NO_RIPEMD CKM_RIPEMD160_RSA_PKCS, + #endif CKM_SHA256_RSA_PKCS, 0xffffff }; @@ -5231,7 +5235,9 @@ static int test_unwrap(CK_SESSION_HANDLE sess) errors += wrap_unwrap(sess, EVP_des_cbc(), privKeyObject); errors += wrap_unwrap(sess, EVP_des_ede3_cbc(), privKeyObject); errors += wrap_unwrap(sess, EVP_bf_cbc(), privKeyObject); + #ifndef OPENSSL_NO_CAST errors += wrap_unwrap(sess, EVP_cast5_cfb(), privKeyObject); + #endif #endif } From 968bfa84445c74078a784931aa12efa9711de293 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Fri, 1 Feb 2019 09:16:59 +0100 Subject: [PATCH 03/22] Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). --- src/tools/pkcs11-tool.c | 102 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 97 insertions(+), 5 deletions(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index f3432269..6dcad1a6 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5256,6 +5256,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, CK_ULONG encrypted_len, data_len; int failed; CK_RV rv; + CK_RSA_PKCS_OAEP_PARAMS oaep_params; printf(" %s: ", p11_mechanism_to_name(mech_type)); @@ -5268,13 +5269,104 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, EVP_PKEY_free(pkey); return 0; } - encrypted_len = EVP_PKEY_encrypt_old(encrypted, orig_data, sizeof(orig_data), pkey); - EVP_PKEY_free(pkey); - if (((int) encrypted_len) <= 0) { - printf("Encryption failed, returning\n"); - return 0; + if (mech_type == CKM_RSA_PKCS_OAEP) { + EVP_PKEY_CTX *ctx; + ctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!ctx) { + EVP_PKEY_free(pkey); + printf("EVP_PKEY_CTX_new failed, returning\n"); + return 0; + } + if (EVP_PKEY_encrypt_init(ctx) <= 0) { + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + printf("EVP_PKEY_encrypt_init failed, returning\n"); + return 0; + } + + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) { + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + printf("set OAEP padding failed, returning\n"); + return 0; + } + size_t outlen = sizeof(encrypted); + if (EVP_PKEY_encrypt(ctx, encrypted, &outlen, orig_data, sizeof(orig_data)) <= 0) { + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + printf("Encryption failed, returning\n"); + return 0; + } + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + encrypted_len = outlen; + + } else { + encrypted_len = EVP_PKEY_encrypt_old(encrypted, orig_data, sizeof(orig_data), pkey); + EVP_PKEY_free(pkey); + if (((int) encrypted_len) <= 0) { + printf("Encryption failed, returning\n"); + return 0; + } + } + + /* set "default" MGF and hash algorithms. We can overwrite MGF later */ + switch (mech_type) { + case CKM_RSA_PKCS_OAEP: + oaep_params.hashAlg = opt_hash_alg; + switch (opt_hash_alg) { + case CKM_SHA224: + oaep_params.mgf = CKG_MGF1_SHA224; + break; + case CKM_SHA256: + oaep_params.mgf = CKG_MGF1_SHA256; + break; + case CKM_SHA384: + oaep_params.mgf = CKG_MGF1_SHA384; + break; + case CKM_SHA512: + oaep_params.mgf = CKG_MGF1_SHA512; + break; + default: + oaep_params.hashAlg = CKM_SHA_1; + /* fall through */ + case CKM_SHA_1: + oaep_params.mgf = CKG_MGF1_SHA1; + break; + } + break; + case CKM_RSA_PKCS: + mech.pParameter = NULL; + mech.ulParameterLen = 0; + break; + default: + util_fatal("Mechanism %s illegal or not supported\n", p11_mechanism_to_name(opt_mechanism)); } + + /* If an RSA-OAEP mechanism, it needs parameters */ + if (oaep_params.hashAlg) { + if (opt_mgf != 0) + oaep_params.mgf = opt_mgf; + + /* These settings are compatible with OpenSSL 1.0.2L and 1.1.0+ */ + oaep_params.source = 0UL; /* empty encoding parameter (label) */ + oaep_params.pSourceData = NULL; /* PKCS#11 standard: this must be NULLPTR */ + oaep_params.ulSourceDataLen = 0; /* PKCS#11 standard: this must be 0 */ + + mech.pParameter = &oaep_params; + mech.ulParameterLen = sizeof(oaep_params); + + fprintf(stderr, "OAEP parameters: hashAlg=%s, mgf=%s, source_type=%lu, source_ptr=%p, source_len=%lu\n", + p11_mechanism_to_name(oaep_params.hashAlg), + p11_mgf_to_name(oaep_params.mgf), + oaep_params.source, + oaep_params.pSourceData, + oaep_params.ulSourceDataLen); + + } + + mech.mechanism = mech_type; rv = p11->C_DecryptInit(session, &mech, privKeyObject); if (rv == CKR_MECHANISM_INVALID || rv == CKR_MECHANISM_PARAM_INVALID) { From 16ca73ae4008656ff2d7ee079eb39304e15fb776 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Fri, 1 Feb 2019 11:19:33 +0100 Subject: [PATCH 04/22] Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). fix mechanism value in call to util_fatal(). --- src/tools/pkcs11-tool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 6dcad1a6..374ecf7e 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5340,7 +5340,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, mech.ulParameterLen = 0; break; default: - util_fatal("Mechanism %s illegal or not supported\n", p11_mechanism_to_name(opt_mechanism)); + util_fatal("Mechanism %s illegal or not supported\n", p11_mechanism_to_name(mech_type)); } From 2be799f739c20f4ff276834b91a50f32fe314718 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Fri, 1 Feb 2019 11:35:25 +0100 Subject: [PATCH 05/22] Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). fix mechanism value in call to util_fatal(). fix formatting. --- src/tools/pkcs11-tool.c | 83 +++++++++++++++++++++-------------------- 1 file changed, 42 insertions(+), 41 deletions(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 374ecf7e..74416561 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -1782,7 +1782,7 @@ parse_pss_params(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, util_fatal("Salt length must be greater or equal " "to zero, or equal to -1 (meaning: use digest size) " "or to -2 (meaning: use maximum permissible size"); - + modlen = (get_private_key_length(session, key) + 7) / 8; switch (opt_salt_len) { case -1: /* salt size equals to digest size */ @@ -2024,7 +2024,7 @@ static void decrypt_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session, if (opt_hash_alg != 0 && opt_mechanism != CKM_RSA_PKCS_OAEP) util_fatal("The hash-algorithm is applicable only to " - "RSA-PKCS-OAEP mechanism"); + "RSA-PKCS-OAEP mechanism"); if (opt_input == NULL) fd = 0; @@ -2053,7 +2053,7 @@ static void decrypt_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session, case CKM_SHA512: oaep_params.mgf = CKG_MGF1_SHA512; break; - default: + default: oaep_params.hashAlg = CKM_SHA_1; /* fall through */ case CKM_SHA_1: @@ -2090,7 +2090,7 @@ static void decrypt_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session, oaep_params.pSourceData, oaep_params.ulSourceDataLen); - } + } rv = p11->C_DecryptInit(session, &mech, key); if (rv != CKR_OK) @@ -5270,45 +5270,45 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, return 0; } if (mech_type == CKM_RSA_PKCS_OAEP) { - EVP_PKEY_CTX *ctx; - ctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!ctx) { - EVP_PKEY_free(pkey); - printf("EVP_PKEY_CTX_new failed, returning\n"); - return 0; - } - if (EVP_PKEY_encrypt_init(ctx) <= 0) { - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - printf("EVP_PKEY_encrypt_init failed, returning\n"); - return 0; - } + EVP_PKEY_CTX *ctx; + ctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!ctx) { + EVP_PKEY_free(pkey); + printf("EVP_PKEY_CTX_new failed, returning\n"); + return 0; + } + if (EVP_PKEY_encrypt_init(ctx) <= 0) { + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + printf("EVP_PKEY_encrypt_init failed, returning\n"); + return 0; + } - if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) { - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - printf("set OAEP padding failed, returning\n"); - return 0; - } - size_t outlen = sizeof(encrypted); - if (EVP_PKEY_encrypt(ctx, encrypted, &outlen, orig_data, sizeof(orig_data)) <= 0) { - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - printf("Encryption failed, returning\n"); - return 0; - } - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - encrypted_len = outlen; + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) { + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + printf("set OAEP padding failed, returning\n"); + return 0; + } + size_t outlen = sizeof(encrypted); + if (EVP_PKEY_encrypt(ctx, encrypted, &outlen, orig_data, sizeof(orig_data)) <= 0) { + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + printf("Encryption failed, returning\n"); + return 0; + } + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + encrypted_len = outlen; - } else { - encrypted_len = EVP_PKEY_encrypt_old(encrypted, orig_data, sizeof(orig_data), pkey); - EVP_PKEY_free(pkey); - if (((int) encrypted_len) <= 0) { - printf("Encryption failed, returning\n"); - return 0; - } - } + } else { + encrypted_len = EVP_PKEY_encrypt_old(encrypted, orig_data, sizeof(orig_data), pkey); + EVP_PKEY_free(pkey); + if (((int) encrypted_len) <= 0) { + printf("Encryption failed, returning\n"); + return 0; + } + } /* set "default" MGF and hash algorithms. We can overwrite MGF later */ switch (mech_type) { @@ -5461,6 +5461,7 @@ static int test_decrypt(CK_SESSION_HANDLE sess) printf("No OpenSSL support, unable to validate decryption\n"); #else for (n = 0; n < num_mechs; n++) { + errors += encrypt_decrypt(sess, mechs[n], privKeyObject); } #endif From cf617da4bda4d37ede78651662010d472c244ab0 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Fri, 1 Feb 2019 11:37:47 +0100 Subject: [PATCH 06/22] Before calling encrypt_decrypt() make sure that the mechanism is for RSA and supports decryption, otherwise skip it. --- src/tools/pkcs11-tool.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 74416561..2f4497f3 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5461,6 +5461,17 @@ static int test_decrypt(CK_SESSION_HANDLE sess) printf("No OpenSSL support, unable to validate decryption\n"); #else for (n = 0; n < num_mechs; n++) { + switch (mechs[n]) { + case CKM_RSA_PKCS: + case CKM_RSA_PKCS_OAEP: + case CKM_RSA_X_509: + //case CKM_RSA_PKCS_TPM_1_1: + //case CKM_RSA_PKCS_OAEP_TPM_1_1: + break; + default: + printf(" -- mechanism can't be used to decrypt, skipping\n"); + continue; + } errors += encrypt_decrypt(sess, mechs[n], privKeyObject); } From 9b7605ff3ceb6e799e106ff718465626e739486f Mon Sep 17 00:00:00 2001 From: alegon01 Date: Fri, 1 Feb 2019 15:27:55 +0100 Subject: [PATCH 07/22] Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). Only set the OAEP params for CKM_RSA_PKCS_OAEP, I had an issue with a variable not initialized. --- src/tools/pkcs11-tool.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 2f4497f3..aa986ff4 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5334,18 +5334,6 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, oaep_params.mgf = CKG_MGF1_SHA1; break; } - break; - case CKM_RSA_PKCS: - mech.pParameter = NULL; - mech.ulParameterLen = 0; - break; - default: - util_fatal("Mechanism %s illegal or not supported\n", p11_mechanism_to_name(mech_type)); - } - - - /* If an RSA-OAEP mechanism, it needs parameters */ - if (oaep_params.hashAlg) { if (opt_mgf != 0) oaep_params.mgf = opt_mgf; @@ -5354,6 +5342,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, oaep_params.pSourceData = NULL; /* PKCS#11 standard: this must be NULLPTR */ oaep_params.ulSourceDataLen = 0; /* PKCS#11 standard: this must be 0 */ + /* If an RSA-OAEP mechanism, it needs parameters */ mech.pParameter = &oaep_params; mech.ulParameterLen = sizeof(oaep_params); @@ -5363,10 +5352,15 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, oaep_params.source, oaep_params.pSourceData, oaep_params.ulSourceDataLen); - + break; + case CKM_RSA_PKCS: + mech.pParameter = NULL; + mech.ulParameterLen = 0; + break; + default: + util_fatal("Mechanism %s illegal or not supported\n", p11_mechanism_to_name(mech_type)); } - mech.mechanism = mech_type; rv = p11->C_DecryptInit(session, &mech, privKeyObject); if (rv == CKR_MECHANISM_INVALID || rv == CKR_MECHANISM_PARAM_INVALID) { From f030aa2c25943472fa66f601286487c2a8c98b10 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Mon, 4 Feb 2019 14:23:13 +0100 Subject: [PATCH 08/22] Add support for CKM_RSA_X_509 in encrypt_decrypt() and decrypt_data(). --- src/tools/pkcs11-tool.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index aa986ff4..7dc8c8a8 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -2061,6 +2061,7 @@ static void decrypt_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session, break; } break; + case CKM_RSA_X_509: case CKM_RSA_PKCS: mech.pParameter = NULL; mech.ulParameterLen = 0; @@ -5353,6 +5354,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, oaep_params.pSourceData, oaep_params.ulSourceDataLen); break; + case CKM_RSA_X_509: case CKM_RSA_PKCS: mech.pParameter = NULL; mech.ulParameterLen = 0; From 3d09823df0029a35f9f3259a5f9a401dcbf26ee3 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Mon, 4 Feb 2019 14:26:02 +0100 Subject: [PATCH 09/22] Fix build when OPENSSL_NO_RIPEMD and OPENSSL_NO_CAST are defined. Fix formatting. --- src/tools/pkcs11-tool.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 7dc8c8a8..29d33b7b 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -4653,9 +4653,9 @@ static int test_signature(CK_SESSION_HANDLE sess) CKM_RSA_PKCS, CKM_SHA1_RSA_PKCS, CKM_MD5_RSA_PKCS, - #ifndef OPENSSL_NO_RIPEMD +#ifndef OPENSSL_NO_RIPEMD CKM_RIPEMD160_RSA_PKCS, - #endif +#endif CKM_SHA256_RSA_PKCS, 0xffffff }; @@ -5236,9 +5236,9 @@ static int test_unwrap(CK_SESSION_HANDLE sess) errors += wrap_unwrap(sess, EVP_des_cbc(), privKeyObject); errors += wrap_unwrap(sess, EVP_des_ede3_cbc(), privKeyObject); errors += wrap_unwrap(sess, EVP_bf_cbc(), privKeyObject); - #ifndef OPENSSL_NO_CAST +#ifndef OPENSSL_NO_CAST errors += wrap_unwrap(sess, EVP_cast5_cfb(), privKeyObject); - #endif +#endif #endif } From d25fbe3cecc55857541ad773899235e227409c47 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Tue, 5 Feb 2019 11:24:33 +0100 Subject: [PATCH 10/22] Remove 2 useless comments in encrypt_decrypt(). --- src/tools/pkcs11-tool.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 29d33b7b..4156df20 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5461,8 +5461,6 @@ static int test_decrypt(CK_SESSION_HANDLE sess) case CKM_RSA_PKCS: case CKM_RSA_PKCS_OAEP: case CKM_RSA_X_509: - //case CKM_RSA_PKCS_TPM_1_1: - //case CKM_RSA_PKCS_OAEP_TPM_1_1: break; default: printf(" -- mechanism can't be used to decrypt, skipping\n"); From 9aa413bd7e9ad7298a30d517c0446308393ea9b1 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Tue, 5 Feb 2019 11:35:42 +0100 Subject: [PATCH 11/22] Fix CKM_RSA_X_509 encrypt_decrypt(). Improve the code for CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP. For these alogs, only CKM_SHA_1 is supported. --- src/tools/pkcs11-tool.c | 114 +++++++++++++++++++++++++--------------- 1 file changed, 71 insertions(+), 43 deletions(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 4156df20..3bfcb239 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5251,16 +5251,29 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE privKeyObject) { EVP_PKEY *pkey; - unsigned char orig_data[] = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', '\0'}; + unsigned char orig_data[512] = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', '\0'}; unsigned char encrypted[512], data[512]; CK_MECHANISM mech; CK_ULONG encrypted_len, data_len; int failed; CK_RV rv; + int pad; + CK_MECHANISM_TYPE hash_alg = CKM_SHA_1; CK_RSA_PKCS_OAEP_PARAMS oaep_params; printf(" %s: ", p11_mechanism_to_name(mech_type)); + if ((mech_type == CKM_RSA_PKCS) || (mech_type == CKM_RSA_PKCS_OAEP)) { + if (opt_hash_alg == 0) { + hash_alg = CKM_SHA_1; + } else if (opt_hash_alg != CKM_SHA_1) { + printf("Only CKM_SHA_1 supported\n"); + return 0; + } else { + hash_alg = opt_hash_alg; + } + } + pkey = get_public_key(session, privKeyObject); if (pkey == NULL) return 0; @@ -5270,52 +5283,71 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, EVP_PKEY_free(pkey); return 0; } - if (mech_type == CKM_RSA_PKCS_OAEP) { - EVP_PKEY_CTX *ctx; - ctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!ctx) { - EVP_PKEY_free(pkey); - printf("EVP_PKEY_CTX_new failed, returning\n"); - return 0; - } - if (EVP_PKEY_encrypt_init(ctx) <= 0) { - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - printf("EVP_PKEY_encrypt_init failed, returning\n"); + size_t in_len; + CK_ULONG mod_len = (get_private_key_length(session, privKeyObject) + 7) / 8; + switch (mech_type) { + case CKM_RSA_PKCS: + pad = RSA_PKCS1_PADDING; + /* Limit the input length to <= mod_len-11 */ + in_len = mod_len-11; + break; + case CKM_RSA_PKCS_OAEP: { + pad = RSA_PKCS1_OAEP_PADDING; + /* Limit the input length to <= mod_len-2-2*hlen */ + size_t len = 2+2*hash_length(hash_alg); + if (len >= mod_len) { + printf("Incompatible mechanism and key size\n"); return 0; } + in_len = mod_len-len; + break; + } + case CKM_RSA_X_509: + pad = RSA_NO_PADDING; + /* Limit the input length to the modulus length */ + in_len = mod_len; + break; + default: + printf("Unsupported mechanism, returning\n"); + return 0; + } - if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) { - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - printf("set OAEP padding failed, returning\n"); - return 0; - } - size_t outlen = sizeof(encrypted); - if (EVP_PKEY_encrypt(ctx, encrypted, &outlen, orig_data, sizeof(orig_data)) <= 0) { - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - printf("Encryption failed, returning\n"); - return 0; - } + EVP_PKEY_CTX *ctx; + ctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!ctx) { + EVP_PKEY_free(pkey); + printf("EVP_PKEY_CTX_new failed, returning\n"); + return 0; + } + if (EVP_PKEY_encrypt_init(ctx) <= 0) { EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); - encrypted_len = outlen; - - } else { - encrypted_len = EVP_PKEY_encrypt_old(encrypted, orig_data, sizeof(orig_data), pkey); - EVP_PKEY_free(pkey); - if (((int) encrypted_len) <= 0) { - printf("Encryption failed, returning\n"); - return 0; - } + printf("EVP_PKEY_encrypt_init failed, returning\n"); + return 0; } + if (EVP_PKEY_CTX_set_rsa_padding(ctx, pad) <= 0) { + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + printf("set OAEP padding failed, returning\n"); + return 0; + } + + size_t out_len = sizeof(encrypted); + if (EVP_PKEY_encrypt(ctx, encrypted, &out_len, orig_data, in_len) <= 0) { + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + printf("Encryption failed, returning\n"); + return 0; + } + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + encrypted_len = out_len; /* set "default" MGF and hash algorithms. We can overwrite MGF later */ switch (mech_type) { case CKM_RSA_PKCS_OAEP: - oaep_params.hashAlg = opt_hash_alg; - switch (opt_hash_alg) { + oaep_params.hashAlg = hash_alg; + switch (oaep_params.hashAlg) { case CKM_SHA224: oaep_params.mgf = CKG_MGF1_SHA224; break; @@ -5379,18 +5411,14 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, if (rv != CKR_OK) p11_fatal("C_Decrypt", rv); - if (mech_type == CKM_RSA_X_509) - failed = (data[0] != 0) || (data[1] != 2) || (data_len <= sizeof(orig_data) - 2) || - memcmp(orig_data, data + data_len - sizeof(orig_data), sizeof(orig_data)); - else - failed = data_len != sizeof(orig_data) || memcmp(orig_data, data, data_len); + failed = data_len != in_len || memcmp(orig_data, data, data_len); if (failed) { CK_ULONG n; printf("resulting cleartext doesn't match input\n"); printf(" Original:"); - for (n = 0; n < sizeof(orig_data); n++) + for (n = 0; n < in_len; n++) printf(" %02x", orig_data[n]); printf("\n"); printf(" Decrypted:"); From 084624f340afd66c985a2dafc8eaf93461946724 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Tue, 5 Feb 2019 12:03:51 +0100 Subject: [PATCH 12/22] Fix CKM_RSA_PKCS in encrypt_decrypt(). --- src/tools/pkcs11-tool.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 3bfcb239..7b8f91e2 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5258,22 +5258,11 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, int failed; CK_RV rv; int pad; - CK_MECHANISM_TYPE hash_alg = CKM_SHA_1; + CK_MECHANISM_TYPE hash_alg; CK_RSA_PKCS_OAEP_PARAMS oaep_params; printf(" %s: ", p11_mechanism_to_name(mech_type)); - if ((mech_type == CKM_RSA_PKCS) || (mech_type == CKM_RSA_PKCS_OAEP)) { - if (opt_hash_alg == 0) { - hash_alg = CKM_SHA_1; - } else if (opt_hash_alg != CKM_SHA_1) { - printf("Only CKM_SHA_1 supported\n"); - return 0; - } else { - hash_alg = opt_hash_alg; - } - } - pkey = get_public_key(session, privKeyObject); if (pkey == NULL) return 0; @@ -5292,6 +5281,14 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, in_len = mod_len-11; break; case CKM_RSA_PKCS_OAEP: { + if (opt_hash_alg == 0) { + hash_alg = CKM_SHA_1; + } else if (opt_hash_alg != CKM_SHA_1) { + printf("Only CKM_RSA_PKCS_OAEP with CKM_SHA_1 supported\n"); + return 0; + } else { + hash_alg = opt_hash_alg; + } pad = RSA_PKCS1_OAEP_PADDING; /* Limit the input length to <= mod_len-2-2*hlen */ size_t len = 2+2*hash_length(hash_alg); From 973625773b6bef1750db94712339381a534beeae Mon Sep 17 00:00:00 2001 From: alegon01 Date: Thu, 7 Feb 2019 10:42:48 +0100 Subject: [PATCH 13/22] Fix encrypt_decrypt() for CKM_RSA_PKCS_OAEP. It is working fine now with OpenSsl 1.1.1a. --- src/tools/pkcs11-tool.c | 118 +++++++++++++++++++++++++++++----------- 1 file changed, 87 insertions(+), 31 deletions(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 7b8f91e2..e1f5656b 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5258,7 +5258,8 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, int failed; CK_RV rv; int pad; - CK_MECHANISM_TYPE hash_alg; + CK_MECHANISM_TYPE hash_alg = CKM_SHA256; + CK_RSA_PKCS_MGF_TYPE mgf; CK_RSA_PKCS_OAEP_PARAMS oaep_params; printf(" %s: ", p11_mechanism_to_name(mech_type)); @@ -5281,14 +5282,35 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, in_len = mod_len-11; break; case CKM_RSA_PKCS_OAEP: { - if (opt_hash_alg == 0) { - hash_alg = CKM_SHA_1; - } else if (opt_hash_alg != CKM_SHA_1) { - printf("Only CKM_RSA_PKCS_OAEP with CKM_SHA_1 supported\n"); - return 0; - } else { + if (opt_hash_alg != 0) { hash_alg = opt_hash_alg; } + switch (hash_alg) { + case CKM_SHA_1: + mgf = CKG_MGF1_SHA1; + break; + case CKM_SHA224: + mgf = CKG_MGF1_SHA224; + break; + default: + printf("hash-algorithm %s unknown, defaulting to CKM_SHA256\n", p11_mechanism_to_name(hash_alg)); + /* fall through */ + case CKM_SHA256: + mgf = CKG_MGF1_SHA256; + break; + case CKM_SHA384: + mgf = CKG_MGF1_SHA384; + break; + case CKM_SHA512: + mgf = CKG_MGF1_SHA512; + break; + } + if (opt_mgf != 0) { + mgf = opt_mgf; + } else { + printf("mgf not set, defaulting to %s\n", p11_mgf_to_name(mgf)); + } + pad = RSA_PKCS1_OAEP_PADDING; /* Limit the input length to <= mod_len-2-2*hlen */ size_t len = 2+2*hash_length(hash_alg); @@ -5305,7 +5327,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, in_len = mod_len; break; default: - printf("Unsupported mechanism, returning\n"); + printf("Unsupported mechanism %s, returning\n", p11_mechanism_to_name(mech_type)); return 0; } @@ -5325,9 +5347,64 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, if (EVP_PKEY_CTX_set_rsa_padding(ctx, pad) <= 0) { EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); - printf("set OAEP padding failed, returning\n"); + printf("set padding failed, returning\n"); return 0; } + if (mech_type == CKM_RSA_PKCS_OAEP) { + const EVP_MD *md; + switch (hash_alg) { + case CKM_SHA_1: + md = EVP_sha1(); + break; + case CKM_SHA224: + md = EVP_sha224(); + break; + default: /* it should not happen, hash_alg is checked earlier */ + /* fall through */ + case CKM_SHA256: + md = EVP_sha256(); + break; + case CKM_SHA384: + md = EVP_sha384(); + break; + case CKM_SHA512: + md = EVP_sha512(); + break; + } + if (EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) <= 0) { + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + printf("set md failed, returning\n"); + return 0; + } + switch (mgf) { + case CKG_MGF1_SHA1: + md = EVP_sha1(); + break; + case CKG_MGF1_SHA224: + md = EVP_sha224(); + break; + default: + printf("mgf %s unknown, defaulting to CKG_MGF1_SHA256\n", p11_mgf_to_name(mgf)); + mgf = CKG_MGF1_SHA256; + /* fall through */ + case CKG_MGF1_SHA256: + md = EVP_sha256(); + break; + case CKG_MGF1_SHA384: + md = EVP_sha384(); + break; + case CKG_MGF1_SHA512: + md = EVP_sha512(); + break; + } + if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) <= 0) { + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + printf("set mgf1 md failed, returning\n"); + return 0; + } + } size_t out_len = sizeof(encrypted); if (EVP_PKEY_encrypt(ctx, encrypted, &out_len, orig_data, in_len) <= 0) { @@ -5344,28 +5421,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, switch (mech_type) { case CKM_RSA_PKCS_OAEP: oaep_params.hashAlg = hash_alg; - switch (oaep_params.hashAlg) { - case CKM_SHA224: - oaep_params.mgf = CKG_MGF1_SHA224; - break; - case CKM_SHA256: - oaep_params.mgf = CKG_MGF1_SHA256; - break; - case CKM_SHA384: - oaep_params.mgf = CKG_MGF1_SHA384; - break; - case CKM_SHA512: - oaep_params.mgf = CKG_MGF1_SHA512; - break; - default: - oaep_params.hashAlg = CKM_SHA_1; - /* fall through */ - case CKM_SHA_1: - oaep_params.mgf = CKG_MGF1_SHA1; - break; - } - if (opt_mgf != 0) - oaep_params.mgf = opt_mgf; + oaep_params.mgf = mgf; /* These settings are compatible with OpenSSL 1.0.2L and 1.1.0+ */ oaep_params.source = 0UL; /* empty encoding parameter (label) */ From b63a868e68635754048ec24431cbbedea848544b Mon Sep 17 00:00:00 2001 From: alegon01 Date: Tue, 12 Feb 2019 10:42:39 +0100 Subject: [PATCH 14/22] Fix build when EVP_PKEY_CTX_set_rsa_oaep_md is not defined. --- src/tools/pkcs11-tool.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index e1f5656b..7d8542df 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5371,12 +5371,19 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, md = EVP_sha512(); break; } +#if defined(EVP_PKEY_CTX_set_rsa_oaep_md) if (EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) <= 0) { EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); printf("set md failed, returning\n"); return 0; } +#else + if (hash_alg != CKM_SHA_1) { + printf("This version of OpenSsl only supports SHA1 for OAEP, returning\n"); + return 0; + } +#endif switch (mgf) { case CKG_MGF1_SHA1: md = EVP_sha1(); From 9ae507c5f8dcc193f367e6ad536157cb679f3408 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Tue, 12 Feb 2019 14:09:26 +0100 Subject: [PATCH 15/22] Fix indentation. --- src/tools/pkcs11-tool.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 7d8542df..1ba69d13 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5379,10 +5379,10 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, return 0; } #else - if (hash_alg != CKM_SHA_1) { - printf("This version of OpenSsl only supports SHA1 for OAEP, returning\n"); + if (hash_alg != CKM_SHA_1) { + printf("This version of OpenSsl only supports SHA1 for OAEP, returning\n"); return 0; - } + } #endif switch (mgf) { case CKG_MGF1_SHA1: From 7271fe610b341ab2f9f56eaf0f9eaef48b8e0e78 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Mon, 18 Feb 2019 16:03:41 +0100 Subject: [PATCH 16/22] Add support for the OpenSsl signature format for the signature verification. --- src/tools/pkcs11-tool.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 1ba69d13..31c5de9e 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -1946,6 +1946,42 @@ static void verify_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session, close(fd2); + if (opt_mechanism == CKM_ECDSA || opt_mechanism == CKM_ECDSA_SHA1 || + opt_mechanism == CKM_ECDSA_SHA256 || opt_mechanism == CKM_ECDSA_SHA384 || + opt_mechanism == CKM_ECDSA_SHA512 || opt_mechanism == CKM_ECDSA_SHA224) { + if (opt_sig_format && (!strcmp(opt_sig_format, "openssl") || + !strcmp(opt_sig_format, "sequence"))) { + + CK_BYTE* bytes; + CK_ULONG len; + size_t rs_len = 0; + unsigned char rs_buffer[512]; + bytes = getEC_POINT(session, key, &len); + free(bytes); + /* + * (We only support uncompressed for now) + * Uncompressed EC_POINT is DER OCTET STRING of "04||x||y" + * So a "256" bit key has x and y of 32 bytes each + * something like: "04 41 04||x||y" + * Do simple size calculation based on DER encoding + */ + if ((len - 2) <= 127) + rs_len = len - 3; + else if ((len - 3) <= 255) + rs_len = len - 4; + else + util_fatal("Key not supported"); + + if (sc_asn1_sig_value_sequence_to_rs(NULL, sig_buffer, r2, + rs_buffer, rs_len)) { + util_fatal("Failed to convert ASN.1 signature"); + } + + memcpy(sig_buffer, rs_buffer, rs_len); + r2 = rs_len; + } + } + /* Open the data file */ if (opt_input == NULL) fd = 0; From b327b76134b19e2495e01abce47ca1aef2d32034 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Wed, 6 Mar 2019 10:26:05 +0100 Subject: [PATCH 17/22] FIX use pseudo_randomize() for a proper initialization of orig_data in encrypt_decrypt(). --- src/tools/pkcs11-tool.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index 31c5de9e..a46cf8ee 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5287,7 +5287,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE privKeyObject) { EVP_PKEY *pkey; - unsigned char orig_data[512] = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', '\0'}; + unsigned char orig_data[512]; unsigned char encrypted[512], data[512]; CK_MECHANISM mech; CK_ULONG encrypted_len, data_len; @@ -5300,6 +5300,8 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, printf(" %s: ", p11_mechanism_to_name(mech_type)); + pseudo_randomize(orig_data, sizeof(orig_data)); + pkey = get_public_key(session, privKeyObject); if (pkey == NULL) return 0; From 728d099a536ab1923a217ae00408f72aa0b8ecee Mon Sep 17 00:00:00 2001 From: alegon01 Date: Wed, 6 Mar 2019 11:35:11 +0100 Subject: [PATCH 18/22] FIX typo OpenSSL vs OpenSsl. --- src/tools/pkcs11-tool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index a46cf8ee..dfdd170a 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5418,7 +5418,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, } #else if (hash_alg != CKM_SHA_1) { - printf("This version of OpenSsl only supports SHA1 for OAEP, returning\n"); + printf("This version of OpenSSL only supports SHA1 for OAEP, returning\n"); return 0; } #endif From 31831c300be3d1fc6387ce221c069301ecb3c087 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Tue, 12 Mar 2019 08:52:06 +0100 Subject: [PATCH 19/22] Remove the call to OPENSSL_init_crypto() which is not needed. I have a segmentation fault when the process exits. --- src/tools/pkcs11-tool.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index dfdd170a..b91a660b 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -583,14 +583,6 @@ int main(int argc, char * argv[]) #ifdef ENABLE_OPENSSL #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) OPENSSL_config(NULL); -#endif -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS - | OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS - | OPENSSL_INIT_LOAD_CONFIG, - NULL); -#else /* OpenSSL magic */ OpenSSL_add_all_algorithms(); OPENSSL_malloc_init(); From 4913feadb8c5d8cb2302054d76721364ff43d9f7 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Fri, 5 Apr 2019 10:38:12 +0200 Subject: [PATCH 20/22] Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data) --- src/tools/pkcs11-tool.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index b91a660b..d1263245 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5361,6 +5361,11 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, return 0; } + if (in_len >= sizeof(orig_data)) { + printf("Private key size is too long\n"); + return 0; + } + EVP_PKEY_CTX *ctx; ctx = EVP_PKEY_CTX_new(pkey, NULL); if (!ctx) { From f631b5f733c9332e6bd68649afe8b926bf378911 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Fri, 5 Apr 2019 10:39:52 +0200 Subject: [PATCH 21/22] Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data) --- src/tools/pkcs11-tool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index d1263245..a2f2a94d 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5361,7 +5361,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, return 0; } - if (in_len >= sizeof(orig_data)) { + if (in_len > sizeof(orig_data)) { printf("Private key size is too long\n"); return 0; } From e21cb5712c04b7ac5ae10ca754d952fe28679cf6 Mon Sep 17 00:00:00 2001 From: alegon01 Date: Wed, 24 Apr 2019 14:03:35 +0200 Subject: [PATCH 22/22] Fix in encrypt_decrypt(), initialize the mgf --- src/tools/pkcs11-tool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index a2f2a94d..d9199550 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -5287,7 +5287,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, CK_RV rv; int pad; CK_MECHANISM_TYPE hash_alg = CKM_SHA256; - CK_RSA_PKCS_MGF_TYPE mgf; + CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA256; CK_RSA_PKCS_OAEP_PARAMS oaep_params; printf(" %s: ", p11_mechanism_to_name(mech_type));