- Another fix to mechanism handling: ripemd160 signatures should work now
- Got rid of get_mechanism_{list,info} in framework_ops, as they're not
needed anymore.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@795 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
okir
parent
9a472d4e65
commit
d22d1b13a4
|
|
@ -404,51 +404,6 @@ static CK_RV pkcs15_release_token(struct sc_pkcs11_card *p11card, void *fw_token
|
|||
return CKR_OK;
|
||||
}
|
||||
|
||||
static CK_RV pkcs15_get_mechanism_list(struct sc_pkcs11_card *p11card,
|
||||
void *fw_token,
|
||||
CK_MECHANISM_TYPE_PTR pMechanismList,
|
||||
CK_ULONG_PTR pulCount)
|
||||
{
|
||||
static const CK_MECHANISM_TYPE mechanism_list[] = {
|
||||
CKM_RSA_PKCS,
|
||||
CKM_RSA_X_509,
|
||||
};
|
||||
const int numMechanisms = sizeof(mechanism_list) / sizeof(mechanism_list[0]);
|
||||
|
||||
if (pMechanismList == NULL_PTR) {
|
||||
*pulCount = numMechanisms;
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
if (*pulCount < numMechanisms) {
|
||||
*pulCount = numMechanisms;
|
||||
return CKR_BUFFER_TOO_SMALL;
|
||||
}
|
||||
memcpy(pMechanismList, &mechanism_list, sizeof(mechanism_list));
|
||||
*pulCount = numMechanisms;
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
static CK_RV pkcs15_get_mechanism_info(struct sc_pkcs11_card *p11card,
|
||||
void *fw_token,
|
||||
CK_MECHANISM_TYPE type,
|
||||
CK_MECHANISM_INFO_PTR pInfo)
|
||||
{
|
||||
switch (type) {
|
||||
case CKM_RSA_PKCS:
|
||||
case CKM_RSA_X_509:
|
||||
/* FIXME: we should consult the card on what it supports */
|
||||
pInfo->flags = CKF_HW | CKF_SIGN | CKF_UNWRAP;
|
||||
pInfo->ulMinKeySize = 512;
|
||||
pInfo->ulMaxKeySize = 2048;
|
||||
break;
|
||||
default:
|
||||
return CKR_MECHANISM_INVALID;
|
||||
}
|
||||
return CKR_OK;
|
||||
}
|
||||
|
||||
static CK_RV pkcs15_login(struct sc_pkcs11_card *p11card,
|
||||
void *fw_token,
|
||||
CK_USER_TYPE userType,
|
||||
|
|
@ -902,8 +857,6 @@ struct sc_pkcs11_framework_ops framework_pkcs15 = {
|
|||
pkcs15_unbind,
|
||||
pkcs15_create_tokens,
|
||||
pkcs15_release_token,
|
||||
pkcs15_get_mechanism_list,
|
||||
pkcs15_get_mechanism_info,
|
||||
pkcs15_login,
|
||||
pkcs15_logout,
|
||||
pkcs15_change_pin,
|
||||
|
|
@ -1136,14 +1089,15 @@ CK_RV pkcs15_prkey_sign(struct sc_pkcs11_session *ses, void *obj,
|
|||
struct pkcs15_prkey_object *prkey = (struct pkcs15_prkey_object *) obj;
|
||||
int rv, flags = 0;
|
||||
|
||||
debug(context, "Initiating signing operation.\n");
|
||||
debug(context, "Initiating signing operation, mechanism 0x%x.\n",
|
||||
pMechanism->mechanism);
|
||||
|
||||
flags = SC_ALGORITHM_RSA_PAD_PKCS1;
|
||||
switch (pMechanism->mechanism) {
|
||||
case CKM_RSA_PKCS:
|
||||
/* Um. We need to guess what netscape is trying to
|
||||
* sign here. We're lucky that all these things have
|
||||
* different sizes. */
|
||||
flags = SC_ALGORITHM_RSA_PAD_PKCS1;
|
||||
switch (ulDataLen) {
|
||||
case 34:flags |= SC_ALGORITHM_RSA_HASH_MD5; /* MD5 + header */
|
||||
pData += 18; ulDataLen -= 18;
|
||||
|
|
@ -1163,10 +1117,18 @@ CK_RV pkcs15_prkey_sign(struct sc_pkcs11_session *ses, void *obj,
|
|||
flags |= SC_ALGORITHM_RSA_HASH_NONE;
|
||||
}
|
||||
break;
|
||||
case CKM_MD5_RSA_PKCS:
|
||||
flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_MD5;
|
||||
break;
|
||||
case CKM_SHA1_RSA_PKCS:
|
||||
flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA1;
|
||||
break;
|
||||
case CKM_RIPEMD160_RSA_PKCS:
|
||||
flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_RIPEMD160;
|
||||
break;
|
||||
case CKM_RSA_X_509:
|
||||
flags = SC_ALGORITHM_RSA_RAW;
|
||||
break;
|
||||
/* CKM_SHA1_RSA_PKCS et al are handled at the mechanism layer */
|
||||
default:
|
||||
return CKR_MECHANISM_INVALID;
|
||||
}
|
||||
|
|
@ -1583,6 +1545,13 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
|
|||
rc = sc_pkcs11_register_mechanism(p11card, mt);
|
||||
if (rc != CKR_OK)
|
||||
return rc;
|
||||
|
||||
/* If the card supports RAW, it should be all means
|
||||
* have registered everything else, too. If it didn't
|
||||
* we help it a little
|
||||
*/
|
||||
flags |= SC_ALGORITHM_RSA_PAD_PKCS1
|
||||
|SC_ALGORITHM_RSA_HASHES;
|
||||
}
|
||||
|
||||
/* Check for PKCS1 */
|
||||
|
|
|
|||
|
|
@ -92,20 +92,6 @@ pkcs15init_release_token(struct sc_pkcs11_card *p11card, void *ptr)
|
|||
return CKR_OK;
|
||||
}
|
||||
|
||||
static CK_RV
|
||||
pkcs15init_get_mechanism_list(struct sc_pkcs11_card *p11card, void *ptr,
|
||||
CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount)
|
||||
{
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
static CK_RV
|
||||
pkcs15init_get_mechanism_info(struct sc_pkcs11_card *p11card, void *ptr,
|
||||
CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo)
|
||||
{
|
||||
return CKR_CRYPTOKI_NOT_INITIALIZED;
|
||||
}
|
||||
|
||||
static CK_RV
|
||||
pkcs15init_login(struct sc_pkcs11_card *p11card, void *ptr,
|
||||
CK_USER_TYPE user, CK_CHAR_PTR pin, CK_ULONG pinLength)
|
||||
|
|
@ -176,8 +162,6 @@ struct sc_pkcs11_framework_ops framework_pkcs15init = {
|
|||
pkcs15init_unbind,
|
||||
pkcs15init_create_tokens,
|
||||
pkcs15init_release_token,
|
||||
pkcs15init_get_mechanism_list,
|
||||
pkcs15init_get_mechanism_info,
|
||||
pkcs15init_login,
|
||||
pkcs15init_logout,
|
||||
pkcs15init_change_pin,
|
||||
|
|
|
|||
|
|
@ -63,10 +63,9 @@ sc_pkcs11_find_mechanism(struct sc_pkcs11_card *p11card, CK_MECHANISM_TYPE mech,
|
|||
|
||||
/*
|
||||
* Query mechanisms.
|
||||
* We do this by looping over all registered mechanisms and
|
||||
* checked whether it's supported by the current token.
|
||||
*
|
||||
* XXX: We may want to cache this list on a per slot/token basis
|
||||
* All of this is greatly simplified by having the framework
|
||||
* register all supported mechanisms at initialization
|
||||
* time.
|
||||
*/
|
||||
CK_RV
|
||||
sc_pkcs11_get_mechanism_list(struct sc_pkcs11_card *p11card,
|
||||
|
|
@ -86,7 +85,7 @@ sc_pkcs11_get_mechanism_list(struct sc_pkcs11_card *p11card,
|
|||
}
|
||||
|
||||
rv = CKR_OK;
|
||||
if (count > *pulCount)
|
||||
if (pList && count > *pulCount)
|
||||
rv = CKR_BUFFER_TOO_SMALL;
|
||||
*pulCount = count;
|
||||
return rv;
|
||||
|
|
@ -334,7 +333,6 @@ static CK_RV
|
|||
sc_pkcs11_signature_final(sc_pkcs11_operation_t *operation,
|
||||
CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
|
||||
{
|
||||
CK_MECHANISM mechanism;
|
||||
struct signature_data *data;
|
||||
struct sc_pkcs11_object *key;
|
||||
int rv;
|
||||
|
|
@ -353,16 +351,9 @@ sc_pkcs11_signature_final(sc_pkcs11_operation_t *operation,
|
|||
data->buffer_len = len;
|
||||
}
|
||||
|
||||
/* The mechanism we pass to the framework's sign operation
|
||||
* contains the parameters we got from the caller, plus
|
||||
* the mechanism type of the underlying signature operation */
|
||||
mechanism = operation->mechanism;
|
||||
if (data->info)
|
||||
mechanism.mechanism = data->info->sign_mech;
|
||||
|
||||
key = data->key;
|
||||
return key->ops->sign(operation->session,
|
||||
key, &mechanism,
|
||||
key, &operation->mechanism,
|
||||
data->buffer, data->buffer_len,
|
||||
pSignature, pulSignatureLen);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -125,10 +125,6 @@ struct sc_pkcs11_framework_ops {
|
|||
CK_RV (*create_tokens)(struct sc_pkcs11_card *);
|
||||
CK_RV (*release_token)(struct sc_pkcs11_card *, void *);
|
||||
|
||||
/* Methods to ask about supported object ops */
|
||||
CK_RV (*get_mechanism_list)(struct sc_pkcs11_card *, void *, CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount);
|
||||
CK_RV (*get_mechanism_info)(struct sc_pkcs11_card *, void *, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo);
|
||||
|
||||
/* Login and logout */
|
||||
CK_RV (*login)(struct sc_pkcs11_card *, void *,
|
||||
CK_USER_TYPE, CK_CHAR_PTR, CK_ULONG);
|
||||
|
|
|
|||
Loading…
Reference in New Issue