diff --git a/src/pkcs11/pkcs11-display.c b/src/pkcs11/pkcs11-display.c index c15ea025..63473200 100644 --- a/src/pkcs11/pkcs11-display.c +++ b/src/pkcs11/pkcs11-display.c @@ -644,6 +644,15 @@ static enum_specs ck_sta_s[] = { { CKS_RW_SO_FUNCTIONS, "CKS_RW_SO_FUNCTIONS" } }; +static enum_specs ck_ckd_s[] = { + { CKD_NULL, "CKD_NULL" }, + { CKD_SHA1_KDF, "CKD_SHA1_KDF" }, + { CKD_SHA224_KDF, "CKD_SHA224_KDF" }, + { CKD_SHA256_KDF, "CKD_SHA256_KDF" }, + { CKD_SHA384_KDF, "CKD_SHA384_KDF" }, + { CKD_SHA512_KDF, "CKD_SHA512_KDF" }, +}; + #define SZ_SPECS sizeof(enum_specs) enum_spec ck_types[] = { @@ -654,6 +663,7 @@ enum_spec ck_types[] = { { MGF_T, ck_mgf_s, sizeof(ck_mgf_s) / SZ_SPECS, "CK_RSA_PKCS_MGF_TYPE"}, { USR_T, ck_usr_s, sizeof(ck_usr_s) / SZ_SPECS, "CK_USER_TYPE" }, { STA_T, ck_sta_s, sizeof(ck_sta_s) / SZ_SPECS, "CK_STATE" }, + { CKD_T, ck_ckd_s, sizeof(ck_ckd_s) / SZ_SPECS, "CK_EC_KDF_TYPE" }, { RV_T, ck_err_s, sizeof(ck_err_s) / SZ_SPECS, "CK_RV" }, }; diff --git a/src/pkcs11/pkcs11-display.h b/src/pkcs11/pkcs11-display.h index 9473ce9c..53d2e61d 100644 --- a/src/pkcs11/pkcs11-display.h +++ b/src/pkcs11/pkcs11-display.h @@ -59,6 +59,7 @@ enum ck_type{ MGF_T, USR_T, STA_T, + CKD_T, RV_T }; diff --git a/src/pkcs11/pkcs11-spy.c b/src/pkcs11/pkcs11-spy.c index fc111692..8d54cdba 100644 --- a/src/pkcs11/pkcs11-spy.c +++ b/src/pkcs11/pkcs11-spy.c @@ -1339,7 +1339,52 @@ C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_H enter("C_DeriveKey"); spy_dump_ulong_in("hSession", hSession); - fprintf(spy_output, "pMechanism->type=%s\n", lookup_enum(MEC_T, pMechanism->mechanism)); + fprintf(spy_output, "[in] pMechanism->type=%s\n", + lookup_enum(MEC_T, pMechanism->mechanism)); + switch (pMechanism->mechanism) { + case CKM_ECDH1_DERIVE: + case CKM_ECDH1_COFACTOR_DERIVE: + if (pMechanism->pParameter == NULL) { + fprintf(spy_output, "[in] pMechanism->pParameter = NULL\n"); + break; + } + CK_ECDH1_DERIVE_PARAMS *param = + (CK_ECDH1_DERIVE_PARAMS *) pMechanism->pParameter; + fprintf(spy_output, "[in] pMechanism->pParameter = {\n\tkdf=%s\n", + lookup_enum(CKD_T, param->kdf)); + fprintf(spy_output, "\tpSharedData[ulSharedDataLen] = "); + print_generic(spy_output, 0, param->pSharedData, + param->ulSharedDataLen, NULL); + fprintf(spy_output, "\tpPublicData[ulPublicDataLen] = "); + print_generic(spy_output, 0, param->pPublicData, + param->ulPublicDataLen, NULL); + fprintf(spy_output, "}\n"); + break; + case CKM_ECMQV_DERIVE: + if (pMechanism->pParameter == NULL) { + fprintf(spy_output, "[in] pMechanism->pParameter = NULL\n"); + break; + } + CK_ECMQV_DERIVE_PARAMS *param2 = + (CK_ECMQV_DERIVE_PARAMS *) pMechanism->pParameter; + fprintf(spy_output, "[in] pMechanism->pParameter = {\n\tkdf=%s\n", + lookup_enum(CKD_T, param2->kdf)); + fprintf(spy_output, "\tpSharedData[ulSharedDataLen] ="); + print_generic(spy_output, 0, param2->pSharedData, + param2->ulSharedDataLen, NULL); + fprintf(spy_output, "\tpPublicData[ulPublicDataLen] = "); + print_generic(spy_output, 0, param2->pPublicData, + param2->ulPublicDataLen, NULL); + fprintf(spy_output, "\tulPrivateDataLen = %lu", + param2->ulPrivateDataLen); + fprintf(spy_output, "\thPrivateData = %lu", param2->hPrivateData); + fprintf(spy_output, "\tpPublicData2[ulPublicDataLen2] = "); + print_generic(spy_output, 0, param2->pPublicData2, + param2->ulPublicDataLen2, NULL); + fprintf(spy_output, "\tpublicKey = %lu", param2->publicKey); + fprintf(spy_output, "}\n"); + break; + } spy_dump_ulong_in("hBaseKey", hBaseKey); spy_attribute_list_in("pTemplate", pTemplate, ulAttributeCount); rv = po->C_DeriveKey(hSession, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey); diff --git a/src/pkcs11/pkcs11.h b/src/pkcs11/pkcs11.h index a3d6d8f7..7673d41a 100644 --- a/src/pkcs11/pkcs11.h +++ b/src/pkcs11/pkcs11.h @@ -780,7 +780,12 @@ struct ck_mechanism_info #define CKF_DONT_BLOCK (1UL) /* Flags for Key derivation */ -#define CKD_NULL (1UL << 0) +#define CKD_NULL (0x1UL) +#define CKD_SHA1_KDF (0x2UL) +#define CKD_SHA224_KDF (0x5UL) +#define CKD_SHA256_KDF (0x6UL) +#define CKD_SHA384_KDF (0x7UL) +#define CKD_SHA512_KDF (0x8UL) typedef struct CK_ECDH1_DERIVE_PARAMS { unsigned long kdf; @@ -790,6 +795,19 @@ typedef struct CK_ECDH1_DERIVE_PARAMS { unsigned char * pPublicData; } CK_ECDH1_DERIVE_PARAMS; +typedef struct CK_ECMQV_DERIVE_PARAMS { + unsigned long kdf; + unsigned long ulSharedDataLen; + unsigned char * pSharedData; + unsigned long ulPublicDataLen; + unsigned char * pPublicData; + unsigned long ulPrivateDataLen; + CK_OBJECT_HANDLE hPrivateData; + unsigned long ulPublicDataLen2; + unsigned char * pPublicData2; + CK_OBJECT_HANDLE publicKey; +} CK_ECMQV_DERIVE_PARAMS; + typedef unsigned long ck_rsa_pkcs_mgf_type_t; typedef unsigned long CK_RSA_PKCS_OAEP_SOURCE_TYPE;