110 lines
3.8 KiB
Diff
110 lines
3.8 KiB
Diff
diff -up ./src/coolkey/coolkey.cpp.fail-on-bad-mechanisms ./src/coolkey/coolkey.cpp
|
|
--- ./src/coolkey/coolkey.cpp.fail-on-bad-mechanisms 2016-06-16 14:36:05.934755563 -0700
|
|
+++ ./src/coolkey/coolkey.cpp 2016-06-16 14:36:05.945755372 -0700
|
|
@@ -77,7 +77,8 @@ rsaMechanismList[] = {
|
|
|
|
static const MechInfo
|
|
ecMechanismList[] = {
|
|
- {CKM_ECDSA,{256,521,CKF_HW | CKF_SIGN | CKF_EC_F_P}},{ CKM_ECDSA_SHA1, {256, 521, CKF_HW | CKF_SIGN | CKF_EC_F_P}},{ CKM_ECDH1_DERIVE,{256, 521, CKF_HW | CKF_DERIVE | CKF_EC_F_P} }
|
|
+ {CKM_ECDSA,{256,521,CKF_HW | CKF_SIGN | CKF_EC_F_P}},
|
|
+ {CKM_ECDH1_DERIVE,{256, 521, CKF_HW | CKF_DERIVE | CKF_EC_F_P} }
|
|
};
|
|
|
|
unsigned int numRSAMechanisms = sizeof(rsaMechanismList)/sizeof(MechInfo);
|
|
diff -up ./src/coolkey/slot.cpp.fail-on-bad-mechanisms ./src/coolkey/slot.cpp
|
|
--- ./src/coolkey/slot.cpp.fail-on-bad-mechanisms 2016-06-16 14:36:05.943755407 -0700
|
|
+++ ./src/coolkey/slot.cpp 2016-06-16 15:07:40.255882660 -0700
|
|
@@ -4185,11 +4185,30 @@ Slot::signInit(SessionHandleSuffix suffi
|
|
{
|
|
refreshTokenState();
|
|
SessionIter session = findSession(suffix);
|
|
+ PKCS11Object *key = getKeyFromHandle(hKey);
|
|
if( session == sessions.end() ) {
|
|
throw PKCS11Exception(CKR_SESSION_HANDLE_INVALID);
|
|
}
|
|
+ if (pMechanism == NULL) {
|
|
+ throw PKCS11Exception(CKR_ARGUMENTS_BAD);
|
|
+ }
|
|
+
|
|
+ switch (pMechanism->mechanism) {
|
|
+ case CKM_RSA_PKCS:
|
|
+ if (key->getKeyType() != Key::rsa) {
|
|
+ throw PKCS11Exception(CKR_KEY_TYPE_INCONSISTENT);
|
|
+ }
|
|
+ break;
|
|
+ case CKM_ECDSA:
|
|
+ if (key->getKeyType() != Key::ecc) {
|
|
+ throw PKCS11Exception(CKR_KEY_TYPE_INCONSISTENT);
|
|
+ }
|
|
+ break;
|
|
+ default:
|
|
+ throw PKCS11Exception(CKR_MECHANISM_INVALID);
|
|
+ }
|
|
|
|
- session->signatureState.initialize(getKeyFromHandle(hKey));
|
|
+ session->signatureState.initialize(key);
|
|
}
|
|
|
|
void
|
|
@@ -4198,11 +4217,24 @@ Slot::decryptInit(SessionHandleSuffix su
|
|
{
|
|
refreshTokenState();
|
|
SessionIter session = findSession(suffix);
|
|
+ PKCS11Object *key = getKeyFromHandle(hKey);
|
|
if( session == sessions.end() ) {
|
|
throw PKCS11Exception(CKR_SESSION_HANDLE_INVALID);
|
|
}
|
|
+ if (pMechanism == NULL) {
|
|
+ throw PKCS11Exception(CKR_ARGUMENTS_BAD);
|
|
+ }
|
|
+ switch (pMechanism->mechanism) {
|
|
+ case CKM_RSA_PKCS:
|
|
+ if (key->getKeyType() != Key::rsa) {
|
|
+ throw PKCS11Exception(CKR_KEY_TYPE_INCONSISTENT);
|
|
+ }
|
|
+ break;
|
|
+ default:
|
|
+ throw PKCS11Exception(CKR_MECHANISM_INVALID);
|
|
+ }
|
|
|
|
- session->decryptionState.initialize(getKeyFromHandle(hKey));
|
|
+ session->decryptionState.initialize(key);
|
|
}
|
|
|
|
/**
|
|
@@ -5008,8 +5040,23 @@ Slot::derive(SessionHandleSuffix suffix,
|
|
|
|
ECCKeyAgreementParams params(CryptParams::ECC_DEFAULT_KEY_SIZE);
|
|
SessionIter session = findSession(suffix);
|
|
+ PKCS11Object *key=getKeyFromHandle(hBaseKey);
|
|
|
|
- session->keyAgreementState.initialize(getKeyFromHandle(hBaseKey));
|
|
+ if (pMechanism == NULL ) {
|
|
+ throw PKCS11Exception(CKR_ARGUMENTS_BAD);
|
|
+ }
|
|
+
|
|
+ switch (pMechanism->mechanism) {
|
|
+ case CKM_ECDH1_DERIVE:
|
|
+ if (key->getKeyType() != Key::ecc) {
|
|
+ throw PKCS11Exception(CKR_KEY_TYPE_INCONSISTENT);
|
|
+ }
|
|
+ break;
|
|
+ default:
|
|
+ throw PKCS11Exception(CKR_MECHANISM_INVALID);
|
|
+ }
|
|
+
|
|
+ session->keyAgreementState.initialize(key);
|
|
deriveECC(suffix, pMechanism, hBaseKey, pTemplate, ulAttributeCount,
|
|
phKey, params);
|
|
|
|
@@ -5018,9 +5065,6 @@ Slot::derive(SessionHandleSuffix suffix,
|
|
void Slot::deriveECC(SessionHandleSuffix suffix, CK_MECHANISM_PTR pMechanism,
|
|
CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey, CryptParams& params)
|
|
{
|
|
- if (pMechanism == NULL ) {
|
|
- throw PKCS11Exception(CKR_ARGUMENTS_BAD);
|
|
- }
|
|
|
|
CK_ECDH1_DERIVE_PARAMS *mechParams = NULL;
|
|
|