Skip to content

Commit

Permalink
Add support for SHA3* in pkcs11-tool.
Browse files Browse the repository at this point in the history
  • Loading branch information
@AlexandreGonzalo @Jakuje
AlexandreGonzalo authored and Jakuje committed Dec 20, 2021
1 parent f33a53d commit 846ee37
Show file tree
Hide file tree
Showing 2 changed files with 132 additions and 3 deletions.
20 changes: 20 additions & 0 deletions src/pkcs11/pkcs11.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -552,6 +552,14 @@ typedef unsigned long ck_mechanism_type_t;
#define CKM_SHA512_RSA_PKCS_PSS (0x45UL)
#define CKM_SHA224_RSA_PKCS (0x46UL)
#define CKM_SHA224_RSA_PKCS_PSS (0x47UL)
#define CKM_SHA3_256_RSA_PKCS (0x60UL)
#define CKM_SHA3_384_RSA_PKCS (0x61UL)
#define CKM_SHA3_512_RSA_PKCS (0x62UL)
#define CKM_SHA3_256_RSA_PKCS_PSS (0x63UL)
#define CKM_SHA3_384_RSA_PKCS_PSS (0x64UL)
#define CKM_SHA3_512_RSA_PKCS_PSS (0x65UL)
#define CKM_SHA3_224_RSA_PKCS (0x66UL)
#define CKM_SHA3_224_RSA_PKCS_PSS (0x67UL)
#define CKM_RC2_KEY_GEN (0x100UL)
#define CKM_RC2_ECB (0x101UL)
#define CKM_RC2_CBC (0x102UL)
Expand Down Expand Up @@ -610,15 +618,19 @@ typedef unsigned long ck_mechanism_type_t;
#define CKM_SHA3_256 (0x2B0UL)
#define CKM_SHA3_256_HMAC (0x2B1UL)
#define CKM_SHA3_256_HMAC_GENERAL (0x2B2UL)
#define CKM_SHA3_256_KEY_GEN (0x2B3UL)
#define CKM_SHA3_224 (0x2B5UL)
#define CKM_SHA3_224_HMAC (0x2B6UL)
#define CKM_SHA3_224_HMAC_GENERAL (0x2B7UL)
#define CKM_SHA3_224_KEY_GEN (0x2B8UL)
#define CKM_SHA3_384 (0x2C0UL)
#define CKM_SHA3_384_HMAC (0x2C1UL)
#define CKM_SHA3_384_HMAC_GENERAL (0x2C2UL)
#define CKM_SHA3_384_KEY_GEN (0x2C3UL)
#define CKM_SHA3_512 (0x2D0UL)
#define CKM_SHA3_512_HMAC (0x2D1UL)
#define CKM_SHA3_512_HMAC_GENERAL (0x2D2UL)
#define CKM_SHA3_512_KEY_GEN (0x2D3UL)
#define CKM_CAST_KEY_GEN (0x300UL)
#define CKM_CAST_ECB (0x301UL)
#define CKM_CAST_CBC (0x302UL)
Expand Down Expand Up @@ -721,6 +733,10 @@ typedef unsigned long ck_mechanism_type_t;
#define CKM_ECDSA_SHA256 (0x1044UL)
#define CKM_ECDSA_SHA384 (0x1045UL)
#define CKM_ECDSA_SHA512 (0x1046UL)
#define CKM_ECDSA_SHA3_224 (0x1047UL)
#define CKM_ECDSA_SHA3_256 (0x1048UL)
#define CKM_ECDSA_SHA3_384 (0x1049UL)
#define CKM_ECDSA_SHA3_512 (0x104AUL)
#define CKM_ECDH1_DERIVE (0x1050UL)
#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL)
#define CKM_ECMQV_DERIVE (0x1052UL)
Expand Down Expand Up @@ -878,6 +894,10 @@ typedef struct CK_RSA_PKCS_PSS_PARAMS {
#define CKG_MGF1_SHA256 (0x00000002UL)
#define CKG_MGF1_SHA384 (0x00000003UL)
#define CKG_MGF1_SHA512 (0x00000004UL)
#define CKG_MGF1_SHA3_224 (0x00000006UL)
#define CKG_MGF1_SHA3_256 (0x00000007UL)
#define CKG_MGF1_SHA3_384 (0x00000008UL)
#define CKG_MGF1_SHA3_512 (0x00000009UL)

#define CKZ_DATA_SPECIFIED (0x00000001UL)

Expand Down
115 changes: 112 additions & 3 deletions src/tools/pkcs11-tool.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2045,15 +2045,19 @@ static unsigned long hash_length(const int hash) {
sLen = 20;
break;
case CKM_SHA224:
case CKM_SHA3_224:
sLen = 28;
break;
case CKM_SHA256:
case CKM_SHA3_256:
sLen = 32;
break;
case CKM_SHA384:
case CKM_SHA3_384:
sLen = 48;
break;
case CKM_SHA512:
case CKM_SHA3_512:
sLen = 64;
break;
default:
Expand Down Expand Up @@ -2097,6 +2101,18 @@ parse_pss_params(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
case CKM_SHA512:
pss_params->mgf = CKG_MGF1_SHA512;
break;
case CKM_SHA3_224:
pss_params->mgf = CKG_MGF1_SHA3_224;
break;
case CKM_SHA3_256:
pss_params->mgf = CKG_MGF1_SHA3_256;
break;
case CKM_SHA3_384:
pss_params->mgf = CKG_MGF1_SHA3_384;
break;
case CKM_SHA3_512:
pss_params->mgf = CKG_MGF1_SHA3_512;
break;
default:
/* the PSS should use SHA-1 if not specified */
pss_params->hashAlg = CKM_SHA_1;
Expand Down Expand Up @@ -2131,6 +2147,26 @@ parse_pss_params(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
pss_params->mgf = CKG_MGF1_SHA512;
break;

case CKM_SHA3_224_RSA_PKCS_PSS:
pss_params->hashAlg = CKM_SHA3_224;
pss_params->mgf = CKG_MGF1_SHA3_224;
break;

case CKM_SHA3_256_RSA_PKCS_PSS:
pss_params->hashAlg = CKM_SHA3_256;
pss_params->mgf = CKG_MGF1_SHA3_256;
break;

case CKM_SHA3_384_RSA_PKCS_PSS:
pss_params->hashAlg = CKM_SHA3_384;
pss_params->mgf = CKG_MGF1_SHA3_384;
break;

case CKM_SHA3_512_RSA_PKCS_PSS:
pss_params->hashAlg = CKM_SHA3_512;
pss_params->mgf = CKG_MGF1_SHA3_512;
break;

default: /* The non-RSA-PSS algorithms do not need any parameters */
return 0;
}
Expand Down Expand Up @@ -2254,8 +2290,10 @@ static void sign_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
}

if (opt_mechanism == CKM_ECDSA || opt_mechanism == CKM_ECDSA_SHA1 ||
opt_mechanism == CKM_ECDSA_SHA256 || opt_mechanism == CKM_ECDSA_SHA384 ||
opt_mechanism == CKM_ECDSA_SHA512 || opt_mechanism == CKM_ECDSA_SHA224) {
opt_mechanism == CKM_ECDSA_SHA256 || opt_mechanism == CKM_ECDSA_SHA384 ||
opt_mechanism == CKM_ECDSA_SHA512 || opt_mechanism == CKM_ECDSA_SHA224 ||
opt_mechanism == CKM_ECDSA_SHA3_224 || opt_mechanism == CKM_ECDSA_SHA3_256 ||
opt_mechanism == CKM_ECDSA_SHA3_384 || opt_mechanism == CKM_ECDSA_SHA3_512) {
if (opt_sig_format && (!strcmp(opt_sig_format, "openssl") ||
!strcmp(opt_sig_format, "sequence"))) {
unsigned char *seq;
Expand Down Expand Up @@ -2314,7 +2352,9 @@ static void verify_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session,

if (opt_mechanism == CKM_ECDSA || opt_mechanism == CKM_ECDSA_SHA1 ||
opt_mechanism == CKM_ECDSA_SHA256 || opt_mechanism == CKM_ECDSA_SHA384 ||
opt_mechanism == CKM_ECDSA_SHA512 || opt_mechanism == CKM_ECDSA_SHA224) {
opt_mechanism == CKM_ECDSA_SHA512 || opt_mechanism == CKM_ECDSA_SHA224 ||
opt_mechanism == CKM_ECDSA_SHA3_224 || opt_mechanism == CKM_ECDSA_SHA3_256 ||
opt_mechanism == CKM_ECDSA_SHA3_384 || opt_mechanism == CKM_ECDSA_SHA3_512) {
if (opt_sig_format && (!strcmp(opt_sig_format, "openssl") ||
!strcmp(opt_sig_format, "sequence"))) {

Expand Down Expand Up @@ -2442,6 +2482,18 @@ static void decrypt_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
case CKM_SHA224:
oaep_params.mgf = CKG_MGF1_SHA224;
break;
case CKM_SHA3_224:
oaep_params.mgf = CKG_MGF1_SHA3_224;
break;
case CKM_SHA3_256:
oaep_params.mgf = CKG_MGF1_SHA3_256;
break;
case CKM_SHA3_384:
oaep_params.mgf = CKG_MGF1_SHA3_384;
break;
case CKM_SHA3_512:
oaep_params.mgf = CKG_MGF1_SHA3_512;
break;
default:
oaep_params.hashAlg = CKM_SHA256;
/* fall through */
Expand Down Expand Up @@ -6517,6 +6569,18 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session,
case CKM_SHA512:
mgf = CKG_MGF1_SHA512;
break;
case CKM_SHA3_224:
mgf = CKG_MGF1_SHA3_224;
break;
case CKM_SHA3_256:
mgf = CKG_MGF1_SHA3_256;
break;
case CKM_SHA3_384:
mgf = CKG_MGF1_SHA3_384;
break;
case CKM_SHA3_512:
mgf = CKG_MGF1_SHA3_512;
break;
}
if (opt_mgf != 0) {
mgf = opt_mgf;
Expand Down Expand Up @@ -6595,6 +6659,18 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session,
case CKM_SHA512:
md = EVP_sha512();
break;
case CKM_SHA3_224:
md = EVP_sha3_224();
break;
case CKM_SHA3_256:
md = EVP_sha3_256();
break;
case CKM_SHA3_384:
md = EVP_sha3_384();
break;
case CKM_SHA3_512:
md = EVP_sha3_512();
break;
}
if (EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) <= 0) {
EVP_PKEY_CTX_free(ctx);
Expand Down Expand Up @@ -6622,6 +6698,18 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session,
case CKG_MGF1_SHA512:
md = EVP_sha512();
break;
case CKG_MGF1_SHA3_224:
md = EVP_sha3_224();
break;
case CKG_MGF1_SHA3_256:
md = EVP_sha3_256();
break;
case CKG_MGF1_SHA3_384:
md = EVP_sha3_384();
break;
case CKG_MGF1_SHA3_512:
md = EVP_sha3_512();
break;
}
if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) <= 0) {
EVP_PKEY_CTX_free(ctx);
Expand Down Expand Up @@ -7497,6 +7585,10 @@ static struct mech_info p11_mechanisms[] = {
{ CKM_SHA256_RSA_PKCS, "SHA256-RSA-PKCS", "rsa-sha256", MF_UNKNOWN },
{ CKM_SHA384_RSA_PKCS, "SHA384-RSA-PKCS", "rsa-sha384", MF_UNKNOWN },
{ CKM_SHA512_RSA_PKCS, "SHA512-RSA-PKCS", "rsa-sha512", MF_UNKNOWN },
{ CKM_SHA3_224_RSA_PKCS, "SHA3-224-RSA-PKCS", "rsa-sha3-224", MF_UNKNOWN },
{ CKM_SHA3_256_RSA_PKCS, "SHA3-256-RSA-PKCS", "rsa-sha3-256", MF_UNKNOWN },
{ CKM_SHA3_384_RSA_PKCS, "SHA3-384-RSA-PKCS", "rsa-sha3-384", MF_UNKNOWN },
{ CKM_SHA3_512_RSA_PKCS, "SHA3-512-RSA-PKCS", "rsa-sha3-512", MF_UNKNOWN },
{ CKM_RIPEMD128_RSA_PKCS, "RIPEMD128-RSA-PKCS", NULL, MF_UNKNOWN },
{ CKM_RIPEMD160_RSA_PKCS, "RIPEMD160-RSA-PKCS", "rsa-ripemd160", MF_UNKNOWN },
{ CKM_RSA_PKCS_OAEP, "RSA-PKCS-OAEP", NULL, MF_UNKNOWN },
Expand All @@ -7509,6 +7601,10 @@ static struct mech_info p11_mechanisms[] = {
{ CKM_SHA256_RSA_PKCS_PSS,"SHA256-RSA-PKCS-PSS", "rsa-pss-sha256", MF_UNKNOWN },
{ CKM_SHA384_RSA_PKCS_PSS,"SHA384-RSA-PKCS-PSS", "rsa-pss-sha384", MF_UNKNOWN },
{ CKM_SHA512_RSA_PKCS_PSS,"SHA512-RSA-PKCS-PSS", "rsa-pss-sha512", MF_UNKNOWN },
{ CKM_SHA3_224_RSA_PKCS_PSS,"SHA3-224-RSA-PKCS-PSS", "rsa-pss-sha3-224", MF_UNKNOWN },
{ CKM_SHA3_256_RSA_PKCS_PSS,"SHA3-256-RSA-PKCS-PSS", "rsa-pss-sha3-256", MF_UNKNOWN },
{ CKM_SHA3_384_RSA_PKCS_PSS,"SHA3-384-RSA-PKCS-PSS", "rsa-pss-sha3-384", MF_UNKNOWN },
{ CKM_SHA3_512_RSA_PKCS_PSS,"SHA3-512-RSA-PKCS-PSS", "rsa-pss-sha3-512", MF_UNKNOWN },
{ CKM_DSA_KEY_PAIR_GEN, "DSA-KEY-PAIR-GEN", NULL, MF_UNKNOWN },
{ CKM_DSA, "DSA", NULL, MF_UNKNOWN },
{ CKM_DSA_SHA1, "DSA-SHA1", NULL, MF_UNKNOWN },
Expand Down Expand Up @@ -7567,6 +7663,10 @@ static struct mech_info p11_mechanisms[] = {
{ CKM_SHA384_HMAC, "SHA384-HMAC", NULL, MF_GENERIC_HMAC_FLAGS },
{ CKM_SHA512, "SHA512", NULL, MF_UNKNOWN },
{ CKM_SHA512_HMAC, "SHA512-HMAC", NULL, MF_GENERIC_HMAC_FLAGS },
{ CKM_SHA3_224, "SHA3-224", NULL, MF_UNKNOWN },
{ CKM_SHA3_256, "SHA3-256", NULL, MF_UNKNOWN },
{ CKM_SHA3_384, "SHA3-384", NULL, MF_UNKNOWN },
{ CKM_SHA3_512, "SHA3-512", NULL, MF_UNKNOWN },
{ CKM_RIPEMD128, "RIPEMD128", NULL, MF_UNKNOWN },
{ CKM_RIPEMD128_HMAC, "RIPEMD128-HMAC", NULL, MF_UNKNOWN },
{ CKM_RIPEMD128_HMAC_GENERAL,"RIPEMD128-HMAC-GENERAL", NULL, MF_UNKNOWN },
Expand Down Expand Up @@ -7666,6 +7766,10 @@ static struct mech_info p11_mechanisms[] = {
{ CKM_ECDSA_SHA256, "ECDSA-SHA256", NULL, MF_UNKNOWN },
{ CKM_ECDSA_SHA384, "ECDSA-SHA384", NULL, MF_UNKNOWN },
{ CKM_ECDSA_SHA512, "ECDSA-SHA512", NULL, MF_UNKNOWN },
{ CKM_ECDSA_SHA3_224, "ECDSA-SHA3-224", NULL, MF_UNKNOWN },
{ CKM_ECDSA_SHA3_256, "ECDSA-SHA3-256", NULL, MF_UNKNOWN },
{ CKM_ECDSA_SHA3_384, "ECDSA-SHA3-384", NULL, MF_UNKNOWN },
{ CKM_ECDSA_SHA3_512, "ECDSA-SHA3-512", NULL, MF_UNKNOWN },
{ CKM_ECDH1_DERIVE, "ECDH1-DERIVE", NULL, MF_UNKNOWN },
{ CKM_ECDH1_COFACTOR_DERIVE,"ECDH1-COFACTOR-DERIVE", NULL, MF_UNKNOWN },
{ CKM_ECMQV_DERIVE, "ECMQV-DERIVE", NULL, MF_UNKNOWN },
Expand Down Expand Up @@ -7728,6 +7832,11 @@ static struct mech_info p11_mgf[] = {
{ CKG_MGF1_SHA256, "MGF1-SHA256", NULL, MF_MGF },
{ CKG_MGF1_SHA384, "MGF1-SHA384", NULL, MF_MGF },
{ CKG_MGF1_SHA512, "MGF1-SHA512", NULL, MF_MGF },
{ CKG_MGF1_SHA3_224, "MGF1-SHA3_224", NULL, MF_MGF },
{ CKG_MGF1_SHA3_256, "MGF1-SHA3_256", NULL, MF_MGF },
{ CKG_MGF1_SHA3_384, "MGF1-SHA3_384", NULL, MF_MGF },
{ CKG_MGF1_SHA3_512, "MGF1-SHA3_512", NULL, MF_MGF },

{ 0, NULL, NULL, MF_UNKNOWN }
};

Expand Down

0 comments on commit 846ee37

Please sign in to comment.