Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable RSA-PSS signatures in pkcs11-tool #1146

Merged
merged 20 commits into from
Sep 21, 2017
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
a7a4e6c
Add missing SHA224 RSA algorithms
Jakuje Sep 6, 2017
811a6b9
Fix wrong replacement in pkcs11-tool manual page
Jakuje Sep 6, 2017
6d37b6c
Add MGF and PSS_PARAMS definitions in PKCS#11 header file
Jakuje Sep 6, 2017
89309a5
Inspect PSS signature parameters in pkcs11-spy
Jakuje Sep 6, 2017
1efb774
Enable RSA-PSS signatures in pkcs11-tool
Jakuje Sep 6, 2017
c2d8ee5
Added short names to RSA-PSS methods
Sep 7, 2017
ec8dd42
Change RSA-PSS salt length default to OpenSSL-compatible, aka digest …
Sep 7, 2017
aaecfdb
Fixed hashAlg but in pkcs11-tool for RSA-PSS
Sep 7, 2017
da9bae0
CHanged opt_salt to salt_len
mouse07410 Sep 8, 2017
7513ec2
Fixed type of salt length from unsigned long to long
mouse07410 Sep 9, 2017
cedbd3e
RSA-PSS: made sure special values for salt length from OpenSSL ("-1" …
mouse07410 Sep 9, 2017
0b7e5f0
Refactored dealing with salt length, and added input check
mouse07410 Sep 10, 2017
f2f53c1
Fix introduced incompatibility with C90 standard (declaration of vari…
mouse07410 Sep 11, 2017
ebd3ca2
Whitespace cleanup of mouse07410 commits
Jakuje Sep 11, 2017
55f0616
Add SHA-224 hash algorithm for RSA-PSS
Jakuje Sep 11, 2017
15659fb
Do not fallback to zero-length salt on unknown hash algorithms
Jakuje Sep 11, 2017
375e1c2
Add SHA224 definitions in pkcs11.h (for completenes)
Jakuje Sep 11, 2017
4450c2c
Reintroduce portable NORETURN indication for functions and use it to …
Jakuje Sep 13, 2017
e870706
Use default SHA-1 mechanisms, use --salt-len, improve wording of docu…
Jakuje Sep 15, 2017
63ae2f9
Check the mechanism type before dereferencing generic parameter
Jakuje Sep 18, 2017
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Enable RSA-PSS signatures in pkcs11-tool
  • Loading branch information
Jakuje committed Sep 13, 2017
commit 1efb7749a64ac596fc03c6a6bcdddddf73db1d63
25 changes: 25 additions & 0 deletions doc/tools/pkcs11-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,13 @@
<listitem><para>Hash some data.</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--hash-algorithm</option> <replaceable>mechanism</replaceable>
</term>
<listitem><para>Specify hash algorithm used with generic RSA-PSS signature</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--id</option> <replaceable>id</replaceable>,
Expand Down Expand Up @@ -212,6 +219,16 @@
of mechanisms supported by your token.</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--mgf</option> <replaceable>function</replaceable>
</term>
<listitem><para>Use the specified Message Generation
Function (MGF) <replaceable>function</replaceable>
for RSA-PSS signatures. Supported arguments are MGF1-SHA1
to MGF1-SHA512 if supported by the driver.</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--module</option> <replaceable>mod</replaceable>
Expand Down Expand Up @@ -309,6 +326,14 @@
<listitem><para>Derive a secret key using another key and some data.</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--salt</option> <replaceable>bytes</replaceable>
</term>
<listitem><para>Specify how many bytes should be used in
RSA-PSS signatures. Default is 0.</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--slot</option> <replaceable>id</replaceable>
Expand Down
118 changes: 118 additions & 0 deletions src/tools/pkcs11-tool.c
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,9 @@ enum {
OPT_TEST_FORK,
OPT_GENERATE_KEY,
OPT_GENERATE_RANDOM,
OPT_HASH_ALGORITHM,
OPT_MGF,
OPT_SALT,
};

static const struct option options[] = {
Expand All @@ -162,6 +165,9 @@ static const struct option options[] = {
{ "derive", 0, NULL, OPT_DERIVE },
{ "derive-pass-der", 0, NULL, OPT_DERIVE_PASS_DER },
{ "mechanism", 1, NULL, 'm' },
{ "hash-algorithm", 1, NULL, OPT_HASH_ALGORITHM },
{ "mgf", 1, NULL, OPT_MGF },
{ "salt", 1, NULL, OPT_SALT },

{ "login", 0, NULL, 'l' },
{ "login-type", 1, NULL, OPT_LOGIN_TYPE },
Expand Down Expand Up @@ -227,6 +233,9 @@ static const char *option_help[] = {
"Derive a secret key using another key and some data",
"Derive ECDHpass DER encoded pubkey for compatibility with some PKCS#11 implementations",
"Specify mechanism (use -M for a list of supported mechanisms)",
"Specify hash algorithm used with generic RSA-PSS signature",
"Specify MGF (Message Generation Function) used for RSA-PSS signatures (possible values are MGF1-SHA1 to MGF1-SHA512)",
"Specify how many bytes should be used for salt in RSA-PSS signatures (default 0)",
Copy link
Contributor

@mouse07410 mouse07410 Sep 7, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think default here should be the same as OpenSSL. And OpenSSL uses salt length equal to the digest size (rsa_pss_saltlen:-1) as its RSA-PSS default.


"Log into the token first",
"Specify login type ('so', 'user', 'context-specific'; default:'user')",
Expand Down Expand Up @@ -316,6 +325,9 @@ static int opt_key_usage_derive = 0;
static int opt_key_usage_default = 1; /* uses defaults if no opt_key_usage options */
static int opt_derive_pass_der = 0;
static unsigned long opt_random_bytes = 0;
static CK_MECHANISM_TYPE opt_hash_alg = 0;
static unsigned long opt_mgf = 0;
static unsigned long opt_salt = 0;

static void *module = NULL;
static CK_FUNCTION_LIST_PTR p11 = NULL;
Expand Down Expand Up @@ -406,6 +418,8 @@ static const char * p11_utf8_to_local(CK_UTF8CHAR *, size_t);
static const char * p11_flag_names(struct flag_info *, CK_FLAGS);
static const char * p11_mechanism_to_name(CK_MECHANISM_TYPE);
static CK_MECHANISM_TYPE p11_name_to_mechanism(const char *);
static const char * p11_mgf_to_name(CK_RSA_PKCS_MGF_TYPE);
static CK_MECHANISM_TYPE p11_name_to_mgf(const char *);
static void p11_perror(const char *, CK_RV);
static const char * CKR2Str(CK_ULONG res);
static int p11_test(CK_SESSION_HANDLE session);
Expand Down Expand Up @@ -673,6 +687,15 @@ int main(int argc, char * argv[])
opt_mechanism_used = 1;
opt_mechanism = p11_name_to_mechanism(optarg);
break;
case OPT_HASH_ALGORITHM:
opt_hash_alg = p11_name_to_mechanism(optarg);
break;
case OPT_MGF:
opt_mgf = p11_name_to_mgf(optarg);
break;
case OPT_SALT:
opt_salt = (CK_ULONG) strtoul(optarg, NULL, 0);
break;
case 'o':
opt_output = optarg;
break;
Expand Down Expand Up @@ -1607,6 +1630,7 @@ static void sign_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
{
unsigned char in_buffer[1025], sig_buffer[512];
CK_MECHANISM mech;
CK_RSA_PKCS_PSS_PARAMS pss_params;
CK_RV rv;
CK_ULONG sig_len;
int fd, r;
Expand All @@ -1618,6 +1642,67 @@ static void sign_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
fprintf(stderr, "Using signature algorithm %s\n", p11_mechanism_to_name(opt_mechanism));
memset(&mech, 0, sizeof(mech));
mech.mechanism = opt_mechanism;
pss_params.hashAlg = 0;

if (opt_hash_alg != 0 && opt_mechanism != CKM_RSA_PKCS_PSS)
util_fatal("The hash-algorithm is applicable only to generic"
"RSA-PKCS-PSS mechanism");

/* set "default" MGF and hash algorithms. We can overwrite MGF later */
switch (opt_mechanism) {
case CKM_RSA_PKCS_PSS:
switch (opt_hash_alg) {
case CKM_SHA_1:
pss_params.mgf = CKG_MGF1_SHA1;
break;
case CKM_SHA256:
pss_params.mgf = CKG_MGF1_SHA256;
break;
case CKM_SHA384:
pss_params.mgf = CKG_MGF1_SHA384;
break;
case CKM_SHA512:
pss_params.mgf = CKG_MGF1_SHA512;
break;
default:
util_fatal("RSA-PKCS-PSS requires explicit hash mechanism");
}
pss_params.hashAlg = opt_hash_alg;
break;

case CKM_SHA1_RSA_PKCS_PSS:
pss_params.hashAlg = CKM_SHA_1;
pss_params.mgf = CKG_MGF1_SHA1;
break;

case CKM_SHA256_RSA_PKCS_PSS:
pss_params.hashAlg = CKM_SHA256;
pss_params.mgf = CKG_MGF1_SHA256;
break;

case CKM_SHA384_RSA_PKCS_PSS:
pss_params.hashAlg = CKM_SHA384;
pss_params.mgf = CKG_MGF1_SHA384;
break;

case CKM_SHA512_RSA_PKCS_PSS:
pss_params.hashAlg = CKM_SHA512;
pss_params.mgf = CKG_MGF1_SHA512;
break;
}

/* One of RSA-PSS mechanisms above: They need parameters */
if (pss_params.hashAlg) {
if (opt_mgf != 0)
pss_params.mgf = opt_mgf;
pss_params.sLen = opt_salt;
mech.pParameter = &pss_params;
mech.ulParameterLen = sizeof(pss_params);
fprintf(stderr, "PSS parameters: hashAlg=%s, mgf=%s, salt=%lu B\n",
p11_mechanism_to_name(opt_mechanism),
p11_mgf_to_name(pss_params.mgf),
pss_params.sLen);
}

if (opt_input == NULL)
fd = 0;
Expand Down Expand Up @@ -5812,6 +5897,15 @@ static struct mech_info p11_mechanisms[] = {
{ 0, NULL, NULL }
};

static struct mech_info p11_mgf[] = {
{ CKG_MGF1_SHA1, "MGF1-SHA1", NULL },
{ CKG_MGF1_SHA224, "MGF1-SHA224", NULL },
{ CKG_MGF1_SHA256, "MGF1-SHA256", NULL },
{ CKG_MGF1_SHA384, "MGF1-SHA384", NULL },
{ CKG_MGF1_SHA512, "MGF1-SHA512", NULL },
{ 0, NULL, NULL }
};

static const char *p11_mechanism_to_name(CK_MECHANISM_TYPE mech)
{
static char temp[64];
Expand All @@ -5838,6 +5932,30 @@ static CK_MECHANISM_TYPE p11_name_to_mechanism(const char *name)
return 0; /* gcc food */
}

static CK_RSA_PKCS_MGF_TYPE p11_name_to_mgf(const char *name)
{
struct mech_info *mi;

for (mi = p11_mgf; mi->name; mi++) {
if (!strcasecmp(mi->name, name))
return mi->mech;
}
util_fatal("Unknown PKCS11 MGF \"%s\"", name);
}

static const char *p11_mgf_to_name(CK_RSA_PKCS_MGF_TYPE mgf)
{
static char temp[64];
struct mech_info *mi;

for (mi = p11_mgf; mi->name; mi++) {
if (mi->mech == mgf)
return mi->name;
}
snprintf(temp, sizeof(temp), "mgf-0x%lX", (unsigned long) mgf);
return temp;
}

static const char * CKR2Str(CK_ULONG res)
{
switch (res) {
Expand Down