-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable RSA-PSS signatures in pkcs11-tool #1146
Merged
Merged
Changes from 1 commit
Commits
Show all changes
20 commits
Select commit
Hold shift + click to select a range
a7a4e6c
Add missing SHA224 RSA algorithms
Jakuje 811a6b9
Fix wrong replacement in pkcs11-tool manual page
Jakuje 6d37b6c
Add MGF and PSS_PARAMS definitions in PKCS#11 header file
Jakuje 89309a5
Inspect PSS signature parameters in pkcs11-spy
Jakuje 1efb774
Enable RSA-PSS signatures in pkcs11-tool
Jakuje c2d8ee5
Added short names to RSA-PSS methods
ec8dd42
Change RSA-PSS salt length default to OpenSSL-compatible, aka digest …
aaecfdb
Fixed hashAlg but in pkcs11-tool for RSA-PSS
da9bae0
CHanged opt_salt to salt_len
mouse07410 7513ec2
Fixed type of salt length from unsigned long to long
mouse07410 cedbd3e
RSA-PSS: made sure special values for salt length from OpenSSL ("-1" …
mouse07410 0b7e5f0
Refactored dealing with salt length, and added input check
mouse07410 f2f53c1
Fix introduced incompatibility with C90 standard (declaration of vari…
mouse07410 ebd3ca2
Whitespace cleanup of mouse07410 commits
Jakuje 55f0616
Add SHA-224 hash algorithm for RSA-PSS
Jakuje 15659fb
Do not fallback to zero-length salt on unknown hash algorithms
Jakuje 375e1c2
Add SHA224 definitions in pkcs11.h (for completenes)
Jakuje 4450c2c
Reintroduce portable NORETURN indication for functions and use it to …
Jakuje e870706
Use default SHA-1 mechanisms, use --salt-len, improve wording of docu…
Jakuje 63ae2f9
Check the mechanism type before dereferencing generic parameter
Jakuje File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Whitespace cleanup of mouse07410 commits
- Loading branch information
commit ebd3ca2354d5b3c5624b9748a28dd21ee07cbf0e
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure if we should silently fall back to
0
length salt in case we got something unknown. It can bite us later (SHA224
,SHA3
?). We should probably exit here.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see your point. But I'm not sure how we'd do a clean exit here without overly complicating things on the caller side.
As for SHA-3 and SHA224 - why don't we add them right now and be done with it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All the way around
pkcs11-tool
, the we callutil_fatal()
, which calls exit. It is not nice, but it does its job for these unexpected situations. IWe can add
CKM_SHA224
straight away, but there is noCKM_
for SHA3 yet in latest PKCS#11 standard. And when it will be there, we will forget about this switch.I will add a commits addressing this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, thanks. Makes sense to me. For an executable like
pkcs11-tool
usingutil_fatal()
should be OK.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Darn... We must be using different PKCS#11 include files?!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope. I just did not check it compiles. I checked only the PKCS#11 specification, which defines them:
http:https://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cs01/pkcs11-curr-v2.40-cs01.html#_Toc399398977
I added them in b051d3b from the above source so it should build fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, thanks. Now everything compiles OK. ;-)