Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for SHA3* in pkcs11-tool. #2467

Merged
merged 1 commit into from
Dec 20, 2021
Merged

Add support for SHA3* in pkcs11-tool. #2467

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Add support for SHA3* in pkcs11-tool.
  • Loading branch information
@AlexandreGonzalo
AlexandreGonzalo committed Dec 13, 2021
commit 54d7146e082a7c2a0b4387fa984ed753bb678cdd
20 changes: 20 additions & 0 deletions src/pkcs11/pkcs11.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -552,6 +552,14 @@ typedef unsigned long ck_mechanism_type_t;
#define CKM_SHA512_RSA_PKCS_PSS (0x45UL)
#define CKM_SHA224_RSA_PKCS (0x46UL)
#define CKM_SHA224_RSA_PKCS_PSS (0x47UL)
#define CKM_SHA3_256_RSA_PKCS (0x60UL)
#define CKM_SHA3_384_RSA_PKCS (0x61UL)
#define CKM_SHA3_512_RSA_PKCS (0x62UL)
#define CKM_SHA3_256_RSA_PKCS_PSS (0x63UL)
#define CKM_SHA3_384_RSA_PKCS_PSS (0x64UL)
#define CKM_SHA3_512_RSA_PKCS_PSS (0x65UL)
#define CKM_SHA3_224_RSA_PKCS (0x66UL)
#define CKM_SHA3_224_RSA_PKCS_PSS (0x67UL)
#define CKM_RC2_KEY_GEN (0x100UL)
#define CKM_RC2_ECB (0x101UL)
#define CKM_RC2_CBC (0x102UL)
Expand Down Expand Up @@ -610,15 +618,19 @@ typedef unsigned long ck_mechanism_type_t;
#define CKM_SHA3_256 (0x2B0UL)
#define CKM_SHA3_256_HMAC (0x2B1UL)
#define CKM_SHA3_256_HMAC_GENERAL (0x2B2UL)
#define CKM_SHA3_256_KEY_GEN (0x2B3UL)
#define CKM_SHA3_224 (0x2B5UL)
#define CKM_SHA3_224_HMAC (0x2B6UL)
#define CKM_SHA3_224_HMAC_GENERAL (0x2B7UL)
#define CKM_SHA3_224_KEY_GEN (0x2B8UL)
#define CKM_SHA3_384 (0x2C0UL)
#define CKM_SHA3_384_HMAC (0x2C1UL)
#define CKM_SHA3_384_HMAC_GENERAL (0x2C2UL)
#define CKM_SHA3_384_KEY_GEN (0x2C3UL)
#define CKM_SHA3_512 (0x2D0UL)
#define CKM_SHA3_512_HMAC (0x2D1UL)
#define CKM_SHA3_512_HMAC_GENERAL (0x2D2UL)
#define CKM_SHA3_512_KEY_GEN (0x2D3UL)
#define CKM_CAST_KEY_GEN (0x300UL)
#define CKM_CAST_ECB (0x301UL)
#define CKM_CAST_CBC (0x302UL)
Expand Down Expand Up @@ -721,6 +733,10 @@ typedef unsigned long ck_mechanism_type_t;
#define CKM_ECDSA_SHA256 (0x1044UL)
#define CKM_ECDSA_SHA384 (0x1045UL)
#define CKM_ECDSA_SHA512 (0x1046UL)
#define CKM_ECDSA_SHA3_224 (0x1047UL)
#define CKM_ECDSA_SHA3_256 (0x1048UL)
#define CKM_ECDSA_SHA3_384 (0x1049UL)
#define CKM_ECDSA_SHA3_512 (0x104AUL)
#define CKM_ECDH1_DERIVE (0x1050UL)
#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL)
#define CKM_ECMQV_DERIVE (0x1052UL)
Expand Down Expand Up @@ -878,6 +894,10 @@ typedef struct CK_RSA_PKCS_PSS_PARAMS {
#define CKG_MGF1_SHA256 (0x00000002UL)
#define CKG_MGF1_SHA384 (0x00000003UL)
#define CKG_MGF1_SHA512 (0x00000004UL)
#define CKG_MGF1_SHA3_224 (0x00000006UL)
#define CKG_MGF1_SHA3_256 (0x00000007UL)
#define CKG_MGF1_SHA3_384 (0x00000008UL)
#define CKG_MGF1_SHA3_512 (0x00000009UL)

#define CKZ_DATA_SPECIFIED (0x00000001UL)

Expand Down
115 changes: 112 additions & 3 deletions src/tools/pkcs11-tool.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2045,15 +2045,19 @@ static unsigned long hash_length(const int hash) {
sLen = 20;
break;
case CKM_SHA224:
case CKM_SHA3_224:
sLen = 28;
break;
case CKM_SHA256:
case CKM_SHA3_256:
sLen = 32;
break;
case CKM_SHA384:
case CKM_SHA3_384:
sLen = 48;
break;
case CKM_SHA512:
case CKM_SHA3_512:
sLen = 64;
break;
default:
Expand Down Expand Up @@ -2097,6 +2101,18 @@ parse_pss_params(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
case CKM_SHA512:
pss_params->mgf = CKG_MGF1_SHA512;
break;
case CKM_SHA3_224:
pss_params->mgf = CKG_MGF1_SHA3_224;
break;
case CKM_SHA3_256:
pss_params->mgf = CKG_MGF1_SHA3_256;
break;
case CKM_SHA3_384:
pss_params->mgf = CKG_MGF1_SHA3_384;
break;
case CKM_SHA3_512:
pss_params->mgf = CKG_MGF1_SHA3_512;
break;
default:
/* the PSS should use SHA-1 if not specified */
pss_params->hashAlg = CKM_SHA_1;
Expand Down Expand Up @@ -2131,6 +2147,26 @@ parse_pss_params(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key,
pss_params->mgf = CKG_MGF1_SHA512;
break;

case CKM_SHA3_224_RSA_PKCS_PSS:
pss_params->hashAlg = CKM_SHA3_224;
pss_params->mgf = CKG_MGF1_SHA3_224;
break;

case CKM_SHA3_256_RSA_PKCS_PSS:
pss_params->hashAlg = CKM_SHA3_256;
pss_params->mgf = CKG_MGF1_SHA3_256;
break;

case CKM_SHA3_384_RSA_PKCS_PSS:
pss_params->hashAlg = CKM_SHA3_384;
pss_params->mgf = CKG_MGF1_SHA3_384;
break;

case CKM_SHA3_512_RSA_PKCS_PSS:
pss_params->hashAlg = CKM_SHA3_512;
pss_params->mgf = CKG_MGF1_SHA3_512;
break;

default: /* The non-RSA-PSS algorithms do not need any parameters */
return 0;
}
Expand Down Expand Up @@ -2254,8 +2290,10 @@ static void sign_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
}

if (opt_mechanism == CKM_ECDSA || opt_mechanism == CKM_ECDSA_SHA1 ||
opt_mechanism == CKM_ECDSA_SHA256 || opt_mechanism == CKM_ECDSA_SHA384 ||
opt_mechanism == CKM_ECDSA_SHA512 || opt_mechanism == CKM_ECDSA_SHA224) {
opt_mechanism == CKM_ECDSA_SHA256 || opt_mechanism == CKM_ECDSA_SHA384 ||
opt_mechanism == CKM_ECDSA_SHA512 || opt_mechanism == CKM_ECDSA_SHA224 ||
opt_mechanism == CKM_ECDSA_SHA3_224 || opt_mechanism == CKM_ECDSA_SHA3_256 ||
opt_mechanism == CKM_ECDSA_SHA3_384 || opt_mechanism == CKM_ECDSA_SHA3_512) {
if (opt_sig_format && (!strcmp(opt_sig_format, "openssl") ||
!strcmp(opt_sig_format, "sequence"))) {
unsigned char *seq;
Expand Down Expand Up @@ -2314,7 +2352,9 @@ static void verify_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session,

if (opt_mechanism == CKM_ECDSA || opt_mechanism == CKM_ECDSA_SHA1 ||
opt_mechanism == CKM_ECDSA_SHA256 || opt_mechanism == CKM_ECDSA_SHA384 ||
opt_mechanism == CKM_ECDSA_SHA512 || opt_mechanism == CKM_ECDSA_SHA224) {
opt_mechanism == CKM_ECDSA_SHA512 || opt_mechanism == CKM_ECDSA_SHA224 ||
opt_mechanism == CKM_ECDSA_SHA3_224 || opt_mechanism == CKM_ECDSA_SHA3_256 ||
opt_mechanism == CKM_ECDSA_SHA3_384 || opt_mechanism == CKM_ECDSA_SHA3_512) {
if (opt_sig_format && (!strcmp(opt_sig_format, "openssl") ||
!strcmp(opt_sig_format, "sequence"))) {

Expand Down Expand Up @@ -2442,6 +2482,18 @@ static void decrypt_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
case CKM_SHA224:
oaep_params.mgf = CKG_MGF1_SHA224;
break;
case CKM_SHA3_224:
oaep_params.mgf = CKG_MGF1_SHA3_224;
break;
case CKM_SHA3_256:
oaep_params.mgf = CKG_MGF1_SHA3_256;
break;
case CKM_SHA3_384:
oaep_params.mgf = CKG_MGF1_SHA3_384;
break;
case CKM_SHA3_512:
oaep_params.mgf = CKG_MGF1_SHA3_512;
break;
default:
oaep_params.hashAlg = CKM_SHA256;
/* fall through */
Expand Down Expand Up @@ -6517,6 +6569,18 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session,
case CKM_SHA512:
mgf = CKG_MGF1_SHA512;
break;
case CKM_SHA3_224:
mgf = CKG_MGF1_SHA3_224;
break;
case CKM_SHA3_256:
mgf = CKG_MGF1_SHA3_256;
break;
case CKM_SHA3_384:
mgf = CKG_MGF1_SHA3_384;
break;
case CKM_SHA3_512:
mgf = CKG_MGF1_SHA3_512;
break;
}
if (opt_mgf != 0) {
mgf = opt_mgf;
Expand Down Expand Up @@ -6595,6 +6659,18 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session,
case CKM_SHA512:
md = EVP_sha512();
break;
case CKM_SHA3_224:
md = EVP_sha3_224();
break;
case CKM_SHA3_256:
md = EVP_sha3_256();
break;
case CKM_SHA3_384:
md = EVP_sha3_384();
break;
case CKM_SHA3_512:
md = EVP_sha3_512();
break;
}
if (EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) <= 0) {
EVP_PKEY_CTX_free(ctx);
Expand Down Expand Up @@ -6622,6 +6698,18 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session,
case CKG_MGF1_SHA512:
md = EVP_sha512();
break;
case CKG_MGF1_SHA3_224:
md = EVP_sha3_224();
break;
case CKG_MGF1_SHA3_256:
md = EVP_sha3_256();
break;
case CKG_MGF1_SHA3_384:
md = EVP_sha3_384();
break;
case CKG_MGF1_SHA3_512:
md = EVP_sha3_512();
break;
}
if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) <= 0) {
EVP_PKEY_CTX_free(ctx);
Expand Down Expand Up @@ -7497,6 +7585,10 @@ static struct mech_info p11_mechanisms[] = {
{ CKM_SHA256_RSA_PKCS, "SHA256-RSA-PKCS", "rsa-sha256", MF_UNKNOWN },
{ CKM_SHA384_RSA_PKCS, "SHA384-RSA-PKCS", "rsa-sha384", MF_UNKNOWN },
{ CKM_SHA512_RSA_PKCS, "SHA512-RSA-PKCS", "rsa-sha512", MF_UNKNOWN },
{ CKM_SHA3_224_RSA_PKCS, "SHA3-224-RSA-PKCS", "rsa-sha3-224", MF_UNKNOWN },
{ CKM_SHA3_256_RSA_PKCS, "SHA3-256-RSA-PKCS", "rsa-sha3-256", MF_UNKNOWN },
{ CKM_SHA3_384_RSA_PKCS, "SHA3-384-RSA-PKCS", "rsa-sha3-384", MF_UNKNOWN },
{ CKM_SHA3_512_RSA_PKCS, "SHA3-512-RSA-PKCS", "rsa-sha3-512", MF_UNKNOWN },
{ CKM_RIPEMD128_RSA_PKCS, "RIPEMD128-RSA-PKCS", NULL, MF_UNKNOWN },
{ CKM_RIPEMD160_RSA_PKCS, "RIPEMD160-RSA-PKCS", "rsa-ripemd160", MF_UNKNOWN },
{ CKM_RSA_PKCS_OAEP, "RSA-PKCS-OAEP", NULL, MF_UNKNOWN },
Expand All @@ -7509,6 +7601,10 @@ static struct mech_info p11_mechanisms[] = {
{ CKM_SHA256_RSA_PKCS_PSS,"SHA256-RSA-PKCS-PSS", "rsa-pss-sha256", MF_UNKNOWN },
{ CKM_SHA384_RSA_PKCS_PSS,"SHA384-RSA-PKCS-PSS", "rsa-pss-sha384", MF_UNKNOWN },
{ CKM_SHA512_RSA_PKCS_PSS,"SHA512-RSA-PKCS-PSS", "rsa-pss-sha512", MF_UNKNOWN },
{ CKM_SHA3_224_RSA_PKCS_PSS,"SHA3-224-RSA-PKCS-PSS", "rsa-pss-sha3-224", MF_UNKNOWN },
{ CKM_SHA3_256_RSA_PKCS_PSS,"SHA3-256-RSA-PKCS-PSS", "rsa-pss-sha3-256", MF_UNKNOWN },
{ CKM_SHA3_384_RSA_PKCS_PSS,"SHA3-384-RSA-PKCS-PSS", "rsa-pss-sha3-384", MF_UNKNOWN },
{ CKM_SHA3_512_RSA_PKCS_PSS,"SHA3-512-RSA-PKCS-PSS", "rsa-pss-sha3-512", MF_UNKNOWN },
{ CKM_DSA_KEY_PAIR_GEN, "DSA-KEY-PAIR-GEN", NULL, MF_UNKNOWN },
{ CKM_DSA, "DSA", NULL, MF_UNKNOWN },
{ CKM_DSA_SHA1, "DSA-SHA1", NULL, MF_UNKNOWN },
Expand Down Expand Up @@ -7567,6 +7663,10 @@ static struct mech_info p11_mechanisms[] = {
{ CKM_SHA384_HMAC, "SHA384-HMAC", NULL, MF_GENERIC_HMAC_FLAGS },
{ CKM_SHA512, "SHA512", NULL, MF_UNKNOWN },
{ CKM_SHA512_HMAC, "SHA512-HMAC", NULL, MF_GENERIC_HMAC_FLAGS },
{ CKM_SHA3_224, "SHA3-224", NULL, MF_UNKNOWN },
{ CKM_SHA3_256, "SHA3-256", NULL, MF_UNKNOWN },
{ CKM_SHA3_384, "SHA3-384", NULL, MF_UNKNOWN },
{ CKM_SHA3_512, "SHA3-512", NULL, MF_UNKNOWN },
{ CKM_RIPEMD128, "RIPEMD128", NULL, MF_UNKNOWN },
{ CKM_RIPEMD128_HMAC, "RIPEMD128-HMAC", NULL, MF_UNKNOWN },
{ CKM_RIPEMD128_HMAC_GENERAL,"RIPEMD128-HMAC-GENERAL", NULL, MF_UNKNOWN },
Expand Down Expand Up @@ -7666,6 +7766,10 @@ static struct mech_info p11_mechanisms[] = {
{ CKM_ECDSA_SHA256, "ECDSA-SHA256", NULL, MF_UNKNOWN },
{ CKM_ECDSA_SHA384, "ECDSA-SHA384", NULL, MF_UNKNOWN },
{ CKM_ECDSA_SHA512, "ECDSA-SHA512", NULL, MF_UNKNOWN },
{ CKM_ECDSA_SHA3_224, "ECDSA-SHA3-224", NULL, MF_UNKNOWN },
{ CKM_ECDSA_SHA3_256, "ECDSA-SHA3-256", NULL, MF_UNKNOWN },
{ CKM_ECDSA_SHA3_384, "ECDSA-SHA3-384", NULL, MF_UNKNOWN },
{ CKM_ECDSA_SHA3_512, "ECDSA-SHA3-512", NULL, MF_UNKNOWN },
{ CKM_ECDH1_DERIVE, "ECDH1-DERIVE", NULL, MF_UNKNOWN },
{ CKM_ECDH1_COFACTOR_DERIVE,"ECDH1-COFACTOR-DERIVE", NULL, MF_UNKNOWN },
{ CKM_ECMQV_DERIVE, "ECMQV-DERIVE", NULL, MF_UNKNOWN },
Expand Down Expand Up @@ -7728,6 +7832,11 @@ static struct mech_info p11_mgf[] = {
{ CKG_MGF1_SHA256, "MGF1-SHA256", NULL, MF_MGF },
{ CKG_MGF1_SHA384, "MGF1-SHA384", NULL, MF_MGF },
{ CKG_MGF1_SHA512, "MGF1-SHA512", NULL, MF_MGF },
{ CKG_MGF1_SHA3_224, "MGF1-SHA3_224", NULL, MF_MGF },
{ CKG_MGF1_SHA3_256, "MGF1-SHA3_256", NULL, MF_MGF },
{ CKG_MGF1_SHA3_384, "MGF1-SHA3_384", NULL, MF_MGF },
{ CKG_MGF1_SHA3_512, "MGF1-SHA3_512", NULL, MF_MGF },

{ 0, NULL, NULL, MF_UNKNOWN }
};

Expand Down