Enable RSA-PSS signatures in pkcs11-tool (OpenSC#1146)

* Add missing SHA224 RSA algorithms * Fix wrong replacement in pkcs11-tool manual page * Add MGF and PSS_PARAMS definitions in PKCS#11 header file * Inspect PSS signature parameters in pkcs11-spy * Enable RSA-PSS signatures in pkcs11-tool * Added short names to RSA-PSS methods * Reintroduce portable NORETURN indication for functions and use it to avoid compilers complaining
metsma · Dec 6, 2017 · 9e71b0b · 9e71b0b
1 parent a28d2c1
commit 9e71b0b
Show file tree

Hide file tree

Showing 8 changed files with 280 additions and 9 deletions.
diff --git a/doc/tools/pkcs11-tool.1.xml b/doc/tools/pkcs11-tool.1.xml
@@ -71,6 +71,14 @@
  <listitem><para>Hash some data.</para></listitem>
  </varlistentry>
 
+ <varlistentry>
+ <term>
+ <option>--hash-algorithm</option> <replaceable>mechanism</replaceable>
+ </term>
+ <listitem><para>Specify hash algorithm used with
+ RSA-PKCS-PSS signature. Default is SHA-1.</para></listitem>
+ </varlistentry>
+
  <varlistentry>
  <term>
  <option>--id</option> <replaceable>id</replaceable>,
@@ -116,7 +124,7 @@
 
  <varlistentry>
  <term>
- <option>--key-type</option> <replacement>specification</replacement>
+ <option>--key-type</option> <replaceable>specification</replaceable>
  </term>
  <listitem><para>Specify the type and length of the key to create, for example rsa:1024 or EC:prime256v1.</para></listitem>
  </varlistentry>
@@ -212,6 +220,17 @@
  of mechanisms supported by your token.</para></listitem>
  </varlistentry>
 
+ <varlistentry>
+ <term>
+ <option>--mgf</option> <replaceable>function</replaceable>
+ </term>
+ <listitem><para>Use the specified Message Generation
+ Function (MGF) <replaceable>function</replaceable>
+ for RSA-PSS signatures. Supported arguments are MGF1-SHA1
+ to MGF1-SHA512 if supported by the driver.
+ The default is based on the hash selection.</para></listitem>
+ </varlistentry>
+
  <varlistentry>
  <term>
  <option>--module</option> <replaceable>mod</replaceable>
@@ -309,6 +328,17 @@
  <listitem><para>Derive a secret key using another key and some data.</para></listitem>
  </varlistentry>
 
+ <varlistentry>
+ <term>
+ <option>--salt-len</option> <replaceable>bytes</replaceable>
+ </term>
+ <listitem><para>Specify how many bytes of salt should
+ be used in RSA-PSS signatures. Accepts two special values:
+ "-1" means salt length equals to digest length,
+ "-2" means use maximum permissible length.
+ Default is digest length (-1).</para></listitem>
+ </varlistentry>
+
  <varlistentry>
  <term>
  <option>--slot</option> <replaceable>id</replaceable>

diff --git a/src/pkcs11/pkcs11-display.c b/src/pkcs11/pkcs11-display.c
@@ -521,6 +521,14 @@ static enum_specs ck_mec_s[] = {
  { CKM_VENDOR_DEFINED , "CKM_VENDOR_DEFINED " }
 };
 
+static enum_specs ck_mgf_s[] = {
+ { CKG_MGF1_SHA1 , "CKG_MGF1_SHA1 " },
+ { CKG_MGF1_SHA224, "CKG_MGF1_SHA224" },
+ { CKG_MGF1_SHA256, "CKG_MGF1_SHA256" },
+ { CKG_MGF1_SHA384, "CKG_MGF1_SHA384" },
+ { CKG_MGF1_SHA512, "CKG_MGF1_SHA512" },
+};
+
 static enum_specs ck_err_s[] = {
  { CKR_OK, "CKR_OK" },
  { CKR_CANCEL, "CKR_CANCEL" },
@@ -630,6 +638,7 @@ enum_spec ck_types[] = {
  { KEY_T, ck_key_s, sizeof(ck_key_s) / SZ_SPECS, "CK_KEY_TYPE" },
  { CRT_T, ck_crt_s, sizeof(ck_crt_s) / SZ_SPECS, "CK_CERTIFICATE_TYPE" },
  { MEC_T, ck_mec_s, sizeof(ck_mec_s) / SZ_SPECS, "CK_MECHANISM_TYPE" },
+ { MGF_T, ck_mgf_s, sizeof(ck_mgf_s) / SZ_SPECS, "CK_RSA_PKCS_MGF_TYPE"},
  { USR_T, ck_usr_s, sizeof(ck_usr_s) / SZ_SPECS, "CK_USER_TYPE" },
  { STA_T, ck_sta_s, sizeof(ck_sta_s) / SZ_SPECS, "CK_STATE" },
  { RV_T, ck_err_s, sizeof(ck_err_s) / SZ_SPECS, "CK_RV" },

diff --git a/src/pkcs11/pkcs11-display.h b/src/pkcs11/pkcs11-display.h
@@ -56,6 +56,7 @@ enum ck_type{
  KEY_T,
  CRT_T,
  MEC_T,
+ MGF_T,
  USR_T,
  STA_T,
  RV_T

diff --git a/src/pkcs11/pkcs11-spy.c b/src/pkcs11/pkcs11-spy.c
@@ -969,6 +969,24 @@ C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HA
  enter("C_SignInit");
  spy_dump_ulong_in("hSession", hSession);
  fprintf(spy_output, "pMechanism->type=%s\n", lookup_enum(MEC_T, pMechanism->mechanism));
+ switch (pMechanism->mechanism) {
+ case CKM_RSA_PKCS_PSS:
+ case CKM_SHA1_RSA_PKCS_PSS:
+ case CKM_SHA256_RSA_PKCS_PSS:
+ case CKM_SHA384_RSA_PKCS_PSS:
+ case CKM_SHA512_RSA_PKCS_PSS:
+ if (pMechanism->pParameter != NULL) {
+ CK_RSA_PKCS_PSS_PARAMS *param =
+ (CK_RSA_PKCS_PSS_PARAMS *) pMechanism->pParameter;
+ fprintf(spy_output, "pMechanism->pParameter->hashAlg=%s\n",
+ lookup_enum(MEC_T, param->hashAlg));
+ fprintf(spy_output, "pMechanism->pParameter->mgf=%s\n",
+ lookup_enum(MGF_T, param->mgf));
+ fprintf(spy_output, "pMechanism->pParameter->sLen=%lu\n",
+ param->sLen);
+ }
+ break;
+ }
  spy_dump_ulong_in("hKey", hKey);
  rv = po->C_SignInit(hSession, pMechanism, hKey);
  return retne(rv);

diff --git a/src/pkcs11/pkcs11.h b/src/pkcs11/pkcs11.h
@@ -153,6 +153,8 @@ extern "C" {
 
 #define ck_mechanism_type_t CK_MECHANISM_TYPE
 
+#define ck_rsa_pkcs_mgf_type_t CK_RSA_PKCS_MGF_TYPE
+
 #define ck_mechanism _CK_MECHANISM
 #define parameter pParameter
 #define parameter_len ulParameterLen
@@ -478,6 +480,8 @@ struct ck_date
 
 typedef unsigned long ck_mechanism_type_t;
 
+typedef unsigned long int ck_rsa_pkcs_mgf_type_t;
+
 #define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL)
 #define CKM_RSA_PKCS (1UL)
 #define CKM_RSA_9796 (2UL)
@@ -508,6 +512,8 @@ typedef unsigned long ck_mechanism_type_t;
 #define CKM_SHA256_RSA_PKCS_PSS (0x43UL)
 #define CKM_SHA384_RSA_PKCS_PSS (0x44UL)
 #define CKM_SHA512_RSA_PKCS_PSS (0x45UL)
+#define CKM_SHA224_RSA_PKCS (0x46UL)
+#define CKM_SHA224_RSA_PKCS_PSS (0x47UL)
 #define CKM_RC2_KEY_GEN (0x100UL)
 #define CKM_RC2_ECB (0x101UL)
 #define CKM_RC2_CBC (0x102UL)
@@ -553,6 +559,9 @@ typedef unsigned long ck_mechanism_type_t;
 #define CKM_SHA256 (0x250UL)
 #define CKM_SHA256_HMAC (0x251UL)
 #define CKM_SHA256_HMAC_GENERAL (0x252UL)
+#define CKM_SHA224 (0x255UL)
+#define CKM_SHA224_HMAC (0x256UL)
+#define CKM_SHA224_HMAC_GENERAL (0x257UL)
 #define CKM_SHA384 (0x260UL)
 #define CKM_SHA384_HMAC (0x261UL)
 #define CKM_SHA384_HMAC_GENERAL (0x262UL)
@@ -755,6 +764,17 @@ typedef struct CK_ECDH1_DERIVE_PARAMS {
  unsigned char * pPublicData;
 } CK_ECDH1_DERIVE_PARAMS;
 
+typedef struct CK_RSA_PKCS_PSS_PARAMS {
+ ck_mechanism_type_t hashAlg;
+ unsigned long mgf;
+ unsigned long sLen;
+} CK_RSA_PKCS_PSS_PARAMS;
+
+#define CKG_MGF1_SHA1 (0x00000001UL)
+#define CKG_MGF1_SHA224 (0x00000005UL)
+#define CKG_MGF1_SHA256 (0x00000002UL)
+#define CKG_MGF1_SHA384 (0x00000003UL)
+#define CKG_MGF1_SHA512 (0x00000004UL)
 
 typedef unsigned long ck_rv_t;
 
@@ -1292,6 +1312,8 @@ typedef struct ck_date *CK_DATE_PTR;
 
 typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
 
+typedef ck_rsa_pkcs_mgf_type_t *CK_RSA_PKCS_MGF_TYPE_PTR;
+
 typedef struct ck_mechanism CK_MECHANISM;
 typedef struct ck_mechanism *CK_MECHANISM_PTR;
 
@@ -1362,6 +1384,8 @@ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
 
 #undef ck_mechanism_type_t
 
+#undef ck_rsa_pkcs_mgf_type_t
+
 #undef ck_mechanism
 #undef parameter
 #undef parameter_len