source-git / opencryptoki

Clone
Source Code
GIT

Files

  1.   f5b470b3afa60ac602a67c4eaa78dee389e2ccb3
  2.   misc
  3.   mech_list.c
Blob Blame History Raw 
/*
 * COPYRIGHT (c) International Business Machines Corp. 2005-2017
 *
 * This program is provided under the terms of the Common Public License,
 * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this
 * software constitutes recipient's acceptance of CPL-1.0 terms which can be
 * found in the file LICENSE file or at
 * https://opensource.org/licenses/cpl1.0.php
 */

/**
 * This is an example of how you might convert your library's internal
 * mechanism descriptors into PKCS#11-compatible descriptors while
 * generating a mechanism list for openCryptoki.
 */

#include "mech_types.h"

#ifndef NULL
#define NULL 0
#endif

/**
 * Bogus internal data descriptors for various mechanisms.
 */
#define CUSTOM_MECH_TDES 1
#define CUSTOM_MECH_BLOWFISH 2
#define CUSTOM_MECH_RIPEMD160 3
#define CUSTOM_MECH_DSA 4

/**
 * An example of a library's way of representing a mechanism.
 */
struct custom_mech_descriptor {
	int mech_type;
	int min_key_size;
	int max_key_size;
	int is_hw_accelerated;
	int support_encrypt;
	int support_decrypt;
	int support_digest;
	int support_wrap;
	int support_unwrap;
	int support_sign;
	int support_verify;
};

/**
 * Something like this should actually be filled in by querying the
 * driver for what is available; if the library supports software
 * fallback, then the CKF_HW flag should not be set so openCryptoki is
 * aware of what really is hardware accelerated and what is not.
 */
struct custom_mech_descriptor library_specific_mechs[] = {
	{CUSTOM_MECH_TDES, 24, 24, 1, 1, 1, 0, 1, 1, 0, 0},
	{CUSTOM_MECH_BLOWFISH, 16, 16, 1, 1, 1, 0, 1, 1, 0, 0},
	{CUSTOM_MECH_RIPEMD160, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0},
	{CUSTOM_MECH_DSA, 512, 4096, 1, 0, 0, 0, 0, 0, 1, 1}
};
#define CUSTOM_MECH_ARRAY_SIZE 4

/**
 * Here is an example of how you might map your driver's type
 * descriptors to the PKCS#11 type descriptors
 */
struct mech_type_mapping {
	int internal_mech_type;
	CK_MECHANISM_TYPE pkcs11_mech_type;
};

/**
 * The mapping from the internal driver type to the PKCS#11 type.
 */
struct mech_type_mapping mech_type_map[] = {
	{CUSTOM_MECH_TDES, CKM_DES3_CBC},
	{CUSTOM_MECH_BLOWFISH, CKM_VENDOR_DEFINED},
	{CUSTOM_MECH_RIPEMD160, CKM_RIPEMD160},
	{CUSTOM_MECH_DSA, CKM_DSA}
};
#define MECH_TYPE_MAP_SIZE 4

static CK_MECHANISM_TYPE pkcs11_mech_type_for_internal_type(int internal_type)
{
	int i = 0;
	CK_MECHANISM_TYPE pkcs11_type = CKM_VENDOR_DEFINED;
	while (i < MECH_TYPE_MAP_SIZE) {
		if (mech_type_map[i].internal_mech_type == internal_type) {
			pkcs11_type = mech_type_map[i].pkcs11_mech_type;
			break;
		}
		i++;
	}
	return pkcs11_type;
}

/**
 * Example method that converts a library's internal mechanism
 * descriptor into a PKCS#11 mechanism descriptor. Yours may look very
 * different from this one...
 */
static void convert_internal_element_to_pkcs11_method_element(
	MECH_LIST_ELEMENT *element,
	struct custom_mech_descriptor *internal_mech)
{
	element->mech_type =
		pkcs11_mech_type_for_internal_type(internal_mech->mech_type);
	element->mech_info.ulMinKeySize = internal_mech->min_key_size;
	element->mech_info.ulMaxKeySize = internal_mech->max_key_size;
	element->mech_info.flags = 0;
	/* Partial example list of flags that could be set */
	if (internal_mech->is_hw_accelerated) {
		element->mech_info.flags |= CKF_HW;
	}
	if (internal_mech->support_encrypt) {
		element->mech_info.flags |= CKF_ENCRYPT;
	}
	if (internal_mech->support_decrypt) {
		element->mech_info.flags |= CKF_DECRYPT;
	}
	if (internal_mech->support_digest) {
		element->mech_info.flags |= CKF_DIGEST;
	}
	if (internal_mech->support_wrap) {
		element->mech_info.flags |= CKF_WRAP;
	}
	if (internal_mech->support_unwrap) {
		element->mech_info.flags |= CKF_UNWRAP;
	}
	if (internal_mech->support_sign) {
		element->mech_info.flags |= CKF_SIGN;
	}
	if (internal_mech->support_verify) {
		element->mech_info.flags |= CKF_VERIFY;
	}
	/* ... */
}

/**
 * Generates a list of supported mechanisms. This is the function that
 * openCryptoki will be calling directly with a pointer to a
 * placeholder mech_list struct.
 *
 * @param head Pointer to placeholder mech_list struct; this function
 *             fills in the list by tagging on newly malloc'd
 *             mech_list structs off of this struct.
 */
void generate_pkcs11_mech_list(struct mech_list *head)
{
	struct mech_list *item;
	int i = 0;
	item = head;
	while (i < CUSTOM_MECH_ARRAY_SIZE) {
		item->next = malloc(sizeof(struct mech_list));
		item = item->next;
		convert_internal_element_to_pkcs11_method_element(
			&item->element, &library_specific_mechs[i]);
		i++;
	}
	item->next = NULL;
	return;
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation