/* * Register a sign+hash algorithm derived from an algorithm supported * by the token + a software hash mechanism */ CK_RV sc_pkcs11_register_sign_and_hash_mechanism(struct sc_pkcs11_card *p11card, CK_MECHANISM_TYPE mech, CK_MECHANISM_TYPE hash_mech, sc_pkcs11_mechanism_type_t *sign_type) { sc_pkcs11_mechanism_type_t *hash_type, *new_type; struct hash_signature_info *info; CK_MECHANISM_INFO mech_info = sign_type->mech_info; if (!(hash_type = sc_pkcs11_find_mechanism(p11card, hash_mech, CKF_DIGEST))) return CKR_MECHANISM_INVALID; /* These hash-based mechs can only be used for sign/verify */ mech_info.flags &= (CKF_SIGN | CKF_SIGN_RECOVER | CKF_VERIFY | CKF_VERIFY_RECOVER); info = calloc(1, sizeof(*info)); info->mech = mech; info->sign_type = sign_type; info->hash_type = hash_type; info->sign_mech = sign_type->mech; info->hash_mech = hash_mech; new_type = sc_pkcs11_new_fw_mechanism(mech, &mech_info, sign_type->key_type, info); if (!new_type) return CKR_HOST_MEMORY; return sc_pkcs11_register_mechanism(p11card, new_type); }
void sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card) { #if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) void (*locking_cb)(int, int, const char *, int); ENGINE *e; locking_cb = CRYPTO_get_locking_callback(); if (locking_cb) CRYPTO_set_locking_callback(NULL); e = ENGINE_by_id("gost"); if (!e) { #if !defined(OPENSSL_NO_STATIC_ENGINE) && !defined(OPENSSL_NO_GOST) ENGINE_load_gost(); e = ENGINE_by_id("gost"); #else /* try to load dynamic gost engine */ e = ENGINE_by_id("dynamic"); if (!e) { ENGINE_load_dynamic(); e = ENGINE_by_id("dynamic"); } if (e && (!ENGINE_ctrl_cmd_string(e, "SO_PATH", "gost", 0) || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))) { ENGINE_free(e); e = NULL; } #endif /* !OPENSSL_NO_STATIC_ENGINE && !OPENSSL_NO_GOST */ } if (e) { ENGINE_set_default(e, ENGINE_METHOD_ALL); ENGINE_free(e); } if (locking_cb) CRYPTO_set_locking_callback(locking_cb); #endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) */ openssl_sha1_mech.mech_data = EVP_sha1(); sc_pkcs11_register_mechanism(card, &openssl_sha1_mech); #if OPENSSL_VERSION_NUMBER >= 0x00908000L openssl_sha256_mech.mech_data = EVP_sha256(); sc_pkcs11_register_mechanism(card, &openssl_sha256_mech); openssl_sha384_mech.mech_data = EVP_sha384(); sc_pkcs11_register_mechanism(card, &openssl_sha384_mech); openssl_sha512_mech.mech_data = EVP_sha512(); sc_pkcs11_register_mechanism(card, &openssl_sha512_mech); #endif openssl_md5_mech.mech_data = EVP_md5(); sc_pkcs11_register_mechanism(card, &openssl_md5_mech); openssl_ripemd160_mech.mech_data = EVP_ripemd160(); sc_pkcs11_register_mechanism(card, &openssl_ripemd160_mech); #if OPENSSL_VERSION_NUMBER >= 0x10000000L openssl_gostr3411_mech.mech_data = EVP_get_digestbynid(NID_id_GostR3411_94); sc_pkcs11_register_mechanism(card, &openssl_gostr3411_mech); #endif }