Attachment #405674 for bug #553150

Lines 4-10 Link Here

(-)a/configure.in (-1 / +1 lines)
4	dnl Needed for $target!	4	dnl Needed for $target!
5	AC_CANONICAL_SYSTEM	5	AC_CANONICAL_SYSTEM
6		6
7	AM_INIT_AUTOMAKE([foreign 1.6])	7	AM_INIT_AUTOMAKE([foreign 1.6 subdir-objects])
8		8
9	dnl Checks for header files.	9	dnl Checks for header files.
10	AC_DISABLE_STATIC	10	AC_DISABLE_STATIC





	return CKR_OK;
}

CK_RV
get_ecsiglen(OBJECT *key_obj, CK_ULONG *size)
{
        CK_BBOOL flag;
        CK_ATTRIBUTE *attr = NULL;
        int i;

        flag = template_attribute_find( key_obj->template,
                        CKA_ECDSA_PARAMS, &attr );
        if (flag == FALSE) {
		TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n");
                return CKR_FUNCTION_FAILED;
        }

        /* loop thru supported curves to find the size.
         * both pkcs#11v2.20 and CCA expect the signature length to be
         * twice the length of p.
         * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.)
         */
        for (i = 0; i < NUMEC; i++) {
                if ((memcmp(attr->pValue, der_ec_supported[i].data,
                                attr->ulValueLen) == 0)) {
			*size = der_ec_supported[i].len_bits;
			/* round up if necessary */
			if ((*size % 8) == 0)
				*size = (*size / 8) * 2;
			else
				*size = ((*size / 8) + 1) * 2;
			TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size);
                        return CKR_OK;
                }
        }

        TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
        return CKR_MECHANISM_PARAM_INVALID;
}

Lines 231-237 Link Here

(-)a/usr/lib/pkcs11/common/btree.c (-1 / +1 lines)
231	*	231	*
232	* return 0 if binary tree has at least 1 node in use, !0 otherwise	232	* return 0 if binary tree has at least 1 node in use, !0 otherwise
233	*/	233	*/
234	inline int	234	extern inline int
235	bt_is_empty(struct btree *t)	235	bt_is_empty(struct btree *t)
236	{	236	{
237	return (t->free_nodes == t->size);	237	return (t->free_nodes == t->size);





/* Supported Elliptic Curves */
#define NUMEC			12	/* number of supported curves */
extern CK_BYTE brainpoolP160r1[];
extern CK_BYTE brainpoolP192r1[];
extern CK_BYTE brainpoolP224r1[];
extern CK_BYTE brainpoolP256r1[];
extern CK_BYTE brainpoolP320r1[];
extern CK_BYTE brainpoolP384r1[];
extern CK_BYTE brainpoolP512r1[];
extern CK_BYTE prime192[];
extern CK_BYTE secp224[];
extern CK_BYTE prime256[];
extern CK_BYTE secp384[];
extern CK_BYTE secp521[];

// structure of supported Elliptic Curves


	CK_VOID_PTR	data;
}__attribute__ ((__packed__));

extern struct _ec der_ec_supported[NUMEC];
	{BRAINPOOL_CURVE, CURVE160, sizeof(brainpoolP160r1), &brainpoolP160r1},
	{BRAINPOOL_CURVE, CURVE192, sizeof(brainpoolP192r1), &brainpoolP192r1},
	{BRAINPOOL_CURVE, CURVE224, sizeof(brainpoolP224r1), &brainpoolP224r1},
	{BRAINPOOL_CURVE, CURVE256, sizeof(brainpoolP256r1), &brainpoolP256r1},
	{BRAINPOOL_CURVE, CURVE320, sizeof(brainpoolP320r1), &brainpoolP320r1},
	{BRAINPOOL_CURVE, CURVE384, sizeof(brainpoolP384r1), &brainpoolP384r1},
	{BRAINPOOL_CURVE, CURVE512, sizeof(brainpoolP512r1), &brainpoolP512r1},
	{PRIME_CURVE, CURVE192, sizeof(prime192), &prime192},
	{PRIME_CURVE, CURVE224, sizeof(secp224), &secp224},
	{PRIME_CURVE, CURVE256, sizeof(prime256), &prime256},
	{PRIME_CURVE, CURVE384, sizeof(secp384), &secp384},
	{PRIME_CURVE, CURVE521, sizeof(secp521), &secp521},
};

#endif




#include "h_extern.h"
#include "tok_spec_struct.h"
#include "trace.h"
#include <stdint.h>
#include "ec_defs.h"

CK_BYTE brainpoolP160r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01 };
CK_BYTE brainpoolP192r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03 };
CK_BYTE brainpoolP224r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05 };
CK_BYTE brainpoolP256r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07 };
CK_BYTE brainpoolP320r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x09 };
CK_BYTE brainpoolP384r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B };
CK_BYTE brainpoolP512r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D };
CK_BYTE prime192[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01 };
CK_BYTE secp224[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 };
CK_BYTE prime256[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 };
CK_BYTE secp384[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 };
CK_BYTE secp521[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 };

struct _ec der_ec_supported[NUMEC] = {
	{BRAINPOOL_CURVE, CURVE160, sizeof(brainpoolP160r1), &brainpoolP160r1},
	{BRAINPOOL_CURVE, CURVE192, sizeof(brainpoolP192r1), &brainpoolP192r1},
	{BRAINPOOL_CURVE, CURVE224, sizeof(brainpoolP224r1), &brainpoolP224r1},
	{BRAINPOOL_CURVE, CURVE256, sizeof(brainpoolP256r1), &brainpoolP256r1},
	{BRAINPOOL_CURVE, CURVE320, sizeof(brainpoolP320r1), &brainpoolP320r1},
	{BRAINPOOL_CURVE, CURVE384, sizeof(brainpoolP384r1), &brainpoolP384r1},
	{BRAINPOOL_CURVE, CURVE512, sizeof(brainpoolP512r1), &brainpoolP512r1},
	{PRIME_CURVE, CURVE192, sizeof(prime192), &prime192},
	{PRIME_CURVE, CURVE224, sizeof(secp224), &secp224},
	{PRIME_CURVE, CURVE256, sizeof(prime256), &prime256},
	{PRIME_CURVE, CURVE384, sizeof(secp384), &secp384},
	{PRIME_CURVE, CURVE521, sizeof(secp521), &secp521},
};

CK_RV
ckm_ec_key_pair_gen( TEMPLATE  * publ_tmpl,

}

CK_RV
get_ecsiglen(OBJECT *key_obj, CK_ULONG *size)
{
        CK_BBOOL flag;
        CK_ATTRIBUTE *attr = NULL;
        int i;

        flag = template_attribute_find( key_obj->template,
                        CKA_ECDSA_PARAMS, &attr );
        if (flag == FALSE) {
		TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n");
                return CKR_FUNCTION_FAILED;
        }

        /* loop thru supported curves to find the size.
         * both pkcs#11v2.20 and CCA expect the signature length to be
         * twice the length of p.
         * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.)
         */
        for (i = 0; i < NUMEC; i++) {
                if ((memcmp(attr->pValue, der_ec_supported[i].data,
                                attr->ulValueLen) == 0)) {
			*size = der_ec_supported[i].len_bits;
			/* round up if necessary */
			if ((*size % 8) == 0)
				*size = (*size / 8) * 2;
			else
				*size = ((*size / 8) + 1) * 2;
			TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size);
                        return CKR_OK;
                }
        }

        TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
        return CKR_MECHANISM_PARAM_INVALID;
}

CK_RV
ec_sign( SESSION			*sess,
               CK_BBOOL			length_only,
               SIGN_VERIFY_CONTEXT	*ctx,

Lines 301-306 Link Here

(-)a/usr/lib/pkcs11/common/mech_rng.c (+1 lines)
301	#include <sys/types.h>	301	#include <sys/types.h>
302	#include <sys/stat.h>	302	#include <sys/stat.h>
303	#include <fcntl.h>	303	#include <fcntl.h>
		304	#include <unistd.h>
304		305
305	#include "pkcs11types.h"	306	#include "pkcs11types.h"
306	#include "defs.h"	307	#include "defs.h"

Lines 24-29 Link Here

(-)a/usr/lib/pkcs11/ep11_stdll/Makefile.am (+1 lines)
24	../common/dig_mgr.c \	24	../common/dig_mgr.c \
25	../common/globals.c \	25	../common/globals.c \
26	../common/loadsave.c \	26	../common/loadsave.c \
		27	../common/mech_ec.c \
27	../common/mech_md5.c \	28	../common/mech_md5.c \
28	../common/mech_md2.c \	29	../common/mech_md2.c \
29	../common/mech_rng.c \	30	../common/mech_rng.c \




					      ../common/dig_mgr.c	\
					      ../common/encr_mgr.c	\
					      ../common/globals.c	\
					      ../common/sw_crypt.c	\
					      ../common/loadsave.c	\
					      ../common/key.c		\
					      ../common/key_mgr.c	\
					      ../common/mech_des.c	\
					      ../common/mech_des3.c	\
					      ../common/mech_aes.c	\
					      ../common/mech_ec.c	\
					      ../common/mech_md5.c	\
					      ../common/mech_md2.c	\
					      ../common/mech_rng.c	\




					       -lcrypto			\
					       -lldap			\
					       -lpthread		\
					       -lrt				\
					       -llber

opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c		\
					       ../common/btree.c	\

					       ../common/key.c		\
					       ../common/mech_dh.c	\
					       ../common/mech_rng.c	\
					       ../common/mech_ec.c	\
					       new_host.c		\
					       ../common/sign_mgr.c	\
					       ../common/cert.c		\

					       ../common/object.c	\
					       ../common/decr_mgr.c	\
					       ../common/globals.c	\
					       ../common/sw_crypt.c	\
					       ../common/loadsave.c	\
					       ../common/utility.c	\
					       ../common/mech_des.c	\

Lines 15-20 Link Here

(-)a/usr/lib/pkcs11/icsf_stdll/icsf.c (+1 lines)
15	#include <string.h>	15	#include <string.h>
16	#include <ctype.h>	16	#include <ctype.h>
17	#include "icsf.h"	17	#include "icsf.h"
		18	#include <lber.h>
18		19
19	/* For logging functions: */	20	/* For logging functions: */
20	#include "defs.h"	21	#include "defs.h"

Lines 23-28 Link Here

(-)a/usr/lib/pkcs11/soft_stdll/Makefile.am (+2 lines)
23	../common/dig_mgr.c \	23	../common/dig_mgr.c \
24	../common/encr_mgr.c \	24	../common/encr_mgr.c \
25	../common/globals.c \	25	../common/globals.c \
		26	../common/sw_crypt.c \
26	../common/loadsave.c \	27	../common/loadsave.c \
27	../common/key.c \	28	../common/key.c \
28	../common/key_mgr.c \	29	../common/key_mgr.c \
Lines 36-41 Link Here
36	../common/mech_rsa.c \	37	../common/mech_rsa.c \
37	../common/mech_sha.c \	38	../common/mech_sha.c \
38	../common/mech_ssl3.c \	39	../common/mech_ssl3.c \
		40	../common/mech_ec.c \
39	../common/new_host.c \	41	../common/new_host.c \
40	../common/obj_mgr.c \	42	../common/obj_mgr.c \
41	../common/object.c \	43	../common/object.c \

Lines 28-33 Link Here

(-)a/usr/lib/pkcs11/tpm_stdll/Makefile.am (+2 lines)
28	../common/key.c \	28	../common/key.c \
29	../common/mech_dh.c \	29	../common/mech_dh.c \
30	../common/mech_rng.c \	30	../common/mech_rng.c \
		31	../common/mech_ec.c \
31	../common/new_host.c \	32	../common/new_host.c \
32	../common/sign_mgr.c \	33	../common/sign_mgr.c \
33	../common/cert.c \	34	../common/cert.c \
Lines 46-51 Link Here
46	../common/object.c \	47	../common/object.c \
47	../common/decr_mgr.c \	48	../common/decr_mgr.c \
48	../common/globals.c \	49	../common/globals.c \
		50	../common/sw_crypt.c \
49	../common/loadsave.c \	51	../common/loadsave.c \
50	../common/utility.c \	52	../common/utility.c \
51	../common/mech_des.c \	53	../common/mech_des.c \

Lines 8-13 Link Here

(-)a/usr/sbin/pkcsicsf/pkcsicsf.c (+1 lines)
8	#include <sys/types.h>	8	#include <sys/types.h>
9	#include <sys/stat.h>	9	#include <sys/stat.h>
10	#include <fcntl.h>	10	#include <fcntl.h>
		11	#include <strings.h>
11		12
12	#include "icsf.h"	13	#include "icsf.h"
13	#include "slotmgr.h"	14	#include "slotmgr.h"

Lines 294-299 Link Here

(-)a/usr/sbin/pkcsslotd/garbage_linux.c (+1 lines)
294	#include <string.h>	294	#include <string.h>
295	#include <sys/types.h>	295	#include <sys/types.h>
296	#include <fcntl.h>	296	#include <fcntl.h>
		297	#include <unistd.h>
297		298
298	#include "log.h"	299	#include "log.h"
299	#include "slotmgr.h"	300	#include "slotmgr.h"

Lines 294-299 Link Here

(-)a/usr/sbin/pkcsslotd/log.c (+2 lines)
294	#include <syslog.h>	294	#include <syslog.h>
295	#include <stdarg.h>	295	#include <stdarg.h>
296	#include <sys/types.h>	296	#include <sys/types.h>
		297	#include <unistd.h>
		298	#include <stdlib.h>
297		299
298	#include "log.h"	300	#include "log.h"
299	#include "err.h"	301	#include "err.h"

Lines 292-297 Link Here

(-)a/usr/sbin/pkcsslotd/mutex.c (+3 lines)
292	#include <stdarg.h>	292	#include <stdarg.h>
293	#include <sys/types.h>	293	#include <sys/types.h>
294	#include <sys/file.h>	294	#include <sys/file.h>
		295	#include <sys/stat.h>
		296	#include <string.h>
		297	#include <unistd.h>
295	#include <grp.h>	298	#include <grp.h>
296		299
297	#include "log.h"	300	#include "log.h"

Lines 292-300 Link Here

(-)a/usr/sbin/pkcsslotd/slotmgr.c (+3 lines)
292	#include <stdio.h>	292	#include <stdio.h>
293	#include <stdlib.h>	293	#include <stdlib.h>
294	#include <errno.h>	294	#include <errno.h>
		295	#include <unistd.h>
295		296
296	#include "log.h"	297	#include "log.h"
297	#include "slotmgr.h"	298	#include "slotmgr.h"
		299	#include "pkcsslotd.h"
		300	#include "parser.h"
298		301
299	Slot_Mgr_Shr_t *shmp; // pointer to the shared memory region.	302	Slot_Mgr_Shr_t *shmp; // pointer to the shared memory region.
300	int shmid;	303	int shmid;

Return to bug 553150

Lines 2336-2375 Link Here

(-)a/usr/lib/pkcs11/cca_stdll/cca_specific.c (-37 lines)
2336		2336
2337	return CKR_OK;	2337	return CKR_OK;
2338	}	2338	}
2339
2340	CK_RV
2341	get_ecsiglen(OBJECT key_obj, CK_ULONG size)
2342	{
2343	CK_BBOOL flag;
2344	CK_ATTRIBUTE *attr = NULL;
2345	int i;
2346
2347	flag = template_attribute_find( key_obj->template,
2348	CKA_ECDSA_PARAMS, &attr );
2349	if (flag == FALSE) {
2350	TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n");
2351	return CKR_FUNCTION_FAILED;
2352	}
2353
2354	/* loop thru supported curves to find the size.
2355	* both pkcs#11v2.20 and CCA expect the signature length to be
2356	* twice the length of p.
2357	* (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.)
2358	*/
2359	for (i = 0; i < NUMEC; i++) {
2360	if ((memcmp(attr->pValue, der_ec_supported[i].data,
2361	attr->ulValueLen) == 0)) {
2362	*size = der_ec_supported[i].len_bits;
2363	/* round up if necessary */
2364	if ((*size % 8) == 0)
2365	size = (size / 8) * 2;
2366	else
2367	size = ((size / 8) + 1) * 2;
2368	TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size);
2369	return CKR_OK;
2370	}
2371	}
2372
2373	TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
2374	return CKR_MECHANISM_PARAM_INVALID;
2375	}

Lines 30-47 Link Here

(-)a/usr/lib/pkcs11/common/ec_defs.h (-27 / +13 lines)
30		30
31	/* Supported Elliptic Curves */	31	/* Supported Elliptic Curves */
32	#define NUMEC 12 /* number of supported curves */	32	#define NUMEC 12 /* number of supported curves */
33	CK_BYTE brainpoolP160r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01 };	33	extern CK_BYTE brainpoolP160r1[];
34	CK_BYTE brainpoolP192r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03 };	34	extern CK_BYTE brainpoolP192r1[];
35	CK_BYTE brainpoolP224r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05 };	35	extern CK_BYTE brainpoolP224r1[];
36	CK_BYTE brainpoolP256r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07 };	36	extern CK_BYTE brainpoolP256r1[];
37	CK_BYTE brainpoolP320r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x09 };	37	extern CK_BYTE brainpoolP320r1[];
38	CK_BYTE brainpoolP384r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B };	38	extern CK_BYTE brainpoolP384r1[];
39	CK_BYTE brainpoolP512r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D };	39	extern CK_BYTE brainpoolP512r1[];
40	CK_BYTE prime192[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01 };	40	extern CK_BYTE prime192[];
41	CK_BYTE secp224[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 };	41	extern CK_BYTE secp224[];
42	CK_BYTE prime256[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 };	42	extern CK_BYTE prime256[];
43	CK_BYTE secp384[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 };	43	extern CK_BYTE secp384[];
44	CK_BYTE secp521[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 };	44	extern CK_BYTE secp521[];
45		45
46	// structure of supported Elliptic Curves	46	// structure of supported Elliptic Curves
47		47
Lines 52-70 Link Here
52	CK_VOID_PTR data;	52	CK_VOID_PTR data;
53	}__attribute__ ((__packed__));	53	}__attribute__ ((__packed__));
54		54
55	struct _ec der_ec_supported[NUMEC] = {	55	extern struct _ec der_ec_supported[NUMEC];
56	{BRAINPOOL_CURVE, CURVE160, sizeof(brainpoolP160r1), &brainpoolP160r1},
57	{BRAINPOOL_CURVE, CURVE192, sizeof(brainpoolP192r1), &brainpoolP192r1},
58	{BRAINPOOL_CURVE, CURVE224, sizeof(brainpoolP224r1), &brainpoolP224r1},
59	{BRAINPOOL_CURVE, CURVE256, sizeof(brainpoolP256r1), &brainpoolP256r1},
60	{BRAINPOOL_CURVE, CURVE320, sizeof(brainpoolP320r1), &brainpoolP320r1},
61	{BRAINPOOL_CURVE, CURVE384, sizeof(brainpoolP384r1), &brainpoolP384r1},
62	{BRAINPOOL_CURVE, CURVE512, sizeof(brainpoolP512r1), &brainpoolP512r1},
63	{PRIME_CURVE, CURVE192, sizeof(prime192), &prime192},
64	{PRIME_CURVE, CURVE224, sizeof(secp224), &secp224},
65	{PRIME_CURVE, CURVE256, sizeof(prime256), &prime256},
66	{PRIME_CURVE, CURVE384, sizeof(secp384), &secp384},
67	{PRIME_CURVE, CURVE521, sizeof(secp521), &secp521},
68	};
69
70	#endif	56	#endif

Lines 20-25 Link Here

(-)a/usr/lib/pkcs11/common/mech_ec.c (+67 lines)
20	#include "h_extern.h"	20	#include "h_extern.h"
21	#include "tok_spec_struct.h"	21	#include "tok_spec_struct.h"
22	#include "trace.h"	22	#include "trace.h"
		23	#include <stdint.h>
		24	#include "ec_defs.h"
		25
		26	CK_BYTE brainpoolP160r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01 };
		27	CK_BYTE brainpoolP192r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03 };
		28	CK_BYTE brainpoolP224r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05 };
		29	CK_BYTE brainpoolP256r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07 };
		30	CK_BYTE brainpoolP320r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x09 };
		31	CK_BYTE brainpoolP384r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B };
		32	CK_BYTE brainpoolP512r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D };
		33	CK_BYTE prime192[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01 };
		34	CK_BYTE secp224[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 };
		35	CK_BYTE prime256[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 };
		36	CK_BYTE secp384[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 };
		37	CK_BYTE secp521[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 };
		38
		39	struct _ec der_ec_supported[NUMEC] = {
		40	{BRAINPOOL_CURVE, CURVE160, sizeof(brainpoolP160r1), &brainpoolP160r1},
		41	{BRAINPOOL_CURVE, CURVE192, sizeof(brainpoolP192r1), &brainpoolP192r1},
		42	{BRAINPOOL_CURVE, CURVE224, sizeof(brainpoolP224r1), &brainpoolP224r1},
		43	{BRAINPOOL_CURVE, CURVE256, sizeof(brainpoolP256r1), &brainpoolP256r1},
		44	{BRAINPOOL_CURVE, CURVE320, sizeof(brainpoolP320r1), &brainpoolP320r1},
		45	{BRAINPOOL_CURVE, CURVE384, sizeof(brainpoolP384r1), &brainpoolP384r1},
		46	{BRAINPOOL_CURVE, CURVE512, sizeof(brainpoolP512r1), &brainpoolP512r1},
		47	{PRIME_CURVE, CURVE192, sizeof(prime192), &prime192},
		48	{PRIME_CURVE, CURVE224, sizeof(secp224), &secp224},
		49	{PRIME_CURVE, CURVE256, sizeof(prime256), &prime256},
		50	{PRIME_CURVE, CURVE384, sizeof(secp384), &secp384},
		51	{PRIME_CURVE, CURVE521, sizeof(secp521), &secp521},
		52	};
23		53
24	CK_RV	54	CK_RV
25	ckm_ec_key_pair_gen( TEMPLATE * publ_tmpl,	55	ckm_ec_key_pair_gen( TEMPLATE * publ_tmpl,
Lines 66-71 Link Here
66	}	96	}
67		97
68	CK_RV	98	CK_RV
		99	get_ecsiglen(OBJECT key_obj, CK_ULONG size)
		100	{
		101	CK_BBOOL flag;
		102	CK_ATTRIBUTE *attr = NULL;
		103	int i;
		104
		105	flag = template_attribute_find( key_obj->template,
		106	CKA_ECDSA_PARAMS, &attr );
		107	if (flag == FALSE) {
		108	TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n");
		109	return CKR_FUNCTION_FAILED;
		110	}
		111
		112	/* loop thru supported curves to find the size.
		113	* both pkcs#11v2.20 and CCA expect the signature length to be
		114	* twice the length of p.
		115	* (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.)
		116	*/
		117	for (i = 0; i < NUMEC; i++) {
		118	if ((memcmp(attr->pValue, der_ec_supported[i].data,
		119	attr->ulValueLen) == 0)) {
		120	*size = der_ec_supported[i].len_bits;
		121	/* round up if necessary */
		122	if ((*size % 8) == 0)
		123	size = (size / 8) * 2;
		124	else
		125	size = ((size / 8) + 1) * 2;
		126	TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size);
		127	return CKR_OK;
		128	}
		129	}
		130
		131	TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
		132	return CKR_MECHANISM_PARAM_INVALID;
		133	}
		134
		135	CK_RV
69	ec_sign( SESSION *sess,	136	ec_sign( SESSION *sess,
70	CK_BBOOL length_only,	137	CK_BBOOL length_only,
71	SIGN_VERIFY_CONTEXT *ctx,	138	SIGN_VERIFY_CONTEXT *ctx,

Lines 28-39 Link Here

(-)a/usr/lib/pkcs11/ica_s390_stdll/Makefile.am (+2 lines)
28	../common/dig_mgr.c \	28	../common/dig_mgr.c \
29	../common/encr_mgr.c \	29	../common/encr_mgr.c \
30	../common/globals.c \	30	../common/globals.c \
		31	../common/sw_crypt.c \
31	../common/loadsave.c \	32	../common/loadsave.c \
32	../common/key.c \	33	../common/key.c \
33	../common/key_mgr.c \	34	../common/key_mgr.c \
34	../common/mech_des.c \	35	../common/mech_des.c \
35	../common/mech_des3.c \	36	../common/mech_des3.c \
36	../common/mech_aes.c \	37	../common/mech_aes.c \
		38	../common/mech_ec.c \
37	../common/mech_md5.c \	39	../common/mech_md5.c \
38	../common/mech_md2.c \	40	../common/mech_md2.c \
39	../common/mech_rng.c \	41	../common/mech_rng.c \

Lines 24-30 Link Here

(-)a/usr/lib/pkcs11/icsf_stdll/Makefile.am (-1 / +4 lines)
24	-lcrypto \	24	-lcrypto \
25	-lldap \	25	-lldap \
26	-lpthread \	26	-lpthread \
27	-lrt	27	-lrt \
		28	-llber
28		29
29	opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \	30	opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \
30	../common/btree.c \	31	../common/btree.c \
Lines 34-39 Link Here
34	../common/key.c \	35	../common/key.c \
35	../common/mech_dh.c \	36	../common/mech_dh.c \
36	../common/mech_rng.c \	37	../common/mech_rng.c \
		38	../common/mech_ec.c \
37	new_host.c \	39	new_host.c \
38	../common/sign_mgr.c \	40	../common/sign_mgr.c \
39	../common/cert.c \	41	../common/cert.c \
Lines 51-56 Link Here
51	../common/object.c \	53	../common/object.c \
52	../common/decr_mgr.c \	54	../common/decr_mgr.c \
53	../common/globals.c \	55	../common/globals.c \
		56	../common/sw_crypt.c \
54	../common/loadsave.c \	57	../common/loadsave.c \
55	../common/utility.c \	58	../common/utility.c \
56	../common/mech_des.c \	59	../common/mech_des.c \