--- a/configure.in 2015-04-17 21:56:31.000000000 +0200 +++ a/configure.in 2015-06-18 09:44:01.646157306 +0200 @@ -4,7 +4,7 @@ dnl Needed for $target! AC_CANONICAL_SYSTEM -AM_INIT_AUTOMAKE([foreign 1.6]) +AM_INIT_AUTOMAKE([foreign 1.6 subdir-objects]) dnl Checks for header files. AC_DISABLE_STATIC --- a/usr/lib/pkcs11/cca_stdll/cca_specific.c 2015-04-17 21:56:31.000000000 +0200 +++ a/usr/lib/pkcs11/cca_stdll/cca_specific.c 2015-06-18 09:44:01.647157304 +0200 @@ -2336,40 +2336,3 @@ return CKR_OK; } - -CK_RV -get_ecsiglen(OBJECT *key_obj, CK_ULONG *size) -{ - CK_BBOOL flag; - CK_ATTRIBUTE *attr = NULL; - int i; - - flag = template_attribute_find( key_obj->template, - CKA_ECDSA_PARAMS, &attr ); - if (flag == FALSE) { - TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n"); - return CKR_FUNCTION_FAILED; - } - - /* loop thru supported curves to find the size. - * both pkcs#11v2.20 and CCA expect the signature length to be - * twice the length of p. - * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.) - */ - for (i = 0; i < NUMEC; i++) { - if ((memcmp(attr->pValue, der_ec_supported[i].data, - attr->ulValueLen) == 0)) { - *size = der_ec_supported[i].len_bits; - /* round up if necessary */ - if ((*size % 8) == 0) - *size = (*size / 8) * 2; - else - *size = ((*size / 8) + 1) * 2; - TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size); - return CKR_OK; - } - } - - TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID)); - return CKR_MECHANISM_PARAM_INVALID; -} --- a/usr/lib/pkcs11/common/btree.c 2015-04-17 21:56:31.000000000 +0200 +++ a/usr/lib/pkcs11/common/btree.c 2015-06-18 09:44:01.647157304 +0200 @@ -231,7 +231,7 @@ * * return 0 if binary tree has at least 1 node in use, !0 otherwise */ -inline int +extern inline int bt_is_empty(struct btree *t) { return (t->free_nodes == t->size); --- a/usr/lib/pkcs11/common/ec_defs.h 2015-04-17 21:56:31.000000000 +0200 +++ a/usr/lib/pkcs11/common/ec_defs.h 2015-06-18 09:44:01.647157304 +0200 @@ -30,18 +30,18 @@ /* Supported Elliptic Curves */ #define NUMEC 12 /* number of supported curves */ -CK_BYTE brainpoolP160r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01 }; -CK_BYTE brainpoolP192r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03 }; -CK_BYTE brainpoolP224r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05 }; -CK_BYTE brainpoolP256r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07 }; -CK_BYTE brainpoolP320r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x09 }; -CK_BYTE brainpoolP384r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B }; -CK_BYTE brainpoolP512r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D }; -CK_BYTE prime192[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01 }; -CK_BYTE secp224[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 }; -CK_BYTE prime256[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 }; -CK_BYTE secp384[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 }; -CK_BYTE secp521[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 }; +extern CK_BYTE brainpoolP160r1[]; +extern CK_BYTE brainpoolP192r1[]; +extern CK_BYTE brainpoolP224r1[]; +extern CK_BYTE brainpoolP256r1[]; +extern CK_BYTE brainpoolP320r1[]; +extern CK_BYTE brainpoolP384r1[]; +extern CK_BYTE brainpoolP512r1[]; +extern CK_BYTE prime192[]; +extern CK_BYTE secp224[]; +extern CK_BYTE prime256[]; +extern CK_BYTE secp384[]; +extern CK_BYTE secp521[]; // structure of supported Elliptic Curves @@ -52,19 +52,5 @@ CK_VOID_PTR data; }__attribute__ ((__packed__)); -struct _ec der_ec_supported[NUMEC] = { - {BRAINPOOL_CURVE, CURVE160, sizeof(brainpoolP160r1), &brainpoolP160r1}, - {BRAINPOOL_CURVE, CURVE192, sizeof(brainpoolP192r1), &brainpoolP192r1}, - {BRAINPOOL_CURVE, CURVE224, sizeof(brainpoolP224r1), &brainpoolP224r1}, - {BRAINPOOL_CURVE, CURVE256, sizeof(brainpoolP256r1), &brainpoolP256r1}, - {BRAINPOOL_CURVE, CURVE320, sizeof(brainpoolP320r1), &brainpoolP320r1}, - {BRAINPOOL_CURVE, CURVE384, sizeof(brainpoolP384r1), &brainpoolP384r1}, - {BRAINPOOL_CURVE, CURVE512, sizeof(brainpoolP512r1), &brainpoolP512r1}, - {PRIME_CURVE, CURVE192, sizeof(prime192), &prime192}, - {PRIME_CURVE, CURVE224, sizeof(secp224), &secp224}, - {PRIME_CURVE, CURVE256, sizeof(prime256), &prime256}, - {PRIME_CURVE, CURVE384, sizeof(secp384), &secp384}, - {PRIME_CURVE, CURVE521, sizeof(secp521), &secp521}, -}; - +extern struct _ec der_ec_supported[NUMEC]; #endif --- a/usr/lib/pkcs11/common/mech_ec.c 2015-04-17 21:56:31.000000000 +0200 +++ a/usr/lib/pkcs11/common/mech_ec.c 2015-06-18 09:47:52.157621197 +0200 @@ -20,6 +20,36 @@ #include "h_extern.h" #include "tok_spec_struct.h" #include "trace.h" +#include +#include "ec_defs.h" + +CK_BYTE brainpoolP160r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x01 }; +CK_BYTE brainpoolP192r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x03 }; +CK_BYTE brainpoolP224r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x05 }; +CK_BYTE brainpoolP256r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07 }; +CK_BYTE brainpoolP320r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x09 }; +CK_BYTE brainpoolP384r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B }; +CK_BYTE brainpoolP512r1[] = { 0x06, 0x09, 0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D }; +CK_BYTE prime192[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x01 }; +CK_BYTE secp224[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 }; +CK_BYTE prime256[] = { 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07 }; +CK_BYTE secp384[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 }; +CK_BYTE secp521[] = { 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 }; + +struct _ec der_ec_supported[NUMEC] = { + {BRAINPOOL_CURVE, CURVE160, sizeof(brainpoolP160r1), &brainpoolP160r1}, + {BRAINPOOL_CURVE, CURVE192, sizeof(brainpoolP192r1), &brainpoolP192r1}, + {BRAINPOOL_CURVE, CURVE224, sizeof(brainpoolP224r1), &brainpoolP224r1}, + {BRAINPOOL_CURVE, CURVE256, sizeof(brainpoolP256r1), &brainpoolP256r1}, + {BRAINPOOL_CURVE, CURVE320, sizeof(brainpoolP320r1), &brainpoolP320r1}, + {BRAINPOOL_CURVE, CURVE384, sizeof(brainpoolP384r1), &brainpoolP384r1}, + {BRAINPOOL_CURVE, CURVE512, sizeof(brainpoolP512r1), &brainpoolP512r1}, + {PRIME_CURVE, CURVE192, sizeof(prime192), &prime192}, + {PRIME_CURVE, CURVE224, sizeof(secp224), &secp224}, + {PRIME_CURVE, CURVE256, sizeof(prime256), &prime256}, + {PRIME_CURVE, CURVE384, sizeof(secp384), &secp384}, + {PRIME_CURVE, CURVE521, sizeof(secp521), &secp521}, +}; CK_RV ckm_ec_key_pair_gen( TEMPLATE * publ_tmpl, @@ -66,6 +96,43 @@ } CK_RV +get_ecsiglen(OBJECT *key_obj, CK_ULONG *size) +{ + CK_BBOOL flag; + CK_ATTRIBUTE *attr = NULL; + int i; + + flag = template_attribute_find( key_obj->template, + CKA_ECDSA_PARAMS, &attr ); + if (flag == FALSE) { + TRACE_ERROR("Could not find CKA_ECDSA_PARAMS for the key.\n"); + return CKR_FUNCTION_FAILED; + } + + /* loop thru supported curves to find the size. + * both pkcs#11v2.20 and CCA expect the signature length to be + * twice the length of p. + * (See EC Signatures in pkcs#11v2.20 and docs for CSNDDSG.) + */ + for (i = 0; i < NUMEC; i++) { + if ((memcmp(attr->pValue, der_ec_supported[i].data, + attr->ulValueLen) == 0)) { + *size = der_ec_supported[i].len_bits; + /* round up if necessary */ + if ((*size % 8) == 0) + *size = (*size / 8) * 2; + else + *size = ((*size / 8) + 1) * 2; + TRACE_DEVEL("getlen, curve = %d, size = %d\n", der_ec_supported[i].len_bits, *size); + return CKR_OK; + } + } + + TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID)); + return CKR_MECHANISM_PARAM_INVALID; +} + +CK_RV ec_sign( SESSION *sess, CK_BBOOL length_only, SIGN_VERIFY_CONTEXT *ctx, --- a/usr/lib/pkcs11/common/mech_rng.c 2015-04-17 21:56:31.000000000 +0200 +++ a/usr/lib/pkcs11/common/mech_rng.c 2015-06-18 09:44:01.647157304 +0200 @@ -301,6 +301,7 @@ #include #include #include +#include #include "pkcs11types.h" #include "defs.h" --- a/usr/lib/pkcs11/ep11_stdll/Makefile.am 2015-04-17 21:56:32.000000000 +0200 +++ a/usr/lib/pkcs11/ep11_stdll/Makefile.am 2015-06-18 09:44:01.647157304 +0200 @@ -24,6 +24,7 @@ ../common/dig_mgr.c \ ../common/globals.c \ ../common/loadsave.c \ + ../common/mech_ec.c \ ../common/mech_md5.c \ ../common/mech_md2.c \ ../common/mech_rng.c \ --- a/usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2015-04-17 21:56:32.000000000 +0200 +++ a/usr/lib/pkcs11/ica_s390_stdll/Makefile.am 2015-06-18 09:44:01.647157304 +0200 @@ -28,12 +28,14 @@ ../common/dig_mgr.c \ ../common/encr_mgr.c \ ../common/globals.c \ + ../common/sw_crypt.c \ ../common/loadsave.c \ ../common/key.c \ ../common/key_mgr.c \ ../common/mech_des.c \ ../common/mech_des3.c \ ../common/mech_aes.c \ + ../common/mech_ec.c \ ../common/mech_md5.c \ ../common/mech_md2.c \ ../common/mech_rng.c \ --- a/usr/lib/pkcs11/icsf_stdll/Makefile.am 2015-04-17 21:56:32.000000000 +0200 +++ a/usr/lib/pkcs11/icsf_stdll/Makefile.am 2015-06-18 09:44:01.648157302 +0200 @@ -24,7 +24,8 @@ -lcrypto \ -lldap \ -lpthread \ - -lrt + -lrt \ + -llber opencryptoki_stdll_libpkcs11_icsf_la_SOURCES = ../common/asn1.c \ ../common/btree.c \ @@ -34,6 +35,7 @@ ../common/key.c \ ../common/mech_dh.c \ ../common/mech_rng.c \ + ../common/mech_ec.c \ new_host.c \ ../common/sign_mgr.c \ ../common/cert.c \ @@ -51,6 +53,7 @@ ../common/object.c \ ../common/decr_mgr.c \ ../common/globals.c \ + ../common/sw_crypt.c \ ../common/loadsave.c \ ../common/utility.c \ ../common/mech_des.c \ --- a/usr/lib/pkcs11/icsf_stdll/icsf.c 2015-04-17 21:56:32.000000000 +0200 +++ a/usr/lib/pkcs11/icsf_stdll/icsf.c 2015-06-18 09:44:01.648157302 +0200 @@ -15,6 +15,7 @@ #include #include #include "icsf.h" +#include /* For logging functions: */ #include "defs.h" --- a/usr/lib/pkcs11/soft_stdll/Makefile.am 2015-04-17 21:56:32.000000000 +0200 +++ a/usr/lib/pkcs11/soft_stdll/Makefile.am 2015-06-18 09:44:01.648157302 +0200 @@ -23,6 +23,7 @@ ../common/dig_mgr.c \ ../common/encr_mgr.c \ ../common/globals.c \ + ../common/sw_crypt.c \ ../common/loadsave.c \ ../common/key.c \ ../common/key_mgr.c \ @@ -36,6 +37,7 @@ ../common/mech_rsa.c \ ../common/mech_sha.c \ ../common/mech_ssl3.c \ + ../common/mech_ec.c \ ../common/new_host.c \ ../common/obj_mgr.c \ ../common/object.c \ --- a/usr/lib/pkcs11/tpm_stdll/Makefile.am 2015-04-17 21:56:32.000000000 +0200 +++ a/usr/lib/pkcs11/tpm_stdll/Makefile.am 2015-06-18 09:44:01.648157302 +0200 @@ -28,6 +28,7 @@ ../common/key.c \ ../common/mech_dh.c \ ../common/mech_rng.c \ + ../common/mech_ec.c \ ../common/new_host.c \ ../common/sign_mgr.c \ ../common/cert.c \ @@ -46,6 +47,7 @@ ../common/object.c \ ../common/decr_mgr.c \ ../common/globals.c \ + ../common/sw_crypt.c \ ../common/loadsave.c \ ../common/utility.c \ ../common/mech_des.c \ --- a/usr/sbin/pkcsicsf/pkcsicsf.c 2015-04-17 21:56:32.000000000 +0200 +++ a/usr/sbin/pkcsicsf/pkcsicsf.c 2015-06-18 09:44:01.648157302 +0200 @@ -8,6 +8,7 @@ #include #include #include +#include #include "icsf.h" #include "slotmgr.h" --- a/usr/sbin/pkcsslotd/garbage_linux.c 2015-04-17 21:56:32.000000000 +0200 +++ a/usr/sbin/pkcsslotd/garbage_linux.c 2015-06-18 09:44:01.648157302 +0200 @@ -294,6 +294,7 @@ #include #include #include +#include #include "log.h" #include "slotmgr.h" --- a/usr/sbin/pkcsslotd/log.c 2015-04-17 21:56:32.000000000 +0200 +++ a/usr/sbin/pkcsslotd/log.c 2015-06-18 09:44:01.649157299 +0200 @@ -294,6 +294,8 @@ #include #include #include +#include +#include #include "log.h" #include "err.h" --- a/usr/sbin/pkcsslotd/mutex.c 2015-04-17 21:56:32.000000000 +0200 +++ a/usr/sbin/pkcsslotd/mutex.c 2015-06-18 09:44:01.649157299 +0200 @@ -292,6 +292,9 @@ #include #include #include +#include +#include +#include #include #include "log.h" --- a/usr/sbin/pkcsslotd/slotmgr.c 2015-04-17 21:56:32.000000000 +0200 +++ a/usr/sbin/pkcsslotd/slotmgr.c 2015-06-18 09:44:01.649157299 +0200 @@ -292,9 +292,12 @@ #include #include #include +#include #include "log.h" #include "slotmgr.h" +#include "pkcsslotd.h" +#include "parser.h" Slot_Mgr_Shr_t *shmp; // pointer to the shared memory region. int shmid;