Skip to content

Commit

Permalink
signature: Use no-allowed-mechinisms quirk also during signature time
Browse files Browse the repository at this point in the history
Signed-off-by: Jakub Jelen <[email protected]>
  • Loading branch information
Jakuje committed Oct 24, 2024
1 parent 7ce2bf6 commit b436a0f
Showing 1 changed file with 18 additions and 2 deletions.
20 changes: 18 additions & 2 deletions src/signature.c
Original file line number Diff line number Diff line change
Expand Up @@ -430,9 +430,25 @@ static CK_RSA_PKCS_MGF_TYPE p11prov_sig_map_mgf(const char *digest_name)
static CK_RV p11prov_sig_pss_restrictions(P11PROV_SIG_CTX *sigctx,
CK_MECHANISM *mechanism)
{
CK_ATTRIBUTE *allowed_mechs =
p11prov_obj_get_attr(sigctx->key, CKA_ALLOWED_MECHANISMS);
CK_BBOOL token_supports_allowed_mechs = CK_TRUE;
CK_ATTRIBUTE *allowed_mechs = NULL;
CK_RV ret;

/* check if we can add CKA_ALLOWED_MECHANISMS at all */
ret = p11prov_token_sup_attr(sigctx->provctx, p11prov_obj_get_slotid(sigctx->key),
GET_ATTR, CKA_ALLOWED_MECHANISMS,
&token_supports_allowed_mechs);
if (ret != CKR_OK) {
P11PROV_raise(sigctx->provctx, ret,
"Failed to probe CKA_ALLOWED_MECHANISMS quirk");
return ret;
}
if (token_supports_allowed_mechs == CK_FALSE) {
/* Token does not support ALLOWED_MECHANISMS so there are no restrictions */
return CKR_OK;
}

allowed_mechs = p11prov_obj_get_attr(sigctx->key, CKA_ALLOWED_MECHANISMS);
if (allowed_mechs) {
CK_ATTRIBUTE_TYPE *mechs = (CK_ATTRIBUTE_TYPE *)allowed_mechs->pValue;
int num_mechs = allowed_mechs->ulValueLen / sizeof(CK_MECHANISM_TYPE);
Expand Down

0 comments on commit b436a0f

Please sign in to comment.