diff -up ./src/coolkey/coolkey.cpp.fail-on-bad-mechanisms ./src/coolkey/coolkey.cpp
--- ./src/coolkey/coolkey.cpp.fail-on-bad-mechanisms 2016-06-16 14:36:05.934755563 -0700
+++ ./src/coolkey/coolkey.cpp 2016-06-16 14:36:05.945755372 -0700
@@ -77,7 +77,8 @@ rsaMechanismList[] = {
static const MechInfo
ecMechanismList[] = {
- {CKM_ECDSA,{256,521,CKF_HW | CKF_SIGN | CKF_EC_F_P}},{ CKM_ECDSA_SHA1, {256, 521, CKF_HW | CKF_SIGN | CKF_EC_F_P}},{ CKM_ECDH1_DERIVE,{256, 521, CKF_HW | CKF_DERIVE | CKF_EC_F_P} }
+ {CKM_ECDSA,{256,521,CKF_HW | CKF_SIGN | CKF_EC_F_P}},
+ {CKM_ECDH1_DERIVE,{256, 521, CKF_HW | CKF_DERIVE | CKF_EC_F_P} }
};
unsigned int numRSAMechanisms = sizeof(rsaMechanismList)/sizeof(MechInfo);
diff -up ./src/coolkey/slot.cpp.fail-on-bad-mechanisms ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.fail-on-bad-mechanisms 2016-06-16 14:36:05.943755407 -0700
+++ ./src/coolkey/slot.cpp 2016-06-16 15:07:40.255882660 -0700
@@ -4185,11 +4185,30 @@ Slot::signInit(SessionHandleSuffix suffi
{
refreshTokenState();
SessionIter session = findSession(suffix);
+ PKCS11Object *key = getKeyFromHandle(hKey);
if( session == sessions.end() ) {
throw PKCS11Exception(CKR_SESSION_HANDLE_INVALID);
}
+ if (pMechanism == NULL) {
+ throw PKCS11Exception(CKR_ARGUMENTS_BAD);
+ }
+
+ switch (pMechanism->mechanism) {
+ case CKM_RSA_PKCS:
+ if (key->getKeyType() != Key::rsa) {
+ throw PKCS11Exception(CKR_KEY_TYPE_INCONSISTENT);
+ }
+ break;
+ case CKM_ECDSA:
+ if (key->getKeyType() != Key::ecc) {
+ throw PKCS11Exception(CKR_KEY_TYPE_INCONSISTENT);
+ }
+ break;
+ default:
+ throw PKCS11Exception(CKR_MECHANISM_INVALID);
+ }
- session->signatureState.initialize(getKeyFromHandle(hKey));
+ session->signatureState.initialize(key);
}
void
@@ -4198,11 +4217,24 @@ Slot::decryptInit(SessionHandleSuffix su
{
refreshTokenState();
SessionIter session = findSession(suffix);
+ PKCS11Object *key = getKeyFromHandle(hKey);
if( session == sessions.end() ) {
throw PKCS11Exception(CKR_SESSION_HANDLE_INVALID);
}
+ if (pMechanism == NULL) {
+ throw PKCS11Exception(CKR_ARGUMENTS_BAD);
+ }
+ switch (pMechanism->mechanism) {
+ case CKM_RSA_PKCS:
+ if (key->getKeyType() != Key::rsa) {
+ throw PKCS11Exception(CKR_KEY_TYPE_INCONSISTENT);
+ }
+ break;
+ default:
+ throw PKCS11Exception(CKR_MECHANISM_INVALID);
+ }
- session->decryptionState.initialize(getKeyFromHandle(hKey));
+ session->decryptionState.initialize(key);
}
/**
@@ -5008,8 +5040,23 @@ Slot::derive(SessionHandleSuffix suffix,
ECCKeyAgreementParams params(CryptParams::ECC_DEFAULT_KEY_SIZE);
SessionIter session = findSession(suffix);
+ PKCS11Object *key=getKeyFromHandle(hBaseKey);
- session->keyAgreementState.initialize(getKeyFromHandle(hBaseKey));
+ if (pMechanism == NULL ) {
+ throw PKCS11Exception(CKR_ARGUMENTS_BAD);
+ }
+
+ switch (pMechanism->mechanism) {
+ case CKM_ECDH1_DERIVE:
+ if (key->getKeyType() != Key::ecc) {
+ throw PKCS11Exception(CKR_KEY_TYPE_INCONSISTENT);
+ }
+ break;
+ default:
+ throw PKCS11Exception(CKR_MECHANISM_INVALID);
+ }
+
+ session->keyAgreementState.initialize(key);
deriveECC(suffix, pMechanism, hBaseKey, pTemplate, ulAttributeCount,
phKey, params);
@@ -5018,9 +5065,6 @@ Slot::derive(SessionHandleSuffix suffix,
void Slot::deriveECC(SessionHandleSuffix suffix, CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey, CryptParams& params)
{
- if (pMechanism == NULL ) {
- throw PKCS11Exception(CKR_ARGUMENTS_BAD);
- }
CK_ECDH1_DERIVE_PARAMS *mechParams = NULL;