|
 |
397a93 |
From b89b408953e9192d7bfcb31cdf8c48d6c973488a Mon Sep 17 00:00:00 2001
|
|
|
397a93 |
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
397a93 |
Date: Wed, 16 Feb 2022 10:23:29 +0100
|
|
|
397a93 |
Subject: [PATCH 14/34] EP11: Add new control points
|
|
|
397a93 |
|
|
|
397a93 |
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
397a93 |
---
|
|
|
397a93 |
usr/lib/ep11_stdll/ep11_specific.c | 7 +++++++
|
|
|
397a93 |
usr/lib/ep11_stdll/ep11cpfilter.conf | 6 ++++++
|
|
|
397a93 |
2 files changed, 13 insertions(+)
|
|
|
397a93 |
|
|
|
397a93 |
diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
|
|
|
397a93 |
index 304989fc..147ce7b2 100644
|
|
|
397a93 |
--- a/usr/lib/ep11_stdll/ep11_specific.c
|
|
|
397a93 |
+++ b/usr/lib/ep11_stdll/ep11_specific.c
|
|
|
397a93 |
@@ -10524,13 +10524,20 @@ static const_info_t ep11_cps[] = {
|
|
|
397a93 |
CONSTINFO(XCP_CPB_WRAP_WITH_RAW_SPKI),
|
|
|
397a93 |
CONSTINFO(XCP_CPB_ALG_DH),
|
|
|
397a93 |
CONSTINFO(XCP_CPB_DERIVE),
|
|
|
397a93 |
+ CONSTINFO(XCP_CPB_ALLOW_NONSESSION),
|
|
|
397a93 |
CONSTINFO(XCP_CPB_ALG_EC_25519),
|
|
|
397a93 |
+ CONSTINFO(XCP_CPB_ALG_EC_SECGCRV),
|
|
|
397a93 |
CONSTINFO(XCP_CPB_ALG_NBSI2017),
|
|
|
397a93 |
CONSTINFO(XCP_CPB_CPACF_PK),
|
|
|
397a93 |
CONSTINFO(XCP_CPB_ALG_PQC_DILITHIUM),
|
|
|
397a93 |
CONSTINFO(XCP_CPB_ALG_PQC),
|
|
|
397a93 |
CONSTINFO(XCP_CPB_BTC),
|
|
|
397a93 |
CONSTINFO(XCP_CPB_ECDSA_OTHER),
|
|
|
397a93 |
+ CONSTINFO(XCP_CPB_ALG_NFIPS2021),
|
|
|
397a93 |
+ CONSTINFO(XCP_CPB_ALG_NFIPS2024),
|
|
|
397a93 |
+ CONSTINFO(XCP_CPB_COMPAT_LEGACY_SHA3),
|
|
|
397a93 |
+ CONSTINFO(XCP_CPB_DSA_PARAMETER_GEN),
|
|
|
397a93 |
+ CONSTINFO(XCP_CPB_DERIVE_NON_AB_KEYS),
|
|
|
397a93 |
};
|
|
|
397a93 |
|
|
|
397a93 |
#ifdef DEBUG
|
|
|
397a93 |
diff --git a/usr/lib/ep11_stdll/ep11cpfilter.conf b/usr/lib/ep11_stdll/ep11cpfilter.conf
|
|
|
397a93 |
index 0d3a6b3f..9d6a2fc8 100644
|
|
|
397a93 |
--- a/usr/lib/ep11_stdll/ep11cpfilter.conf
|
|
|
397a93 |
+++ b/usr/lib/ep11_stdll/ep11cpfilter.conf
|
|
|
397a93 |
@@ -80,3 +80,9 @@ XCP_CPB_BTC: CKM_IBM_BTC_DERIVE
|
|
|
397a93 |
|
|
|
397a93 |
# enable non-ECDSA/non-EdDSA elliptic curve signature algorithms
|
|
|
397a93 |
XCP_CPB_ECDSA_OTHER: CKM_IBM_ECDSA_OTHER
|
|
|
397a93 |
+
|
|
|
397a93 |
+# allow non-FIPS-approved algs (2021)
|
|
|
397a93 |
+XCP_CPB_ALG_NFIPS2021: CKM_RSA_PKCS, CKM_SHA1_RSA_PKCS, CKM_DSA_SHA1, CKM_ECDSA_SHA1, CKM_DES_KEY_GEN, CKM_DES_ECB, CKM_DES_CBC, CKM_DES_CBC_PAD, CKM_DES2_KEY_GEN, CKM_DES3_KEY_GEN, CKM_DES3_ECB, CKM_DES3_CBC, CKM_DES3_MAC, CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_DES3_CMAC_GENERAL, CKM_DES3_CMAC, CKM_DES_OFB64, CKM_DES_CFB64, CKM_DES_CFB8, CKM_SHA_1_HMAC, CKM_SHA_1_HMAC_GENERAL, CKM_SHA1_KEY_DERIVATION
|
|
|
397a93 |
+
|
|
|
397a93 |
+# allow non-FIPS-approved algs (2024)
|
|
|
397a93 |
+XCP_CPB_ALG_NFIPS2024: CKM_RSA_PKCS, CKM_SHA1_RSA_PKCS, CKM_DSA_SHA1, CKM_ECDSA_SHA1, CKM_DES_KEY_GEN, CKM_DES_ECB, CKM_DES_CBC, CKM_DES_CBC_PAD, CKM_DES2_KEY_GEN, CKM_DES3_KEY_GEN, CKM_DES3_ECB, CKM_DES3_CBC, CKM_DES3_MAC, CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_DES3_CMAC_GENERAL, CKM_DES3_CMAC, CKM_DES_OFB64, CKM_DES_CFB64, CKM_DES_CFB8, CKM_SHA_1_HMAC, CKM_SHA_1_HMAC_GENERAL, CKM_SHA1_KEY_DERIVATION
|
|
|
397a93 |
--
|
|
|
397a93 |
2.16.2.windows.1
|
|
|
397a93 |
|