|
Description
|
The key size unit specified for each crypto_mech_info_t entry in this table should follow the PKCS #11 spec for that mechanism. SUN_CKM_MD5_HMAC in n2cp_mech_info_table specifies CRYPTO_KEYSIZE_UNIT_IN_BITS which is inccorrect. This should be CRYPTO_KEYSIZE_UNIT_IN_BYTES like for the other HMAC mechanisms.
Previously, I mistakenly thought PKCS #11 specifies key size to be in bits for all HMAC mechanisms. A HMAC mechanism uses a generic secret key and its value is expressed in bytes in PKCS #11. It looks like dprov.c and kernel sha1/md5/sha2 modules got this one wrong. All of them incorrectly use CRYPTO_KEYSIZE_UNIT_IN_BITS. But, it turns out to be harmless for them because they don't have a maximum limit on the key size.
Note that pkcs11_kernel uses these values from KCF without any modification. So, a PKCS #11 application doing C_GetMechanismInfo() will be getting the wrong information about the key lengths from n2cp and may end up not using it. See PSARC/2004/382 for details on the key size unit field.
|