in source/portable/mbedtls/core_pkcs11_mbedtls.c [4523:4589]
static CK_RV prvVerifyInitEC_RSAKeys( P11Session_t * pxSession,
CK_MECHANISM_PTR pMechanism,
CK_OBJECT_HANDLE hKey,
CK_BYTE_PTR pucKeyData,
CK_ULONG ulKeyDataLength )
{
mbedtls_pk_type_t xKeyType;
int32_t lMbedTLSResult = 1;
CK_RV xResult = CKR_KEY_HANDLE_INVALID;
mbedtls_pk_init( &pxSession->xVerifyKey );
lMbedTLSResult = mbedtls_pk_parse_public_key( &pxSession->xVerifyKey, pucKeyData, ulKeyDataLength );
if( 0 == lMbedTLSResult )
{
pxSession->xVerifyKeyHandle = hKey;
xResult = CKR_OK;
}
/* If we fail to parse the public key, try again as a private key. */
if( xResult != CKR_OK )
{
lMbedTLSResult = mbedtls_pk_parse_key( &pxSession->xVerifyKey, pucKeyData, ulKeyDataLength, NULL, 0 );
if( 0 == lMbedTLSResult )
{
pxSession->xVerifyKeyHandle = hKey;
xResult = CKR_OK;
}
else
{
LogError( ( "Verification operation failed. "
"mbedtls_pk_parse_key failed: mbed TLS "
"error = %s : %s.",
mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ),
mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) );
prvVerifyInitEC_RSACleanUp( pxSession );
}
}
/* Check that the mechanism and key type are compatible and supported. */
if( xResult == CKR_OK )
{
xKeyType = mbedtls_pk_get_type( &pxSession->xVerifyKey );
if( ( pMechanism->mechanism == CKM_RSA_X_509 ) && ( xKeyType == MBEDTLS_PK_RSA ) )
{
/* Mechanisms align with the port. */
}
else if( ( pMechanism->mechanism == CKM_ECDSA ) &&
( ( xKeyType == MBEDTLS_PK_ECDSA ) || ( xKeyType == MBEDTLS_PK_ECKEY ) ) )
{
/* Mechanisms align with the port. */
}
else
{
LogError( ( "Failed to initialize verify operation. "
"Verification key type (0x%0lX) does not match "
"RSA or EC mechanism.",
( unsigned long int ) xKeyType ) );
xResult = CKR_KEY_TYPE_INCONSISTENT;
prvVerifyInitEC_RSACleanUp( pxSession );
}
}
return xResult;
}