Update crypto.ts because of this.container.session.slot.getMechanisms() only gets "ECDSA" so set some cases to "ECDSA"#70
Conversation
Never be true, because of this.container.session.slot.getMechanisms() only gets "ECDSA" so set some cases to "ECDSA".
| switch (p11AlgorithmName) { | ||
| case "ECDSA": | ||
| case "ECDSA_SHA1": | ||
| case "ECDSA_SHA256": | ||
| case "ECDSA_SHA384": | ||
| case "ECDSA_SHA512": | ||
| p11AlgorithmName = "ECDSA"; | ||
| break; | ||
| } |
There was a problem hiding this comment.
This switch..case forces ECDSA with hash to primitive ECDSA mechanism. What if token doesn't implement ECDSA mechanism and uses ECDSA with hash only?
getAlgorithm function must filter ECDSA mechanisms and select ECDSA with hash if it's possible or use ECDSA without hash
There was a problem hiding this comment.
We use the Fortify App and get an Error from this function see => PeculiarVentures/fortify#497
It says "Cannot get PKCS11 EC mechanism by name 'ECDSA_SHA384' ". We're using an Atos Smart Card from D-Trust.
At the moment, the this.container.session.slot.getMechanisms() returns an array where all ECDSA_*** Were Replaced by ECDSA Without Hash.
I found out algName in Array is only "ECDSA", but mechanism.name === p11AlgorithmName (https://github.com/PeculiarVentures/node-webcrypto-p11/blob/master/src/mechs/ec/crypto.ts#L145) is never true than.
So please review my Issue from PeculiarVentures/fortify#497 to understand my problem there.
2 participants
Never be true, because of this.container.session.slot.getMechanisms() only gets "ECDSA" so set some cases to "ECDSA".