[Cryptech-Commits] [sw/pkcs11] 14/14: Debug PKCS #11 ECDSA signature and verification.
git at cryptech.is
git at cryptech.is
Mon Sep 14 21:44:05 UTC 2015
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch ecdsa
in repository sw/pkcs11.
commit 3345ef8b1a7ad719dbd3a0f26697c6bc4bd884b1
Author: Rob Austein <sra at hactrn.net>
Date: Mon Sep 14 17:14:57 2015 -0400
Debug PKCS #11 ECDSA signature and verification.
---
pkcs11.c | 24 +++++++++++-------------
py11/__init__.py | 17 +++++++++++++++++
2 files changed, 28 insertions(+), 13 deletions(-)
diff --git a/pkcs11.c b/pkcs11.c
index 88ad883..2f6fcde 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -3502,22 +3502,20 @@ CK_RV C_Digest(CK_SESSION_HANDLE hSession,
if (rv == CKR_BUFFER_TOO_SMALL)
lose(CKR_BUFFER_TOO_SMALL);
- {
- uint8_t statebuf[session->digest_descriptor->hash_state_length];
- hal_hash_state_t *state = NULL;
+ if ((rv = digest_update(session->digest_descriptor, &session->digest_state,
+ pData, ulDataLen)) != CKR_OK)
+ goto fail;
- if (!hal_check(hal_hash_initialize(session->digest_descriptor,
- &state, statebuf, sizeof(statebuf))) ||
- !hal_check(hal_hash_update(state, pData, ulDataLen)) ||
- !hal_check(hal_hash_finalize(state, pDigest, *pulDigestLen)))
- lose(CKR_FUNCTION_FAILED);
- }
+ if (!hal_check(hal_hash_finalize(session->digest_state, pDigest, *pulDigestLen)))
+ lose(CKR_FUNCTION_FAILED);
rv = CKR_OK; /* Fall through */
fail:
- if (session != NULL)
+ if (session != NULL) {
+ hal_hash_cleanup(&session->digest_state);
session->digest_descriptor = NULL;
+ }
mutex_unlock_return_with_rv(rv, p11_global_mutex);
}
@@ -3719,7 +3717,7 @@ CK_RV C_Sign(CK_SESSION_HANDLE hSession,
if (session->sign_digest_state != NULL)
lose(CKR_OPERATION_ACTIVE);
- if (session->sign_digest_descriptor != NULL &&
+ if (session->sign_digest_descriptor != NULL && pSignature != NULL &&
(rv = digest_update(session->sign_digest_descriptor,
&session->sign_digest_state, pData, ulDataLen)) != CKR_OK)
goto fail;
@@ -3780,8 +3778,8 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
if (!p11_attribute_get_ulong(hKey, CKA_CLASS, &key_class) ||
!p11_attribute_get_ulong(hKey, CKA_KEY_TYPE, &key_type) ||
- !p11_attribute_get_bbool(hKey, CKA_SIGN, &key_verify) ||
- key_class != CKO_PRIVATE_KEY)
+ !p11_attribute_get_bbool(hKey, CKA_VERIFY, &key_verify) ||
+ key_class != CKO_PUBLIC_KEY)
lose(CKR_KEY_HANDLE_INVALID);
if (!key_verify)
diff --git a/py11/__init__.py b/py11/__init__.py
index da0c946..204c897 100644
--- a/py11/__init__.py
+++ b/py11/__init__.py
@@ -98,6 +98,23 @@ class PKCS11 (object):
byref(public_handle), byref(private_handle))
return public_handle.value, private_handle.value
+ def C_SignInit(self, session, mechanism_type, private_key):
+ mechanism = CK_MECHANISM(mechanism_type, None, 0)
+ self.so.C_SignInit(session, byref(mechanism), private_key)
+
+ def C_Sign(self, session, data):
+ n = CK_ULONG()
+ self.so.C_Sign(session, data, len(data), None, byref(n))
+ sig = create_string_buffer(n.value)
+ self.so.C_Sign(session, data, len(data), sig, byref(n))
+ return sig.raw
+
+ def C_VerifyInit(self, session, mechanism_type, public_key):
+ mechanism = CK_MECHANISM(mechanism_type, None, 0)
+ self.so.C_VerifyInit(session, byref(mechanism), public_key)
+
+ def C_Verify(self, session, data, signature):
+ self.so.C_Verify(session, data, len(data), signature, len(signature))
__all__ = ["PKCS11"]
__all__.extend(name for name in globals()
More information about the Commits
mailing list