[Cryptech-Commits] [sw/libhal] 04/08: Fix session handle arguments in RPC calls.

git at cryptech.is git at cryptech.is
Sun Oct 16 20:23:44 UTC 2016


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch ksng
in repository sw/libhal.

commit 45061e2df746f597195b80376fc405b4538b5420
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Fri Oct 7 20:23:45 2016 -0400

    Fix session handle arguments in RPC calls.
    
    RPC calls which pass a pkey handle don't need to pass a session
    handle, because the session handle is already in the HSM's pkey slot
    object; pkey RPC calls which don't pass a pkey argument do need to
    pass a session handle.
    
    This change percolates down to the keystore driver, because only the
    keystore driver knows whether that particular keystore cares about
    session handles.
---
 hal.h          | 14 ++++++--------
 hal_internal.h | 20 ++++++++++++--------
 ks_flash.c     |  4 ++++
 rpc_api.c      | 20 ++++++++++----------
 rpc_client.c   | 40 +++++++++++++++++++---------------------
 rpc_pkey.c     | 16 ++++++++--------
 rpc_server.c   | 26 ++++++++++++--------------
 7 files changed, 71 insertions(+), 69 deletions(-)

diff --git a/hal.h b/hal.h
index 5b4de69..997db7c 100644
--- a/hal.h
+++ b/hal.h
@@ -736,16 +736,12 @@ extern size_t hal_rpc_pkey_get_public_key_len(const hal_pkey_handle_t pkey);
 extern hal_error_t hal_rpc_pkey_get_public_key(const hal_pkey_handle_t pkey,
                                                uint8_t *der, size_t *der_len, const size_t der_max);
 
-#warning Um, why do hal_rpc_pkey_sign() and hal_rpc_pkey_verify() take session arguments?
-
-extern hal_error_t hal_rpc_pkey_sign(const hal_session_handle_t session,
-                                     const hal_pkey_handle_t pkey,
+extern hal_error_t hal_rpc_pkey_sign(const hal_pkey_handle_t pkey,
                                      const hal_hash_handle_t hash,
                                      const uint8_t * const input,  const size_t input_len,
                                      uint8_t * signature, size_t *signature_len, const size_t signature_max);
 
-extern hal_error_t hal_rpc_pkey_verify(const hal_session_handle_t session,
-                                       const hal_pkey_handle_t pkey,
+extern hal_error_t hal_rpc_pkey_verify(const hal_pkey_handle_t pkey,
                                        const hal_hash_handle_t hash,
                                        const uint8_t * const input, const size_t input_len,
                                        const uint8_t * const signature, const size_t signature_len);
@@ -758,7 +754,8 @@ typedef struct {
   /* ... */
 } hal_pkey_info_t;
 
-extern hal_error_t hal_rpc_pkey_list(hal_pkey_info_t *result,
+extern hal_error_t hal_rpc_pkey_list(const hal_session_handle_t session,
+                                     hal_pkey_info_t *result,
                                      unsigned *result_len,
                                      const unsigned result_max,
                                      hal_key_flags_t flags);
@@ -769,7 +766,8 @@ typedef struct {
   const uint8_t *value;
 } hal_rpc_pkey_attribute_t;
 
-extern hal_error_t hal_rpc_pkey_match(const hal_key_type_t type,
+extern hal_error_t hal_rpc_pkey_match(const hal_session_handle_t session,
+                                      const hal_key_type_t type,
                                       const hal_curve_name_t curve,
                                       const hal_key_flags_t flags,
                                       hal_rpc_pkey_attribute_t *attributes,
diff --git a/hal_internal.h b/hal_internal.h
index 0d40922..fe1cb1f 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -225,24 +225,24 @@ typedef struct {
   hal_error_t  (*get_public_key)(const hal_pkey_handle_t pkey,
                                  uint8_t *der, size_t *der_len, const size_t der_max);
 
-  hal_error_t  (*sign)(const hal_session_handle_t session,
-                       const hal_pkey_handle_t pkey,
+  hal_error_t  (*sign)(const hal_pkey_handle_t pkey,
                        const hal_hash_handle_t hash,
                        const uint8_t * const input,  const size_t input_len,
                        uint8_t * signature, size_t *signature_len, const size_t signature_max);
 
-  hal_error_t  (*verify)(const hal_session_handle_t session,
-                         const hal_pkey_handle_t pkey,
+  hal_error_t  (*verify)(const hal_pkey_handle_t pkey,
                          const hal_hash_handle_t hash,
                          const uint8_t * const input, const size_t input_len,
                          const uint8_t * const signature, const size_t signature_len);
 
-  hal_error_t  (*list)(hal_pkey_info_t *result,
+  hal_error_t  (*list)(const hal_session_handle_t session,
+                       hal_pkey_info_t *result,
                        unsigned *result_len,
                        const unsigned result_max,
                        hal_key_flags_t flags);
 
-  hal_error_t (*match)(const hal_key_type_t type,
+  hal_error_t (*match)(const hal_session_handle_t session,
+                       const hal_key_type_t type,
                        const hal_curve_name_t curve,
                        const hal_key_flags_t flags,
                        hal_rpc_pkey_attribute_t *attributes,
@@ -491,11 +491,13 @@ struct hal_ks_driver {
                         const hal_pkey_slot_t * const slot);
 
   hal_error_t (*list)(hal_ks_t *ks,
+                      const hal_session_handle_t session,
 		      hal_pkey_info_t *result,
 		      unsigned *result_len,
 		      const unsigned result_max);
 
   hal_error_t (*match)(hal_ks_t *ks,
+                       const hal_session_handle_t session,
                        const hal_key_type_t type,
                        const hal_curve_name_t curve,
                        const hal_key_flags_t flags,
@@ -606,6 +608,7 @@ static inline hal_error_t hal_ks_delete(hal_ks_t *ks,
 }
 
 static inline hal_error_t hal_ks_list(hal_ks_t *ks,
+                                      const hal_session_handle_t session,
                                       hal_pkey_info_t *result,
                                       unsigned *result_len,
                                       const unsigned result_max)
@@ -613,10 +616,11 @@ static inline hal_error_t hal_ks_list(hal_ks_t *ks,
   if (ks == NULL || ks->driver == NULL || ks->driver->list == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
 
-  return ks->driver->list(ks, result, result_len, result_max);
+  return ks->driver->list(ks, session, result, result_len, result_max);
 }
 
 static inline hal_error_t hal_ks_match(hal_ks_t *ks,
+                                       const hal_session_handle_t session,
                                        const hal_key_type_t type,
                                        const hal_curve_name_t curve,
                                        const hal_key_flags_t flags,
@@ -630,7 +634,7 @@ static inline hal_error_t hal_ks_match(hal_ks_t *ks,
   if (ks == NULL || ks->driver == NULL || ks->driver->match == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
 
-  return ks->driver->match(ks, type, curve, flags, attributes, attributes_len,
+  return ks->driver->match(ks, session, type, curve, flags, attributes, attributes_len,
                            result, result_len, result_max, previous_uuid);
 }
 
diff --git a/ks_flash.c b/ks_flash.c
index 5b3f718..b14fc6a 100644
--- a/ks_flash.c
+++ b/ks_flash.c
@@ -1043,6 +1043,7 @@ static hal_error_t ks_match(hal_ks_t *ks,
                             hal_uuid_t *previous_uuid)
 {
 #warning NIY
+  return HAL_ERROR_IMPOSSIBLE;
 }
 
 static  hal_error_t ks_set_attribute(hal_ks_t *ks,
@@ -1052,6 +1053,7 @@ static  hal_error_t ks_set_attribute(hal_ks_t *ks,
                                      const size_t value_len)
 {
 #warning NIY
+  return HAL_ERROR_IMPOSSIBLE;
 }
 
 static  hal_error_t ks_get_attribute(hal_ks_t *ks,
@@ -1062,6 +1064,7 @@ static  hal_error_t ks_get_attribute(hal_ks_t *ks,
                                      const size_t value_max)
 {
 #warning NIY
+  return HAL_ERROR_IMPOSSIBLE;
 }
 
 static hal_error_t ks_delete_attribute(hal_ks_t *ks,
@@ -1069,6 +1072,7 @@ static hal_error_t ks_delete_attribute(hal_ks_t *ks,
                                        const uint32_t type)
 {
 #warning NIY
+  return HAL_ERROR_IMPOSSIBLE;
 }
 
 const hal_ks_driver_t hal_ks_token_driver[1] = {{
diff --git a/rpc_api.c b/rpc_api.c
index 022dc62..f7b04cc 100644
--- a/rpc_api.c
+++ b/rpc_api.c
@@ -304,8 +304,7 @@ hal_error_t hal_rpc_pkey_get_public_key(const hal_pkey_handle_t pkey,
   return hal_rpc_pkey_dispatch->get_public_key(pkey, der, der_len, der_max);
 }
 
-hal_error_t hal_rpc_pkey_sign(const hal_session_handle_t session,
-                              const hal_pkey_handle_t pkey,
+hal_error_t hal_rpc_pkey_sign(const hal_pkey_handle_t pkey,
                               const hal_hash_handle_t hash,
                               const uint8_t * const input,  const size_t input_len,
                               uint8_t * signature, size_t *signature_len, const size_t signature_max)
@@ -313,11 +312,10 @@ hal_error_t hal_rpc_pkey_sign(const hal_session_handle_t session,
   if (signature == NULL || signature_len == NULL || signature_max == 0 ||
       (hash.handle == HAL_HANDLE_NONE) == (input == NULL || input_len == 0))
     return HAL_ERROR_BAD_ARGUMENTS;
-  return hal_rpc_pkey_dispatch->sign(session, pkey, hash, input,  input_len, signature, signature_len, signature_max);
+  return hal_rpc_pkey_dispatch->sign(pkey, hash, input,  input_len, signature, signature_len, signature_max);
 }
 
-hal_error_t hal_rpc_pkey_verify(const hal_session_handle_t session,
-                                const hal_pkey_handle_t pkey,
+hal_error_t hal_rpc_pkey_verify(const hal_pkey_handle_t pkey,
                                 const hal_hash_handle_t hash,
                                 const uint8_t * const input, const size_t input_len,
                                 const uint8_t * const signature, const size_t signature_len)
@@ -325,20 +323,22 @@ hal_error_t hal_rpc_pkey_verify(const hal_session_handle_t session,
   if (signature == NULL || signature_len == 0 ||
       (hash.handle == HAL_HANDLE_NONE) == (input == NULL || input_len == 0))
     return HAL_ERROR_BAD_ARGUMENTS;
-  return hal_rpc_pkey_dispatch->verify(session, pkey, hash, input, input_len, signature, signature_len);
+  return hal_rpc_pkey_dispatch->verify(pkey, hash, input, input_len, signature, signature_len);
 }
 
-hal_error_t hal_rpc_pkey_list(hal_pkey_info_t *result,
+hal_error_t hal_rpc_pkey_list(const hal_session_handle_t session,
+                              hal_pkey_info_t *result,
                               unsigned *result_len,
                               const unsigned result_max,
                               hal_key_flags_t flags)
 {
   if (result == NULL || result_len == NULL || result_max == 0)
     return HAL_ERROR_BAD_ARGUMENTS;
-  return hal_rpc_pkey_dispatch->list(result, result_len, result_max, flags);
+  return hal_rpc_pkey_dispatch->list(session, result, result_len, result_max, flags);
 }
 
-hal_error_t hal_rpc_pkey_match(const hal_key_type_t type,
+hal_error_t hal_rpc_pkey_match(const hal_session_handle_t session,
+                               const hal_key_type_t type,
                                const hal_curve_name_t curve,
                                const hal_key_flags_t flags,
                                hal_rpc_pkey_attribute_t *attributes,
@@ -357,7 +357,7 @@ hal_error_t hal_rpc_pkey_match(const hal_key_type_t type,
       if (attributes[i].value == NULL)
         return HAL_ERROR_BAD_ARGUMENTS;
 
-  return hal_rpc_pkey_dispatch->match(type, curve, flags, attributes, attributes_len,
+  return hal_rpc_pkey_dispatch->match(session, type, curve, flags, attributes, attributes_len,
                                       result, result_len, result_max, previous_uuid);
 }
 
diff --git a/rpc_client.c b/rpc_client.c
index a56052d..78e2f16 100644
--- a/rpc_client.c
+++ b/rpc_client.c
@@ -681,13 +681,12 @@ static hal_error_t pkey_remote_get_public_key(const hal_pkey_handle_t pkey,
   return rpc_ret;
 }
 
-static hal_error_t pkey_remote_sign(const hal_session_handle_t session,
-                                    const hal_pkey_handle_t pkey,
+static hal_error_t pkey_remote_sign(const hal_pkey_handle_t pkey,
                                     const hal_hash_handle_t hash,
-                                    const uint8_t * const input,  const size_t input_len,
+                                    const uint8_t * const input, const size_t input_len,
                                     uint8_t * signature, size_t *signature_len, const size_t signature_max)
 {
-  uint8_t outbuf[nargs(7) + pad(input_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+  uint8_t outbuf[nargs(6) + pad(input_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
   uint8_t inbuf[nargs(4) + pad(signature_max)];
   const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
   uint32_t slen32 = signature_max;
@@ -696,7 +695,6 @@ static hal_error_t pkey_remote_sign(const hal_session_handle_t session,
 
   check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_SIGN));
   check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
-  check(hal_xdr_encode_int(&optr, olimit, session.handle));
   check(hal_xdr_encode_int(&optr, olimit, pkey.handle));
   check(hal_xdr_encode_int(&optr, olimit, hash.handle));
   check(hal_xdr_encode_buffer(&optr, olimit, input, input_len));
@@ -713,13 +711,12 @@ static hal_error_t pkey_remote_sign(const hal_session_handle_t session,
   return rpc_ret;
 }
 
-static hal_error_t pkey_remote_verify(const hal_session_handle_t session,
-                                      const hal_pkey_handle_t pkey,
+static hal_error_t pkey_remote_verify(const hal_pkey_handle_t pkey,
                                       const hal_hash_handle_t hash,
                                       const uint8_t * const input, const size_t input_len,
                                       const uint8_t * const signature, const size_t signature_len)
 {
-  uint8_t outbuf[nargs(7) + pad(input_len) + pad(signature_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+  uint8_t outbuf[nargs(6) + pad(input_len) + pad(signature_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
   uint8_t inbuf[nargs(3)];
   const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
   hal_client_handle_t dummy_client = {0};
@@ -727,7 +724,6 @@ static hal_error_t pkey_remote_verify(const hal_session_handle_t session,
 
   check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_VERIFY));
   check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
-  check(hal_xdr_encode_int(&optr, olimit, session.handle));
   check(hal_xdr_encode_int(&optr, olimit, pkey.handle));
   check(hal_xdr_encode_int(&optr, olimit, hash.handle));
   check(hal_xdr_encode_buffer(&optr, olimit, input, input_len));
@@ -757,12 +753,13 @@ static hal_error_t hal_xdr_decode_pkey_info(const uint8_t **iptr, const uint8_t
   return HAL_OK;
 }
 
-static hal_error_t pkey_remote_list(hal_pkey_info_t *result,
+static hal_error_t pkey_remote_list(const hal_session_handle_t session,
+                                    hal_pkey_info_t *result,
                                     unsigned *result_len,
                                     const unsigned result_max,
                                     hal_key_flags_t flags)
 {
-  uint8_t outbuf[nargs(4)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+  uint8_t outbuf[nargs(5)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
   uint8_t inbuf[nargs(4) + pad(result_max * sizeof(hal_pkey_info_t))];
   const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
   uint32_t len;
@@ -771,6 +768,7 @@ static hal_error_t pkey_remote_list(hal_pkey_info_t *result,
 
   check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_LIST));
   check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
+  check(hal_xdr_encode_int(&optr, olimit, session.handle));
   check(hal_xdr_encode_int(&optr, olimit, result_max));
   check(hal_xdr_encode_int(&optr, olimit, flags));
   check(hal_rpc_send(outbuf, optr - outbuf));
@@ -791,7 +789,8 @@ static hal_error_t pkey_remote_list(hal_pkey_info_t *result,
   return rpc_ret;
 }
 
-static hal_error_t pkey_remote_match(const hal_key_type_t type,
+static hal_error_t pkey_remote_match(const hal_session_handle_t session,
+                                     const hal_key_type_t type,
                                      const hal_curve_name_t curve,
                                      const hal_key_flags_t flags,
                                      hal_rpc_pkey_attribute_t *attributes,
@@ -806,7 +805,7 @@ static hal_error_t pkey_remote_match(const hal_key_type_t type,
     for (int i = 0; i < attributes_len; i++)
       attributes_buffer_len += attributes[i].length;
 
-  uint8_t outbuf[nargs(8 + attributes_len * 2) + pad(attributes_buffer_len) + pad(sizeof(hal_uuid_t))];
+  uint8_t outbuf[nargs(9 + attributes_len * 2) + pad(attributes_buffer_len) + pad(sizeof(hal_uuid_t))];
   uint8_t *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
   uint8_t inbuf[nargs(5) + pad(result_max * sizeof(hal_uuid_t)) + pad(sizeof(hal_uuid_t))];
   const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
@@ -815,6 +814,7 @@ static hal_error_t pkey_remote_match(const hal_key_type_t type,
 
   check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_MATCH));
   check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
+  check(hal_xdr_encode_int(&optr, olimit, session.handle));
   check(hal_xdr_encode_int(&optr, olimit, type));
   check(hal_xdr_encode_int(&optr, olimit, curve));
   check(hal_xdr_encode_int(&optr, olimit, flags));
@@ -934,14 +934,13 @@ static hal_error_t pkey_remote_delete_attribute(const hal_pkey_handle_t pkey,
  * pull the digest from the hash context and send that to the HSM.
  */
 
-static hal_error_t pkey_mixed_sign(const hal_session_handle_t session,
-                                   const hal_pkey_handle_t pkey,
+static hal_error_t pkey_mixed_sign(const hal_pkey_handle_t pkey,
                                    const hal_hash_handle_t hash,
                                    const uint8_t * const input,  const size_t input_len,
                                    uint8_t * signature, size_t *signature_len, const size_t signature_max)
 {
   if (input != NULL)
-    return hal_rpc_remote_pkey_dispatch.sign(session, pkey, hash, input, input_len,
+    return hal_rpc_remote_pkey_dispatch.sign(pkey, hash, input, input_len,
                                              signature, signature_len, signature_max);
 
   hal_digest_algorithm_t alg;
@@ -970,18 +969,17 @@ static hal_error_t pkey_mixed_sign(const hal_session_handle_t session,
 
   }
 
-  return hal_rpc_remote_pkey_dispatch.sign(session, pkey, hal_hash_handle_none, digest, digest_len,
+  return hal_rpc_remote_pkey_dispatch.sign(pkey, hal_hash_handle_none, digest, digest_len,
                                            signature, signature_len, signature_max);
 }
 
-static hal_error_t pkey_mixed_verify(const hal_session_handle_t session,
-                                     const hal_pkey_handle_t pkey,
+static hal_error_t pkey_mixed_verify(const hal_pkey_handle_t pkey,
                                      const hal_hash_handle_t hash,
                                      const uint8_t * const input, const size_t input_len,
                                      const uint8_t * const signature, const size_t signature_len)
 {
   if (input != NULL)
-    return hal_rpc_remote_pkey_dispatch.verify(session, pkey, hash, input, input_len,
+    return hal_rpc_remote_pkey_dispatch.verify(pkey, hash, input, input_len,
                                                signature, signature_len);
 
   hal_digest_algorithm_t alg;
@@ -1010,7 +1008,7 @@ static hal_error_t pkey_mixed_verify(const hal_session_handle_t session,
 
   }
 
-  return hal_rpc_remote_pkey_dispatch.verify(session, pkey, hal_hash_handle_none,
+  return hal_rpc_remote_pkey_dispatch.verify(pkey, hal_hash_handle_none,
                                              digest, digest_len, signature, signature_len);
 }
 
diff --git a/rpc_pkey.c b/rpc_pkey.c
index 207d980..22ad197 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -647,8 +647,7 @@ static hal_error_t pkey_local_sign_ecdsa(uint8_t *keybuf, const size_t keybuf_le
   return HAL_OK;
 }
 
-static hal_error_t pkey_local_sign(const hal_session_handle_t session,
-                                   const hal_pkey_handle_t pkey,
+static hal_error_t pkey_local_sign(const hal_pkey_handle_t pkey,
                                    const hal_hash_handle_t hash,
                                    const uint8_t * const input,  const size_t input_len,
                                    uint8_t * signature, size_t *signature_len, const size_t signature_max)
@@ -794,8 +793,7 @@ static hal_error_t pkey_local_verify_ecdsa(uint8_t *keybuf, const size_t keybuf_
   return HAL_OK;
 }
 
-static hal_error_t pkey_local_verify(const hal_session_handle_t session,
-                                     const hal_pkey_handle_t pkey,
+static hal_error_t pkey_local_verify(const hal_pkey_handle_t pkey,
                                      const hal_hash_handle_t hash,
                                      const uint8_t * const input, const size_t input_len,
                                      const uint8_t * const signature, const size_t signature_len)
@@ -850,7 +848,8 @@ static hal_error_t pkey_local_verify(const hal_session_handle_t session,
  * List keys in the key store.
  */
 
-static hal_error_t pkey_local_list(hal_pkey_info_t *result,
+static hal_error_t pkey_local_list(const hal_session_handle_t session,
+                                   hal_pkey_info_t *result,
                                    unsigned *result_len,
                                    const unsigned result_max,
                                    hal_key_flags_t flags)
@@ -859,7 +858,7 @@ static hal_error_t pkey_local_list(hal_pkey_info_t *result,
   hal_error_t err;
 
   if ((err = ks_open_from_flags(&ks, flags)) == HAL_OK &&
-      (err = hal_ks_list(ks, result, result_len, result_max)) == HAL_OK)
+      (err = hal_ks_list(ks, session, result, result_len, result_max)) == HAL_OK)
     err = hal_ks_close(ks);
   else if (ks != NULL)
     (void) hal_ks_close(ks);
@@ -867,7 +866,8 @@ static hal_error_t pkey_local_list(hal_pkey_info_t *result,
   return err;
 }
 
-static hal_error_t pkey_local_match(const hal_key_type_t type,
+static hal_error_t pkey_local_match(const hal_session_handle_t session,
+                                    const hal_key_type_t type,
                                     const hal_curve_name_t curve,
                                     const hal_key_flags_t flags,
                                     hal_rpc_pkey_attribute_t *attributes,
@@ -881,7 +881,7 @@ static hal_error_t pkey_local_match(const hal_key_type_t type,
   hal_error_t err;
 
   if ((err = ks_open_from_flags(&ks, flags)) == HAL_OK &&
-      (err = hal_ks_match(ks, type, curve, flags, attributes, attributes_len,
+      (err = hal_ks_match(ks, session, type, curve, flags, attributes, attributes_len,
                           result, result_len, result_max, previous_uuid)) == HAL_OK)
     err = hal_ks_close(ks);
   else if (ks != NULL)
diff --git a/rpc_server.c b/rpc_server.c
index 5f3502f..e4fde9f 100644
--- a/rpc_server.c
+++ b/rpc_server.c
@@ -563,8 +563,7 @@ static hal_error_t pkey_get_public_key(const uint8_t **iptr, const uint8_t * con
 static hal_error_t pkey_sign(const uint8_t **iptr, const uint8_t * const ilimit,
                              uint8_t **optr, const uint8_t * const olimit)
 {
-    hal_client_handle_t client __attribute__((unused));
-    hal_session_handle_t session;
+    hal_client_handle_t client;
     hal_pkey_handle_t pkey;
     hal_hash_handle_t hash;
     const uint8_t *input;
@@ -575,7 +574,6 @@ static hal_error_t pkey_sign(const uint8_t **iptr, const uint8_t * const ilimit,
     hal_error_t ret;
 
     check(hal_xdr_decode_int(iptr, ilimit, &client.handle));
-    check(hal_xdr_decode_int(iptr, ilimit, &session.handle));
     check(hal_xdr_decode_int(iptr, ilimit, &pkey.handle));
     check(hal_xdr_decode_int(iptr, ilimit, &hash.handle));
     check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &input, &input_len));
@@ -587,7 +585,7 @@ static hal_error_t pkey_sign(const uint8_t **iptr, const uint8_t * const ilimit,
     /* call the local function */
     /* get the data directly into the output buffer */
     *optr += 4;         /* reserve 4 bytes for length */
-    ret = hal_rpc_local_pkey_dispatch.sign(session, pkey, hash, input, input_len, *optr, &sig_len, sig_max);
+    ret = hal_rpc_local_pkey_dispatch.sign(pkey, hash, input, input_len, *optr, &sig_len, sig_max);
     *optr = optr_orig;
     if (ret == HAL_OK) {
         check(hal_xdr_encode_int(optr, olimit, sig_len));
@@ -599,8 +597,7 @@ static hal_error_t pkey_sign(const uint8_t **iptr, const uint8_t * const ilimit,
 static hal_error_t pkey_verify(const uint8_t **iptr, const uint8_t * const ilimit,
                                uint8_t **optr, const uint8_t * const olimit)
 {
-    hal_client_handle_t client __attribute__((unused));
-    hal_session_handle_t session;
+    hal_client_handle_t client;
     hal_pkey_handle_t pkey;
     hal_hash_handle_t hash;
     const uint8_t *input;
@@ -610,14 +607,13 @@ static hal_error_t pkey_verify(const uint8_t **iptr, const uint8_t * const ilimi
     hal_error_t ret;
 
     check(hal_xdr_decode_int(iptr, ilimit, &client.handle));
-    check(hal_xdr_decode_int(iptr, ilimit, &session.handle));
     check(hal_xdr_decode_int(iptr, ilimit, &pkey.handle));
     check(hal_xdr_decode_int(iptr, ilimit, &hash.handle));
     check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &input, &input_len));
     check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &sig, &sig_len));
 
     /* call the local function */
-    ret = hal_rpc_local_pkey_dispatch.verify(session, pkey, hash, input, input_len, sig, sig_len);
+    ret = hal_rpc_local_pkey_dispatch.verify(pkey, hash, input, input_len, sig, sig_len);
 
     return ret;
 }
@@ -638,13 +634,15 @@ static hal_error_t hal_xdr_encode_pkey_info(uint8_t **optr, const uint8_t * cons
 static hal_error_t pkey_list(const uint8_t **iptr, const uint8_t * const ilimit,
                              uint8_t **optr, const uint8_t * const olimit)
 {
-    hal_client_handle_t client __attribute__((unused));
+    hal_client_handle_t client;
+    hal_session_handle_t session;
     uint8_t *optr_orig = *optr;
     uint32_t result_max;
     hal_key_flags_t flags;
     hal_error_t ret;
 
     check(hal_xdr_decode_int(iptr, ilimit, &client.handle));
+    check(hal_xdr_decode_int(iptr, ilimit, &session.handle));
     check(hal_xdr_decode_int(iptr, ilimit, &result_max));
     check(hal_xdr_decode_int(iptr, ilimit, &flags));
 
@@ -652,7 +650,7 @@ static hal_error_t pkey_list(const uint8_t **iptr, const uint8_t * const ilimit,
     unsigned result_len;
 
     /* call the local function */
-    ret = hal_rpc_local_pkey_dispatch.list(result, &result_len, result_max, flags);
+    ret = hal_rpc_local_pkey_dispatch.list(session, result, &result_len, result_max, flags);
 
     if (ret == HAL_OK) {
         check(hal_xdr_encode_int(optr, olimit, result_len));
@@ -667,19 +665,18 @@ static hal_error_t pkey_list(const uint8_t **iptr, const uint8_t * const ilimit,
     return ret;
 }
 
-#warning Which RPC pkey functions take session looks kind of messed up
-// list() and match() probably should take session, sign() and verify() probably should not
-
 static hal_error_t pkey_match(const uint8_t **iptr, const uint8_t * const ilimit,
                               uint8_t **optr, const uint8_t * const olimit)
 {
     hal_client_handle_t client;
+    hal_session_handle_t session;
     uint32_t type, curve, attributes_len, result_max, previous_uuid_len;
     const uint8_t *previous_uuid_ptr;
     hal_key_flags_t flags;
     hal_error_t ret;
 
     check(hal_xdr_decode_int(iptr, ilimit, &client.handle));
+    check(hal_xdr_decode_int(iptr, ilimit, &session.handle));
     check(hal_xdr_decode_int(iptr, ilimit, &type));
     check(hal_xdr_decode_int(iptr, ilimit, &curve));
     check(hal_xdr_decode_int(iptr, ilimit, &flags));
@@ -704,7 +701,8 @@ static hal_error_t pkey_match(const uint8_t **iptr, const uint8_t * const ilimit
     hal_uuid_t result[result_max];
     unsigned result_len;
 
-    ret = hal_rpc_local_pkey_dispatch.match(type, curve, flags, attributes, attributes_len,
+    ret = hal_rpc_local_pkey_dispatch.match(session, type, curve, flags,
+                                            attributes, attributes_len,
                                             result, &result_len, result_max,
                                             (hal_uuid_t *) previous_uuid_ptr);
 



More information about the Commits mailing list