[Cryptech-Commits] [sw/libhal] 02/02: Pull key type information from uploaded key in hal_rpc_pkey_load().

git at cryptech.is git at cryptech.is
Fri Apr 7 21:49:45 UTC 2017


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch pkcs8
in repository sw/libhal.

commit a031d726ccdd358cec63a7892b3ce1e88b201313
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Fri Apr 7 17:41:30 2017 -0400

    Pull key type information from uploaded key in hal_rpc_pkey_load().
    
    Now that we use PKCS #8 format for private keys, all key formats we
    use include ASN.1 AlgorithmIdentifier field describing the key, so
    specifying key type and curve as arguments to hal_rpc_pkey_load() is
    neither necessary nor particularly useful.
---
 hal.h                 |  2 --
 hal_internal.h        |  2 --
 key-backup.py         |  4 ----
 libhal.py             |  4 ++--
 rpc_api.c             |  6 ++----
 rpc_client.c          |  6 +-----
 rpc_client_daemon.c   |  1 +
 rpc_pkey.c            | 18 +++++++-----------
 rpc_server.c          | 22 ++++++++++------------
 tests/test-rpc_pkey.c | 24 ++++++++++++------------
 unit-tests.py         | 46 +++++++++++++++++++---------------------------
 11 files changed, 54 insertions(+), 81 deletions(-)

diff --git a/hal.h b/hal.h
index 38a8330..4d246a3 100644
--- a/hal.h
+++ b/hal.h
@@ -749,8 +749,6 @@ typedef struct {
 extern hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client,
                                      const hal_session_handle_t session,
                                      hal_pkey_handle_t *pkey,
-                                     const hal_key_type_t type,
-                                     const hal_curve_name_t curve,
                                      hal_uuid_t *name,
                                      const uint8_t * const der, const size_t der_len,
                                      const hal_key_flags_t flags);
diff --git a/hal_internal.h b/hal_internal.h
index 8130801..82d0081 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -192,8 +192,6 @@ typedef struct {
   hal_error_t  (*load)(const hal_client_handle_t client,
                        const hal_session_handle_t session,
                        hal_pkey_handle_t *pkey,
-                       const hal_key_type_t type,
-                       const hal_curve_name_t curve,
                        hal_uuid_t *name,
                        const uint8_t * const der, const size_t der_len,
                        const hal_key_flags_t flags);
diff --git a/key-backup.py b/key-backup.py
index 3d971e7..4cdd9e9 100644
--- a/key-backup.py
+++ b/key-backup.py
@@ -70,8 +70,6 @@ def test_export():
     kekek = RSA.importKey(kekek_pem)
 
     kekek_handle = hsm.pkey_load(
-        type  = HAL_KEY_TYPE_RSA_PUBLIC,
-        curve = HAL_CURVE_NONE,
         flags = HAL_KEY_FLAG_USAGE_KEYENCIPHERMENT,
         der   = kekek.publickey().exportKey(format = "DER"))
     atexit(kekek_handle.delete)
@@ -102,8 +100,6 @@ def test_import():
     if False:
         kekek = RSA.importKey(kekek_pem)
         kekek_handle = hsm.pkey_load(
-            type  = HAL_KEY_TYPE_RSA_PRIVATE,
-            curve = HAL_CURVE_NONE,
             flags = HAL_KEY_FLAG_USAGE_KEYENCIPHERMENT,
             der   = kekek.exportKey(format = "DER", pkcs = 8))
         atexit(kekek_handle.delete)
diff --git a/libhal.py b/libhal.py
index 2bc80f4..5a16c40 100644
--- a/libhal.py
+++ b/libhal.py
@@ -555,8 +555,8 @@ class HSM(object):
         with self.rpc(RPC_FUNC_HASH_FINALIZE, handle, length) as r:
             return r.unpack_bytes()
 
-    def pkey_load(self, type, curve, der, flags = 0, client = 0, session = 0):
-        with self.rpc(RPC_FUNC_PKEY_LOAD, session, type, curve, der, flags, client = client) as r:
+    def pkey_load(self, der, flags = 0, client = 0, session = 0):
+        with self.rpc(RPC_FUNC_PKEY_LOAD, session, der, flags, client = client) as r:
             pkey = PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes()))
             logger.debug("Loaded pkey %s", pkey.uuid)
             return pkey
diff --git a/rpc_api.c b/rpc_api.c
index 825afe6..37ca968 100644
--- a/rpc_api.c
+++ b/rpc_api.c
@@ -218,15 +218,13 @@ hal_error_t hal_rpc_hash_finalize(const hal_hash_handle_t hash,
 hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client,
                               const hal_session_handle_t session,
                               hal_pkey_handle_t *pkey,
-                              const hal_key_type_t type,
-                              const hal_curve_name_t curve,
                               hal_uuid_t *name,
                               const uint8_t * const der, const size_t der_len,
                               const hal_key_flags_t flags)
 {
-  if (pkey == NULL || name == NULL || der == NULL || der_len == 0 || !check_pkey_type_curve_flags(type, curve, flags))
+  if (pkey == NULL || name == NULL || der == NULL || der_len == 0 || !check_pkey_flags(flags))
     return HAL_ERROR_BAD_ARGUMENTS;
-  return hal_rpc_pkey_dispatch->load(client, session, pkey, type, curve, name, der, der_len, flags);
+  return hal_rpc_pkey_dispatch->load(client, session, pkey, name, der, der_len, flags);
 }
 
 hal_error_t hal_rpc_pkey_open(const hal_client_handle_t client,
diff --git a/rpc_client.c b/rpc_client.c
index 5729b6f..e856cce 100644
--- a/rpc_client.c
+++ b/rpc_client.c
@@ -420,13 +420,11 @@ static hal_error_t hash_finalize(const hal_hash_handle_t hash,
 static hal_error_t pkey_remote_load(const hal_client_handle_t client,
                                     const hal_session_handle_t session,
                                     hal_pkey_handle_t *pkey,
-                                    const hal_key_type_t type,
-                                    const hal_curve_name_t curve,
                                     hal_uuid_t *name,
                                     const uint8_t * const der, const size_t der_len,
                                     const hal_key_flags_t flags)
 {
-  uint8_t outbuf[nargs(7) + pad(der_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+  uint8_t outbuf[nargs(5) + pad(der_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
   uint8_t inbuf[nargs(5) + pad(sizeof(name->uuid))];
   const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
   uint32_t name_len = sizeof(name->uuid);
@@ -435,8 +433,6 @@ static hal_error_t pkey_remote_load(const hal_client_handle_t client,
   check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_LOAD));
   check(hal_xdr_encode_int(&optr, olimit, client.handle));
   check(hal_xdr_encode_int(&optr, olimit, session.handle));
-  check(hal_xdr_encode_int(&optr, olimit, type));
-  check(hal_xdr_encode_int(&optr, olimit, curve));
   check(hal_xdr_encode_buffer(&optr, olimit, der, der_len));
   check(hal_xdr_encode_int(&optr, olimit, flags));
   check(hal_rpc_send(outbuf, optr - outbuf));
diff --git a/rpc_client_daemon.c b/rpc_client_daemon.c
index 7ff3f21..1c506eb 100644
--- a/rpc_client_daemon.c
+++ b/rpc_client_daemon.c
@@ -40,6 +40,7 @@
 
 #include "hal.h"
 #include "hal_internal.h"
+#include "slip_internal.h"
 
 static int sock = -1;
 
diff --git a/rpc_pkey.c b/rpc_pkey.c
index dca054f..71d1627 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -268,26 +268,27 @@ static inline hal_error_t ks_open_from_flags(hal_ks_t **ks, const hal_key_flags_
  * return a key handle and the name.
  */
 
-#warning Convert hal_rpc_pkey_load() to use hal_asn1_guess_key_type()?
-
 static hal_error_t pkey_local_load(const hal_client_handle_t client,
                                    const hal_session_handle_t session,
                                    hal_pkey_handle_t *pkey,
-                                   const hal_key_type_t type,
-                                   const hal_curve_name_t curve,
                                    hal_uuid_t *name,
                                    const uint8_t * const der, const size_t der_len,
                                    const hal_key_flags_t flags)
 {
-  assert(pkey != NULL && name != NULL);
+  assert(pkey != NULL && name != NULL && der != NULL);
 
+  hal_curve_name_t curve;
   hal_pkey_slot_t *slot;
+  hal_key_type_t type;
   hal_ks_t *ks = NULL;
   hal_error_t err;
 
   if ((err = check_writable(client, flags)) != HAL_OK)
     return err;
 
+  if ((err = hal_asn1_guess_key_type(&type, &curve, der, der_len)) != HAL_OK)
+    return err;
+
   if ((slot = alloc_slot(flags)) == NULL)
     return HAL_ERROR_NO_KEY_SLOTS_AVAILABLE;
 
@@ -1188,8 +1189,6 @@ static hal_error_t pkey_local_import(const hal_client_handle_t client,
   size_t der_len, oid_len, data_len;
   const uint8_t *oid, *data;
   hal_rsa_key_t *rsa = NULL;
-  hal_curve_name_t curve;
-  hal_key_type_t type;
   hal_ks_t *ks = NULL;
   hal_error_t err;
 
@@ -1253,10 +1252,7 @@ static hal_error_t pkey_local_import(const hal_client_handle_t client,
   if ((err = hal_aes_keyunwrap(NULL, kek, sizeof(kek), data, data_len, der, &der_len)) != HAL_OK)
     goto fail;
 
-  if ((err = hal_asn1_guess_key_type(&type, &curve, der, der_len)) != HAL_OK)
-    goto fail;
-
-  err = pkey_local_load(client, session, pkey, type, curve, name, der, der_len, flags);
+  err = pkey_local_load(client, session, pkey, name, der, der_len, flags);
 
  fail:
   memset(rsabuf, 0, sizeof(rsabuf));
diff --git a/rpc_server.c b/rpc_server.c
index 4aa5de4..55f15fe 100644
--- a/rpc_server.c
+++ b/rpc_server.c
@@ -322,30 +322,28 @@ static hal_error_t pkey_load(const uint8_t **iptr, const uint8_t * const ilimit,
     hal_client_handle_t client;
     hal_session_handle_t session;
     hal_pkey_handle_t pkey;
-    uint32_t type;
-    uint32_t curve;
     hal_uuid_t name;
     const uint8_t *der;
     uint32_t der_len;
     hal_key_flags_t flags;
     hal_error_t ret;
+    uint8_t *optr_orig = *optr;
 
     check(hal_xdr_decode_int(iptr, ilimit, &client.handle));
     check(hal_xdr_decode_int(iptr, ilimit, &session.handle));
-    check(hal_xdr_decode_int(iptr, ilimit, &type));
-    check(hal_xdr_decode_int(iptr, ilimit, &curve));
     check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &der, &der_len));
     check(hal_xdr_decode_int(iptr, ilimit, &flags));
 
-    /* call the local function */
-    ret = hal_rpc_pkey_load(client, session, &pkey, type, curve, &name, der, der_len, flags);
+    ret = hal_rpc_pkey_load(client, session, &pkey, &name, der, der_len, flags);
 
-    if (ret == HAL_OK) {
-        uint8_t *optr_orig = *optr;
-        if ((ret = hal_xdr_encode_int(optr, olimit, pkey.handle)) != HAL_OK ||
-            (ret = hal_xdr_encode_buffer(optr, olimit, name.uuid, sizeof(name.uuid))) != HAL_OK)
-            *optr = optr_orig;
-    }
+    if (ret == HAL_OK)
+        ret = hal_xdr_encode_int(optr, olimit, pkey.handle);
+
+    if (ret == HAL_OK)
+        ret = hal_xdr_encode_buffer(optr, olimit, name.uuid, sizeof(name.uuid));
+
+    if (ret != HAL_OK)
+        *optr = optr_orig;
 
     return ret;
 }
diff --git a/tests/test-rpc_pkey.c b/tests/test-rpc_pkey.c
index c07a318..1b5f86a 100644
--- a/tests/test-rpc_pkey.c
+++ b/tests/test-rpc_pkey.c
@@ -177,8 +177,8 @@ static int test_rsa_testvec(const rsa_tc_t * const tc, hal_key_flags_t flags)
 
     assert(len == sizeof(private_der));
 
-    if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE,
-                                 &private_name, private_der, sizeof(private_der), flags)) != HAL_OK)
+    if ((err = hal_rpc_pkey_load(client, session, &private_key, &private_name,
+                                 private_der, sizeof(private_der), flags)) != HAL_OK)
       lose("Could not load private key into RPC: %s\n", hal_error_string(err));
 
     if ((err = hal_rsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK)
@@ -186,8 +186,8 @@ static int test_rsa_testvec(const rsa_tc_t * const tc, hal_key_flags_t flags)
 
     assert(len == sizeof(public_der));
 
-    if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE,
-                                 &public_name, public_der, sizeof(public_der), flags)) != HAL_OK)
+    if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name,
+                                 public_der, sizeof(public_der), flags)) != HAL_OK)
       lose("Could not load public key into RPC: %s\n", hal_error_string(err));
 
     uint8_t sig[tc->s.len];
@@ -271,8 +271,8 @@ static int test_ecdsa_testvec(const ecdsa_tc_t * const tc, hal_key_flags_t flags
 
     assert(len == sizeof(private_der));
 
-    if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_EC_PRIVATE, tc->curve,
-                                 &private_name, private_der, sizeof(private_der), flags)) != HAL_OK)
+    if ((err = hal_rpc_pkey_load(client, session, &private_key, &private_name,
+                                 private_der, sizeof(private_der), flags)) != HAL_OK)
       lose("Could not load private key into RPC: %s\n", hal_error_string(err));
 
     if ((err = hal_ecdsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK)
@@ -280,8 +280,8 @@ static int test_ecdsa_testvec(const ecdsa_tc_t * const tc, hal_key_flags_t flags
 
     assert(len == sizeof(public_der));
 
-    if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve,
-                                 &public_name, public_der, sizeof(public_der), flags)) != HAL_OK)
+    if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name,
+                                 public_der, sizeof(public_der), flags)) != HAL_OK)
       lose("Could not load public key into RPC: %s\n", hal_error_string(err));
 
     if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none,
@@ -353,8 +353,8 @@ static int test_rsa_generate(const rsa_tc_t * const tc, hal_key_flags_t flags)
 
     assert(len == sizeof(public_der));
 
-    if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE,
-                                 &public_name, public_der, sizeof(public_der), flags)) != HAL_OK)
+    if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name,
+                                 public_der, sizeof(public_der), flags)) != HAL_OK)
       lose("Could not load public key into RPC: %s\n", hal_error_string(err));
 
     uint8_t sig[tc->s.len];
@@ -429,8 +429,8 @@ static int test_ecdsa_generate(const ecdsa_tc_t * const tc, hal_key_flags_t flag
 
     assert(len == sizeof(public_der));
 
-    if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve,
-                                 &public_name, public_der, sizeof(public_der), flags)) != HAL_OK)
+    if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name,
+                                 public_der, sizeof(public_der), flags)) != HAL_OK)
       lose("Could not load public key into RPC: %s\n", hal_error_string(err));
 
     uint8_t sig[tc->sig_len + 4];
diff --git a/unit-tests.py b/unit-tests.py
index 83260e6..6fe5ccf 100644
--- a/unit-tests.py
+++ b/unit-tests.py
@@ -260,16 +260,14 @@ class TestPKeyGen(TestCaseLoggedIn):
     def gen_sign_verify_rsa(self, hashalg, keylen):
         k1 = hsm.pkey_generate_rsa(keylen, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(k1.delete)
-        k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, k1.public_key,
-                           HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+        k2 = hsm.pkey_load(k1.public_key, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(k2.delete)
         self.sign_verify(hashalg, k1, k2)
 
     def gen_sign_verify_ecdsa(self, hashalg, curve):
         k1 = hsm.pkey_generate_ec(curve, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(k1.delete)
-        k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, k1.public_key,
-                           HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+        k2 = hsm.pkey_load(k1.public_key, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(k2.delete)
         self.sign_verify(hashalg, k1, k2)
 
@@ -303,23 +301,19 @@ class TestPKeyHashing(TestCaseLoggedIn):
     """
 
     def load_sign_verify_rsa(self, alg, keylen, method):
-        k1 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE,
-                           PreloadedKey.db[HAL_KEY_TYPE_RSA_PRIVATE, keylen].der,
+        k1 = hsm.pkey_load(PreloadedKey.db[HAL_KEY_TYPE_RSA_PRIVATE, keylen].der,
                            HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(k1.delete)
-        k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE,
-                           PreloadedKey.db[HAL_KEY_TYPE_RSA_PUBLIC, keylen].der,
+        k2 = hsm.pkey_load(PreloadedKey.db[HAL_KEY_TYPE_RSA_PUBLIC, keylen].der,
                            HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(k2.delete)
         method(alg, k1, k2)
 
     def load_sign_verify_ecdsa(self, alg, curve, method):
-        k1 = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, curve,
-                           PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, curve].der,
+        k1 = hsm.pkey_load(PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, curve].der,
                            HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(k1.delete)
-        k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve,
-                           PreloadedKey.db[HAL_KEY_TYPE_EC_PUBLIC, curve].der,
+        k2 = hsm.pkey_load(PreloadedKey.db[HAL_KEY_TYPE_EC_PUBLIC, curve].der,
                            HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(k2.delete)
         method(alg, k1, k2)
@@ -490,9 +484,9 @@ class TestPKeyRSAInterop(TestCaseLoggedIn):
         hamster = "Your mother was a hamster"
         sk = PreloadedKey.db[HAL_KEY_TYPE_RSA_PRIVATE, keylen]
         vk = PreloadedKey.db[HAL_KEY_TYPE_RSA_PUBLIC,  keylen]
-        k1 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE, sk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+        k1 = hsm.pkey_load(sk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(k1.delete)
-        k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC,  HAL_CURVE_NONE, vk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+        k2 = hsm.pkey_load(vk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(k2.delete)
         sig1 = k1.sign(hash = self.h(alg, hamster))
         sig2 = sk.sign(hamster, pyhash)
@@ -525,9 +519,9 @@ class TestPKeyECDSAInterop(TestCaseLoggedIn):
         hamster = "Your mother was a hamster"
         sk = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, curve]
         vk = PreloadedKey.db[HAL_KEY_TYPE_EC_PUBLIC,  curve]
-        k1 = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, curve, sk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+        k1 = hsm.pkey_load(sk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(k1.delete)
-        k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC,  curve, vk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+        k2 = hsm.pkey_load(vk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(k2.delete)
         sig1 = k1.sign(hash = self.h(alg, hamster))
         sig2 = sk.sign(hamster, pyhash)
@@ -553,7 +547,7 @@ class TestPKeyMatch(TestCaseLoggedIn):
     def load_keys(self, flags):
         uuids = set()
         for obj in PreloadedKey.db.itervalues():
-            with hsm.pkey_load(obj.keytype, obj.curve, obj.der, flags) as k:
+            with hsm.pkey_load(obj.der, flags) as k:
                 self.addCleanup(lambda uuid: hsm.pkey_open(uuid, flags = flags).delete(), k.uuid)
                 uuids.add(k.uuid)
                 k.set_attributes(dict((i, a) for i, a in enumerate((str(obj.keytype), str(obj.fn2)))))
@@ -624,7 +618,7 @@ class TestPKeyAttribute(TestCaseLoggedIn):
         pinwheel = Pinwheel()
         for i in xrange(n_keys):
             for obj in PreloadedKey.db.itervalues():
-                with hsm.pkey_load(obj.keytype, obj.curve, obj.der, flags) as k:
+                with hsm.pkey_load(obj.der, flags) as k:
                     pinwheel()
                     self.addCleanup(lambda uuid: hsm.pkey_open(uuid, flags = flags).delete(), k.uuid)
                     k.set_attributes(dict((j, "Attribute {}{}".format(j, "*" * n_fill))
@@ -652,7 +646,7 @@ class TestPKeyAttributeP11(TestCaseLoggedIn):
 
     def setUp(self):
         der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der
-        self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, HAL_KEY_FLAG_TOKEN)
+        self.k = hsm.pkey_load(der, HAL_KEY_FLAG_TOKEN)
         self.addCleanup(self.k.delete)
         super(TestPKeyAttributeP11, self).setUp()
 
@@ -717,7 +711,7 @@ class TestPKeyAttributeWriteSpeedToken(TestCaseLoggedIn):
 
     def setUp(self):
         der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der
-        self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, HAL_KEY_FLAG_TOKEN)
+        self.k = hsm.pkey_load(der, HAL_KEY_FLAG_TOKEN)
         self.addCleanup(self.k.delete)
         super(TestPKeyAttributeWriteSpeedToken, self).setUp()
 
@@ -742,7 +736,7 @@ class TestPKeyAttributeWriteSpeedVolatile(TestCaseLoggedIn):
 
     def setUp(self):
         der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der
-        self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, 0)
+        self.k = hsm.pkey_load(der, 0)
         self.addCleanup(self.k.delete)
         super(TestPKeyAttributeWriteSpeedVolatile, self).setUp()
 
@@ -767,7 +761,7 @@ class TestPKeyAttributeReadSpeedToken(TestCaseLoggedIn):
 
     def setUp(self):
         der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der
-        self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, HAL_KEY_FLAG_TOKEN)
+        self.k = hsm.pkey_load(der, HAL_KEY_FLAG_TOKEN)
         self.addCleanup(self.k.delete)
         self.k.set_attributes(dict((i, "Attribute {}".format(i))
                                    for i in xrange(12)))
@@ -799,7 +793,7 @@ class TestPKeyAttributeReadSpeedVolatile(TestCaseLoggedIn):
 
     def setUp(self):
         der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der
-        self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, 0)
+        self.k = hsm.pkey_load(der, 0)
         self.addCleanup(self.k.delete)
         self.k.set_attributes(dict((i, "Attribute {}".format(i))
                                    for i in xrange(12)))
@@ -830,10 +824,10 @@ class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn):
     ECDSA verification tests based on Suite B Implementer's Guide to FIPS 186-3.
     """
 
-    def verify(self, Qx, Qy, H, r, s, hal_curve, py_curve, py_hash):
+    def verify(self, Qx, Qy, H, r, s, py_curve, py_hash):
         Q = ECDSA_VerifyingKey.from_public_point(Point(py_curve.curve, Qx, Qy),
                                                  py_curve, py_hash).to_der()
-        k  = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, hal_curve, Q, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+        k  = hsm.pkey_load(Q, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
         self.addCleanup(k.delete)
         k.verify(signature = (r + s).decode("hex"), data = H.decode("hex"))
 
@@ -844,7 +838,6 @@ class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn):
             H  = "7c3e883ddc8bd688f96eac5e9324222c8f30f9d6bb59e9c5f020bd39ba2b8377",
             r  = "7214bc9647160bbd39ff2f80533f5dc6ddd70ddf86bb815661e805d5d4e6f27c",
             s  = "7d1ff961980f961bdaa3233b6209f4013317d3e3f9e1493592dbeaa1af2bc367",
-            hal_curve = HAL_CURVE_P256,
             py_curve  = NIST256p,
             py_hash   = SHA256)
 
@@ -855,7 +848,6 @@ class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn):
             H  = "b9210c9d7e20897ab86597266a9d5077e8db1b06f7220ed6ee75bd8b45db37891f8ba5550304004159f4453dc5b3f5a1",
             r  = "a0c27ec893092dea1e1bd2ccfed3cf945c8134ed0c9f81311a0f4a05942db8dbed8dd59f267471d5462aa14fe72de856",
             s  = "20ab3f45b74f10b6e11f96a2c8eb694d206b9dda86d3c7e331c26b22c987b7537726577667adadf168ebbe803794a402",
-            hal_curve = HAL_CURVE_P384,
             py_curve  = NIST384p,
             py_hash   = SHA384)
 



More information about the Commits mailing list