[Cryptech-Commits] [sw/libhal] 02/02: Pull key type information from uploaded key in hal_rpc_pkey_load().
git at cryptech.is
git at cryptech.is
Fri Apr 7 21:49:45 UTC 2017
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch pkcs8
in repository sw/libhal.
commit a031d726ccdd358cec63a7892b3ce1e88b201313
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Fri Apr 7 17:41:30 2017 -0400
Pull key type information from uploaded key in hal_rpc_pkey_load().
Now that we use PKCS #8 format for private keys, all key formats we
use include ASN.1 AlgorithmIdentifier field describing the key, so
specifying key type and curve as arguments to hal_rpc_pkey_load() is
neither necessary nor particularly useful.
---
hal.h | 2 --
hal_internal.h | 2 --
key-backup.py | 4 ----
libhal.py | 4 ++--
rpc_api.c | 6 ++----
rpc_client.c | 6 +-----
rpc_client_daemon.c | 1 +
rpc_pkey.c | 18 +++++++-----------
rpc_server.c | 22 ++++++++++------------
tests/test-rpc_pkey.c | 24 ++++++++++++------------
unit-tests.py | 46 +++++++++++++++++++---------------------------
11 files changed, 54 insertions(+), 81 deletions(-)
diff --git a/hal.h b/hal.h
index 38a8330..4d246a3 100644
--- a/hal.h
+++ b/hal.h
@@ -749,8 +749,6 @@ typedef struct {
extern hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
- const hal_curve_name_t curve,
hal_uuid_t *name,
const uint8_t * const der, const size_t der_len,
const hal_key_flags_t flags);
diff --git a/hal_internal.h b/hal_internal.h
index 8130801..82d0081 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -192,8 +192,6 @@ typedef struct {
hal_error_t (*load)(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
- const hal_curve_name_t curve,
hal_uuid_t *name,
const uint8_t * const der, const size_t der_len,
const hal_key_flags_t flags);
diff --git a/key-backup.py b/key-backup.py
index 3d971e7..4cdd9e9 100644
--- a/key-backup.py
+++ b/key-backup.py
@@ -70,8 +70,6 @@ def test_export():
kekek = RSA.importKey(kekek_pem)
kekek_handle = hsm.pkey_load(
- type = HAL_KEY_TYPE_RSA_PUBLIC,
- curve = HAL_CURVE_NONE,
flags = HAL_KEY_FLAG_USAGE_KEYENCIPHERMENT,
der = kekek.publickey().exportKey(format = "DER"))
atexit(kekek_handle.delete)
@@ -102,8 +100,6 @@ def test_import():
if False:
kekek = RSA.importKey(kekek_pem)
kekek_handle = hsm.pkey_load(
- type = HAL_KEY_TYPE_RSA_PRIVATE,
- curve = HAL_CURVE_NONE,
flags = HAL_KEY_FLAG_USAGE_KEYENCIPHERMENT,
der = kekek.exportKey(format = "DER", pkcs = 8))
atexit(kekek_handle.delete)
diff --git a/libhal.py b/libhal.py
index 2bc80f4..5a16c40 100644
--- a/libhal.py
+++ b/libhal.py
@@ -555,8 +555,8 @@ class HSM(object):
with self.rpc(RPC_FUNC_HASH_FINALIZE, handle, length) as r:
return r.unpack_bytes()
- def pkey_load(self, type, curve, der, flags = 0, client = 0, session = 0):
- with self.rpc(RPC_FUNC_PKEY_LOAD, session, type, curve, der, flags, client = client) as r:
+ def pkey_load(self, der, flags = 0, client = 0, session = 0):
+ with self.rpc(RPC_FUNC_PKEY_LOAD, session, der, flags, client = client) as r:
pkey = PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes()))
logger.debug("Loaded pkey %s", pkey.uuid)
return pkey
diff --git a/rpc_api.c b/rpc_api.c
index 825afe6..37ca968 100644
--- a/rpc_api.c
+++ b/rpc_api.c
@@ -218,15 +218,13 @@ hal_error_t hal_rpc_hash_finalize(const hal_hash_handle_t hash,
hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
- const hal_curve_name_t curve,
hal_uuid_t *name,
const uint8_t * const der, const size_t der_len,
const hal_key_flags_t flags)
{
- if (pkey == NULL || name == NULL || der == NULL || der_len == 0 || !check_pkey_type_curve_flags(type, curve, flags))
+ if (pkey == NULL || name == NULL || der == NULL || der_len == 0 || !check_pkey_flags(flags))
return HAL_ERROR_BAD_ARGUMENTS;
- return hal_rpc_pkey_dispatch->load(client, session, pkey, type, curve, name, der, der_len, flags);
+ return hal_rpc_pkey_dispatch->load(client, session, pkey, name, der, der_len, flags);
}
hal_error_t hal_rpc_pkey_open(const hal_client_handle_t client,
diff --git a/rpc_client.c b/rpc_client.c
index 5729b6f..e856cce 100644
--- a/rpc_client.c
+++ b/rpc_client.c
@@ -420,13 +420,11 @@ static hal_error_t hash_finalize(const hal_hash_handle_t hash,
static hal_error_t pkey_remote_load(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
- const hal_curve_name_t curve,
hal_uuid_t *name,
const uint8_t * const der, const size_t der_len,
const hal_key_flags_t flags)
{
- uint8_t outbuf[nargs(7) + pad(der_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t outbuf[nargs(5) + pad(der_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
uint8_t inbuf[nargs(5) + pad(sizeof(name->uuid))];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
uint32_t name_len = sizeof(name->uuid);
@@ -435,8 +433,6 @@ static hal_error_t pkey_remote_load(const hal_client_handle_t client,
check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_LOAD));
check(hal_xdr_encode_int(&optr, olimit, client.handle));
check(hal_xdr_encode_int(&optr, olimit, session.handle));
- check(hal_xdr_encode_int(&optr, olimit, type));
- check(hal_xdr_encode_int(&optr, olimit, curve));
check(hal_xdr_encode_buffer(&optr, olimit, der, der_len));
check(hal_xdr_encode_int(&optr, olimit, flags));
check(hal_rpc_send(outbuf, optr - outbuf));
diff --git a/rpc_client_daemon.c b/rpc_client_daemon.c
index 7ff3f21..1c506eb 100644
--- a/rpc_client_daemon.c
+++ b/rpc_client_daemon.c
@@ -40,6 +40,7 @@
#include "hal.h"
#include "hal_internal.h"
+#include "slip_internal.h"
static int sock = -1;
diff --git a/rpc_pkey.c b/rpc_pkey.c
index dca054f..71d1627 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -268,26 +268,27 @@ static inline hal_error_t ks_open_from_flags(hal_ks_t **ks, const hal_key_flags_
* return a key handle and the name.
*/
-#warning Convert hal_rpc_pkey_load() to use hal_asn1_guess_key_type()?
-
static hal_error_t pkey_local_load(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
- const hal_curve_name_t curve,
hal_uuid_t *name,
const uint8_t * const der, const size_t der_len,
const hal_key_flags_t flags)
{
- assert(pkey != NULL && name != NULL);
+ assert(pkey != NULL && name != NULL && der != NULL);
+ hal_curve_name_t curve;
hal_pkey_slot_t *slot;
+ hal_key_type_t type;
hal_ks_t *ks = NULL;
hal_error_t err;
if ((err = check_writable(client, flags)) != HAL_OK)
return err;
+ if ((err = hal_asn1_guess_key_type(&type, &curve, der, der_len)) != HAL_OK)
+ return err;
+
if ((slot = alloc_slot(flags)) == NULL)
return HAL_ERROR_NO_KEY_SLOTS_AVAILABLE;
@@ -1188,8 +1189,6 @@ static hal_error_t pkey_local_import(const hal_client_handle_t client,
size_t der_len, oid_len, data_len;
const uint8_t *oid, *data;
hal_rsa_key_t *rsa = NULL;
- hal_curve_name_t curve;
- hal_key_type_t type;
hal_ks_t *ks = NULL;
hal_error_t err;
@@ -1253,10 +1252,7 @@ static hal_error_t pkey_local_import(const hal_client_handle_t client,
if ((err = hal_aes_keyunwrap(NULL, kek, sizeof(kek), data, data_len, der, &der_len)) != HAL_OK)
goto fail;
- if ((err = hal_asn1_guess_key_type(&type, &curve, der, der_len)) != HAL_OK)
- goto fail;
-
- err = pkey_local_load(client, session, pkey, type, curve, name, der, der_len, flags);
+ err = pkey_local_load(client, session, pkey, name, der, der_len, flags);
fail:
memset(rsabuf, 0, sizeof(rsabuf));
diff --git a/rpc_server.c b/rpc_server.c
index 4aa5de4..55f15fe 100644
--- a/rpc_server.c
+++ b/rpc_server.c
@@ -322,30 +322,28 @@ static hal_error_t pkey_load(const uint8_t **iptr, const uint8_t * const ilimit,
hal_client_handle_t client;
hal_session_handle_t session;
hal_pkey_handle_t pkey;
- uint32_t type;
- uint32_t curve;
hal_uuid_t name;
const uint8_t *der;
uint32_t der_len;
hal_key_flags_t flags;
hal_error_t ret;
+ uint8_t *optr_orig = *optr;
check(hal_xdr_decode_int(iptr, ilimit, &client.handle));
check(hal_xdr_decode_int(iptr, ilimit, &session.handle));
- check(hal_xdr_decode_int(iptr, ilimit, &type));
- check(hal_xdr_decode_int(iptr, ilimit, &curve));
check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &der, &der_len));
check(hal_xdr_decode_int(iptr, ilimit, &flags));
- /* call the local function */
- ret = hal_rpc_pkey_load(client, session, &pkey, type, curve, &name, der, der_len, flags);
+ ret = hal_rpc_pkey_load(client, session, &pkey, &name, der, der_len, flags);
- if (ret == HAL_OK) {
- uint8_t *optr_orig = *optr;
- if ((ret = hal_xdr_encode_int(optr, olimit, pkey.handle)) != HAL_OK ||
- (ret = hal_xdr_encode_buffer(optr, olimit, name.uuid, sizeof(name.uuid))) != HAL_OK)
- *optr = optr_orig;
- }
+ if (ret == HAL_OK)
+ ret = hal_xdr_encode_int(optr, olimit, pkey.handle);
+
+ if (ret == HAL_OK)
+ ret = hal_xdr_encode_buffer(optr, olimit, name.uuid, sizeof(name.uuid));
+
+ if (ret != HAL_OK)
+ *optr = optr_orig;
return ret;
}
diff --git a/tests/test-rpc_pkey.c b/tests/test-rpc_pkey.c
index c07a318..1b5f86a 100644
--- a/tests/test-rpc_pkey.c
+++ b/tests/test-rpc_pkey.c
@@ -177,8 +177,8 @@ static int test_rsa_testvec(const rsa_tc_t * const tc, hal_key_flags_t flags)
assert(len == sizeof(private_der));
- if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE,
- &private_name, private_der, sizeof(private_der), flags)) != HAL_OK)
+ if ((err = hal_rpc_pkey_load(client, session, &private_key, &private_name,
+ private_der, sizeof(private_der), flags)) != HAL_OK)
lose("Could not load private key into RPC: %s\n", hal_error_string(err));
if ((err = hal_rsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK)
@@ -186,8 +186,8 @@ static int test_rsa_testvec(const rsa_tc_t * const tc, hal_key_flags_t flags)
assert(len == sizeof(public_der));
- if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE,
- &public_name, public_der, sizeof(public_der), flags)) != HAL_OK)
+ if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name,
+ public_der, sizeof(public_der), flags)) != HAL_OK)
lose("Could not load public key into RPC: %s\n", hal_error_string(err));
uint8_t sig[tc->s.len];
@@ -271,8 +271,8 @@ static int test_ecdsa_testvec(const ecdsa_tc_t * const tc, hal_key_flags_t flags
assert(len == sizeof(private_der));
- if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_EC_PRIVATE, tc->curve,
- &private_name, private_der, sizeof(private_der), flags)) != HAL_OK)
+ if ((err = hal_rpc_pkey_load(client, session, &private_key, &private_name,
+ private_der, sizeof(private_der), flags)) != HAL_OK)
lose("Could not load private key into RPC: %s\n", hal_error_string(err));
if ((err = hal_ecdsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK)
@@ -280,8 +280,8 @@ static int test_ecdsa_testvec(const ecdsa_tc_t * const tc, hal_key_flags_t flags
assert(len == sizeof(public_der));
- if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve,
- &public_name, public_der, sizeof(public_der), flags)) != HAL_OK)
+ if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name,
+ public_der, sizeof(public_der), flags)) != HAL_OK)
lose("Could not load public key into RPC: %s\n", hal_error_string(err));
if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none,
@@ -353,8 +353,8 @@ static int test_rsa_generate(const rsa_tc_t * const tc, hal_key_flags_t flags)
assert(len == sizeof(public_der));
- if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE,
- &public_name, public_der, sizeof(public_der), flags)) != HAL_OK)
+ if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name,
+ public_der, sizeof(public_der), flags)) != HAL_OK)
lose("Could not load public key into RPC: %s\n", hal_error_string(err));
uint8_t sig[tc->s.len];
@@ -429,8 +429,8 @@ static int test_ecdsa_generate(const ecdsa_tc_t * const tc, hal_key_flags_t flag
assert(len == sizeof(public_der));
- if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve,
- &public_name, public_der, sizeof(public_der), flags)) != HAL_OK)
+ if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name,
+ public_der, sizeof(public_der), flags)) != HAL_OK)
lose("Could not load public key into RPC: %s\n", hal_error_string(err));
uint8_t sig[tc->sig_len + 4];
diff --git a/unit-tests.py b/unit-tests.py
index 83260e6..6fe5ccf 100644
--- a/unit-tests.py
+++ b/unit-tests.py
@@ -260,16 +260,14 @@ class TestPKeyGen(TestCaseLoggedIn):
def gen_sign_verify_rsa(self, hashalg, keylen):
k1 = hsm.pkey_generate_rsa(keylen, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
self.addCleanup(k1.delete)
- k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, k1.public_key,
- HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+ k2 = hsm.pkey_load(k1.public_key, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
self.addCleanup(k2.delete)
self.sign_verify(hashalg, k1, k2)
def gen_sign_verify_ecdsa(self, hashalg, curve):
k1 = hsm.pkey_generate_ec(curve, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
self.addCleanup(k1.delete)
- k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, k1.public_key,
- HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+ k2 = hsm.pkey_load(k1.public_key, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
self.addCleanup(k2.delete)
self.sign_verify(hashalg, k1, k2)
@@ -303,23 +301,19 @@ class TestPKeyHashing(TestCaseLoggedIn):
"""
def load_sign_verify_rsa(self, alg, keylen, method):
- k1 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE,
- PreloadedKey.db[HAL_KEY_TYPE_RSA_PRIVATE, keylen].der,
+ k1 = hsm.pkey_load(PreloadedKey.db[HAL_KEY_TYPE_RSA_PRIVATE, keylen].der,
HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
self.addCleanup(k1.delete)
- k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE,
- PreloadedKey.db[HAL_KEY_TYPE_RSA_PUBLIC, keylen].der,
+ k2 = hsm.pkey_load(PreloadedKey.db[HAL_KEY_TYPE_RSA_PUBLIC, keylen].der,
HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
self.addCleanup(k2.delete)
method(alg, k1, k2)
def load_sign_verify_ecdsa(self, alg, curve, method):
- k1 = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, curve,
- PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, curve].der,
+ k1 = hsm.pkey_load(PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, curve].der,
HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
self.addCleanup(k1.delete)
- k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve,
- PreloadedKey.db[HAL_KEY_TYPE_EC_PUBLIC, curve].der,
+ k2 = hsm.pkey_load(PreloadedKey.db[HAL_KEY_TYPE_EC_PUBLIC, curve].der,
HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
self.addCleanup(k2.delete)
method(alg, k1, k2)
@@ -490,9 +484,9 @@ class TestPKeyRSAInterop(TestCaseLoggedIn):
hamster = "Your mother was a hamster"
sk = PreloadedKey.db[HAL_KEY_TYPE_RSA_PRIVATE, keylen]
vk = PreloadedKey.db[HAL_KEY_TYPE_RSA_PUBLIC, keylen]
- k1 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE, sk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+ k1 = hsm.pkey_load(sk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
self.addCleanup(k1.delete)
- k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, vk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+ k2 = hsm.pkey_load(vk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
self.addCleanup(k2.delete)
sig1 = k1.sign(hash = self.h(alg, hamster))
sig2 = sk.sign(hamster, pyhash)
@@ -525,9 +519,9 @@ class TestPKeyECDSAInterop(TestCaseLoggedIn):
hamster = "Your mother was a hamster"
sk = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, curve]
vk = PreloadedKey.db[HAL_KEY_TYPE_EC_PUBLIC, curve]
- k1 = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, curve, sk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+ k1 = hsm.pkey_load(sk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
self.addCleanup(k1.delete)
- k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, vk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+ k2 = hsm.pkey_load(vk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
self.addCleanup(k2.delete)
sig1 = k1.sign(hash = self.h(alg, hamster))
sig2 = sk.sign(hamster, pyhash)
@@ -553,7 +547,7 @@ class TestPKeyMatch(TestCaseLoggedIn):
def load_keys(self, flags):
uuids = set()
for obj in PreloadedKey.db.itervalues():
- with hsm.pkey_load(obj.keytype, obj.curve, obj.der, flags) as k:
+ with hsm.pkey_load(obj.der, flags) as k:
self.addCleanup(lambda uuid: hsm.pkey_open(uuid, flags = flags).delete(), k.uuid)
uuids.add(k.uuid)
k.set_attributes(dict((i, a) for i, a in enumerate((str(obj.keytype), str(obj.fn2)))))
@@ -624,7 +618,7 @@ class TestPKeyAttribute(TestCaseLoggedIn):
pinwheel = Pinwheel()
for i in xrange(n_keys):
for obj in PreloadedKey.db.itervalues():
- with hsm.pkey_load(obj.keytype, obj.curve, obj.der, flags) as k:
+ with hsm.pkey_load(obj.der, flags) as k:
pinwheel()
self.addCleanup(lambda uuid: hsm.pkey_open(uuid, flags = flags).delete(), k.uuid)
k.set_attributes(dict((j, "Attribute {}{}".format(j, "*" * n_fill))
@@ -652,7 +646,7 @@ class TestPKeyAttributeP11(TestCaseLoggedIn):
def setUp(self):
der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der
- self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, HAL_KEY_FLAG_TOKEN)
+ self.k = hsm.pkey_load(der, HAL_KEY_FLAG_TOKEN)
self.addCleanup(self.k.delete)
super(TestPKeyAttributeP11, self).setUp()
@@ -717,7 +711,7 @@ class TestPKeyAttributeWriteSpeedToken(TestCaseLoggedIn):
def setUp(self):
der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der
- self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, HAL_KEY_FLAG_TOKEN)
+ self.k = hsm.pkey_load(der, HAL_KEY_FLAG_TOKEN)
self.addCleanup(self.k.delete)
super(TestPKeyAttributeWriteSpeedToken, self).setUp()
@@ -742,7 +736,7 @@ class TestPKeyAttributeWriteSpeedVolatile(TestCaseLoggedIn):
def setUp(self):
der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der
- self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, 0)
+ self.k = hsm.pkey_load(der, 0)
self.addCleanup(self.k.delete)
super(TestPKeyAttributeWriteSpeedVolatile, self).setUp()
@@ -767,7 +761,7 @@ class TestPKeyAttributeReadSpeedToken(TestCaseLoggedIn):
def setUp(self):
der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der
- self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, HAL_KEY_FLAG_TOKEN)
+ self.k = hsm.pkey_load(der, HAL_KEY_FLAG_TOKEN)
self.addCleanup(self.k.delete)
self.k.set_attributes(dict((i, "Attribute {}".format(i))
for i in xrange(12)))
@@ -799,7 +793,7 @@ class TestPKeyAttributeReadSpeedVolatile(TestCaseLoggedIn):
def setUp(self):
der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der
- self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, 0)
+ self.k = hsm.pkey_load(der, 0)
self.addCleanup(self.k.delete)
self.k.set_attributes(dict((i, "Attribute {}".format(i))
for i in xrange(12)))
@@ -830,10 +824,10 @@ class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn):
ECDSA verification tests based on Suite B Implementer's Guide to FIPS 186-3.
"""
- def verify(self, Qx, Qy, H, r, s, hal_curve, py_curve, py_hash):
+ def verify(self, Qx, Qy, H, r, s, py_curve, py_hash):
Q = ECDSA_VerifyingKey.from_public_point(Point(py_curve.curve, Qx, Qy),
py_curve, py_hash).to_der()
- k = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, hal_curve, Q, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
+ k = hsm.pkey_load(Q, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE)
self.addCleanup(k.delete)
k.verify(signature = (r + s).decode("hex"), data = H.decode("hex"))
@@ -844,7 +838,6 @@ class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn):
H = "7c3e883ddc8bd688f96eac5e9324222c8f30f9d6bb59e9c5f020bd39ba2b8377",
r = "7214bc9647160bbd39ff2f80533f5dc6ddd70ddf86bb815661e805d5d4e6f27c",
s = "7d1ff961980f961bdaa3233b6209f4013317d3e3f9e1493592dbeaa1af2bc367",
- hal_curve = HAL_CURVE_P256,
py_curve = NIST256p,
py_hash = SHA256)
@@ -855,7 +848,6 @@ class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn):
H = "b9210c9d7e20897ab86597266a9d5077e8db1b06f7220ed6ee75bd8b45db37891f8ba5550304004159f4453dc5b3f5a1",
r = "a0c27ec893092dea1e1bd2ccfed3cf945c8134ed0c9f81311a0f4a05942db8dbed8dd59f267471d5462aa14fe72de856",
s = "20ab3f45b74f10b6e11f96a2c8eb694d206b9dda86d3c7e331c26b22c987b7537726577667adadf168ebbe803794a402",
- hal_curve = HAL_CURVE_P384,
py_curve = NIST384p,
py_hash = SHA384)
More information about the Commits
mailing list