aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2016-10-07 20:23:45 -0400
committerRob Austein <sra@hactrn.net>2016-10-07 20:23:45 -0400
commit45061e2df746f597195b80376fc405b4538b5420 (patch)
tree52a132edc29b028ceec5f111a4264d4873f99064
parentb89d9e30c928724fd4aac579067708cffc55f003 (diff)
Fix session handle arguments in RPC calls.
RPC calls which pass a pkey handle don't need to pass a session handle, because the session handle is already in the HSM's pkey slot object; pkey RPC calls which don't pass a pkey argument do need to pass a session handle. This change percolates down to the keystore driver, because only the keystore driver knows whether that particular keystore cares about session handles.
-rw-r--r--hal.h14
-rw-r--r--hal_internal.h20
-rw-r--r--ks_flash.c4
-rw-r--r--rpc_api.c20
-rw-r--r--rpc_client.c40
-rw-r--r--rpc_pkey.c16
-rw-r--r--rpc_server.c26
7 files changed, 71 insertions, 69 deletions
diff --git a/hal.h b/hal.h
index 5b4de69..997db7c 100644
--- a/hal.h
+++ b/hal.h
@@ -736,16 +736,12 @@ extern size_t hal_rpc_pkey_get_public_key_len(const hal_pkey_handle_t pkey);
extern hal_error_t hal_rpc_pkey_get_public_key(const hal_pkey_handle_t pkey,
uint8_t *der, size_t *der_len, const size_t der_max);
-#warning Um, why do hal_rpc_pkey_sign() and hal_rpc_pkey_verify() take session arguments?
-
-extern hal_error_t hal_rpc_pkey_sign(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+extern hal_error_t hal_rpc_pkey_sign(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
uint8_t * signature, size_t *signature_len, const size_t signature_max);
-extern hal_error_t hal_rpc_pkey_verify(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+extern hal_error_t hal_rpc_pkey_verify(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
const uint8_t * const signature, const size_t signature_len);
@@ -758,7 +754,8 @@ typedef struct {
/* ... */
} hal_pkey_info_t;
-extern hal_error_t hal_rpc_pkey_list(hal_pkey_info_t *result,
+extern hal_error_t hal_rpc_pkey_list(const hal_session_handle_t session,
+ hal_pkey_info_t *result,
unsigned *result_len,
const unsigned result_max,
hal_key_flags_t flags);
@@ -769,7 +766,8 @@ typedef struct {
const uint8_t *value;
} hal_rpc_pkey_attribute_t;
-extern hal_error_t hal_rpc_pkey_match(const hal_key_type_t type,
+extern hal_error_t hal_rpc_pkey_match(const hal_session_handle_t session,
+ const hal_key_type_t type,
const hal_curve_name_t curve,
const hal_key_flags_t flags,
hal_rpc_pkey_attribute_t *attributes,
diff --git a/hal_internal.h b/hal_internal.h
index 0d40922..fe1cb1f 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -225,24 +225,24 @@ typedef struct {
hal_error_t (*get_public_key)(const hal_pkey_handle_t pkey,
uint8_t *der, size_t *der_len, const size_t der_max);
- hal_error_t (*sign)(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+ hal_error_t (*sign)(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
uint8_t * signature, size_t *signature_len, const size_t signature_max);
- hal_error_t (*verify)(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+ hal_error_t (*verify)(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
const uint8_t * const signature, const size_t signature_len);
- hal_error_t (*list)(hal_pkey_info_t *result,
+ hal_error_t (*list)(const hal_session_handle_t session,
+ hal_pkey_info_t *result,
unsigned *result_len,
const unsigned result_max,
hal_key_flags_t flags);
- hal_error_t (*match)(const hal_key_type_t type,
+ hal_error_t (*match)(const hal_session_handle_t session,
+ const hal_key_type_t type,
const hal_curve_name_t curve,
const hal_key_flags_t flags,
hal_rpc_pkey_attribute_t *attributes,
@@ -491,11 +491,13 @@ struct hal_ks_driver {
const hal_pkey_slot_t * const slot);
hal_error_t (*list)(hal_ks_t *ks,
+ const hal_session_handle_t session,
hal_pkey_info_t *result,
unsigned *result_len,
const unsigned result_max);
hal_error_t (*match)(hal_ks_t *ks,
+ const hal_session_handle_t session,
const hal_key_type_t type,
const hal_curve_name_t curve,
const hal_key_flags_t flags,
@@ -606,6 +608,7 @@ static inline hal_error_t hal_ks_delete(hal_ks_t *ks,
}
static inline hal_error_t hal_ks_list(hal_ks_t *ks,
+ const hal_session_handle_t session,
hal_pkey_info_t *result,
unsigned *result_len,
const unsigned result_max)
@@ -613,10 +616,11 @@ static inline hal_error_t hal_ks_list(hal_ks_t *ks,
if (ks == NULL || ks->driver == NULL || ks->driver->list == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
- return ks->driver->list(ks, result, result_len, result_max);
+ return ks->driver->list(ks, session, result, result_len, result_max);
}
static inline hal_error_t hal_ks_match(hal_ks_t *ks,
+ const hal_session_handle_t session,
const hal_key_type_t type,
const hal_curve_name_t curve,
const hal_key_flags_t flags,
@@ -630,7 +634,7 @@ static inline hal_error_t hal_ks_match(hal_ks_t *ks,
if (ks == NULL || ks->driver == NULL || ks->driver->match == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
- return ks->driver->match(ks, type, curve, flags, attributes, attributes_len,
+ return ks->driver->match(ks, session, type, curve, flags, attributes, attributes_len,
result, result_len, result_max, previous_uuid);
}
diff --git a/ks_flash.c b/ks_flash.c
index 5b3f718..b14fc6a 100644
--- a/ks_flash.c
+++ b/ks_flash.c
@@ -1043,6 +1043,7 @@ static hal_error_t ks_match(hal_ks_t *ks,
hal_uuid_t *previous_uuid)
{
#warning NIY
+ return HAL_ERROR_IMPOSSIBLE;
}
static hal_error_t ks_set_attribute(hal_ks_t *ks,
@@ -1052,6 +1053,7 @@ static hal_error_t ks_set_attribute(hal_ks_t *ks,
const size_t value_len)
{
#warning NIY
+ return HAL_ERROR_IMPOSSIBLE;
}
static hal_error_t ks_get_attribute(hal_ks_t *ks,
@@ -1062,6 +1064,7 @@ static hal_error_t ks_get_attribute(hal_ks_t *ks,
const size_t value_max)
{
#warning NIY
+ return HAL_ERROR_IMPOSSIBLE;
}
static hal_error_t ks_delete_attribute(hal_ks_t *ks,
@@ -1069,6 +1072,7 @@ static hal_error_t ks_delete_attribute(hal_ks_t *ks,
const uint32_t type)
{
#warning NIY
+ return HAL_ERROR_IMPOSSIBLE;
}
const hal_ks_driver_t hal_ks_token_driver[1] = {{
diff --git a/rpc_api.c b/rpc_api.c
index 022dc62..f7b04cc 100644
--- a/rpc_api.c
+++ b/rpc_api.c
@@ -304,8 +304,7 @@ hal_error_t hal_rpc_pkey_get_public_key(const hal_pkey_handle_t pkey,
return hal_rpc_pkey_dispatch->get_public_key(pkey, der, der_len, der_max);
}
-hal_error_t hal_rpc_pkey_sign(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+hal_error_t hal_rpc_pkey_sign(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
uint8_t * signature, size_t *signature_len, const size_t signature_max)
@@ -313,11 +312,10 @@ hal_error_t hal_rpc_pkey_sign(const hal_session_handle_t session,
if (signature == NULL || signature_len == NULL || signature_max == 0 ||
(hash.handle == HAL_HANDLE_NONE) == (input == NULL || input_len == 0))
return HAL_ERROR_BAD_ARGUMENTS;
- return hal_rpc_pkey_dispatch->sign(session, pkey, hash, input, input_len, signature, signature_len, signature_max);
+ return hal_rpc_pkey_dispatch->sign(pkey, hash, input, input_len, signature, signature_len, signature_max);
}
-hal_error_t hal_rpc_pkey_verify(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+hal_error_t hal_rpc_pkey_verify(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
const uint8_t * const signature, const size_t signature_len)
@@ -325,20 +323,22 @@ hal_error_t hal_rpc_pkey_verify(const hal_session_handle_t session,
if (signature == NULL || signature_len == 0 ||
(hash.handle == HAL_HANDLE_NONE) == (input == NULL || input_len == 0))
return HAL_ERROR_BAD_ARGUMENTS;
- return hal_rpc_pkey_dispatch->verify(session, pkey, hash, input, input_len, signature, signature_len);
+ return hal_rpc_pkey_dispatch->verify(pkey, hash, input, input_len, signature, signature_len);
}
-hal_error_t hal_rpc_pkey_list(hal_pkey_info_t *result,
+hal_error_t hal_rpc_pkey_list(const hal_session_handle_t session,
+ hal_pkey_info_t *result,
unsigned *result_len,
const unsigned result_max,
hal_key_flags_t flags)
{
if (result == NULL || result_len == NULL || result_max == 0)
return HAL_ERROR_BAD_ARGUMENTS;
- return hal_rpc_pkey_dispatch->list(result, result_len, result_max, flags);
+ return hal_rpc_pkey_dispatch->list(session, result, result_len, result_max, flags);
}
-hal_error_t hal_rpc_pkey_match(const hal_key_type_t type,
+hal_error_t hal_rpc_pkey_match(const hal_session_handle_t session,
+ const hal_key_type_t type,
const hal_curve_name_t curve,
const hal_key_flags_t flags,
hal_rpc_pkey_attribute_t *attributes,
@@ -357,7 +357,7 @@ hal_error_t hal_rpc_pkey_match(const hal_key_type_t type,
if (attributes[i].value == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
- return hal_rpc_pkey_dispatch->match(type, curve, flags, attributes, attributes_len,
+ return hal_rpc_pkey_dispatch->match(session, type, curve, flags, attributes, attributes_len,
result, result_len, result_max, previous_uuid);
}
diff --git a/rpc_client.c b/rpc_client.c
index a56052d..78e2f16 100644
--- a/rpc_client.c
+++ b/rpc_client.c
@@ -681,13 +681,12 @@ static hal_error_t pkey_remote_get_public_key(const hal_pkey_handle_t pkey,
return rpc_ret;
}
-static hal_error_t pkey_remote_sign(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+static hal_error_t pkey_remote_sign(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
- const uint8_t * const input, const size_t input_len,
+ const uint8_t * const input, const size_t input_len,
uint8_t * signature, size_t *signature_len, const size_t signature_max)
{
- uint8_t outbuf[nargs(7) + pad(input_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t outbuf[nargs(6) + pad(input_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
uint8_t inbuf[nargs(4) + pad(signature_max)];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
uint32_t slen32 = signature_max;
@@ -696,7 +695,6 @@ static hal_error_t pkey_remote_sign(const hal_session_handle_t session,
check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_SIGN));
check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
- check(hal_xdr_encode_int(&optr, olimit, session.handle));
check(hal_xdr_encode_int(&optr, olimit, pkey.handle));
check(hal_xdr_encode_int(&optr, olimit, hash.handle));
check(hal_xdr_encode_buffer(&optr, olimit, input, input_len));
@@ -713,13 +711,12 @@ static hal_error_t pkey_remote_sign(const hal_session_handle_t session,
return rpc_ret;
}
-static hal_error_t pkey_remote_verify(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+static hal_error_t pkey_remote_verify(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
const uint8_t * const signature, const size_t signature_len)
{
- uint8_t outbuf[nargs(7) + pad(input_len) + pad(signature_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t outbuf[nargs(6) + pad(input_len) + pad(signature_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
uint8_t inbuf[nargs(3)];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
hal_client_handle_t dummy_client = {0};
@@ -727,7 +724,6 @@ static hal_error_t pkey_remote_verify(const hal_session_handle_t session,
check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_VERIFY));
check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
- check(hal_xdr_encode_int(&optr, olimit, session.handle));
check(hal_xdr_encode_int(&optr, olimit, pkey.handle));
check(hal_xdr_encode_int(&optr, olimit, hash.handle));
check(hal_xdr_encode_buffer(&optr, olimit, input, input_len));
@@ -757,12 +753,13 @@ static hal_error_t hal_xdr_decode_pkey_info(const uint8_t **iptr, const uint8_t
return HAL_OK;
}
-static hal_error_t pkey_remote_list(hal_pkey_info_t *result,
+static hal_error_t pkey_remote_list(const hal_session_handle_t session,
+ hal_pkey_info_t *result,
unsigned *result_len,
const unsigned result_max,
hal_key_flags_t flags)
{
- uint8_t outbuf[nargs(4)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t outbuf[nargs(5)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
uint8_t inbuf[nargs(4) + pad(result_max * sizeof(hal_pkey_info_t))];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
uint32_t len;
@@ -771,6 +768,7 @@ static hal_error_t pkey_remote_list(hal_pkey_info_t *result,
check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_LIST));
check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
+ check(hal_xdr_encode_int(&optr, olimit, session.handle));
check(hal_xdr_encode_int(&optr, olimit, result_max));
check(hal_xdr_encode_int(&optr, olimit, flags));
check(hal_rpc_send(outbuf, optr - outbuf));
@@ -791,7 +789,8 @@ static hal_error_t pkey_remote_list(hal_pkey_info_t *result,
return rpc_ret;
}
-static hal_error_t pkey_remote_match(const hal_key_type_t type,
+static hal_error_t pkey_remote_match(const hal_session_handle_t session,
+ const hal_key_type_t type,
const hal_curve_name_t curve,
const hal_key_flags_t flags,
hal_rpc_pkey_attribute_t *attributes,
@@ -806,7 +805,7 @@ static hal_error_t pkey_remote_match(const hal_key_type_t type,
for (int i = 0; i < attributes_len; i++)
attributes_buffer_len += attributes[i].length;
- uint8_t outbuf[nargs(8 + attributes_len * 2) + pad(attributes_buffer_len) + pad(sizeof(hal_uuid_t))];
+ uint8_t outbuf[nargs(9 + attributes_len * 2) + pad(attributes_buffer_len) + pad(sizeof(hal_uuid_t))];
uint8_t *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
uint8_t inbuf[nargs(5) + pad(result_max * sizeof(hal_uuid_t)) + pad(sizeof(hal_uuid_t))];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
@@ -815,6 +814,7 @@ static hal_error_t pkey_remote_match(const hal_key_type_t type,
check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_MATCH));
check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
+ check(hal_xdr_encode_int(&optr, olimit, session.handle));
check(hal_xdr_encode_int(&optr, olimit, type));
check(hal_xdr_encode_int(&optr, olimit, curve));
check(hal_xdr_encode_int(&optr, olimit, flags));
@@ -934,14 +934,13 @@ static hal_error_t pkey_remote_delete_attribute(const hal_pkey_handle_t pkey,
* pull the digest from the hash context and send that to the HSM.
*/
-static hal_error_t pkey_mixed_sign(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+static hal_error_t pkey_mixed_sign(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
uint8_t * signature, size_t *signature_len, const size_t signature_max)
{
if (input != NULL)
- return hal_rpc_remote_pkey_dispatch.sign(session, pkey, hash, input, input_len,
+ return hal_rpc_remote_pkey_dispatch.sign(pkey, hash, input, input_len,
signature, signature_len, signature_max);
hal_digest_algorithm_t alg;
@@ -970,18 +969,17 @@ static hal_error_t pkey_mixed_sign(const hal_session_handle_t session,
}
- return hal_rpc_remote_pkey_dispatch.sign(session, pkey, hal_hash_handle_none, digest, digest_len,
+ return hal_rpc_remote_pkey_dispatch.sign(pkey, hal_hash_handle_none, digest, digest_len,
signature, signature_len, signature_max);
}
-static hal_error_t pkey_mixed_verify(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+static hal_error_t pkey_mixed_verify(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
const uint8_t * const signature, const size_t signature_len)
{
if (input != NULL)
- return hal_rpc_remote_pkey_dispatch.verify(session, pkey, hash, input, input_len,
+ return hal_rpc_remote_pkey_dispatch.verify(pkey, hash, input, input_len,
signature, signature_len);
hal_digest_algorithm_t alg;
@@ -1010,7 +1008,7 @@ static hal_error_t pkey_mixed_verify(const hal_session_handle_t session,
}
- return hal_rpc_remote_pkey_dispatch.verify(session, pkey, hal_hash_handle_none,
+ return hal_rpc_remote_pkey_dispatch.verify(pkey, hal_hash_handle_none,
digest, digest_len, signature, signature_len);
}
diff --git a/rpc_pkey.c b/rpc_pkey.c
index 207d980..22ad197 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -647,8 +647,7 @@ static hal_error_t pkey_local_sign_ecdsa(uint8_t *keybuf, const size_t keybuf_le
return HAL_OK;
}
-static hal_error_t pkey_local_sign(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+static hal_error_t pkey_local_sign(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
uint8_t * signature, size_t *signature_len, const size_t signature_max)
@@ -794,8 +793,7 @@ static hal_error_t pkey_local_verify_ecdsa(uint8_t *keybuf, const size_t keybuf_
return HAL_OK;
}
-static hal_error_t pkey_local_verify(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+static hal_error_t pkey_local_verify(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
const uint8_t * const signature, const size_t signature_len)
@@ -850,7 +848,8 @@ static hal_error_t pkey_local_verify(const hal_session_handle_t session,
* List keys in the key store.
*/
-static hal_error_t pkey_local_list(hal_pkey_info_t *result,
+static hal_error_t pkey_local_list(const hal_session_handle_t session,
+ hal_pkey_info_t *result,
unsigned *result_len,
const unsigned result_max,
hal_key_flags_t flags)
@@ -859,7 +858,7 @@ static hal_error_t pkey_local_list(hal_pkey_info_t *result,
hal_error_t err;
if ((err = ks_open_from_flags(&ks, flags)) == HAL_OK &&
- (err = hal_ks_list(ks, result, result_len, result_max)) == HAL_OK)
+ (err = hal_ks_list(ks, session, result, result_len, result_max)) == HAL_OK)
err = hal_ks_close(ks);
else if (ks != NULL)
(void) hal_ks_close(ks);
@@ -867,7 +866,8 @@ static hal_error_t pkey_local_list(hal_pkey_info_t *result,
return err;
}
-static hal_error_t pkey_local_match(const hal_key_type_t type,
+static hal_error_t pkey_local_match(const hal_session_handle_t session,
+ const hal_key_type_t type,
const hal_curve_name_t curve,
const hal_key_flags_t flags,
hal_rpc_pkey_attribute_t *attributes,
@@ -881,7 +881,7 @@ static hal_error_t pkey_local_match(const hal_key_type_t type,
hal_error_t err;
if ((err = ks_open_from_flags(&ks, flags)) == HAL_OK &&
- (err = hal_ks_match(ks, type, curve, flags, attributes, attributes_len,
+ (err = hal_ks_match(ks, session, type, curve, flags, attributes, attributes_len,
result, result_len, result_max, previous_uuid)) == HAL_OK)
err = hal_ks_close(ks);
else if (ks != NULL)
diff --git a/rpc_server.c b/rpc_server.c
index 5f3502f..e4fde9f 100644
--- a/rpc_server.c
+++ b/rpc_server.c
@@ -563,8 +563,7 @@ static hal_error_t pkey_get_public_key(const uint8_t **iptr, const uint8_t * con
static hal_error_t pkey_sign(const uint8_t **iptr, const uint8_t * const ilimit,
uint8_t **optr, const uint8_t * const olimit)
{
- hal_client_handle_t client __attribute__((unused));
- hal_session_handle_t session;
+ hal_client_handle_t client;
hal_pkey_handle_t pkey;
hal_hash_handle_t hash;
const uint8_t *input;
@@ -575,7 +574,6 @@ static hal_error_t pkey_sign(const uint8_t **iptr, const uint8_t * const ilimit,
hal_error_t ret;
check(hal_xdr_decode_int(iptr, ilimit, &client.handle));
- check(hal_xdr_decode_int(iptr, ilimit, &session.handle));
check(hal_xdr_decode_int(iptr, ilimit, &pkey.handle));
check(hal_xdr_decode_int(iptr, ilimit, &hash.handle));
check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &input, &input_len));
@@ -587,7 +585,7 @@ static hal_error_t pkey_sign(const uint8_t **iptr, const uint8_t * const ilimit,
/* call the local function */
/* get the data directly into the output buffer */
*optr += 4; /* reserve 4 bytes for length */
- ret = hal_rpc_local_pkey_dispatch.sign(session, pkey, hash, input, input_len, *optr, &sig_len, sig_max);
+ ret = hal_rpc_local_pkey_dispatch.sign(pkey, hash, input, input_len, *optr, &sig_len, sig_max);
*optr = optr_orig;
if (ret == HAL_OK) {
check(hal_xdr_encode_int(optr, olimit, sig_len));
@@ -599,8 +597,7 @@ static hal_error_t pkey_sign(const uint8_t **iptr, const uint8_t * const ilimit,
static hal_error_t pkey_verify(const uint8_t **iptr, const uint8_t * const ilimit,
uint8_t **optr, const uint8_t * const olimit)
{
- hal_client_handle_t client __attribute__((unused));
- hal_session_handle_t session;
+ hal_client_handle_t client;
hal_pkey_handle_t pkey;
hal_hash_handle_t hash;
const uint8_t *input;
@@ -610,14 +607,13 @@ static hal_error_t pkey_verify(const uint8_t **iptr, const uint8_t * const ilimi
hal_error_t ret;
check(hal_xdr_decode_int(iptr, ilimit, &client.handle));
- check(hal_xdr_decode_int(iptr, ilimit, &session.handle));
check(hal_xdr_decode_int(iptr, ilimit, &pkey.handle));
check(hal_xdr_decode_int(iptr, ilimit, &hash.handle));
check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &input, &input_len));
check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &sig, &sig_len));
/* call the local function */
- ret = hal_rpc_local_pkey_dispatch.verify(session, pkey, hash, input, input_len, sig, sig_len);
+ ret = hal_rpc_local_pkey_dispatch.verify(pkey, hash, input, input_len, sig, sig_len);
return ret;
}
@@ -638,13 +634,15 @@ static hal_error_t hal_xdr_encode_pkey_info(uint8_t **optr, const uint8_t * cons
static hal_error_t pkey_list(const uint8_t **iptr, const uint8_t * const ilimit,
uint8_t **optr, const uint8_t * const olimit)
{
- hal_client_handle_t client __attribute__((unused));
+ hal_client_handle_t client;
+ hal_session_handle_t session;
uint8_t *optr_orig = *optr;
uint32_t result_max;
hal_key_flags_t flags;
hal_error_t ret;
check(hal_xdr_decode_int(iptr, ilimit, &client.handle));
+ check(hal_xdr_decode_int(iptr, ilimit, &session.handle));
check(hal_xdr_decode_int(iptr, ilimit, &result_max));
check(hal_xdr_decode_int(iptr, ilimit, &flags));
@@ -652,7 +650,7 @@ static hal_error_t pkey_list(const uint8_t **iptr, const uint8_t * const ilimit,
unsigned result_len;
/* call the local function */
- ret = hal_rpc_local_pkey_dispatch.list(result, &result_len, result_max, flags);
+ ret = hal_rpc_local_pkey_dispatch.list(session, result, &result_len, result_max, flags);
if (ret == HAL_OK) {
check(hal_xdr_encode_int(optr, olimit, result_len));
@@ -667,19 +665,18 @@ static hal_error_t pkey_list(const uint8_t **iptr, const uint8_t * const ilimit,
return ret;
}
-#warning Which RPC pkey functions take session looks kind of messed up
-// list() and match() probably should take session, sign() and verify() probably should not
-
static hal_error_t pkey_match(const uint8_t **iptr, const uint8_t * const ilimit,
uint8_t **optr, const uint8_t * const olimit)
{
hal_client_handle_t client;
+ hal_session_handle_t session;
uint32_t type, curve, attributes_len, result_max, previous_uuid_len;
const uint8_t *previous_uuid_ptr;
hal_key_flags_t flags;
hal_error_t ret;
check(hal_xdr_decode_int(iptr, ilimit, &client.handle));
+ check(hal_xdr_decode_int(iptr, ilimit, &session.handle));
check(hal_xdr_decode_int(iptr, ilimit, &type));
check(hal_xdr_decode_int(iptr, ilimit, &curve));
check(hal_xdr_decode_int(iptr, ilimit, &flags));
@@ -704,7 +701,8 @@ static hal_error_t pkey_match(const uint8_t **iptr, const uint8_t * const ilimit
hal_uuid_t result[result_max];
unsigned result_len;
- ret = hal_rpc_local_pkey_dispatch.match(type, curve, flags, attributes, attributes_len,
+ ret = hal_rpc_local_pkey_dispatch.match(session, type, curve, flags,
+ attributes, attributes_len,
result, &result_len, result_max,
(hal_uuid_t *) previous_uuid_ptr);