diff options
author | Rob Austein <sra@hactrn.net> | 2017-04-07 17:41:30 -0400 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2017-04-07 17:41:30 -0400 |
commit | a031d726ccdd358cec63a7892b3ce1e88b201313 (patch) | |
tree | 2c05feeff6a78d684ffc364dde1ab76bd533d5d0 | |
parent | d52a62ab76003fffd04dfaee686aa1956e7b56a7 (diff) |
Pull key type information from uploaded key in hal_rpc_pkey_load().
Now that we use PKCS #8 format for private keys, all key formats we
use include ASN.1 AlgorithmIdentifier field describing the key, so
specifying key type and curve as arguments to hal_rpc_pkey_load() is
neither necessary nor particularly useful.
-rw-r--r-- | hal.h | 2 | ||||
-rw-r--r-- | hal_internal.h | 2 | ||||
-rw-r--r-- | key-backup.py | 4 | ||||
-rw-r--r-- | libhal.py | 4 | ||||
-rw-r--r-- | rpc_api.c | 6 | ||||
-rw-r--r-- | rpc_client.c | 6 | ||||
-rw-r--r-- | rpc_client_daemon.c | 1 | ||||
-rw-r--r-- | rpc_pkey.c | 18 | ||||
-rw-r--r-- | rpc_server.c | 22 | ||||
-rw-r--r-- | tests/test-rpc_pkey.c | 24 | ||||
-rw-r--r-- | unit-tests.py | 46 |
11 files changed, 54 insertions, 81 deletions
@@ -749,8 +749,6 @@ typedef struct { extern hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, - const hal_key_type_t type, - const hal_curve_name_t curve, hal_uuid_t *name, const uint8_t * const der, const size_t der_len, const hal_key_flags_t flags); diff --git a/hal_internal.h b/hal_internal.h index 8130801..82d0081 100644 --- a/hal_internal.h +++ b/hal_internal.h @@ -192,8 +192,6 @@ typedef struct { hal_error_t (*load)(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, - const hal_key_type_t type, - const hal_curve_name_t curve, hal_uuid_t *name, const uint8_t * const der, const size_t der_len, const hal_key_flags_t flags); diff --git a/key-backup.py b/key-backup.py index 3d971e7..4cdd9e9 100644 --- a/key-backup.py +++ b/key-backup.py @@ -70,8 +70,6 @@ def test_export(): kekek = RSA.importKey(kekek_pem) kekek_handle = hsm.pkey_load( - type = HAL_KEY_TYPE_RSA_PUBLIC, - curve = HAL_CURVE_NONE, flags = HAL_KEY_FLAG_USAGE_KEYENCIPHERMENT, der = kekek.publickey().exportKey(format = "DER")) atexit(kekek_handle.delete) @@ -102,8 +100,6 @@ def test_import(): if False: kekek = RSA.importKey(kekek_pem) kekek_handle = hsm.pkey_load( - type = HAL_KEY_TYPE_RSA_PRIVATE, - curve = HAL_CURVE_NONE, flags = HAL_KEY_FLAG_USAGE_KEYENCIPHERMENT, der = kekek.exportKey(format = "DER", pkcs = 8)) atexit(kekek_handle.delete) @@ -555,8 +555,8 @@ class HSM(object): with self.rpc(RPC_FUNC_HASH_FINALIZE, handle, length) as r: return r.unpack_bytes() - def pkey_load(self, type, curve, der, flags = 0, client = 0, session = 0): - with self.rpc(RPC_FUNC_PKEY_LOAD, session, type, curve, der, flags, client = client) as r: + def pkey_load(self, der, flags = 0, client = 0, session = 0): + with self.rpc(RPC_FUNC_PKEY_LOAD, session, der, flags, client = client) as r: pkey = PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes())) logger.debug("Loaded pkey %s", pkey.uuid) return pkey @@ -218,15 +218,13 @@ hal_error_t hal_rpc_hash_finalize(const hal_hash_handle_t hash, hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, - const hal_key_type_t type, - const hal_curve_name_t curve, hal_uuid_t *name, const uint8_t * const der, const size_t der_len, const hal_key_flags_t flags) { - if (pkey == NULL || name == NULL || der == NULL || der_len == 0 || !check_pkey_type_curve_flags(type, curve, flags)) + if (pkey == NULL || name == NULL || der == NULL || der_len == 0 || !check_pkey_flags(flags)) return HAL_ERROR_BAD_ARGUMENTS; - return hal_rpc_pkey_dispatch->load(client, session, pkey, type, curve, name, der, der_len, flags); + return hal_rpc_pkey_dispatch->load(client, session, pkey, name, der, der_len, flags); } hal_error_t hal_rpc_pkey_open(const hal_client_handle_t client, diff --git a/rpc_client.c b/rpc_client.c index 5729b6f..e856cce 100644 --- a/rpc_client.c +++ b/rpc_client.c @@ -420,13 +420,11 @@ static hal_error_t hash_finalize(const hal_hash_handle_t hash, static hal_error_t pkey_remote_load(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, - const hal_key_type_t type, - const hal_curve_name_t curve, hal_uuid_t *name, const uint8_t * const der, const size_t der_len, const hal_key_flags_t flags) { - uint8_t outbuf[nargs(7) + pad(der_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t outbuf[nargs(5) + pad(der_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); uint8_t inbuf[nargs(5) + pad(sizeof(name->uuid))]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); uint32_t name_len = sizeof(name->uuid); @@ -435,8 +433,6 @@ static hal_error_t pkey_remote_load(const hal_client_handle_t client, check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_LOAD)); check(hal_xdr_encode_int(&optr, olimit, client.handle)); check(hal_xdr_encode_int(&optr, olimit, session.handle)); - check(hal_xdr_encode_int(&optr, olimit, type)); - check(hal_xdr_encode_int(&optr, olimit, curve)); check(hal_xdr_encode_buffer(&optr, olimit, der, der_len)); check(hal_xdr_encode_int(&optr, olimit, flags)); check(hal_rpc_send(outbuf, optr - outbuf)); diff --git a/rpc_client_daemon.c b/rpc_client_daemon.c index 7ff3f21..1c506eb 100644 --- a/rpc_client_daemon.c +++ b/rpc_client_daemon.c @@ -40,6 +40,7 @@ #include "hal.h" #include "hal_internal.h" +#include "slip_internal.h" static int sock = -1; @@ -268,26 +268,27 @@ static inline hal_error_t ks_open_from_flags(hal_ks_t **ks, const hal_key_flags_ * return a key handle and the name. */ -#warning Convert hal_rpc_pkey_load() to use hal_asn1_guess_key_type()? - static hal_error_t pkey_local_load(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, - const hal_key_type_t type, - const hal_curve_name_t curve, hal_uuid_t *name, const uint8_t * const der, const size_t der_len, const hal_key_flags_t flags) { - assert(pkey != NULL && name != NULL); + assert(pkey != NULL && name != NULL && der != NULL); + hal_curve_name_t curve; hal_pkey_slot_t *slot; + hal_key_type_t type; hal_ks_t *ks = NULL; hal_error_t err; if ((err = check_writable(client, flags)) != HAL_OK) return err; + if ((err = hal_asn1_guess_key_type(&type, &curve, der, der_len)) != HAL_OK) + return err; + if ((slot = alloc_slot(flags)) == NULL) return HAL_ERROR_NO_KEY_SLOTS_AVAILABLE; @@ -1188,8 +1189,6 @@ static hal_error_t pkey_local_import(const hal_client_handle_t client, size_t der_len, oid_len, data_len; const uint8_t *oid, *data; hal_rsa_key_t *rsa = NULL; - hal_curve_name_t curve; - hal_key_type_t type; hal_ks_t *ks = NULL; hal_error_t err; @@ -1253,10 +1252,7 @@ static hal_error_t pkey_local_import(const hal_client_handle_t client, if ((err = hal_aes_keyunwrap(NULL, kek, sizeof(kek), data, data_len, der, &der_len)) != HAL_OK) goto fail; - if ((err = hal_asn1_guess_key_type(&type, &curve, der, der_len)) != HAL_OK) - goto fail; - - err = pkey_local_load(client, session, pkey, type, curve, name, der, der_len, flags); + err = pkey_local_load(client, session, pkey, name, der, der_len, flags); fail: memset(rsabuf, 0, sizeof(rsabuf)); diff --git a/rpc_server.c b/rpc_server.c index 4aa5de4..55f15fe 100644 --- a/rpc_server.c +++ b/rpc_server.c @@ -322,30 +322,28 @@ static hal_error_t pkey_load(const uint8_t **iptr, const uint8_t * const ilimit, hal_client_handle_t client; hal_session_handle_t session; hal_pkey_handle_t pkey; - uint32_t type; - uint32_t curve; hal_uuid_t name; const uint8_t *der; uint32_t der_len; hal_key_flags_t flags; hal_error_t ret; + uint8_t *optr_orig = *optr; check(hal_xdr_decode_int(iptr, ilimit, &client.handle)); check(hal_xdr_decode_int(iptr, ilimit, &session.handle)); - check(hal_xdr_decode_int(iptr, ilimit, &type)); - check(hal_xdr_decode_int(iptr, ilimit, &curve)); check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &der, &der_len)); check(hal_xdr_decode_int(iptr, ilimit, &flags)); - /* call the local function */ - ret = hal_rpc_pkey_load(client, session, &pkey, type, curve, &name, der, der_len, flags); + ret = hal_rpc_pkey_load(client, session, &pkey, &name, der, der_len, flags); - if (ret == HAL_OK) { - uint8_t *optr_orig = *optr; - if ((ret = hal_xdr_encode_int(optr, olimit, pkey.handle)) != HAL_OK || - (ret = hal_xdr_encode_buffer(optr, olimit, name.uuid, sizeof(name.uuid))) != HAL_OK) - *optr = optr_orig; - } + if (ret == HAL_OK) + ret = hal_xdr_encode_int(optr, olimit, pkey.handle); + + if (ret == HAL_OK) + ret = hal_xdr_encode_buffer(optr, olimit, name.uuid, sizeof(name.uuid)); + + if (ret != HAL_OK) + *optr = optr_orig; return ret; } diff --git a/tests/test-rpc_pkey.c b/tests/test-rpc_pkey.c index c07a318..1b5f86a 100644 --- a/tests/test-rpc_pkey.c +++ b/tests/test-rpc_pkey.c @@ -177,8 +177,8 @@ static int test_rsa_testvec(const rsa_tc_t * const tc, hal_key_flags_t flags) assert(len == sizeof(private_der)); - if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE, - &private_name, private_der, sizeof(private_der), flags)) != HAL_OK) + if ((err = hal_rpc_pkey_load(client, session, &private_key, &private_name, + private_der, sizeof(private_der), flags)) != HAL_OK) lose("Could not load private key into RPC: %s\n", hal_error_string(err)); if ((err = hal_rsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK) @@ -186,8 +186,8 @@ static int test_rsa_testvec(const rsa_tc_t * const tc, hal_key_flags_t flags) assert(len == sizeof(public_der)); - if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, - &public_name, public_der, sizeof(public_der), flags)) != HAL_OK) + if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name, + public_der, sizeof(public_der), flags)) != HAL_OK) lose("Could not load public key into RPC: %s\n", hal_error_string(err)); uint8_t sig[tc->s.len]; @@ -271,8 +271,8 @@ static int test_ecdsa_testvec(const ecdsa_tc_t * const tc, hal_key_flags_t flags assert(len == sizeof(private_der)); - if ((err = hal_rpc_pkey_load(client, session, &private_key, HAL_KEY_TYPE_EC_PRIVATE, tc->curve, - &private_name, private_der, sizeof(private_der), flags)) != HAL_OK) + if ((err = hal_rpc_pkey_load(client, session, &private_key, &private_name, + private_der, sizeof(private_der), flags)) != HAL_OK) lose("Could not load private key into RPC: %s\n", hal_error_string(err)); if ((err = hal_ecdsa_public_key_to_der(tc_key, public_der, &len, sizeof(public_der))) != HAL_OK) @@ -280,8 +280,8 @@ static int test_ecdsa_testvec(const ecdsa_tc_t * const tc, hal_key_flags_t flags assert(len == sizeof(public_der)); - if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve, - &public_name, public_der, sizeof(public_der), flags)) != HAL_OK) + if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name, + public_der, sizeof(public_der), flags)) != HAL_OK) lose("Could not load public key into RPC: %s\n", hal_error_string(err)); if ((err = hal_rpc_pkey_verify(public_key, hal_hash_handle_none, @@ -353,8 +353,8 @@ static int test_rsa_generate(const rsa_tc_t * const tc, hal_key_flags_t flags) assert(len == sizeof(public_der)); - if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, - &public_name, public_der, sizeof(public_der), flags)) != HAL_OK) + if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name, + public_der, sizeof(public_der), flags)) != HAL_OK) lose("Could not load public key into RPC: %s\n", hal_error_string(err)); uint8_t sig[tc->s.len]; @@ -429,8 +429,8 @@ static int test_ecdsa_generate(const ecdsa_tc_t * const tc, hal_key_flags_t flag assert(len == sizeof(public_der)); - if ((err = hal_rpc_pkey_load(client, session, &public_key, HAL_KEY_TYPE_EC_PUBLIC, tc->curve, - &public_name, public_der, sizeof(public_der), flags)) != HAL_OK) + if ((err = hal_rpc_pkey_load(client, session, &public_key, &public_name, + public_der, sizeof(public_der), flags)) != HAL_OK) lose("Could not load public key into RPC: %s\n", hal_error_string(err)); uint8_t sig[tc->sig_len + 4]; diff --git a/unit-tests.py b/unit-tests.py index 83260e6..6fe5ccf 100644 --- a/unit-tests.py +++ b/unit-tests.py @@ -260,16 +260,14 @@ class TestPKeyGen(TestCaseLoggedIn): def gen_sign_verify_rsa(self, hashalg, keylen): k1 = hsm.pkey_generate_rsa(keylen, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) self.addCleanup(k1.delete) - k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, k1.public_key, - HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) + k2 = hsm.pkey_load(k1.public_key, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) self.addCleanup(k2.delete) self.sign_verify(hashalg, k1, k2) def gen_sign_verify_ecdsa(self, hashalg, curve): k1 = hsm.pkey_generate_ec(curve, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) self.addCleanup(k1.delete) - k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, k1.public_key, - HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) + k2 = hsm.pkey_load(k1.public_key, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) self.addCleanup(k2.delete) self.sign_verify(hashalg, k1, k2) @@ -303,23 +301,19 @@ class TestPKeyHashing(TestCaseLoggedIn): """ def load_sign_verify_rsa(self, alg, keylen, method): - k1 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE, - PreloadedKey.db[HAL_KEY_TYPE_RSA_PRIVATE, keylen].der, + k1 = hsm.pkey_load(PreloadedKey.db[HAL_KEY_TYPE_RSA_PRIVATE, keylen].der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) self.addCleanup(k1.delete) - k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, - PreloadedKey.db[HAL_KEY_TYPE_RSA_PUBLIC, keylen].der, + k2 = hsm.pkey_load(PreloadedKey.db[HAL_KEY_TYPE_RSA_PUBLIC, keylen].der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) self.addCleanup(k2.delete) method(alg, k1, k2) def load_sign_verify_ecdsa(self, alg, curve, method): - k1 = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, curve, - PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, curve].der, + k1 = hsm.pkey_load(PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, curve].der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) self.addCleanup(k1.delete) - k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, - PreloadedKey.db[HAL_KEY_TYPE_EC_PUBLIC, curve].der, + k2 = hsm.pkey_load(PreloadedKey.db[HAL_KEY_TYPE_EC_PUBLIC, curve].der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) self.addCleanup(k2.delete) method(alg, k1, k2) @@ -490,9 +484,9 @@ class TestPKeyRSAInterop(TestCaseLoggedIn): hamster = "Your mother was a hamster" sk = PreloadedKey.db[HAL_KEY_TYPE_RSA_PRIVATE, keylen] vk = PreloadedKey.db[HAL_KEY_TYPE_RSA_PUBLIC, keylen] - k1 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PRIVATE, HAL_CURVE_NONE, sk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) + k1 = hsm.pkey_load(sk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) self.addCleanup(k1.delete) - k2 = hsm.pkey_load(HAL_KEY_TYPE_RSA_PUBLIC, HAL_CURVE_NONE, vk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) + k2 = hsm.pkey_load(vk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) self.addCleanup(k2.delete) sig1 = k1.sign(hash = self.h(alg, hamster)) sig2 = sk.sign(hamster, pyhash) @@ -525,9 +519,9 @@ class TestPKeyECDSAInterop(TestCaseLoggedIn): hamster = "Your mother was a hamster" sk = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, curve] vk = PreloadedKey.db[HAL_KEY_TYPE_EC_PUBLIC, curve] - k1 = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, curve, sk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) + k1 = hsm.pkey_load(sk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) self.addCleanup(k1.delete) - k2 = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, curve, vk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) + k2 = hsm.pkey_load(vk.der, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) self.addCleanup(k2.delete) sig1 = k1.sign(hash = self.h(alg, hamster)) sig2 = sk.sign(hamster, pyhash) @@ -553,7 +547,7 @@ class TestPKeyMatch(TestCaseLoggedIn): def load_keys(self, flags): uuids = set() for obj in PreloadedKey.db.itervalues(): - with hsm.pkey_load(obj.keytype, obj.curve, obj.der, flags) as k: + with hsm.pkey_load(obj.der, flags) as k: self.addCleanup(lambda uuid: hsm.pkey_open(uuid, flags = flags).delete(), k.uuid) uuids.add(k.uuid) k.set_attributes(dict((i, a) for i, a in enumerate((str(obj.keytype), str(obj.fn2))))) @@ -624,7 +618,7 @@ class TestPKeyAttribute(TestCaseLoggedIn): pinwheel = Pinwheel() for i in xrange(n_keys): for obj in PreloadedKey.db.itervalues(): - with hsm.pkey_load(obj.keytype, obj.curve, obj.der, flags) as k: + with hsm.pkey_load(obj.der, flags) as k: pinwheel() self.addCleanup(lambda uuid: hsm.pkey_open(uuid, flags = flags).delete(), k.uuid) k.set_attributes(dict((j, "Attribute {}{}".format(j, "*" * n_fill)) @@ -652,7 +646,7 @@ class TestPKeyAttributeP11(TestCaseLoggedIn): def setUp(self): der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der - self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, HAL_KEY_FLAG_TOKEN) + self.k = hsm.pkey_load(der, HAL_KEY_FLAG_TOKEN) self.addCleanup(self.k.delete) super(TestPKeyAttributeP11, self).setUp() @@ -717,7 +711,7 @@ class TestPKeyAttributeWriteSpeedToken(TestCaseLoggedIn): def setUp(self): der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der - self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, HAL_KEY_FLAG_TOKEN) + self.k = hsm.pkey_load(der, HAL_KEY_FLAG_TOKEN) self.addCleanup(self.k.delete) super(TestPKeyAttributeWriteSpeedToken, self).setUp() @@ -742,7 +736,7 @@ class TestPKeyAttributeWriteSpeedVolatile(TestCaseLoggedIn): def setUp(self): der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der - self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, 0) + self.k = hsm.pkey_load(der, 0) self.addCleanup(self.k.delete) super(TestPKeyAttributeWriteSpeedVolatile, self).setUp() @@ -767,7 +761,7 @@ class TestPKeyAttributeReadSpeedToken(TestCaseLoggedIn): def setUp(self): der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der - self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, HAL_KEY_FLAG_TOKEN) + self.k = hsm.pkey_load(der, HAL_KEY_FLAG_TOKEN) self.addCleanup(self.k.delete) self.k.set_attributes(dict((i, "Attribute {}".format(i)) for i in xrange(12))) @@ -799,7 +793,7 @@ class TestPKeyAttributeReadSpeedVolatile(TestCaseLoggedIn): def setUp(self): der = PreloadedKey.db[HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256].der - self.k = hsm.pkey_load(HAL_KEY_TYPE_EC_PRIVATE, HAL_CURVE_P256, der, 0) + self.k = hsm.pkey_load(der, 0) self.addCleanup(self.k.delete) self.k.set_attributes(dict((i, "Attribute {}".format(i)) for i in xrange(12))) @@ -830,10 +824,10 @@ class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn): ECDSA verification tests based on Suite B Implementer's Guide to FIPS 186-3. """ - def verify(self, Qx, Qy, H, r, s, hal_curve, py_curve, py_hash): + def verify(self, Qx, Qy, H, r, s, py_curve, py_hash): Q = ECDSA_VerifyingKey.from_public_point(Point(py_curve.curve, Qx, Qy), py_curve, py_hash).to_der() - k = hsm.pkey_load(HAL_KEY_TYPE_EC_PUBLIC, hal_curve, Q, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) + k = hsm.pkey_load(Q, HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE) self.addCleanup(k.delete) k.verify(signature = (r + s).decode("hex"), data = H.decode("hex")) @@ -844,7 +838,6 @@ class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn): H = "7c3e883ddc8bd688f96eac5e9324222c8f30f9d6bb59e9c5f020bd39ba2b8377", r = "7214bc9647160bbd39ff2f80533f5dc6ddd70ddf86bb815661e805d5d4e6f27c", s = "7d1ff961980f961bdaa3233b6209f4013317d3e3f9e1493592dbeaa1af2bc367", - hal_curve = HAL_CURVE_P256, py_curve = NIST256p, py_hash = SHA256) @@ -855,7 +848,6 @@ class TestPkeyECDSAVerificationNIST(TestCaseLoggedIn): H = "b9210c9d7e20897ab86597266a9d5077e8db1b06f7220ed6ee75bd8b45db37891f8ba5550304004159f4453dc5b3f5a1", r = "a0c27ec893092dea1e1bd2ccfed3cf945c8134ed0c9f81311a0f4a05942db8dbed8dd59f267471d5462aa14fe72de856", s = "20ab3f45b74f10b6e11f96a2c8eb694d206b9dda86d3c7e331c26b22c987b7537726577667adadf168ebbe803794a402", - hal_curve = HAL_CURVE_P384, py_curve = NIST384p, py_hash = SHA384) |