From 45061e2df746f597195b80376fc405b4538b5420 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 7 Oct 2016 20:23:45 -0400 Subject: Fix session handle arguments in RPC calls. RPC calls which pass a pkey handle don't need to pass a session handle, because the session handle is already in the HSM's pkey slot object; pkey RPC calls which don't pass a pkey argument do need to pass a session handle. This change percolates down to the keystore driver, because only the keystore driver knows whether that particular keystore cares about session handles. --- hal.h | 14 ++++++-------- hal_internal.h | 20 ++++++++++++-------- ks_flash.c | 4 ++++ rpc_api.c | 20 ++++++++++---------- rpc_client.c | 40 +++++++++++++++++++--------------------- rpc_pkey.c | 16 ++++++++-------- rpc_server.c | 26 ++++++++++++-------------- 7 files changed, 71 insertions(+), 69 deletions(-) diff --git a/hal.h b/hal.h index 5b4de69..997db7c 100644 --- a/hal.h +++ b/hal.h @@ -736,16 +736,12 @@ extern size_t hal_rpc_pkey_get_public_key_len(const hal_pkey_handle_t pkey); extern hal_error_t hal_rpc_pkey_get_public_key(const hal_pkey_handle_t pkey, uint8_t *der, size_t *der_len, const size_t der_max); -#warning Um, why do hal_rpc_pkey_sign() and hal_rpc_pkey_verify() take session arguments? - -extern hal_error_t hal_rpc_pkey_sign(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +extern hal_error_t hal_rpc_pkey_sign(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max); -extern hal_error_t hal_rpc_pkey_verify(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +extern hal_error_t hal_rpc_pkey_verify(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len); @@ -758,7 +754,8 @@ typedef struct { /* ... */ } hal_pkey_info_t; -extern hal_error_t hal_rpc_pkey_list(hal_pkey_info_t *result, +extern hal_error_t hal_rpc_pkey_list(const hal_session_handle_t session, + hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max, hal_key_flags_t flags); @@ -769,7 +766,8 @@ typedef struct { const uint8_t *value; } hal_rpc_pkey_attribute_t; -extern hal_error_t hal_rpc_pkey_match(const hal_key_type_t type, +extern hal_error_t hal_rpc_pkey_match(const hal_session_handle_t session, + const hal_key_type_t type, const hal_curve_name_t curve, const hal_key_flags_t flags, hal_rpc_pkey_attribute_t *attributes, diff --git a/hal_internal.h b/hal_internal.h index 0d40922..fe1cb1f 100644 --- a/hal_internal.h +++ b/hal_internal.h @@ -225,24 +225,24 @@ typedef struct { hal_error_t (*get_public_key)(const hal_pkey_handle_t pkey, uint8_t *der, size_t *der_len, const size_t der_max); - hal_error_t (*sign)(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, + hal_error_t (*sign)(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max); - hal_error_t (*verify)(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, + hal_error_t (*verify)(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len); - hal_error_t (*list)(hal_pkey_info_t *result, + hal_error_t (*list)(const hal_session_handle_t session, + hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max, hal_key_flags_t flags); - hal_error_t (*match)(const hal_key_type_t type, + hal_error_t (*match)(const hal_session_handle_t session, + const hal_key_type_t type, const hal_curve_name_t curve, const hal_key_flags_t flags, hal_rpc_pkey_attribute_t *attributes, @@ -491,11 +491,13 @@ struct hal_ks_driver { const hal_pkey_slot_t * const slot); hal_error_t (*list)(hal_ks_t *ks, + const hal_session_handle_t session, hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max); hal_error_t (*match)(hal_ks_t *ks, + const hal_session_handle_t session, const hal_key_type_t type, const hal_curve_name_t curve, const hal_key_flags_t flags, @@ -606,6 +608,7 @@ static inline hal_error_t hal_ks_delete(hal_ks_t *ks, } static inline hal_error_t hal_ks_list(hal_ks_t *ks, + const hal_session_handle_t session, hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max) @@ -613,10 +616,11 @@ static inline hal_error_t hal_ks_list(hal_ks_t *ks, if (ks == NULL || ks->driver == NULL || ks->driver->list == NULL) return HAL_ERROR_BAD_ARGUMENTS; - return ks->driver->list(ks, result, result_len, result_max); + return ks->driver->list(ks, session, result, result_len, result_max); } static inline hal_error_t hal_ks_match(hal_ks_t *ks, + const hal_session_handle_t session, const hal_key_type_t type, const hal_curve_name_t curve, const hal_key_flags_t flags, @@ -630,7 +634,7 @@ static inline hal_error_t hal_ks_match(hal_ks_t *ks, if (ks == NULL || ks->driver == NULL || ks->driver->match == NULL) return HAL_ERROR_BAD_ARGUMENTS; - return ks->driver->match(ks, type, curve, flags, attributes, attributes_len, + return ks->driver->match(ks, session, type, curve, flags, attributes, attributes_len, result, result_len, result_max, previous_uuid); } diff --git a/ks_flash.c b/ks_flash.c index 5b3f718..b14fc6a 100644 --- a/ks_flash.c +++ b/ks_flash.c @@ -1043,6 +1043,7 @@ static hal_error_t ks_match(hal_ks_t *ks, hal_uuid_t *previous_uuid) { #warning NIY + return HAL_ERROR_IMPOSSIBLE; } static hal_error_t ks_set_attribute(hal_ks_t *ks, @@ -1052,6 +1053,7 @@ static hal_error_t ks_set_attribute(hal_ks_t *ks, const size_t value_len) { #warning NIY + return HAL_ERROR_IMPOSSIBLE; } static hal_error_t ks_get_attribute(hal_ks_t *ks, @@ -1062,6 +1064,7 @@ static hal_error_t ks_get_attribute(hal_ks_t *ks, const size_t value_max) { #warning NIY + return HAL_ERROR_IMPOSSIBLE; } static hal_error_t ks_delete_attribute(hal_ks_t *ks, @@ -1069,6 +1072,7 @@ static hal_error_t ks_delete_attribute(hal_ks_t *ks, const uint32_t type) { #warning NIY + return HAL_ERROR_IMPOSSIBLE; } const hal_ks_driver_t hal_ks_token_driver[1] = {{ diff --git a/rpc_api.c b/rpc_api.c index 022dc62..f7b04cc 100644 --- a/rpc_api.c +++ b/rpc_api.c @@ -304,8 +304,7 @@ hal_error_t hal_rpc_pkey_get_public_key(const hal_pkey_handle_t pkey, return hal_rpc_pkey_dispatch->get_public_key(pkey, der, der_len, der_max); } -hal_error_t hal_rpc_pkey_sign(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +hal_error_t hal_rpc_pkey_sign(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max) @@ -313,11 +312,10 @@ hal_error_t hal_rpc_pkey_sign(const hal_session_handle_t session, if (signature == NULL || signature_len == NULL || signature_max == 0 || (hash.handle == HAL_HANDLE_NONE) == (input == NULL || input_len == 0)) return HAL_ERROR_BAD_ARGUMENTS; - return hal_rpc_pkey_dispatch->sign(session, pkey, hash, input, input_len, signature, signature_len, signature_max); + return hal_rpc_pkey_dispatch->sign(pkey, hash, input, input_len, signature, signature_len, signature_max); } -hal_error_t hal_rpc_pkey_verify(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +hal_error_t hal_rpc_pkey_verify(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len) @@ -325,20 +323,22 @@ hal_error_t hal_rpc_pkey_verify(const hal_session_handle_t session, if (signature == NULL || signature_len == 0 || (hash.handle == HAL_HANDLE_NONE) == (input == NULL || input_len == 0)) return HAL_ERROR_BAD_ARGUMENTS; - return hal_rpc_pkey_dispatch->verify(session, pkey, hash, input, input_len, signature, signature_len); + return hal_rpc_pkey_dispatch->verify(pkey, hash, input, input_len, signature, signature_len); } -hal_error_t hal_rpc_pkey_list(hal_pkey_info_t *result, +hal_error_t hal_rpc_pkey_list(const hal_session_handle_t session, + hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max, hal_key_flags_t flags) { if (result == NULL || result_len == NULL || result_max == 0) return HAL_ERROR_BAD_ARGUMENTS; - return hal_rpc_pkey_dispatch->list(result, result_len, result_max, flags); + return hal_rpc_pkey_dispatch->list(session, result, result_len, result_max, flags); } -hal_error_t hal_rpc_pkey_match(const hal_key_type_t type, +hal_error_t hal_rpc_pkey_match(const hal_session_handle_t session, + const hal_key_type_t type, const hal_curve_name_t curve, const hal_key_flags_t flags, hal_rpc_pkey_attribute_t *attributes, @@ -357,7 +357,7 @@ hal_error_t hal_rpc_pkey_match(const hal_key_type_t type, if (attributes[i].value == NULL) return HAL_ERROR_BAD_ARGUMENTS; - return hal_rpc_pkey_dispatch->match(type, curve, flags, attributes, attributes_len, + return hal_rpc_pkey_dispatch->match(session, type, curve, flags, attributes, attributes_len, result, result_len, result_max, previous_uuid); } diff --git a/rpc_client.c b/rpc_client.c index a56052d..78e2f16 100644 --- a/rpc_client.c +++ b/rpc_client.c @@ -681,13 +681,12 @@ static hal_error_t pkey_remote_get_public_key(const hal_pkey_handle_t pkey, return rpc_ret; } -static hal_error_t pkey_remote_sign(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +static hal_error_t pkey_remote_sign(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, - const uint8_t * const input, const size_t input_len, + const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max) { - uint8_t outbuf[nargs(7) + pad(input_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t outbuf[nargs(6) + pad(input_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); uint8_t inbuf[nargs(4) + pad(signature_max)]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); uint32_t slen32 = signature_max; @@ -696,7 +695,6 @@ static hal_error_t pkey_remote_sign(const hal_session_handle_t session, check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_SIGN)); check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle)); - check(hal_xdr_encode_int(&optr, olimit, session.handle)); check(hal_xdr_encode_int(&optr, olimit, pkey.handle)); check(hal_xdr_encode_int(&optr, olimit, hash.handle)); check(hal_xdr_encode_buffer(&optr, olimit, input, input_len)); @@ -713,13 +711,12 @@ static hal_error_t pkey_remote_sign(const hal_session_handle_t session, return rpc_ret; } -static hal_error_t pkey_remote_verify(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +static hal_error_t pkey_remote_verify(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len) { - uint8_t outbuf[nargs(7) + pad(input_len) + pad(signature_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t outbuf[nargs(6) + pad(input_len) + pad(signature_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); uint8_t inbuf[nargs(3)]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); hal_client_handle_t dummy_client = {0}; @@ -727,7 +724,6 @@ static hal_error_t pkey_remote_verify(const hal_session_handle_t session, check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_VERIFY)); check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle)); - check(hal_xdr_encode_int(&optr, olimit, session.handle)); check(hal_xdr_encode_int(&optr, olimit, pkey.handle)); check(hal_xdr_encode_int(&optr, olimit, hash.handle)); check(hal_xdr_encode_buffer(&optr, olimit, input, input_len)); @@ -757,12 +753,13 @@ static hal_error_t hal_xdr_decode_pkey_info(const uint8_t **iptr, const uint8_t return HAL_OK; } -static hal_error_t pkey_remote_list(hal_pkey_info_t *result, +static hal_error_t pkey_remote_list(const hal_session_handle_t session, + hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max, hal_key_flags_t flags) { - uint8_t outbuf[nargs(4)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t outbuf[nargs(5)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); uint8_t inbuf[nargs(4) + pad(result_max * sizeof(hal_pkey_info_t))]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); uint32_t len; @@ -771,6 +768,7 @@ static hal_error_t pkey_remote_list(hal_pkey_info_t *result, check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_LIST)); check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle)); + check(hal_xdr_encode_int(&optr, olimit, session.handle)); check(hal_xdr_encode_int(&optr, olimit, result_max)); check(hal_xdr_encode_int(&optr, olimit, flags)); check(hal_rpc_send(outbuf, optr - outbuf)); @@ -791,7 +789,8 @@ static hal_error_t pkey_remote_list(hal_pkey_info_t *result, return rpc_ret; } -static hal_error_t pkey_remote_match(const hal_key_type_t type, +static hal_error_t pkey_remote_match(const hal_session_handle_t session, + const hal_key_type_t type, const hal_curve_name_t curve, const hal_key_flags_t flags, hal_rpc_pkey_attribute_t *attributes, @@ -806,7 +805,7 @@ static hal_error_t pkey_remote_match(const hal_key_type_t type, for (int i = 0; i < attributes_len; i++) attributes_buffer_len += attributes[i].length; - uint8_t outbuf[nargs(8 + attributes_len * 2) + pad(attributes_buffer_len) + pad(sizeof(hal_uuid_t))]; + uint8_t outbuf[nargs(9 + attributes_len * 2) + pad(attributes_buffer_len) + pad(sizeof(hal_uuid_t))]; uint8_t *optr = outbuf, *olimit = outbuf + sizeof(outbuf); uint8_t inbuf[nargs(5) + pad(result_max * sizeof(hal_uuid_t)) + pad(sizeof(hal_uuid_t))]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); @@ -815,6 +814,7 @@ static hal_error_t pkey_remote_match(const hal_key_type_t type, check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_MATCH)); check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle)); + check(hal_xdr_encode_int(&optr, olimit, session.handle)); check(hal_xdr_encode_int(&optr, olimit, type)); check(hal_xdr_encode_int(&optr, olimit, curve)); check(hal_xdr_encode_int(&optr, olimit, flags)); @@ -934,14 +934,13 @@ static hal_error_t pkey_remote_delete_attribute(const hal_pkey_handle_t pkey, * pull the digest from the hash context and send that to the HSM. */ -static hal_error_t pkey_mixed_sign(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +static hal_error_t pkey_mixed_sign(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max) { if (input != NULL) - return hal_rpc_remote_pkey_dispatch.sign(session, pkey, hash, input, input_len, + return hal_rpc_remote_pkey_dispatch.sign(pkey, hash, input, input_len, signature, signature_len, signature_max); hal_digest_algorithm_t alg; @@ -970,18 +969,17 @@ static hal_error_t pkey_mixed_sign(const hal_session_handle_t session, } - return hal_rpc_remote_pkey_dispatch.sign(session, pkey, hal_hash_handle_none, digest, digest_len, + return hal_rpc_remote_pkey_dispatch.sign(pkey, hal_hash_handle_none, digest, digest_len, signature, signature_len, signature_max); } -static hal_error_t pkey_mixed_verify(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +static hal_error_t pkey_mixed_verify(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len) { if (input != NULL) - return hal_rpc_remote_pkey_dispatch.verify(session, pkey, hash, input, input_len, + return hal_rpc_remote_pkey_dispatch.verify(pkey, hash, input, input_len, signature, signature_len); hal_digest_algorithm_t alg; @@ -1010,7 +1008,7 @@ static hal_error_t pkey_mixed_verify(const hal_session_handle_t session, } - return hal_rpc_remote_pkey_dispatch.verify(session, pkey, hal_hash_handle_none, + return hal_rpc_remote_pkey_dispatch.verify(pkey, hal_hash_handle_none, digest, digest_len, signature, signature_len); } diff --git a/rpc_pkey.c b/rpc_pkey.c index 207d980..22ad197 100644 --- a/rpc_pkey.c +++ b/rpc_pkey.c @@ -647,8 +647,7 @@ static hal_error_t pkey_local_sign_ecdsa(uint8_t *keybuf, const size_t keybuf_le return HAL_OK; } -static hal_error_t pkey_local_sign(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +static hal_error_t pkey_local_sign(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max) @@ -794,8 +793,7 @@ static hal_error_t pkey_local_verify_ecdsa(uint8_t *keybuf, const size_t keybuf_ return HAL_OK; } -static hal_error_t pkey_local_verify(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +static hal_error_t pkey_local_verify(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len) @@ -850,7 +848,8 @@ static hal_error_t pkey_local_verify(const hal_session_handle_t session, * List keys in the key store. */ -static hal_error_t pkey_local_list(hal_pkey_info_t *result, +static hal_error_t pkey_local_list(const hal_session_handle_t session, + hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max, hal_key_flags_t flags) @@ -859,7 +858,7 @@ static hal_error_t pkey_local_list(hal_pkey_info_t *result, hal_error_t err; if ((err = ks_open_from_flags(&ks, flags)) == HAL_OK && - (err = hal_ks_list(ks, result, result_len, result_max)) == HAL_OK) + (err = hal_ks_list(ks, session, result, result_len, result_max)) == HAL_OK) err = hal_ks_close(ks); else if (ks != NULL) (void) hal_ks_close(ks); @@ -867,7 +866,8 @@ static hal_error_t pkey_local_list(hal_pkey_info_t *result, return err; } -static hal_error_t pkey_local_match(const hal_key_type_t type, +static hal_error_t pkey_local_match(const hal_session_handle_t session, + const hal_key_type_t type, const hal_curve_name_t curve, const hal_key_flags_t flags, hal_rpc_pkey_attribute_t *attributes, @@ -881,7 +881,7 @@ static hal_error_t pkey_local_match(const hal_key_type_t type, hal_error_t err; if ((err = ks_open_from_flags(&ks, flags)) == HAL_OK && - (err = hal_ks_match(ks, type, curve, flags, attributes, attributes_len, + (err = hal_ks_match(ks, session, type, curve, flags, attributes, attributes_len, result, result_len, result_max, previous_uuid)) == HAL_OK) err = hal_ks_close(ks); else if (ks != NULL) diff --git a/rpc_server.c b/rpc_server.c index 5f3502f..e4fde9f 100644 --- a/rpc_server.c +++ b/rpc_server.c @@ -563,8 +563,7 @@ static hal_error_t pkey_get_public_key(const uint8_t **iptr, const uint8_t * con static hal_error_t pkey_sign(const uint8_t **iptr, const uint8_t * const ilimit, uint8_t **optr, const uint8_t * const olimit) { - hal_client_handle_t client __attribute__((unused)); - hal_session_handle_t session; + hal_client_handle_t client; hal_pkey_handle_t pkey; hal_hash_handle_t hash; const uint8_t *input; @@ -575,7 +574,6 @@ static hal_error_t pkey_sign(const uint8_t **iptr, const uint8_t * const ilimit, hal_error_t ret; check(hal_xdr_decode_int(iptr, ilimit, &client.handle)); - check(hal_xdr_decode_int(iptr, ilimit, &session.handle)); check(hal_xdr_decode_int(iptr, ilimit, &pkey.handle)); check(hal_xdr_decode_int(iptr, ilimit, &hash.handle)); check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &input, &input_len)); @@ -587,7 +585,7 @@ static hal_error_t pkey_sign(const uint8_t **iptr, const uint8_t * const ilimit, /* call the local function */ /* get the data directly into the output buffer */ *optr += 4; /* reserve 4 bytes for length */ - ret = hal_rpc_local_pkey_dispatch.sign(session, pkey, hash, input, input_len, *optr, &sig_len, sig_max); + ret = hal_rpc_local_pkey_dispatch.sign(pkey, hash, input, input_len, *optr, &sig_len, sig_max); *optr = optr_orig; if (ret == HAL_OK) { check(hal_xdr_encode_int(optr, olimit, sig_len)); @@ -599,8 +597,7 @@ static hal_error_t pkey_sign(const uint8_t **iptr, const uint8_t * const ilimit, static hal_error_t pkey_verify(const uint8_t **iptr, const uint8_t * const ilimit, uint8_t **optr, const uint8_t * const olimit) { - hal_client_handle_t client __attribute__((unused)); - hal_session_handle_t session; + hal_client_handle_t client; hal_pkey_handle_t pkey; hal_hash_handle_t hash; const uint8_t *input; @@ -610,14 +607,13 @@ static hal_error_t pkey_verify(const uint8_t **iptr, const uint8_t * const ilimi hal_error_t ret; check(hal_xdr_decode_int(iptr, ilimit, &client.handle)); - check(hal_xdr_decode_int(iptr, ilimit, &session.handle)); check(hal_xdr_decode_int(iptr, ilimit, &pkey.handle)); check(hal_xdr_decode_int(iptr, ilimit, &hash.handle)); check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &input, &input_len)); check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &sig, &sig_len)); /* call the local function */ - ret = hal_rpc_local_pkey_dispatch.verify(session, pkey, hash, input, input_len, sig, sig_len); + ret = hal_rpc_local_pkey_dispatch.verify(pkey, hash, input, input_len, sig, sig_len); return ret; } @@ -638,13 +634,15 @@ static hal_error_t hal_xdr_encode_pkey_info(uint8_t **optr, const uint8_t * cons static hal_error_t pkey_list(const uint8_t **iptr, const uint8_t * const ilimit, uint8_t **optr, const uint8_t * const olimit) { - hal_client_handle_t client __attribute__((unused)); + hal_client_handle_t client; + hal_session_handle_t session; uint8_t *optr_orig = *optr; uint32_t result_max; hal_key_flags_t flags; hal_error_t ret; check(hal_xdr_decode_int(iptr, ilimit, &client.handle)); + check(hal_xdr_decode_int(iptr, ilimit, &session.handle)); check(hal_xdr_decode_int(iptr, ilimit, &result_max)); check(hal_xdr_decode_int(iptr, ilimit, &flags)); @@ -652,7 +650,7 @@ static hal_error_t pkey_list(const uint8_t **iptr, const uint8_t * const ilimit, unsigned result_len; /* call the local function */ - ret = hal_rpc_local_pkey_dispatch.list(result, &result_len, result_max, flags); + ret = hal_rpc_local_pkey_dispatch.list(session, result, &result_len, result_max, flags); if (ret == HAL_OK) { check(hal_xdr_encode_int(optr, olimit, result_len)); @@ -667,19 +665,18 @@ static hal_error_t pkey_list(const uint8_t **iptr, const uint8_t * const ilimit, return ret; } -#warning Which RPC pkey functions take session looks kind of messed up -// list() and match() probably should take session, sign() and verify() probably should not - static hal_error_t pkey_match(const uint8_t **iptr, const uint8_t * const ilimit, uint8_t **optr, const uint8_t * const olimit) { hal_client_handle_t client; + hal_session_handle_t session; uint32_t type, curve, attributes_len, result_max, previous_uuid_len; const uint8_t *previous_uuid_ptr; hal_key_flags_t flags; hal_error_t ret; check(hal_xdr_decode_int(iptr, ilimit, &client.handle)); + check(hal_xdr_decode_int(iptr, ilimit, &session.handle)); check(hal_xdr_decode_int(iptr, ilimit, &type)); check(hal_xdr_decode_int(iptr, ilimit, &curve)); check(hal_xdr_decode_int(iptr, ilimit, &flags)); @@ -704,7 +701,8 @@ static hal_error_t pkey_match(const uint8_t **iptr, const uint8_t * const ilimit hal_uuid_t result[result_max]; unsigned result_len; - ret = hal_rpc_local_pkey_dispatch.match(type, curve, flags, attributes, attributes_len, + ret = hal_rpc_local_pkey_dispatch.match(session, type, curve, flags, + attributes, attributes_len, result, &result_len, result_max, (hal_uuid_t *) previous_uuid_ptr); -- cgit v1.2.3