diff options
| author | Rob Austein <sra@hactrn.net> | 2015-09-14 17:14:57 -0400 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2015-09-14 17:14:57 -0400 |
| commit | 3345ef8b1a7ad719dbd3a0f26697c6bc4bd884b1 (patch) | |
| tree | 6dcc1f493f6ad5b0a008732054dc82b47d9bf092 | |
| parent | e9eb486fae220903f039ffae5125894c1e156aa4 (diff) | |
Debug PKCS #11 ECDSA signature and verification.
| -rw-r--r-- | pkcs11.c | 24 | ||||
| -rw-r--r-- | py11/__init__.py | 17 |
2 files changed, 28 insertions, 13 deletions
@@ -3502,22 +3502,20 @@ CK_RV C_Digest(CK_SESSION_HANDLE hSession, if (rv == CKR_BUFFER_TOO_SMALL) lose(CKR_BUFFER_TOO_SMALL); - { - uint8_t statebuf[session->digest_descriptor->hash_state_length]; - hal_hash_state_t *state = NULL; + if ((rv = digest_update(session->digest_descriptor, &session->digest_state, + pData, ulDataLen)) != CKR_OK) + goto fail; - if (!hal_check(hal_hash_initialize(session->digest_descriptor, - &state, statebuf, sizeof(statebuf))) || - !hal_check(hal_hash_update(state, pData, ulDataLen)) || - !hal_check(hal_hash_finalize(state, pDigest, *pulDigestLen))) - lose(CKR_FUNCTION_FAILED); - } + if (!hal_check(hal_hash_finalize(session->digest_state, pDigest, *pulDigestLen))) + lose(CKR_FUNCTION_FAILED); rv = CKR_OK; /* Fall through */ fail: - if (session != NULL) + if (session != NULL) { + hal_hash_cleanup(&session->digest_state); session->digest_descriptor = NULL; + } mutex_unlock_return_with_rv(rv, p11_global_mutex); } @@ -3719,7 +3717,7 @@ CK_RV C_Sign(CK_SESSION_HANDLE hSession, if (session->sign_digest_state != NULL) lose(CKR_OPERATION_ACTIVE); - if (session->sign_digest_descriptor != NULL && + if (session->sign_digest_descriptor != NULL && pSignature != NULL && (rv = digest_update(session->sign_digest_descriptor, &session->sign_digest_state, pData, ulDataLen)) != CKR_OK) goto fail; @@ -3780,8 +3778,8 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, if (!p11_attribute_get_ulong(hKey, CKA_CLASS, &key_class) || !p11_attribute_get_ulong(hKey, CKA_KEY_TYPE, &key_type) || - !p11_attribute_get_bbool(hKey, CKA_SIGN, &key_verify) || - key_class != CKO_PRIVATE_KEY) + !p11_attribute_get_bbool(hKey, CKA_VERIFY, &key_verify) || + key_class != CKO_PUBLIC_KEY) lose(CKR_KEY_HANDLE_INVALID); if (!key_verify) diff --git a/py11/__init__.py b/py11/__init__.py index da0c946..204c897 100644 --- a/py11/__init__.py +++ b/py11/__init__.py @@ -98,6 +98,23 @@ class PKCS11 (object): byref(public_handle), byref(private_handle)) return public_handle.value, private_handle.value + def C_SignInit(self, session, mechanism_type, private_key): + mechanism = CK_MECHANISM(mechanism_type, None, 0) + self.so.C_SignInit(session, byref(mechanism), private_key) + + def C_Sign(self, session, data): + n = CK_ULONG() + self.so.C_Sign(session, data, len(data), None, byref(n)) + sig = create_string_buffer(n.value) + self.so.C_Sign(session, data, len(data), sig, byref(n)) + return sig.raw + + def C_VerifyInit(self, session, mechanism_type, public_key): + mechanism = CK_MECHANISM(mechanism_type, None, 0) + self.so.C_VerifyInit(session, byref(mechanism), public_key) + + def C_Verify(self, session, data, signature): + self.so.C_Verify(session, data, len(data), signature, len(signature)) __all__ = ["PKCS11"] __all__.extend(name for name in globals() |