aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2015-09-14 17:14:57 -0400
committerRob Austein <sra@hactrn.net>2015-09-14 17:14:57 -0400
commit3345ef8b1a7ad719dbd3a0f26697c6bc4bd884b1 (patch)
tree6dcc1f493f6ad5b0a008732054dc82b47d9bf092
parente9eb486fae220903f039ffae5125894c1e156aa4 (diff)
Debug PKCS #11 ECDSA signature and verification.
-rw-r--r--pkcs11.c24
-rw-r--r--py11/__init__.py17
2 files changed, 28 insertions, 13 deletions
diff --git a/pkcs11.c b/pkcs11.c
index 88ad883..2f6fcde 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -3502,22 +3502,20 @@ CK_RV C_Digest(CK_SESSION_HANDLE hSession,
if (rv == CKR_BUFFER_TOO_SMALL)
lose(CKR_BUFFER_TOO_SMALL);
- {
- uint8_t statebuf[session->digest_descriptor->hash_state_length];
- hal_hash_state_t *state = NULL;
+ if ((rv = digest_update(session->digest_descriptor, &session->digest_state,
+ pData, ulDataLen)) != CKR_OK)
+ goto fail;
- if (!hal_check(hal_hash_initialize(session->digest_descriptor,
- &state, statebuf, sizeof(statebuf))) ||
- !hal_check(hal_hash_update(state, pData, ulDataLen)) ||
- !hal_check(hal_hash_finalize(state, pDigest, *pulDigestLen)))
- lose(CKR_FUNCTION_FAILED);
- }
+ if (!hal_check(hal_hash_finalize(session->digest_state, pDigest, *pulDigestLen)))
+ lose(CKR_FUNCTION_FAILED);
rv = CKR_OK; /* Fall through */
fail:
- if (session != NULL)
+ if (session != NULL) {
+ hal_hash_cleanup(&session->digest_state);
session->digest_descriptor = NULL;
+ }
mutex_unlock_return_with_rv(rv, p11_global_mutex);
}
@@ -3719,7 +3717,7 @@ CK_RV C_Sign(CK_SESSION_HANDLE hSession,
if (session->sign_digest_state != NULL)
lose(CKR_OPERATION_ACTIVE);
- if (session->sign_digest_descriptor != NULL &&
+ if (session->sign_digest_descriptor != NULL && pSignature != NULL &&
(rv = digest_update(session->sign_digest_descriptor,
&session->sign_digest_state, pData, ulDataLen)) != CKR_OK)
goto fail;
@@ -3780,8 +3778,8 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
if (!p11_attribute_get_ulong(hKey, CKA_CLASS, &key_class) ||
!p11_attribute_get_ulong(hKey, CKA_KEY_TYPE, &key_type) ||
- !p11_attribute_get_bbool(hKey, CKA_SIGN, &key_verify) ||
- key_class != CKO_PRIVATE_KEY)
+ !p11_attribute_get_bbool(hKey, CKA_VERIFY, &key_verify) ||
+ key_class != CKO_PUBLIC_KEY)
lose(CKR_KEY_HANDLE_INVALID);
if (!key_verify)
diff --git a/py11/__init__.py b/py11/__init__.py
index da0c946..204c897 100644
--- a/py11/__init__.py
+++ b/py11/__init__.py
@@ -98,6 +98,23 @@ class PKCS11 (object):
byref(public_handle), byref(private_handle))
return public_handle.value, private_handle.value
+ def C_SignInit(self, session, mechanism_type, private_key):
+ mechanism = CK_MECHANISM(mechanism_type, None, 0)
+ self.so.C_SignInit(session, byref(mechanism), private_key)
+
+ def C_Sign(self, session, data):
+ n = CK_ULONG()
+ self.so.C_Sign(session, data, len(data), None, byref(n))
+ sig = create_string_buffer(n.value)
+ self.so.C_Sign(session, data, len(data), sig, byref(n))
+ return sig.raw
+
+ def C_VerifyInit(self, session, mechanism_type, public_key):
+ mechanism = CK_MECHANISM(mechanism_type, None, 0)
+ self.so.C_VerifyInit(session, byref(mechanism), public_key)
+
+ def C_Verify(self, session, data, signature):
+ self.so.C_Verify(session, data, len(data), signature, len(signature))
__all__ = ["PKCS11"]
__all__.extend(name for name in globals()