From 283ac3be041eebaf3267600ad897402cfb5c3fa1 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 4 Oct 2015 23:40:04 -0400 Subject: Minimal conversion to config_core_selector libhal API. Not doing anything particularly clever with the new capabilities (yet). --- p11util.c | 4 ++-- pkcs11.c | 44 +++++++++++++++++++++++--------------------- 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/p11util.c b/p11util.c index 697b696..ca4a38c 100644 --- a/p11util.c +++ b/p11util.c @@ -272,12 +272,12 @@ static int set_pin(const char * const pin_type, const int read_from_stdin) sqlite3_column_type(q, 0) == SQLITE_NULL) lose("Couldn't retrieve PBKDF2 iteration count from SQL"); - if ((err = hal_get_random(salt, sizeof(salt))) != HAL_OK) { + if ((err = hal_get_random(NULL, salt, sizeof(salt))) != HAL_OK) { fprintf(stderr, "Couldn't generate salt: %s\n", hal_error_string(err)); goto fail; } - if ((err = hal_pbkdf2(hal_hash_sha256, (uint8_t *) pin, len, salt, sizeof(salt), + if ((err = hal_pbkdf2(NULL, hal_hash_sha256, (uint8_t *) pin, len, salt, sizeof(salt), pinbuf, sizeof(pinbuf), sqlite3_column_int(q, 0))) != HAL_OK) { fprintf(stderr, "Couldn't process new PIN: %s\n", hal_error_string(err)); goto fail; diff --git a/pkcs11.c b/pkcs11.c index de8f902..a3048f7 100644 --- a/pkcs11.c +++ b/pkcs11.c @@ -527,18 +527,18 @@ static int kek_init(void) sqlite3_stmt *q = NULL; - int ok = (sql_check_ok(sql_prepare(&q, test_kek)) && + int ok = (sql_check_ok(sql_prepare(&q, test_kek)) && sql_check_row(sqlite3_step(q))); if (ok && sqlite3_column_int(q, 0)) { uint8_t kekbuf[bitsToBytes(256)]; - ok = (hal_check(hal_get_random(kekbuf, sizeof(kekbuf))) && - sql_check_ok(sql_finalize_and_clear(&q)) && - sql_check_ok(sql_prepare(&q, set_kek)) && + ok = (hal_check(hal_get_random(NULL, kekbuf, sizeof(kekbuf))) && + sql_check_ok(sql_finalize_and_clear(&q)) && + sql_check_ok(sql_prepare(&q, set_kek)) && sql_check_ok(sqlite3_bind_blob(q, 1, kekbuf, sizeof(kekbuf), - NULL)) && + NULL)) && sql_check_done(sqlite3_step(q))); memset(kekbuf, 0, sizeof(kekbuf)); @@ -1204,7 +1204,8 @@ static int p11_object_set_generic_private_key(const CK_OBJECT_HANDLE object_hand !sql_check_row(sqlite3_step(q)) || sqlite3_column_type(q, 0) == SQLITE_NULL || !hal_check(to_der(key, wrapbuf + 8, &der_len, sizeof(wrapbuf) - 8)) || - !hal_check(hal_aes_keywrap(sqlite3_column_blob(q, 0), + !hal_check(hal_aes_keywrap(NULL, + sqlite3_column_blob(q, 0), sqlite3_column_bytes(q, 0), wrapbuf+8, der_len, wrapbuf, &wrapbuf_len)) || !sql_check_ok(sql_finalize_and_clear(&q)) || @@ -1318,7 +1319,7 @@ static int p11_object_get_generic_private_key(const CK_OBJECT_HANDLE object_hand size_t wrapbuf_len = pkey_len; uint8_t wrapbuf[pkey_len]; - ok = (hal_check(hal_aes_keyunwrap(kek, kek_len, pkey, pkey_len, wrapbuf, &wrapbuf_len)) && + ok = (hal_check(hal_aes_keyunwrap(NULL, kek, kek_len, pkey, pkey_len, wrapbuf, &wrapbuf_len)) && hal_check(from_der(key, keybuf, keybuf_len, wrapbuf, wrapbuf_len))); memset(wrapbuf, 0, sizeof(wrapbuf)); @@ -1952,7 +1953,7 @@ static CK_RV generate_keypair_rsa_pkcs(p11_session_t *session, memset(keybuf, 0, sizeof(keybuf)); - if (!hal_check(hal_rsa_key_gen(&key, keybuf, sizeof(keybuf), keysize / 8, + if (!hal_check(hal_rsa_key_gen(NULL, &key, keybuf, sizeof(keybuf), keysize / 8, public_exponent, public_exponent_len))) lose(CKR_FUNCTION_FAILED); @@ -2019,7 +2020,7 @@ static CK_RV generate_keypair_ec(p11_session_t *session, memset(keybuf, 0, sizeof(keybuf)); - if (!hal_check(hal_ecdsa_key_gen(&key, keybuf, sizeof(keybuf), curve)) || + if (!hal_check(hal_ecdsa_key_gen(NULL, &key, keybuf, sizeof(keybuf), curve)) || !p11_object_set_ec_private_key(private_handle, key) || !p11_attribute_set(public_handle, CKA_EC_PARAMS, params, params_len) || !p11_attribute_set(private_handle, CKA_EC_PARAMS, params, params_len)) @@ -2196,7 +2197,7 @@ static CK_RV digest_update(const hal_hash_descriptor_t * const descriptor, assert(descriptor != NULL && state != NULL && data != NULL); if (*state == NULL) { - switch (hal_hash_initialize(descriptor, state, NULL, 0)) { + switch (hal_hash_initialize(NULL, descriptor, state, NULL, 0)) { case HAL_OK: break; case HAL_ERROR_ALLOCATION_FAILURE: @@ -2353,7 +2354,7 @@ static CK_RV sign_rsa_pkcs(p11_session_t *session, if (!pkcs1_5_pad(pData, ulDataLen, pSignature, signature_len)) lose(CKR_DATA_LEN_RANGE); - if (!hal_check(hal_rsa_decrypt(key, pSignature, signature_len, pSignature, signature_len))) + if (!hal_check(hal_rsa_decrypt(NULL, key, pSignature, signature_len, pSignature, signature_len))) lose(CKR_FUNCTION_FAILED); } @@ -2410,7 +2411,7 @@ static CK_RV verify_rsa_pkcs(p11_session_t *session, if (!pkcs1_5_pad(pData, ulDataLen, expected, sizeof(expected))) lose(CKR_DATA_LEN_RANGE); - if (!hal_check(hal_rsa_encrypt(key, pSignature, ulSignatureLen, received, sizeof(received)))) + if (!hal_check(hal_rsa_encrypt(NULL, key, pSignature, ulSignatureLen, received, sizeof(received)))) lose(CKR_FUNCTION_FAILED); for (int i = 0; i < ulSignatureLen; i++) @@ -2484,7 +2485,7 @@ static CK_RV sign_ecdsa(p11_session_t *session, ulDataLen = sizeof(digest); } - if (pSignature != NULL && !hal_check(hal_ecdsa_sign(key, pData, ulDataLen, + if (pSignature != NULL && !hal_check(hal_ecdsa_sign(NULL, key, pData, ulDataLen, pSignature, &signature_len, *pulSignatureLen, HAL_ECDSA_SIGNATURE_FORMAT_PKCS11))) lose(CKR_FUNCTION_FAILED); @@ -2529,7 +2530,8 @@ static CK_RV verify_ecdsa(p11_session_t *session, ulDataLen = sizeof(digest); } - if (!hal_check(hal_ecdsa_verify(key, pData, ulDataLen, pSignature, ulSignatureLen, HAL_ECDSA_SIGNATURE_FORMAT_PKCS11))) + if (!hal_check(hal_ecdsa_verify(NULL, key, pData, ulDataLen, + pSignature, ulSignatureLen, HAL_ECDSA_SIGNATURE_FORMAT_PKCS11))) lose(CKR_SIGNATURE_INVALID); rv = CKR_OK; /* Fall through */ @@ -3049,7 +3051,7 @@ CK_RV C_Login(CK_SESSION_HANDLE hSession, uint8_t pinbuf[pin_len]; unsigned diff = 0; - if (!hal_check(hal_pbkdf2(hal_hash_sha256, pPin, ulPinLen, salt, salt_len, + if (!hal_check(hal_pbkdf2(NULL, hal_hash_sha256, pPin, ulPinLen, salt, salt_len, pinbuf, sizeof(pinbuf), iterations))) lose(CKR_FUNCTION_FAILED); @@ -3624,7 +3626,7 @@ CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, default: lose(CKR_MECHANISM_INVALID); } - if (!hal_check(hal_hash_core_present(session->digest_descriptor))) { + if (hal_core_find(session->digest_descriptor->core_name, NULL) == NULL) { session->digest_descriptor = NULL; lose(CKR_MECHANISM_INVALID); } @@ -4319,7 +4321,7 @@ CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession, if (RandomData == NULL) lose(CKR_ARGUMENTS_BAD); - if (!hal_check(hal_get_random(RandomData, ulRandomLen))) + if (!hal_check(hal_get_random(NULL, RandomData, ulRandomLen))) lose(CKR_FUNCTION_FAILED); fail: @@ -4365,7 +4367,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, case CKM_SHA1_RSA_PKCS: case CKM_SHA_1_HMAC: case CKM_ECDSA_SHA1: - if (hal_hash_core_present(hal_hash_sha1) != HAL_OK) + if (hal_core_find(hal_hash_sha1->core_name, NULL) == NULL) return CKR_MECHANISM_INVALID; break; @@ -4373,7 +4375,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, case CKM_SHA256_RSA_PKCS: case CKM_SHA256_HMAC: case CKM_ECDSA_SHA256: - if (hal_hash_core_present(hal_hash_sha256) != HAL_OK) + if (hal_core_find(hal_hash_sha256->core_name, NULL) == NULL) return CKR_MECHANISM_INVALID; break; @@ -4381,7 +4383,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, case CKM_SHA384_RSA_PKCS: case CKM_SHA384_HMAC: case CKM_ECDSA_SHA384: - if (hal_hash_core_present(hal_hash_sha384) != HAL_OK) + if (hal_core_find(hal_hash_sha384->core_name, NULL) == NULL) return CKR_MECHANISM_INVALID; break; @@ -4389,7 +4391,7 @@ CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, case CKM_SHA512_RSA_PKCS: case CKM_SHA512_HMAC: case CKM_ECDSA_SHA512: - if (hal_hash_core_present(hal_hash_sha512) != HAL_OK) + if (hal_core_find(hal_hash_sha512->core_name, NULL) == NULL) return CKR_MECHANISM_INVALID; break; -- cgit v1.2.3