Documentation fix

Added more elaborate descriptions, fixed minor issues.
2024-11-22 12:55:38 +01:00 · 2018-03-02 17:11:39 -05:00 · 2018-03-02 17:11:39 -05:00 · 686a05e90c
commit 686a05e90c
parent 79f4e0e91d
7 changed files with 27 additions and 28 deletions
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@ -227,7 +227,7 @@

 #define MBEDTLS_OID_HMAC_SHA1                   MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */

-#define MBEDTLS_MD_OID_MAX_SIZE 10 /**< Maximum length of an OID of a supported digest algorithm*/
+#define MBEDTLS_MD_OID_MAX_SIZE 10 /**< Maximum length of an OID of a supported digest algorithm */

 /*
 * Encryption algorithms
--- a/include/mbedtls/pkcs11_client.h
+++ b/include/mbedtls/pkcs11_client.h
@ -56,7 +56,9 @@ extern "C" {
 #include "pk.h"

 /**
- * \brief               Set up a PK context for a key pair in a PKCS#11 token
+ * \brief               Set up a PK context from a key pair in a PKCS#11 token.
+ *                      This allows to access the token's cryptographic
+ *                      functionality through the PK interface.
 *
 * \param ctx           PK context to fill, which must have been initialized
 *                      with mbedtls_pk_init().
@ -84,7 +86,7 @@ int mbedtls_pk_setup_pkcs11( mbedtls_pk_context *ctx,
 *
 *                      This function imports a PK object containing a
 *                      public key or a private-public key pair into a
- *                      PKCS#11 token. 
+ *                      PKCS#11 token.
 *
 * \param ctx           PK context, which must contain a transparent pk
 *                      object (type \c MBEDTLS_PK_RSA,
@ -113,10 +115,12 @@ int mbedtls_pk_setup_pkcs11( mbedtls_pk_context *ctx,
 *                        will be authorized for encryption.
 *
 * \param hSession      Cryptoki session.
- * \param hPublicKey    If non-null, on output, Cryptoki handle of the public
- *                      key. If null, the public key is not imported.
- * \param hPrivateKey   If non-null, on output, Cryptoki handle of the private
- *                      key. If null, the private key is not imported.
+ * \param hPublicKey    If not NULL, receives the Cryptoki handle of the public
+ *                      key on success. If NULL, the public key is not
+ *                      imported.
+ * \param hPrivateKey   If not NULL, receives the Cryptoki handle of the
+ *                      private key on success. If NULL, the private key is
+ *                      not imported.
 *
 * \return              0 on success,
 *                      or MBEDTLS_ERR_PK_XXX error code.
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@ -738,7 +738,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,

 /**
 * \brief          Encode a hash into a DigestInfo structure as specified
- *                 by PKCS#1(RFC 8017, EMSA-PKCS1-v1_5-ENCODE step 2).
+ *                 by PKCS#1 (RFC 8017, EMSA-PKCS1-v1_5-ENCODE step 2).
 *                 Note: function works backwards in data buffer.
 *
 * \param p        Reference to the current position pointer
--- a/library/pkcs11_client.c
+++ b/library/pkcs11_client.c
@ -111,7 +111,7 @@ static size_t pkcs11_pk_get_bitlen( const void *ctx_arg )
 static int pkcs11_pk_can_do( const void *ctx_arg, mbedtls_pk_type_t type )
 {
    const mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
-    return ctx->key_type == mbedtls_pk_representation_type( type );
+    return( ctx->key_type == mbedtls_pk_representation_type( type ) );
 }

 static void *pkcs11_pk_alloc( )
@ -138,6 +138,7 @@ static size_t pkcs11_pk_signature_size( const void *ctx_arg )
    }
 }

+#if defined(MBEDTLS_RSA_C)
 static int pkcs11_sign_core( mbedtls_pk_pkcs11_context_t *ctx,
                             CK_MECHANISM_TYPE mechanism_type,
                             const unsigned char *payload, size_t payload_len,
@ -145,7 +146,7 @@ static int pkcs11_sign_core( mbedtls_pk_pkcs11_context_t *ctx,
                             size_t sig_size )
 {
    CK_ULONG ck_sig_len = sig_size;
-    CK_MECHANISM mechanism = {mechanism_type, NULL_PTR, 0};
+    CK_MECHANISM mechanism = { mechanism_type, NULL_PTR, 0 };
    CK_RV rv;
    rv = C_SignInit( ctx->hSession, &mechanism, ctx->hPrivateKey );
    if( rv != CKR_OK )
@ -158,6 +159,7 @@ static int pkcs11_sign_core( mbedtls_pk_pkcs11_context_t *ctx,
 exit:
    return( pkcs11_err_to_mbedtls_pk_err( rv ) );
 }
+#endif /* MBEDTLS_RSA_C */

 #if defined(MBEDTLS_RSA_C)
 static int pkcs11_sign_rsa( mbedtls_pk_pkcs11_context_t *ctx,
@ -234,7 +236,7 @@ static int pkcs11_verify_core( mbedtls_pk_pkcs11_context_t *ctx,
                               const unsigned char *payload, size_t payload_len,
                               const unsigned char *sig, size_t sig_len )
 {
-    CK_MECHANISM mechanism = {mechanism_type, NULL_PTR, 0};
+    CK_MECHANISM mechanism = { mechanism_type, NULL_PTR, 0 };
    CK_RV rv;

    rv = C_VerifyInit( ctx->hSession, &mechanism, ctx->hPublicKey );
--- a/library/rsa.c
+++ b/library/rsa.c
@ -1538,7 +1538,7 @@ int mbedtls_rsa_emsa_pkcs1_v15_encode_digestinfo( unsigned char **p,

    if( md_alg == MBEDTLS_MD_NONE )
    {
-        if( *p < start + hashlen )
+        if( *p - start < (ptrdiff_t) hashlen )
            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
        *p -= hashlen;
        memcpy( *p, hash, hashlen );
@ -1550,7 +1550,7 @@ int mbedtls_rsa_emsa_pkcs1_v15_encode_digestinfo( unsigned char **p,
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
    if( hashlen == 0 )
        hashlen = mbedtls_md_get_size( md_info );
-    else if ( hashlen != mbedtls_md_get_size( md_info ) )
+    else if( hashlen != mbedtls_md_get_size( md_info ) )
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
    if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@ -1570,7 +1570,7 @@ int mbedtls_rsa_emsa_pkcs1_v15_encode_digestinfo( unsigned char **p,
     * - Need hashlen bytes for hash
     * - Need oid_size bytes for hash alg OID.
     */
-    if( *p < start + 10 + oid_size + hashlen )
+    if( *p - start < (ptrdiff_t) ( 10 + oid_size + hashlen) )
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
    *p -= 10 + oid_size + hashlen;
    start = *p;
@ -1657,7 +1657,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
    unsigned char *p = dst + dst_len;

    /* Ignore hashlen if a hash algorithm is specified. This is
-     * fragile, but documented, bhavior. */
+     * fragile, but documented, behavior. */
    if( md_alg != MBEDTLS_MD_NONE )
        hashlen = 0;

--- a/tests/suites/test_suite_pkcs11_client.data
+++ b/tests/suites/test_suite_pkcs11_client.data
@ -1,5 +1,5 @@
 PKCS#11 RSA import and sign
-depends_on:MBEDTLS_PK_C:MBEDTLS_ECDSA_C
+depends_on:MBEDTLS_PK_C:MBEDTLS_RSA_C
 pk_import_sign:"data_files/server1.key"

 PKCS#11 RSA generate and sign
@ -10,7 +10,7 @@ PKCS#11 RSA import, sign and verify with Cryptoki
 depends_on:MBEDTLS_PK_C:MBEDTLS_RSA_C
 pk_import_sign_verify:"data_files/server1.key"

-PKCS#11 RSA import, sign with MbedTLS and verify with Cryptoki
+PKCS#11 RSA import, sign with Mbed TLS and verify with Cryptoki
 depends_on:MBEDTLS_PK_C:MBEDTLS_RSA_C
 pk_import_verify_signed:"data_files/server1.key"

--- a/tests/suites/test_suite_pkcs11_client.function
+++ b/tests/suites/test_suite_pkcs11_client.function
@ -111,8 +111,6 @@ static CK_RV pkcs11_generate_key( mbedtls_pk_type_t key_type,
        {CKA_SIGN, &ck_true, sizeof( ck_true )},
    };
    CK_ULONG ck_rsa_key_size = RSA_KEY_SIZE_BITS;
-    unsigned char ecParams[16];
-    size_t ecParams_length;

    switch( key_type )
    {
@ -136,10 +134,6 @@ static CK_RV pkcs11_generate_key( mbedtls_pk_type_t key_type,
                               private_attributes,
                               ARRAY_LENGTH( private_attributes ),
                               phPublicKey, phPrivateKey ) );
-exit:
-    /* Shouldn't happen except if there's a test error (e.g. trying to
-       use a curve that isn't compiled in). */
-    return( -1 );
 }


@ -298,7 +292,7 @@ exit:
 /* BEGIN_CASE depends_on:MBEDTLS_PK_C:MBEDTLS_SHA256_C */
 void pk_import_sign_verify( char *file )
 {
-    /* Sign with cryptoki, convert to mbedTLS format and save,
+    /* Sign with cryptoki, convert to Mbed TLS format and save,
       verify by cryptoki with a conversion to a raw, concatenated
       format by the engine. */
    mbedtls_pk_context pkcs11_ctx;
@ -344,14 +338,14 @@ void pk_import_sign_verify( char *file )
                                    sig_buffer, sig_length ) == 0 );

 exit:
+    mbedtls_pk_free( &pkcs11_ctx );
+    mbedtls_pk_free( &transparent_ctx );
    if( hPublicKey != CK_INVALID_HANDLE )
        C_DestroyObject( hSession, hPublicKey );
    if( hPrivateKey != CK_INVALID_HANDLE )
        C_DestroyObject( hSession, hPrivateKey );
    C_CloseSession( hSession );
    C_Finalize( NULL_PTR );
-    mbedtls_pk_free( &pkcs11_ctx );
-    mbedtls_pk_free( &transparent_ctx );
 }
 /* END_CASE */

@ -380,7 +374,6 @@ void pk_import_verify_signed( char *file )
    TEST_ASSERT( hSession != CK_INVALID_HANDLE );

    TEST_ASSERT( mbedtls_pk_import_to_pkcs11( &transparent_ctx,
-                                              MBEDTLS_PK_FLAG_SIGN |
                                              MBEDTLS_PK_FLAG_VERIFY,
                                              hSession,
                                              &hPublicKey,
@ -413,7 +406,7 @@ exit:
 }
 /* END_CASE */

-/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PK_C:MBEDTLS_RSA_C */
 void pk_rsa_hardcoded_verify( char *message_hex_string, int digest,
                       int mod, int radix_N, char *input_N, int radix_E,
                       char *input_E, char *result_hex_str, int result )