Documentation fix

Added more elaborate descriptions, fixed minor issues.
This commit is contained in:
Andrzej Kurek 2018-03-02 17:11:39 -05:00
parent 79f4e0e91d
commit 686a05e90c
7 changed files with 27 additions and 28 deletions

View File

@ -56,7 +56,9 @@ extern "C" {
#include "pk.h"
/**
* \brief Set up a PK context for a key pair in a PKCS#11 token
* \brief Set up a PK context from a key pair in a PKCS#11 token.
* This allows to access the token's cryptographic
* functionality through the PK interface.
*
* \param ctx PK context to fill, which must have been initialized
* with mbedtls_pk_init().
@ -113,10 +115,12 @@ int mbedtls_pk_setup_pkcs11( mbedtls_pk_context *ctx,
* will be authorized for encryption.
*
* \param hSession Cryptoki session.
* \param hPublicKey If non-null, on output, Cryptoki handle of the public
* key. If null, the public key is not imported.
* \param hPrivateKey If non-null, on output, Cryptoki handle of the private
* key. If null, the private key is not imported.
* \param hPublicKey If not NULL, receives the Cryptoki handle of the public
* key on success. If NULL, the public key is not
* imported.
* \param hPrivateKey If not NULL, receives the Cryptoki handle of the
* private key on success. If NULL, the private key is
* not imported.
*
* \return 0 on success,
* or MBEDTLS_ERR_PK_XXX error code.

View File

@ -111,7 +111,7 @@ static size_t pkcs11_pk_get_bitlen( const void *ctx_arg )
static int pkcs11_pk_can_do( const void *ctx_arg, mbedtls_pk_type_t type )
{
const mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
return ctx->key_type == mbedtls_pk_representation_type( type );
return( ctx->key_type == mbedtls_pk_representation_type( type ) );
}
static void *pkcs11_pk_alloc( )
@ -138,6 +138,7 @@ static size_t pkcs11_pk_signature_size( const void *ctx_arg )
}
}
#if defined(MBEDTLS_RSA_C)
static int pkcs11_sign_core( mbedtls_pk_pkcs11_context_t *ctx,
CK_MECHANISM_TYPE mechanism_type,
const unsigned char *payload, size_t payload_len,
@ -158,6 +159,7 @@ static int pkcs11_sign_core( mbedtls_pk_pkcs11_context_t *ctx,
exit:
return( pkcs11_err_to_mbedtls_pk_err( rv ) );
}
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_RSA_C)
static int pkcs11_sign_rsa( mbedtls_pk_pkcs11_context_t *ctx,

View File

@ -1538,7 +1538,7 @@ int mbedtls_rsa_emsa_pkcs1_v15_encode_digestinfo( unsigned char **p,
if( md_alg == MBEDTLS_MD_NONE )
{
if( *p < start + hashlen )
if( *p - start < (ptrdiff_t) hashlen )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
*p -= hashlen;
memcpy( *p, hash, hashlen );
@ -1570,7 +1570,7 @@ int mbedtls_rsa_emsa_pkcs1_v15_encode_digestinfo( unsigned char **p,
* - Need hashlen bytes for hash
* - Need oid_size bytes for hash alg OID.
*/
if( *p < start + 10 + oid_size + hashlen )
if( *p - start < (ptrdiff_t) ( 10 + oid_size + hashlen) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
*p -= 10 + oid_size + hashlen;
start = *p;
@ -1657,7 +1657,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
unsigned char *p = dst + dst_len;
/* Ignore hashlen if a hash algorithm is specified. This is
* fragile, but documented, bhavior. */
* fragile, but documented, behavior. */
if( md_alg != MBEDTLS_MD_NONE )
hashlen = 0;

View File

@ -1,5 +1,5 @@
PKCS#11 RSA import and sign
depends_on:MBEDTLS_PK_C:MBEDTLS_ECDSA_C
depends_on:MBEDTLS_PK_C:MBEDTLS_RSA_C
pk_import_sign:"data_files/server1.key"
PKCS#11 RSA generate and sign

View File

@ -111,8 +111,6 @@ static CK_RV pkcs11_generate_key( mbedtls_pk_type_t key_type,
{CKA_SIGN, &ck_true, sizeof( ck_true )},
};
CK_ULONG ck_rsa_key_size = RSA_KEY_SIZE_BITS;
unsigned char ecParams[16];
size_t ecParams_length;
switch( key_type )
{
@ -136,10 +134,6 @@ static CK_RV pkcs11_generate_key( mbedtls_pk_type_t key_type,
private_attributes,
ARRAY_LENGTH( private_attributes ),
phPublicKey, phPrivateKey ) );
exit:
/* Shouldn't happen except if there's a test error (e.g. trying to
use a curve that isn't compiled in). */
return( -1 );
}
@ -298,7 +292,7 @@ exit:
/* BEGIN_CASE depends_on:MBEDTLS_PK_C:MBEDTLS_SHA256_C */
void pk_import_sign_verify( char *file )
{
/* Sign with cryptoki, convert to mbedTLS format and save,
/* Sign with cryptoki, convert to Mbed TLS format and save,
verify by cryptoki with a conversion to a raw, concatenated
format by the engine. */
mbedtls_pk_context pkcs11_ctx;
@ -344,14 +338,14 @@ void pk_import_sign_verify( char *file )
sig_buffer, sig_length ) == 0 );
exit:
mbedtls_pk_free( &pkcs11_ctx );
mbedtls_pk_free( &transparent_ctx );
if( hPublicKey != CK_INVALID_HANDLE )
C_DestroyObject( hSession, hPublicKey );
if( hPrivateKey != CK_INVALID_HANDLE )
C_DestroyObject( hSession, hPrivateKey );
C_CloseSession( hSession );
C_Finalize( NULL_PTR );
mbedtls_pk_free( &pkcs11_ctx );
mbedtls_pk_free( &transparent_ctx );
}
/* END_CASE */
@ -380,7 +374,6 @@ void pk_import_verify_signed( char *file )
TEST_ASSERT( hSession != CK_INVALID_HANDLE );
TEST_ASSERT( mbedtls_pk_import_to_pkcs11( &transparent_ctx,
MBEDTLS_PK_FLAG_SIGN |
MBEDTLS_PK_FLAG_VERIFY,
hSession,
&hPublicKey,
@ -413,7 +406,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
/* BEGIN_CASE depends_on:MBEDTLS_PK_C:MBEDTLS_RSA_C */
void pk_rsa_hardcoded_verify( char *message_hex_string, int digest,
int mod, int radix_N, char *input_N, int radix_E,
char *input_E, char *result_hex_str, int result )