mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 18:55:37 +01:00
Documentation fix
Added more elaborate descriptions, fixed minor issues.
This commit is contained in:
parent
79f4e0e91d
commit
686a05e90c
@ -227,7 +227,7 @@
|
||||
|
||||
#define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
|
||||
|
||||
#define MBEDTLS_MD_OID_MAX_SIZE 10 /**< Maximum length of an OID of a supported digest algorithm*/
|
||||
#define MBEDTLS_MD_OID_MAX_SIZE 10 /**< Maximum length of an OID of a supported digest algorithm */
|
||||
|
||||
/*
|
||||
* Encryption algorithms
|
||||
|
@ -56,7 +56,9 @@ extern "C" {
|
||||
#include "pk.h"
|
||||
|
||||
/**
|
||||
* \brief Set up a PK context for a key pair in a PKCS#11 token
|
||||
* \brief Set up a PK context from a key pair in a PKCS#11 token.
|
||||
* This allows to access the token's cryptographic
|
||||
* functionality through the PK interface.
|
||||
*
|
||||
* \param ctx PK context to fill, which must have been initialized
|
||||
* with mbedtls_pk_init().
|
||||
@ -84,7 +86,7 @@ int mbedtls_pk_setup_pkcs11( mbedtls_pk_context *ctx,
|
||||
*
|
||||
* This function imports a PK object containing a
|
||||
* public key or a private-public key pair into a
|
||||
* PKCS#11 token.
|
||||
* PKCS#11 token.
|
||||
*
|
||||
* \param ctx PK context, which must contain a transparent pk
|
||||
* object (type \c MBEDTLS_PK_RSA,
|
||||
@ -113,10 +115,12 @@ int mbedtls_pk_setup_pkcs11( mbedtls_pk_context *ctx,
|
||||
* will be authorized for encryption.
|
||||
*
|
||||
* \param hSession Cryptoki session.
|
||||
* \param hPublicKey If non-null, on output, Cryptoki handle of the public
|
||||
* key. If null, the public key is not imported.
|
||||
* \param hPrivateKey If non-null, on output, Cryptoki handle of the private
|
||||
* key. If null, the private key is not imported.
|
||||
* \param hPublicKey If not NULL, receives the Cryptoki handle of the public
|
||||
* key on success. If NULL, the public key is not
|
||||
* imported.
|
||||
* \param hPrivateKey If not NULL, receives the Cryptoki handle of the
|
||||
* private key on success. If NULL, the private key is
|
||||
* not imported.
|
||||
*
|
||||
* \return 0 on success,
|
||||
* or MBEDTLS_ERR_PK_XXX error code.
|
||||
|
@ -738,7 +738,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
||||
|
||||
/**
|
||||
* \brief Encode a hash into a DigestInfo structure as specified
|
||||
* by PKCS#1(RFC 8017, EMSA-PKCS1-v1_5-ENCODE step 2).
|
||||
* by PKCS#1 (RFC 8017, EMSA-PKCS1-v1_5-ENCODE step 2).
|
||||
* Note: function works backwards in data buffer.
|
||||
*
|
||||
* \param p Reference to the current position pointer
|
||||
|
@ -111,7 +111,7 @@ static size_t pkcs11_pk_get_bitlen( const void *ctx_arg )
|
||||
static int pkcs11_pk_can_do( const void *ctx_arg, mbedtls_pk_type_t type )
|
||||
{
|
||||
const mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
|
||||
return ctx->key_type == mbedtls_pk_representation_type( type );
|
||||
return( ctx->key_type == mbedtls_pk_representation_type( type ) );
|
||||
}
|
||||
|
||||
static void *pkcs11_pk_alloc( )
|
||||
@ -138,6 +138,7 @@ static size_t pkcs11_pk_signature_size( const void *ctx_arg )
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
static int pkcs11_sign_core( mbedtls_pk_pkcs11_context_t *ctx,
|
||||
CK_MECHANISM_TYPE mechanism_type,
|
||||
const unsigned char *payload, size_t payload_len,
|
||||
@ -145,7 +146,7 @@ static int pkcs11_sign_core( mbedtls_pk_pkcs11_context_t *ctx,
|
||||
size_t sig_size )
|
||||
{
|
||||
CK_ULONG ck_sig_len = sig_size;
|
||||
CK_MECHANISM mechanism = {mechanism_type, NULL_PTR, 0};
|
||||
CK_MECHANISM mechanism = { mechanism_type, NULL_PTR, 0 };
|
||||
CK_RV rv;
|
||||
rv = C_SignInit( ctx->hSession, &mechanism, ctx->hPrivateKey );
|
||||
if( rv != CKR_OK )
|
||||
@ -158,6 +159,7 @@ static int pkcs11_sign_core( mbedtls_pk_pkcs11_context_t *ctx,
|
||||
exit:
|
||||
return( pkcs11_err_to_mbedtls_pk_err( rv ) );
|
||||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
static int pkcs11_sign_rsa( mbedtls_pk_pkcs11_context_t *ctx,
|
||||
@ -234,7 +236,7 @@ static int pkcs11_verify_core( mbedtls_pk_pkcs11_context_t *ctx,
|
||||
const unsigned char *payload, size_t payload_len,
|
||||
const unsigned char *sig, size_t sig_len )
|
||||
{
|
||||
CK_MECHANISM mechanism = {mechanism_type, NULL_PTR, 0};
|
||||
CK_MECHANISM mechanism = { mechanism_type, NULL_PTR, 0 };
|
||||
CK_RV rv;
|
||||
|
||||
rv = C_VerifyInit( ctx->hSession, &mechanism, ctx->hPublicKey );
|
||||
|
@ -1538,7 +1538,7 @@ int mbedtls_rsa_emsa_pkcs1_v15_encode_digestinfo( unsigned char **p,
|
||||
|
||||
if( md_alg == MBEDTLS_MD_NONE )
|
||||
{
|
||||
if( *p < start + hashlen )
|
||||
if( *p - start < (ptrdiff_t) hashlen )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
*p -= hashlen;
|
||||
memcpy( *p, hash, hashlen );
|
||||
@ -1550,7 +1550,7 @@ int mbedtls_rsa_emsa_pkcs1_v15_encode_digestinfo( unsigned char **p,
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
if( hashlen == 0 )
|
||||
hashlen = mbedtls_md_get_size( md_info );
|
||||
else if ( hashlen != mbedtls_md_get_size( md_info ) )
|
||||
else if( hashlen != mbedtls_md_get_size( md_info ) )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
@ -1570,7 +1570,7 @@ int mbedtls_rsa_emsa_pkcs1_v15_encode_digestinfo( unsigned char **p,
|
||||
* - Need hashlen bytes for hash
|
||||
* - Need oid_size bytes for hash alg OID.
|
||||
*/
|
||||
if( *p < start + 10 + oid_size + hashlen )
|
||||
if( *p - start < (ptrdiff_t) ( 10 + oid_size + hashlen) )
|
||||
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
||||
*p -= 10 + oid_size + hashlen;
|
||||
start = *p;
|
||||
@ -1657,7 +1657,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
|
||||
unsigned char *p = dst + dst_len;
|
||||
|
||||
/* Ignore hashlen if a hash algorithm is specified. This is
|
||||
* fragile, but documented, bhavior. */
|
||||
* fragile, but documented, behavior. */
|
||||
if( md_alg != MBEDTLS_MD_NONE )
|
||||
hashlen = 0;
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
PKCS#11 RSA import and sign
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_ECDSA_C
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_RSA_C
|
||||
pk_import_sign:"data_files/server1.key"
|
||||
|
||||
PKCS#11 RSA generate and sign
|
||||
@ -10,7 +10,7 @@ PKCS#11 RSA import, sign and verify with Cryptoki
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_RSA_C
|
||||
pk_import_sign_verify:"data_files/server1.key"
|
||||
|
||||
PKCS#11 RSA import, sign with MbedTLS and verify with Cryptoki
|
||||
PKCS#11 RSA import, sign with Mbed TLS and verify with Cryptoki
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_RSA_C
|
||||
pk_import_verify_signed:"data_files/server1.key"
|
||||
|
||||
|
@ -111,8 +111,6 @@ static CK_RV pkcs11_generate_key( mbedtls_pk_type_t key_type,
|
||||
{CKA_SIGN, &ck_true, sizeof( ck_true )},
|
||||
};
|
||||
CK_ULONG ck_rsa_key_size = RSA_KEY_SIZE_BITS;
|
||||
unsigned char ecParams[16];
|
||||
size_t ecParams_length;
|
||||
|
||||
switch( key_type )
|
||||
{
|
||||
@ -136,10 +134,6 @@ static CK_RV pkcs11_generate_key( mbedtls_pk_type_t key_type,
|
||||
private_attributes,
|
||||
ARRAY_LENGTH( private_attributes ),
|
||||
phPublicKey, phPrivateKey ) );
|
||||
exit:
|
||||
/* Shouldn't happen except if there's a test error (e.g. trying to
|
||||
use a curve that isn't compiled in). */
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
|
||||
@ -298,7 +292,7 @@ exit:
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PK_C:MBEDTLS_SHA256_C */
|
||||
void pk_import_sign_verify( char *file )
|
||||
{
|
||||
/* Sign with cryptoki, convert to mbedTLS format and save,
|
||||
/* Sign with cryptoki, convert to Mbed TLS format and save,
|
||||
verify by cryptoki with a conversion to a raw, concatenated
|
||||
format by the engine. */
|
||||
mbedtls_pk_context pkcs11_ctx;
|
||||
@ -344,14 +338,14 @@ void pk_import_sign_verify( char *file )
|
||||
sig_buffer, sig_length ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_pk_free( &pkcs11_ctx );
|
||||
mbedtls_pk_free( &transparent_ctx );
|
||||
if( hPublicKey != CK_INVALID_HANDLE )
|
||||
C_DestroyObject( hSession, hPublicKey );
|
||||
if( hPrivateKey != CK_INVALID_HANDLE )
|
||||
C_DestroyObject( hSession, hPrivateKey );
|
||||
C_CloseSession( hSession );
|
||||
C_Finalize( NULL_PTR );
|
||||
mbedtls_pk_free( &pkcs11_ctx );
|
||||
mbedtls_pk_free( &transparent_ctx );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
@ -380,7 +374,6 @@ void pk_import_verify_signed( char *file )
|
||||
TEST_ASSERT( hSession != CK_INVALID_HANDLE );
|
||||
|
||||
TEST_ASSERT( mbedtls_pk_import_to_pkcs11( &transparent_ctx,
|
||||
MBEDTLS_PK_FLAG_SIGN |
|
||||
MBEDTLS_PK_FLAG_VERIFY,
|
||||
hSession,
|
||||
&hPublicKey,
|
||||
@ -413,7 +406,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PK_C:MBEDTLS_RSA_C */
|
||||
void pk_rsa_hardcoded_verify( char *message_hex_string, int digest,
|
||||
int mod, int radix_N, char *input_N, int radix_E,
|
||||
char *input_E, char *result_hex_str, int result )
|
||||
|
Loading…
Reference in New Issue
Block a user