Conversation
varder
force-pushed
the
pkcs11_ed25519
branch
2 times, most recently
from
aa718cd to
986256c
Compare
etienne-lms
left a comment
etienne-lms
left a comment
There was a problem hiding this comment.
The pkcs11 part looks good to me (aside the few minor comments)
| .public_len = ARRAY_SIZE(_vect ##_public), \ | ||
| .flag = _flag, \ | ||
| .context = _vect ## _context, \ | ||
| .context_len = ARRAY_SIZE(_vect ##_context), \ |
| size_t private_len; | ||
| const uint8_t *public; | ||
| size_t public_len; | ||
| const bool flag; |
There was a problem hiding this comment.
rename ph_flag as this is the pre-hash flag?
| goto err; | ||
|
|
||
| rv = C_Sign(session, (CK_BYTE_PTR)test->message, test->message_len, | ||
| (CK_BYTE_PTR)sign, &sign_len); |
There was a problem hiding this comment.
indentation (and at line 7972)
|
|
||
| CK_ATTRIBUTE public_key_template[] = { | ||
| { CKA_CLASS, &(CK_OBJECT_CLASS){ CKO_PUBLIC_KEY }, sizeof(CK_OBJECT_CLASS) }, | ||
| { CKA_KEY_TYPE, &(CK_KEY_TYPE){CKK_EC_EDWARDS}, sizeof(CK_KEY_TYPE) }, |
There was a problem hiding this comment.
nit: space char around CKK_EC_EDWARDS: { CKK_EC_EDWARDS }
|
|
||
| static struct eddsa_test eddsa_sign_tests[] = { | ||
| CKTEST_EDDSA_TEST(ed25519_params, ed25519_rfc_8032_7_1, 0), | ||
| CKTEST_EDDSA_TEST(ed25519_params, ed25519_rfc_8032_7_1, 1), |
There was a problem hiding this comment.
This looks like an extra tests, testing vector 7.1 with pre-hash enabled. The EdDSA RFC mentions this test setup?
Same question at line 7850.
varder
force-pushed
the
pkcs11_ed25519
branch
from
9ee35d5 to
84c3417
Compare
|
Hi @etienne-lms, |
etienne-lms
left a comment
etienne-lms
left a comment
There was a problem hiding this comment.
Sorry @varder for the late feedback. Error path issues to address.
| ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, public_key)); | ||
| } | ||
|
|
||
| err: |
There was a problem hiding this comment.
there are several things to clean on error case. I suggest:
ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, private_key));
ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, public_key));
}
+ ADBG_EXPECT_CK_OK(c, C_CloseSession(session));
+ ADBG_EXPECT_CK_OK(c, close_lib());
+ return;
+
-err:
+err_destroy_keys
+ ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, private_key));
+ ADBG_EXPECT_CK_OK(c, C_DestroyObject(session, public_key));
+err_close_sess:
+ C_CloseSession(session);
+err_close_lib:
+ close_lib();
}There was a problem hiding this comment.
Done,
Thank for providing the solution
| ARRAY_SIZE(private_key_template), | ||
| &private_key); | ||
| if (!ADBG_EXPECT_CK_OK(c, rv)) | ||
| goto err; |
There was a problem hiding this comment.
We should destroy the created persistent (token) object public_key above.
|
|
||
| rv = C_SignInit(session, &sign_mechanism, private_key); | ||
| if (!ADBG_EXPECT_CK_OK(c, rv)) | ||
| goto err; |
There was a problem hiding this comment.
failing here needs to attempt to destroy created persistent object(s).
| CKF_SERIAL_SESSION | CKF_RW_SESSION, | ||
| NULL, NULL, &session); | ||
| if (!ADBG_EXPECT_CK_OK(c, rv)) | ||
| goto err; |
There was a problem hiding this comment.
goto err_close_lib;
and only call close_lib()
|
Hi @etienne-lms |
etienne-lms
left a comment
etienne-lms
left a comment
There was a problem hiding this comment.
Can I squash the commit?
Ok.
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Adds tests to import, sign and verify ED25519, ED25519ctx and ED25519ph. The PKCS11 Specification: https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/ pkcs11-spec-v3.1-cs01.pdf Signed-off-by: Valerii Chubar <valerii_chubar@epam.com> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
varder
force-pushed
the
pkcs11_ed25519
branch
from
26afe95 to
a47b266
Compare
3 participants
Adds tests to import, sign and verify Ed25519, Ed25519ctx and Ed25519ph.
The pull request comes with the following pull requests:
OP-TEE/optee_os#5559
OP-TEE/optee_os#5574