commit 33f566541c23766966b7f124b7421cc2ad54b8ce
author Andrzej Kurek <andrzej.kurek@arm.com> Mon Feb 19 04:03:11 2018 -0500
committer Andrzej Kurek <andrzej.kurek@arm.com> Mon Feb 19 04:03:11 2018 -0500
tree c1b80f39857660f2104fe8aef58d97bdec5d1499
parent 7e19f77745a28ac934a986eb2c996dabc28d3a7d

PKCS11: Parametrize buffers

Change magic numbers to more descriptive names

library/pkcs11_client.c

diff --git a/library/pkcs11_client.c b/library/pkcs11_client.c
index 833ae72..1e662f8 100644
--- a/library/pkcs11_client.c
+++ b/library/pkcs11_client.c
@@ -368,7 +368,7 @@
     case CKK_ECDSA:
         can_do = MBEDTLS_PK_ECKEY;
         {
-            unsigned char ecParams[16];
+            unsigned char ecParams[MBEDTLS_OID_EC_GRP_MAX_SIZE];
             mbedtls_asn1_buf params_asn1;
             mbedtls_ecp_group_id grp_id;
             const mbedtls_ecp_curve_info *curve_info;

tests/suites/test_suite_pkcs11_client.function

diff --git a/tests/suites/test_suite_pkcs11_client.function b/tests/suites/test_suite_pkcs11_client.function
index 87d1a61..16ad240 100644
--- a/tests/suites/test_suite_pkcs11_client.function
+++ b/tests/suites/test_suite_pkcs11_client.function
@@ -110,8 +110,7 @@
         {CKA_DECRYPT, &ck_true, sizeof( ck_true )},
         {CKA_SIGN, &ck_true, sizeof( ck_true )},
     };
-    CK_ULONG ck_rsa_key_size = RSA_KEY_SIZE_BITS;
-    unsigned char ecParams[16];
+    unsigned char ecParams[MBEDTLS_OID_EC_GRP_MAX_SIZE];
     size_t ecParams_length;
 
     switch( key_type )
@@ -201,8 +200,8 @@
 #if defined(MBEDTLS_ECDSA_C)
     case MBEDTLS_PK_ECDSA:
         {
-            unsigned char ecParams[16];
-            unsigned char ecPoint[128];
+            unsigned char ecParams[MBEDTLS_OID_EC_GRP_MAX_SIZE];
+            unsigned char ecPoint[MBEDTLS_ECP_MAX_PT_LEN];
             CK_ATTRIBUTE public_attributes[] = {
                 {CKA_EC_PARAMS, ecParams, sizeof( ecParams )},
                 {CKA_EC_POINT, ecPoint, sizeof( ecPoint )},
@@ -246,7 +245,7 @@
         break;
     }
 
-    /* Sign with the token and verify in software */
+    /* Sign with cryptoki and verify with mbed TLS */
     TEST_ASSERT( mbedtls_pk_sign( &pkcs11_ctx, MBEDTLS_MD_SHA256,
                                   hash_value, 32,
                                   sig_buffer, &sig_length,
@@ -276,7 +275,7 @@
     CK_OBJECT_HANDLE hPublicKey = CK_INVALID_HANDLE;
     CK_OBJECT_HANDLE hPrivateKey = CK_INVALID_HANDLE;
     unsigned char hash_value[32] = "Fake hash, it doesn't matter....";
-    unsigned char sig_buffer[4096];
+    unsigned char sig_buffer[MBEDTLS_MPI_MAX_SIZE];
     size_t sig_length = sizeof( sig_buffer );
 
     mbedtls_pk_init( &pkcs11_ctx );
@@ -336,7 +335,7 @@
     CK_OBJECT_HANDLE hPublicKey = CK_INVALID_HANDLE;
     CK_OBJECT_HANDLE hPrivateKey = CK_INVALID_HANDLE;
     unsigned char hash_value[32] = "Fake hash, it doesn't matter....";
-    unsigned char sig_buffer[4096];
+    unsigned char sig_buffer[MBEDTLS_MPI_MAX_SIZE];
     size_t sig_length = sizeof( sig_buffer );
 
     mbedtls_pk_init( &pkcs11_ctx );
@@ -395,7 +394,7 @@
     CK_OBJECT_HANDLE hPublicKey = CK_INVALID_HANDLE;
     CK_OBJECT_HANDLE hPrivateKey = CK_INVALID_HANDLE;
     unsigned char hash_value[32] = "Fake hash, it doesn't matter....";
-    unsigned char sig_buffer[4096];
+    unsigned char sig_buffer[MBEDTLS_MPI_MAX_SIZE];
     size_t sig_length = sizeof( sig_buffer );
 
     mbedtls_pk_init( &pkcs11_ctx );