aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2016-05-15 20:49:18 -0400
committerRob Austein <sra@hactrn.net>2016-05-15 20:49:18 -0400
commit0690aa3d48966a4b151a468fd3a0a65bb99de439 (patch)
treee88db7d7d677ea48d9bb3dbd57acc514785a44f7
parent53b0dd22287e07ca32184c27b7ec0d75d358bde4 (diff)
Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.
Temporary nature of null string as key name is not enforced by the keystore code, it's just a convention to allow callers to generate a keypair, obtain the public key, hash that to a Subject Key Identifier (SKI), and rename the key using the SKI as the new name. This is a compromise to let us use SKI-based key names in PKCS #11 while keeping the keystore code simple.
-rw-r--r--hal.h6
-rw-r--r--hal_internal.h9
-rw-r--r--ks.c47
-rw-r--r--rpc_api.c28
-rw-r--r--rpc_client.c29
-rw-r--r--rpc_pkey.c203
-rw-r--r--rpc_server.c19
7 files changed, 239 insertions, 102 deletions
diff --git a/hal.h b/hal.h
index 6fbfb9f..ee97e8a 100644
--- a/hal.h
+++ b/hal.h
@@ -129,6 +129,7 @@
DEFINE_HAL_ERROR(HAL_ERROR_RPC_TRANSPORT, "RPC transport error") \
DEFINE_HAL_ERROR(HAL_ERROR_RPC_PACKET_OVERFLOW, "RPC packet overflow") \
DEFINE_HAL_ERROR(HAL_ERROR_RPC_BAD_FUNCTION, "Bad RPC function number") \
+ DEFINE_HAL_ERROR(HAL_ERROR_KEY_NAME_TOO_LONG, "Key name too long") \
END_OF_HAL_ERROR_LIST
/* Marker to forestall silly line continuation errors */
@@ -350,7 +351,7 @@ extern hal_error_t hal_modexp(const hal_core_t *core,
*/
typedef enum {
- HAL_KEY_TYPE_NONE,
+ HAL_KEY_TYPE_NONE = 0,
HAL_KEY_TYPE_RSA_PRIVATE,
HAL_KEY_TYPE_RSA_PUBLIC,
HAL_KEY_TYPE_EC_PRIVATE,
@@ -685,6 +686,9 @@ extern hal_error_t hal_rpc_pkey_close(const hal_pkey_handle_t pkey);
extern hal_error_t hal_rpc_pkey_delete(const hal_pkey_handle_t pkey);
+extern hal_error_t hal_rpc_pkey_rename(const hal_pkey_handle_t pkey,
+ const uint8_t * const name, const size_t name_len);
+
extern hal_error_t hal_rpc_pkey_get_key_type(const hal_pkey_handle_t pkey,
hal_key_type_t *type);
diff --git a/hal_internal.h b/hal_internal.h
index c460ed8..4b572eb 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -178,6 +178,9 @@ typedef struct {
hal_error_t (*delete)(const hal_pkey_handle_t pkey);
+ hal_error_t (*rename)(const hal_pkey_handle_t pkey,
+ const uint8_t * const name, const size_t name_len);
+
hal_error_t (*get_key_type)(const hal_pkey_handle_t pkey,
hal_key_type_t *key_type);
@@ -337,6 +340,11 @@ extern hal_error_t hal_ks_delete(const hal_key_type_t type,
const uint8_t * const name, const size_t name_len,
int *hint);
+extern hal_error_t hal_ks_rename(const hal_key_type_t type,
+ const uint8_t * const old_name, const size_t old_name_len,
+ const uint8_t * const new_name, const size_t new_name_len,
+ int *hint);
+
extern hal_error_t hal_ks_list(hal_pkey_info_t *result,
unsigned *result_len,
const unsigned result_max);
@@ -396,6 +404,7 @@ typedef enum {
RPC_FUNC_PKEY_REMOTE_SIGN,
RPC_FUNC_PKEY_REMOTE_VERIFY,
RPC_FUNC_PKEY_LIST,
+ RPC_FUNC_PKEY_RENAME,
} rpc_func_num_t;
#define RPC_VERSION 0x00010000 /* 0.1.0.0 */
diff --git a/ks.c b/ks.c
index 33d3e47..758162b 100644
--- a/ks.c
+++ b/ks.c
@@ -61,11 +61,11 @@ hal_error_t hal_ks_store(const hal_key_type_t type,
const uint8_t * const der, const size_t der_len,
int *hint)
{
- if (name == NULL || name_len == 0 || der == NULL || der_len == 0 || !acceptable_key_type(type))
+ if (name == NULL || der == NULL || der_len == 0 || !acceptable_key_type(type))
return HAL_ERROR_BAD_ARGUMENTS;
if (name_len > HAL_RPC_PKEY_NAME_MAX)
- return HAL_ERROR_RESULT_TOO_LONG;
+ return HAL_ERROR_KEY_NAME_TOO_LONG;
const hal_ks_keydb_t * const db = hal_ks_get_keydb();
hal_error_t err;
@@ -124,7 +124,7 @@ static int find(const hal_ks_keydb_t * const db,
const uint8_t * const name, const size_t name_len,
int *hint)
{
- assert(db != NULL && name != NULL && name_len > 0 && acceptable_key_type(type));
+ assert(db != NULL && name != NULL && acceptable_key_type(type));
if (hint != NULL && *hint >= 0 && *hint < sizeof(db->keys)/sizeof(*db->keys) &&
db->keys[*hint].in_use &&
@@ -150,7 +150,7 @@ hal_error_t hal_ks_exists(const hal_key_type_t type,
const uint8_t * const name, const size_t name_len,
int *hint)
{
- if (name == NULL || name_len == 0 || !acceptable_key_type(type))
+ if (name == NULL || !acceptable_key_type(type))
return HAL_ERROR_BAD_ARGUMENTS;
const hal_ks_keydb_t * const db = hal_ks_get_keydb();
@@ -171,7 +171,7 @@ hal_error_t hal_ks_fetch(const hal_key_type_t type,
uint8_t *der, size_t *der_len, const size_t der_max,
int *hint)
{
- if (name == NULL || name_len == 0 || !acceptable_key_type(type))
+ if (name == NULL || !acceptable_key_type(type))
return HAL_ERROR_BAD_ARGUMENTS;
const hal_ks_keydb_t * const db = hal_ks_get_keydb();
@@ -223,7 +223,7 @@ hal_error_t hal_ks_delete(const hal_key_type_t type,
const uint8_t * const name, const size_t name_len,
int *hint)
{
- if (name == NULL || name_len == 0 || !acceptable_key_type(type))
+ if (name == NULL || !acceptable_key_type(type))
return HAL_ERROR_BAD_ARGUMENTS;
const hal_ks_keydb_t * const db = hal_ks_get_keydb();
@@ -241,6 +241,41 @@ hal_error_t hal_ks_delete(const hal_key_type_t type,
return hal_ks_del_keydb(*hint);
}
+hal_error_t hal_ks_rename(const hal_key_type_t type,
+ const uint8_t * const old_name, const size_t old_name_len,
+ const uint8_t * const new_name, const size_t new_name_len,
+ int *hint)
+{
+ if (old_name == NULL || new_name == NULL || !acceptable_key_type(type))
+ return HAL_ERROR_BAD_ARGUMENTS;
+
+ if (new_name_len > HAL_RPC_PKEY_NAME_MAX)
+ return HAL_ERROR_KEY_NAME_TOO_LONG;
+
+ const hal_ks_keydb_t * const db = hal_ks_get_keydb();
+ int hint_ = -1;
+
+ if (db == NULL)
+ return HAL_ERROR_KEYSTORE_ACCESS;
+
+ if (find(db, type, new_name, new_name_len, NULL))
+ return HAL_ERROR_KEY_NAME_IN_USE;
+
+ if (hint == NULL)
+ hint = &hint_;
+
+ if (!find(db, type, old_name, old_name_len, hint))
+ return HAL_ERROR_KEY_NOT_FOUND;
+
+ hal_ks_key_t k = db->keys[*hint];
+
+ assert(new_name_len <= sizeof(k.name));
+ memcpy(k.name, new_name, new_name_len);
+ k.name_len = new_name_len;
+
+ return hal_ks_set_keydb(&k, *hint);
+}
+
hal_error_t hal_ks_list(hal_pkey_info_t *result,
unsigned *result_len,
const unsigned result_max)
diff --git a/rpc_api.c b/rpc_api.c
index 8010f54..5bab506 100644
--- a/rpc_api.c
+++ b/rpc_api.c
@@ -199,11 +199,11 @@ hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client,
const uint8_t * const der, const size_t der_len,
const hal_key_flags_t flags)
{
- if (pkey == NULL ||
- name == NULL || name_len == 0 ||
- der == NULL || der_len == 0 ||
+ if (pkey == NULL || name == NULL || der == NULL || der_len == 0 ||
!check_pkey_type_curve_flags(type, curve, flags))
return HAL_ERROR_BAD_ARGUMENTS;
+ if (name_len > HAL_RPC_PKEY_NAME_MAX)
+ return HAL_ERROR_KEY_NAME_TOO_LONG;
return hal_rpc_pkey_dispatch->load(client, session, pkey, type, curve, name, name_len, der, der_len, flags);
}
@@ -214,8 +214,10 @@ hal_error_t hal_rpc_pkey_find(const hal_client_handle_t client,
const uint8_t * const name, const size_t name_len,
const hal_key_flags_t flags)
{
- if (pkey == NULL || name == NULL || name_len == 0 || !check_pkey_type(type))
+ if (pkey == NULL || name == NULL || !check_pkey_type(type))
return HAL_ERROR_BAD_ARGUMENTS;
+ if (name_len > HAL_RPC_PKEY_NAME_MAX)
+ return HAL_ERROR_KEY_NAME_TOO_LONG;
return hal_rpc_pkey_dispatch->find(client, session, pkey, type, name, name_len, flags);
}
@@ -227,9 +229,11 @@ hal_error_t hal_rpc_pkey_generate_rsa(const hal_client_handle_t client,
const uint8_t * const exp, const size_t exp_len,
const hal_key_flags_t flags)
{
- if (pkey == NULL || name == NULL || name_len == 0 || key_len == 0 || (key_len & 7) != 0 ||
+ if (pkey == NULL || name == NULL || key_len == 0 || (key_len & 7) != 0 ||
exp == NULL || exp_len == 0 || !check_pkey_flags(flags))
return HAL_ERROR_BAD_ARGUMENTS;
+ if (name_len > HAL_RPC_PKEY_NAME_MAX)
+ return HAL_ERROR_KEY_NAME_TOO_LONG;
return hal_rpc_pkey_dispatch->generate_rsa(client, session, pkey, name, name_len, key_len, exp, exp_len, flags);
}
@@ -240,9 +244,11 @@ hal_error_t hal_rpc_pkey_generate_ec(const hal_client_handle_t client,
const hal_curve_name_t curve,
const hal_key_flags_t flags)
{
- if (pkey == NULL || name == NULL || name_len == 0 ||
+ if (pkey == NULL || name == NULL ||
!check_pkey_type_curve_flags(HAL_KEY_TYPE_EC_PRIVATE, curve, flags))
return HAL_ERROR_BAD_ARGUMENTS;
+ if (name_len > HAL_RPC_PKEY_NAME_MAX)
+ return HAL_ERROR_KEY_NAME_TOO_LONG;
return hal_rpc_pkey_dispatch->generate_ec(client, session, pkey, name, name_len, curve, flags);
}
@@ -256,6 +262,16 @@ hal_error_t hal_rpc_pkey_delete(const hal_pkey_handle_t pkey)
return hal_rpc_pkey_dispatch->delete(pkey);
}
+hal_error_t hal_rpc_pkey_rename(const hal_pkey_handle_t pkey,
+ const uint8_t * const name, const size_t name_len)
+{
+ if (name == NULL)
+ return HAL_ERROR_BAD_ARGUMENTS;
+ if (name_len > HAL_RPC_PKEY_NAME_MAX)
+ return HAL_ERROR_KEY_NAME_TOO_LONG;
+ return hal_rpc_pkey_dispatch->rename(pkey, name, name_len);
+}
+
hal_error_t hal_rpc_pkey_get_key_type(const hal_pkey_handle_t pkey,
hal_key_type_t *type)
{
diff --git a/rpc_client.c b/rpc_client.c
index 71dcc7c..3a84305 100644
--- a/rpc_client.c
+++ b/rpc_client.c
@@ -513,6 +513,27 @@ static hal_error_t pkey_remote_delete(const hal_pkey_handle_t pkey)
return rpc_ret;
}
+static hal_error_t pkey_remote_rename(const hal_pkey_handle_t pkey,
+ const uint8_t * const name, const size_t name_len)
+{
+ uint8_t outbuf[nargs(3) + pad(name_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t inbuf[nargs(1)];
+ const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
+ size_t ilen = sizeof(inbuf);
+ hal_error_t rpc_ret;
+
+ check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_DELETE));
+ check(hal_xdr_encode_int(&optr, olimit, pkey.handle));
+ check(hal_xdr_encode_buffer(&optr, olimit, name, name_len));
+ check(hal_rpc_send(outbuf, optr - outbuf));
+
+ check(hal_rpc_recv(inbuf, &ilen));
+ assert(ilen <= sizeof(inbuf));
+ check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret));
+ return rpc_ret;
+}
+
+
static hal_error_t pkey_remote_get_key_type(const hal_pkey_handle_t pkey,
hal_key_type_t *type)
{
@@ -851,6 +872,12 @@ static hal_error_t pkey_mixed_delete(const hal_pkey_handle_t pkey)
return mixed_handle_dispatch(pkey)->delete(pkey);
}
+static hal_error_t pkey_mixed_rename(const hal_pkey_handle_t pkey,
+ const uint8_t * const name, const size_t name_len)
+{
+ return mixed_handle_dispatch(pkey)->rename(pkey, name, name_len);
+}
+
static hal_error_t pkey_mixed_get_key_type(const hal_pkey_handle_t pkey,
hal_key_type_t *key_type)
{
@@ -912,6 +939,7 @@ const hal_rpc_pkey_dispatch_t hal_rpc_remote_pkey_dispatch = {
pkey_remote_generate_ec,
pkey_remote_close,
pkey_remote_delete,
+ pkey_remote_rename,
pkey_remote_get_key_type,
pkey_remote_get_key_flags,
pkey_remote_get_public_key_len,
@@ -928,6 +956,7 @@ const hal_rpc_pkey_dispatch_t hal_rpc_mixed_pkey_dispatch = {
pkey_mixed_generate_ec,
pkey_mixed_close,
pkey_mixed_delete,
+ pkey_mixed_rename,
pkey_mixed_get_key_type,
pkey_mixed_get_key_flags,
pkey_mixed_get_public_key_len,
diff --git a/rpc_pkey.c b/rpc_pkey.c
index 7455bb1..da8bf58 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -71,7 +71,7 @@ static pkey_slot_t pkey_handle[HAL_STATIC_PKEY_STATE_BLOCKS];
#endif
/*
- * Handle allocation is simple: we look for an unused (name_len == 0)
+ * Handle allocation is simple: look for an unused (HAL_KEY_TYPE_NONE)
* slot in the table, and, assuming we find one, construct a composite
* handle consisting of the index into the table and a counter whose
* sole purpose is to keep the same handle from reoccurring anytime
@@ -95,7 +95,7 @@ static inline pkey_slot_t *alloc_slot(const hal_key_flags_t flags)
glop |= HAL_PKEY_HANDLE_PROXIMATE_FLAG;
for (int i = 0; i < sizeof(pkey_handle)/sizeof(*pkey_handle); i++) {
- if (pkey_handle[i].name_len > 0)
+ if (pkey_handle[i].type != HAL_KEY_TYPE_NONE)
continue;
pkey_handle[i].pkey_handle.handle = i | glop;
pkey_handle[i].ks_hint = -1;
@@ -212,14 +212,14 @@ static hal_error_t pkcs1_5_pad(const uint8_t * const data, const size_t data_len
* Receive key from application, store it with supplied name, return a key handle.
*/
-static hal_error_t load(const hal_client_handle_t client,
- const hal_session_handle_t session,
- hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
- const hal_curve_name_t curve,
- const uint8_t * const name, const size_t name_len,
- const uint8_t * const der, const size_t der_len,
- const hal_key_flags_t flags)
+static hal_error_t pkey_local_load(const hal_client_handle_t client,
+ const hal_session_handle_t session,
+ hal_pkey_handle_t *pkey,
+ const hal_key_type_t type,
+ const hal_curve_name_t curve,
+ const uint8_t * const name, const size_t name_len,
+ const uint8_t * const der, const size_t der_len,
+ const hal_key_flags_t flags)
{
pkey_slot_t *slot;
hal_error_t err;
@@ -248,12 +248,12 @@ static hal_error_t load(const hal_client_handle_t client,
* Look up a key given its name, return a key handle.
*/
-static hal_error_t find(const hal_client_handle_t client,
- const hal_session_handle_t session,
- hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
- const uint8_t * const name, const size_t name_len,
- const hal_key_flags_t flags)
+static hal_error_t pkey_local_find(const hal_client_handle_t client,
+ const hal_session_handle_t session,
+ hal_pkey_handle_t *pkey,
+ const hal_key_type_t type,
+ const uint8_t * const name, const size_t name_len,
+ const hal_key_flags_t flags)
{
pkey_slot_t *slot;
hal_error_t err;
@@ -280,13 +280,13 @@ static hal_error_t find(const hal_client_handle_t client,
* Generate a new RSA key with supplied name, return a key handle.
*/
-static hal_error_t generate_rsa(const hal_client_handle_t client,
- const hal_session_handle_t session,
- hal_pkey_handle_t *pkey,
- const uint8_t * const name, const size_t name_len,
- const unsigned key_length,
- const uint8_t * const public_exponent, const size_t public_exponent_len,
- const hal_key_flags_t flags)
+static hal_error_t pkey_local_generate_rsa(const hal_client_handle_t client,
+ const hal_session_handle_t session,
+ hal_pkey_handle_t *pkey,
+ const uint8_t * const name, const size_t name_len,
+ const unsigned key_length,
+ const uint8_t * const public_exponent, const size_t public_exponent_len,
+ const hal_key_flags_t flags)
{
pkey_slot_t *slot;
hal_error_t err;
@@ -333,12 +333,12 @@ static hal_error_t generate_rsa(const hal_client_handle_t client,
* At the moment, EC key == ECDSA key, but this is subject to change.
*/
-static hal_error_t generate_ec(const hal_client_handle_t client,
- const hal_session_handle_t session,
- hal_pkey_handle_t *pkey,
- const uint8_t * const name, const size_t name_len,
- const hal_curve_name_t curve,
- const hal_key_flags_t flags)
+static hal_error_t pkey_local_generate_ec(const hal_client_handle_t client,
+ const hal_session_handle_t session,
+ hal_pkey_handle_t *pkey,
+ const uint8_t * const name, const size_t name_len,
+ const hal_curve_name_t curve,
+ const hal_key_flags_t flags)
{
pkey_slot_t *slot;
hal_error_t err;
@@ -383,7 +383,7 @@ static hal_error_t generate_ec(const hal_client_handle_t client,
* Discard key handle, leaving key intact.
*/
-static hal_error_t close(const hal_pkey_handle_t pkey)
+static hal_error_t pkey_local_close(const hal_pkey_handle_t pkey)
{
pkey_slot_t *slot;
@@ -399,7 +399,7 @@ static hal_error_t close(const hal_pkey_handle_t pkey)
* Delete a key from the store, given its key handle.
*/
-static hal_error_t delete(const hal_pkey_handle_t pkey)
+static hal_error_t pkey_local_delete(const hal_pkey_handle_t pkey)
{
pkey_slot_t *slot = find_handle(pkey);
@@ -415,11 +415,35 @@ static hal_error_t delete(const hal_pkey_handle_t pkey)
}
/*
+ * Rename a key in the key store, given its key handle and a new name.
+ */
+
+static hal_error_t pkey_local_rename(const hal_pkey_handle_t pkey,
+ const uint8_t * const name, const size_t name_len)
+{
+ pkey_slot_t *slot = find_handle(pkey);
+
+ if (slot == NULL)
+ return HAL_ERROR_KEY_NOT_FOUND;
+
+ hal_error_t err = hal_ks_rename(slot->type, slot->name, slot->name_len, name, name_len, &slot->ks_hint);
+
+ if (err == HAL_OK) {
+ assert(name_len <= sizeof(slot->name));
+ memcpy(slot->name, name, name_len);
+ memset(slot->name + name_len, 0, sizeof(slot->name) - name_len);
+ slot->name_len = name_len;
+ }
+
+ return err;
+}
+
+/*
* Get type of key associated with handle.
*/
-static hal_error_t get_key_type(const hal_pkey_handle_t pkey,
- hal_key_type_t *type)
+static hal_error_t pkey_local_get_key_type(const hal_pkey_handle_t pkey,
+ hal_key_type_t *type)
{
if (type == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
@@ -438,8 +462,8 @@ static hal_error_t get_key_type(const hal_pkey_handle_t pkey,
* Get flags of key associated with handle.
*/
-static hal_error_t get_key_flags(const hal_pkey_handle_t pkey,
- hal_key_flags_t *flags)
+static hal_error_t pkey_local_get_key_flags(const hal_pkey_handle_t pkey,
+ hal_key_flags_t *flags)
{
if (flags == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
@@ -458,7 +482,7 @@ static hal_error_t get_key_flags(const hal_pkey_handle_t pkey,
* Get length of public key associated with handle.
*/
-static size_t get_public_key_len(const hal_pkey_handle_t pkey)
+static size_t pkey_local_get_public_key_len(const hal_pkey_handle_t pkey)
{
pkey_slot_t *slot = find_handle(pkey);
@@ -507,8 +531,8 @@ static size_t get_public_key_len(const hal_pkey_handle_t pkey)
* Get public key associated with handle.
*/
-static hal_error_t get_public_key(const hal_pkey_handle_t pkey,
- uint8_t *der, size_t *der_len, const size_t der_max)
+static hal_error_t pkey_local_get_public_key(const hal_pkey_handle_t pkey,
+ uint8_t *der, size_t *der_len, const size_t der_max)
{
pkey_slot_t *slot = find_handle(pkey);
@@ -565,11 +589,11 @@ static hal_error_t get_public_key(const hal_pkey_handle_t pkey,
* algorithm-specific functions.
*/
-static hal_error_t sign_rsa(uint8_t *keybuf, const size_t keybuf_len,
- const uint8_t * const der, const size_t der_len,
- const hal_hash_handle_t hash,
- const uint8_t * input, size_t input_len,
- uint8_t * signature, size_t *signature_len, const size_t signature_max)
+static hal_error_t pkey_local_sign_rsa(uint8_t *keybuf, const size_t keybuf_len,
+ const uint8_t * const der, const size_t der_len,
+ const hal_hash_handle_t hash,
+ const uint8_t * input, size_t input_len,
+ uint8_t * signature, size_t *signature_len, const size_t signature_max)
{
hal_rsa_key_t *key = NULL;
hal_error_t err;
@@ -597,11 +621,11 @@ static hal_error_t sign_rsa(uint8_t *keybuf, const size_t keybuf_len,
return HAL_OK;
}
-static hal_error_t sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len,
- const uint8_t * const der, const size_t der_len,
- const hal_hash_handle_t hash,
- const uint8_t * input, size_t input_len,
- uint8_t * signature, size_t *signature_len, const size_t signature_max)
+static hal_error_t pkey_local_sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len,
+ const uint8_t * const der, const size_t der_len,
+ const hal_hash_handle_t hash,
+ const uint8_t * input, size_t input_len,
+ uint8_t * signature, size_t *signature_len, const size_t signature_max)
{
hal_ecdsa_key_t *key = NULL;
hal_error_t err;
@@ -634,11 +658,11 @@ static hal_error_t sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len,
return HAL_OK;
}
-static hal_error_t sign(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
- const hal_hash_handle_t hash,
- const uint8_t * const input, const size_t input_len,
- uint8_t * signature, size_t *signature_len, const size_t signature_max)
+static hal_error_t pkey_local_sign(const hal_session_handle_t session,
+ const hal_pkey_handle_t pkey,
+ const hal_hash_handle_t hash,
+ const uint8_t * const input, const size_t input_len,
+ uint8_t * signature, size_t *signature_len, const size_t signature_max)
{
pkey_slot_t *slot = find_handle(pkey);
@@ -653,10 +677,10 @@ static hal_error_t sign(const hal_session_handle_t session,
switch (slot->type) {
case HAL_KEY_TYPE_RSA_PRIVATE:
- signer = sign_rsa;
+ signer = pkey_local_sign_rsa;
break;
case HAL_KEY_TYPE_EC_PRIVATE:
- signer = sign_ecdsa;
+ signer = pkey_local_sign_ecdsa;
break;
default:
return HAL_ERROR_UNSUPPORTED_KEY;
@@ -685,11 +709,11 @@ static hal_error_t sign(const hal_session_handle_t session,
* algorithm-specific functions.
*/
-static hal_error_t verify_rsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type,
- const uint8_t * const der, const size_t der_len,
- const hal_hash_handle_t hash,
- const uint8_t * input, size_t input_len,
- const uint8_t * const signature, const size_t signature_len)
+static hal_error_t pkey_local_verify_rsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type,
+ const uint8_t * const der, const size_t der_len,
+ const hal_hash_handle_t hash,
+ const uint8_t * input, size_t input_len,
+ const uint8_t * const signature, const size_t signature_len)
{
uint8_t expected[signature_len], received[signature_len];
hal_rsa_key_t *key = NULL;
@@ -732,11 +756,11 @@ static hal_error_t verify_rsa(uint8_t *keybuf, const size_t keybuf_len, const ha
return HAL_OK;
}
-static hal_error_t verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type,
- const uint8_t * const der, const size_t der_len,
- const hal_hash_handle_t hash,
- const uint8_t * input, size_t input_len,
- const uint8_t * const signature, const size_t signature_len)
+static hal_error_t pkey_local_verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type,
+ const uint8_t * const der, const size_t der_len,
+ const hal_hash_handle_t hash,
+ const uint8_t * input, size_t input_len,
+ const uint8_t * const signature, const size_t signature_len)
{
uint8_t digest[signature_len];
hal_ecdsa_key_t *key = NULL;
@@ -776,11 +800,11 @@ static hal_error_t verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const
return HAL_OK;
}
-static hal_error_t verify(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
- const hal_hash_handle_t hash,
- const uint8_t * const input, const size_t input_len,
- const uint8_t * const signature, const size_t signature_len)
+static hal_error_t pkey_local_verify(const hal_session_handle_t session,
+ const hal_pkey_handle_t pkey,
+ const hal_hash_handle_t hash,
+ const uint8_t * const input, const size_t input_len,
+ const uint8_t * const signature, const size_t signature_len)
{
pkey_slot_t *slot = find_handle(pkey);
@@ -796,11 +820,11 @@ static hal_error_t verify(const hal_session_handle_t session,
switch (slot->type) {
case HAL_KEY_TYPE_RSA_PRIVATE:
case HAL_KEY_TYPE_RSA_PUBLIC:
- verifier = verify_rsa;
+ verifier = pkey_local_verify_rsa;
break;
case HAL_KEY_TYPE_EC_PRIVATE:
case HAL_KEY_TYPE_EC_PUBLIC:
- verifier = verify_ecdsa;
+ verifier = pkey_local_verify_ecdsa;
break;
default:
return HAL_ERROR_UNSUPPORTED_KEY;
@@ -827,28 +851,29 @@ static hal_error_t verify(const hal_session_handle_t session,
* List keys in the key store.
*/
-static hal_error_t list(hal_pkey_info_t *result,
- unsigned *result_len,
- const unsigned result_max,
- hal_key_flags_t flags)
+static hal_error_t pkey_local_list(hal_pkey_info_t *result,
+ unsigned *result_len,
+ const unsigned result_max,
+ hal_key_flags_t flags)
{
return hal_ks_list(result, result_len, result_max);
}
const hal_rpc_pkey_dispatch_t hal_rpc_local_pkey_dispatch = {
- load,
- find,
- generate_rsa,
- generate_ec,
- close,
- delete,
- get_key_type,
- get_key_flags,
- get_public_key_len,
- get_public_key,
- sign,
- verify,
- list
+ pkey_local_load,
+ pkey_local_find,
+ pkey_local_generate_rsa,
+ pkey_local_generate_ec,
+ pkey_local_close,
+ pkey_local_delete,
+ pkey_local_rename,
+ pkey_local_get_key_type,
+ pkey_local_get_key_flags,
+ pkey_local_get_public_key_len,
+ pkey_local_get_public_key,
+ pkey_local_sign,
+ pkey_local_verify,
+ pkey_local_list
};
/*
diff --git a/rpc_server.c b/rpc_server.c
index 7e8e036..a1bca26 100644
--- a/rpc_server.c
+++ b/rpc_server.c
@@ -415,6 +415,22 @@ static hal_error_t pkey_delete(const uint8_t **iptr, const uint8_t * const ilimi
return ret;
}
+static hal_error_t pkey_rename(const uint8_t **iptr, const uint8_t * const ilimit,
+ uint8_t **optr, const uint8_t * const olimit)
+{
+ hal_pkey_handle_t pkey;
+ const uint8_t *name;
+ uint32_t name_len;
+ hal_error_t ret;
+
+ check(hal_xdr_decode_int(iptr, ilimit, &pkey.handle));
+ check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &name, &name_len));
+
+ /* call the local function */
+ ret = hal_rpc_local_pkey_dispatch.rename(pkey, name, name_len);
+ return ret;
+}
+
static hal_error_t pkey_get_key_type(const uint8_t **iptr, const uint8_t * const ilimit,
uint8_t **optr, const uint8_t * const olimit)
{
@@ -683,6 +699,9 @@ void hal_rpc_server_dispatch(const uint8_t * const ibuf, const size_t ilen,
case RPC_FUNC_PKEY_LIST:
ret = pkey_list(&iptr, ilimit, &optr, olimit);
break;
+ case RPC_FUNC_PKEY_RENAME:
+ ret = pkey_rename(&iptr, ilimit, &optr, olimit);
+ break;
default:
ret = HAL_ERROR_RPC_BAD_FUNCTION;
break;