aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2016-09-09 00:33:52 -0400
committerRob Austein <sra@hactrn.net>2016-09-09 00:33:52 -0400
commitb1214089088d0321142f64abf2c820da9561bba9 (patch)
tree05a86d0c7ab9339a2102e8328f13fadd9a31330a
parent97ee7df6092551774b4c112a0349a25e76a684f3 (diff)
Simplify hal_rpc_pkey_find() by removing `type` argument.
Now that key names are UUIDs generated by the HSM, there's no real need to specify type key type when looking up a key, and removing the `type` argument allows a few simplifications of both the internal keystore API and of client code calling the public RPC API.
-rw-r--r--hal.h1
-rw-r--r--hal_internal.h1
-rw-r--r--ks_flash.c14
-rw-r--r--ks_volatile.c17
-rw-r--r--rpc_api.c5
-rw-r--r--rpc_client.c4
-rw-r--r--rpc_pkey.c14
-rw-r--r--rpc_server.c4
8 files changed, 25 insertions, 35 deletions
diff --git a/hal.h b/hal.h
index f6573a4..6f312af 100644
--- a/hal.h
+++ b/hal.h
@@ -699,7 +699,6 @@ extern hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client,
extern hal_error_t hal_rpc_pkey_find(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
const hal_uuid_t * const name,
const hal_key_flags_t flags);
diff --git a/hal_internal.h b/hal_internal.h
index dcf532f..59efbff 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -178,7 +178,6 @@ typedef struct {
hal_error_t (*find)(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
const hal_uuid_t * const name,
const hal_key_flags_t flags);
diff --git a/ks_flash.c b/ks_flash.c
index c3d12aa..9393100 100644
--- a/ks_flash.c
+++ b/ks_flash.c
@@ -291,13 +291,12 @@ static inline int acceptable_key_type(const hal_key_type_t type)
}
}
-static inline hal_ks_key_t *find(const hal_key_type_t type,
- const hal_uuid_t * const name)
+static inline hal_ks_key_t *find(const hal_uuid_t * const name)
{
- assert(name != NULL && acceptable_key_type(type));
+ assert(name != NULL);
for (int i = 0; i < sizeof(db.keys)/sizeof(*db.keys); i++)
- if (db.keys[i].in_use && db.keys[i].type == type && hal_uuid_cmp(&db.keys[i].name, name) == 0)
+ if (db.keys[i].in_use && hal_uuid_cmp(&db.keys[i].name, name) == 0)
return &db.keys[i];
return NULL;
@@ -310,11 +309,12 @@ static hal_error_t ks_fetch(hal_ks_t *ks,
if (ks != &db.ks || slot == NULL || !acceptable_key_type(slot->type))
return HAL_ERROR_BAD_ARGUMENTS;
- const hal_ks_key_t * const k = find(slot->type, &slot->name);
+ const hal_ks_key_t * const k = find(&slot->name);
if (k == NULL)
return HAL_ERROR_KEY_NOT_FOUND;
+ slot->type = k->type;
slot->curve = k->curve;
slot->flags = k->flags;
@@ -384,7 +384,7 @@ static hal_error_t ks_store(hal_ks_t *ks,
if (ks != &db.ks || slot == NULL || der == NULL || der_len == 0 || !acceptable_key_type(slot->type))
return HAL_ERROR_BAD_ARGUMENTS;
- if (find(slot->type, &slot->name) != NULL)
+ if (find(&slot->name) != NULL)
return HAL_ERROR_KEY_NAME_IN_USE;
int loc = -1;
@@ -482,7 +482,7 @@ static hal_error_t ks_delete(hal_ks_t *ks,
if (ks != &db.ks || slot == NULL || !acceptable_key_type(slot->type))
return HAL_ERROR_BAD_ARGUMENTS;
- hal_ks_key_t *k = find(slot->type, &slot->name);
+ hal_ks_key_t *k = find(&slot->name);
if (k == NULL)
return HAL_ERROR_KEY_NOT_FOUND;
diff --git a/ks_volatile.c b/ks_volatile.c
index 155ae04..d4f8ebd 100644
--- a/ks_volatile.c
+++ b/ks_volatile.c
@@ -176,14 +176,12 @@ static hal_error_t ks_store(hal_ks_t *ks,
return HAL_OK;
}
-static hal_ks_key_t *find(ks_t *ksv,
- const hal_key_type_t type,
- const hal_uuid_t * const name)
+static hal_ks_key_t *find(ks_t *ksv, const hal_uuid_t * const name)
{
- assert(ksv != NULL && name != NULL && acceptable_key_type(type));
+ assert(ksv != NULL && name != NULL);
for (int i = 0; i < sizeof(ksv->db->keys)/sizeof(*ksv->db->keys); i++)
- if (ksv->db->keys[i].in_use && ksv->db->keys[i].type == type && hal_uuid_cmp(&ksv->db->keys[i].name, name) == 0)
+ if (ksv->db->keys[i].in_use && hal_uuid_cmp(&ksv->db->keys[i].name, name) == 0)
return &ksv->db->keys[i];
return NULL;
@@ -193,7 +191,7 @@ static hal_error_t ks_fetch(hal_ks_t *ks,
hal_pkey_slot_t *slot,
uint8_t *der, size_t *der_len, const size_t der_max)
{
- if (ks == NULL || slot == NULL || !acceptable_key_type(slot->type))
+ if (ks == NULL || slot == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
ks_t *ksv = ks_to_ksv(ks);
@@ -201,11 +199,12 @@ static hal_error_t ks_fetch(hal_ks_t *ks,
if (ksv->db == NULL)
return HAL_ERROR_KEYSTORE_ACCESS;
- const hal_ks_key_t * const k = find(ksv, slot->type, &slot->name);
+ const hal_ks_key_t * const k = find(ksv, &slot->name);
if (k == NULL)
return HAL_ERROR_KEY_NOT_FOUND;
+ slot->type = k->type;
slot->curve = k->curve;
slot->flags = k->flags;
@@ -238,7 +237,7 @@ static hal_error_t ks_fetch(hal_ks_t *ks,
static hal_error_t ks_delete(hal_ks_t *ks,
const hal_pkey_slot_t * const slot)
{
- if (ks == NULL || slot == NULL || !acceptable_key_type(slot->type))
+ if (ks == NULL || slot == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
ks_t *ksv = ks_to_ksv(ks);
@@ -246,7 +245,7 @@ static hal_error_t ks_delete(hal_ks_t *ks,
if (ksv->db == NULL)
return HAL_ERROR_KEYSTORE_ACCESS;
- hal_ks_key_t *k = find(ksv, slot->type, &slot->name);
+ hal_ks_key_t *k = find(ksv, &slot->name);
if (k == NULL)
return HAL_ERROR_KEY_NOT_FOUND;
diff --git a/rpc_api.c b/rpc_api.c
index 2fe7e63..a8dc89d 100644
--- a/rpc_api.c
+++ b/rpc_api.c
@@ -230,13 +230,12 @@ hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client,
hal_error_t hal_rpc_pkey_find(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
const hal_uuid_t * const name,
const hal_key_flags_t flags)
{
- if (pkey == NULL || name == NULL || !check_pkey_type(type))
+ if (pkey == NULL || name == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
- return hal_rpc_pkey_dispatch->find(client, session, pkey, type, name, flags);
+ return hal_rpc_pkey_dispatch->find(client, session, pkey, name, flags);
}
hal_error_t hal_rpc_pkey_generate_rsa(const hal_client_handle_t client,
diff --git a/rpc_client.c b/rpc_client.c
index 14ef23b..b4184d4 100644
--- a/rpc_client.c
+++ b/rpc_client.c
@@ -447,11 +447,10 @@ static hal_error_t pkey_remote_load(const hal_client_handle_t client,
static hal_error_t pkey_remote_find(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
const hal_uuid_t * const name,
const hal_key_flags_t flags)
{
- uint8_t outbuf[nargs(6) + pad(sizeof(name->uuid))], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t outbuf[nargs(5) + pad(sizeof(name->uuid))], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
uint8_t inbuf[nargs(4)];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
hal_error_t rpc_ret;
@@ -459,7 +458,6 @@ static hal_error_t pkey_remote_find(const hal_client_handle_t client,
check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_FIND));
check(hal_xdr_encode_int(&optr, olimit, client.handle));
check(hal_xdr_encode_int(&optr, olimit, session.handle));
- check(hal_xdr_encode_int(&optr, olimit, type));
check(hal_xdr_encode_buffer(&optr, olimit, name->uuid, sizeof(name->uuid)));
check(hal_xdr_encode_int(&optr, olimit, flags));
check(hal_rpc_send(outbuf, optr - outbuf));
diff --git a/rpc_pkey.c b/rpc_pkey.c
index 069a73b..cf0975b 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -191,9 +191,9 @@ static hal_error_t pkey_local_load(const hal_client_handle_t client,
if ((err = hal_uuid_gen(&slot->name)) != HAL_OK)
return err;
- slot->client_handle = client;
+ slot->client_handle = client;
slot->session_handle = session;
- slot->type = type;
+ slot->type = type;
slot->curve = curve;
slot->flags = flags;
@@ -220,7 +220,6 @@ static hal_error_t pkey_local_load(const hal_client_handle_t client,
static hal_error_t pkey_local_find(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
const hal_uuid_t * const name,
const hal_key_flags_t flags)
{
@@ -236,7 +235,6 @@ static hal_error_t pkey_local_find(const hal_client_handle_t client,
slot->name = *name;
slot->client_handle = client;
slot->session_handle = session;
- slot->type = type;
if ((err = ks_open_from_flags(&ks, flags)) == HAL_OK &&
(err = hal_ks_fetch(ks, slot, NULL, NULL, 0)) == HAL_OK)
@@ -279,9 +277,9 @@ static hal_error_t pkey_local_generate_rsa(const hal_client_handle_t client,
if ((err = hal_uuid_gen(&slot->name)) != HAL_OK)
return err;
- slot->client_handle = client;
+ slot->client_handle = client;
slot->session_handle = session;
- slot->type = HAL_KEY_TYPE_RSA_PRIVATE;
+ slot->type = HAL_KEY_TYPE_RSA_PRIVATE;
slot->curve = HAL_CURVE_NONE;
slot->flags = flags;
@@ -340,9 +338,9 @@ static hal_error_t pkey_local_generate_ec(const hal_client_handle_t client,
if ((err = hal_uuid_gen(&slot->name)) != HAL_OK)
return err;
- slot->client_handle = client;
+ slot->client_handle = client;
slot->session_handle = session;
- slot->type = HAL_KEY_TYPE_EC_PRIVATE;
+ slot->type = HAL_KEY_TYPE_EC_PRIVATE;
slot->curve = curve;
slot->flags = flags;
diff --git a/rpc_server.c b/rpc_server.c
index 9694ab8..9397d3e 100644
--- a/rpc_server.c
+++ b/rpc_server.c
@@ -354,7 +354,6 @@ static hal_error_t pkey_find(const uint8_t **iptr, const uint8_t * const ilimit,
hal_client_handle_t client;
hal_session_handle_t session;
hal_pkey_handle_t pkey;
- uint32_t type;
const uint8_t *name_ptr;
uint32_t name_len;
hal_key_flags_t flags;
@@ -362,7 +361,6 @@ static hal_error_t pkey_find(const uint8_t **iptr, const uint8_t * const ilimit,
check(hal_xdr_decode_int(iptr, ilimit, &client.handle));
check(hal_xdr_decode_int(iptr, ilimit, &session.handle));
- check(hal_xdr_decode_int(iptr, ilimit, &type));
check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &name_ptr, &name_len));
check(hal_xdr_decode_int(iptr, ilimit, &flags));
@@ -370,7 +368,7 @@ static hal_error_t pkey_find(const uint8_t **iptr, const uint8_t * const ilimit,
return HAL_ERROR_KEY_NAME_TOO_LONG;
/* call the local function */
- ret = hal_rpc_local_pkey_dispatch.find(client, session, &pkey, type, (const hal_uuid_t *) name_ptr, flags);
+ ret = hal_rpc_local_pkey_dispatch.find(client, session, &pkey, (const hal_uuid_t *) name_ptr, flags);
if (ret == HAL_OK)
check(hal_xdr_encode_int(optr, olimit, pkey.handle));