The new keywrap core now talks directly to the MKM, so I split the code

that talks to that core out of aes_keywrap.c. The HSM will now be built
with just the keywrap core, with no user access to aes or mkmif.

1 files changed, 20 insertions, 2 deletions

diff --git a/hal.h b/hal.h
index a03c891..6ed8c9d 100644
--- a/hal.h
+++ b/hal.h
@@ -380,8 +380,6 @@ extern const hal_hash_descriptor_t *hal_hmac_get_descriptor(const hal_hmac_state
  * AES key wrap functions.
  */
 
-extern hal_error_t hal_aes_use_keywrap_core(int onoff);
-
 extern hal_error_t hal_aes_keywrap(hal_core_t *core,
                                    const uint8_t *kek, const size_t kek_length,
                                    const uint8_t *plaintext, const size_t plaintext_length,
@@ -395,6 +393,26 @@ extern hal_error_t hal_aes_keyunwrap(hal_core_t *core,
 extern size_t hal_aes_keywrap_ciphertext_length(const size_t plaintext_length);
 
 /*
+ * New keywrap functions
+ */
+
+extern hal_error_t hal_keywrap_mkm_status(hal_core_t *core);
+
+extern hal_error_t hal_keywrap_mkm_write(hal_core_t *core, const uint8_t *K, const size_t K_len);
+
+extern hal_error_t hal_keywrap_mkm_erase(hal_core_t *core, const size_t K_len);
+
+extern hal_error_t hal_keywrap_wrap(hal_core_t *core,
+                                    const uint8_t *kek, const size_t kek_length,
+                                    const uint8_t *plaintext, const size_t plaintext_length,
+                                    uint8_t *cyphertext, size_t *ciphertext_length);
+
+extern hal_error_t hal_keywrap_unwrap(hal_core_t *core,
+                                      const uint8_t *kek, const size_t kek_length,
+                                      const uint8_t *ciphertext, const size_t ciphertext_length,
+                                      uint8_t *plaintext, size_t *plaintext_length);
+
+/*
  * PBKDF2 function.  Uses HMAC with the specified digest algorithm as
  * the pseudo-random function (PRF).
  */