aboutsummaryrefslogtreecommitdiff
path: root/hal_internal.h
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2016-11-08 01:44:50 -0500
committerRob Austein <sra@hactrn.net>2016-11-08 01:44:50 -0500
commit09a065bb67bf055da0417a6c972c11ba5ab13da0 (patch)
tree9a6952148efb88354b2c894b5a83b810b3f90e13 /hal_internal.h
parent9d03d73315cc1cb5d4276409410c55c8fc556675 (diff)
First cut at multi-attribute get/set/delete API.
This is not yet complete, only the ks_volatile driver supports it, ks_flash will be a bit more complicated and isn't written yet. At the moment, this adds a complete duplicate set of {set,get,delete}_attributes() functions in parallel to the earlier {set,get,delete}_attribute() functions. We will almost certainly want to get rid of the duplicates, probably (but not necessarily) the entire single-attribute suite. At the moment, though, we want both sets so we can compare execution speeds of the two sets of functions.
Diffstat (limited to 'hal_internal.h')
-rw-r--r--hal_internal.h137
1 files changed, 89 insertions, 48 deletions
diff --git a/hal_internal.h b/hal_internal.h
index 5faba54..6b82b9c 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -250,7 +250,7 @@ typedef struct {
const hal_key_type_t type,
const hal_curve_name_t curve,
const hal_key_flags_t flags,
- hal_rpc_pkey_attribute_t *attributes,
+ const hal_rpc_pkey_attribute_t *attributes,
const unsigned attributes_len,
hal_uuid_t *result,
unsigned *result_len,
@@ -271,6 +271,21 @@ typedef struct {
hal_error_t (*delete_attribute)(const hal_pkey_handle_t pkey,
const uint32_t type);
+
+ hal_error_t (*set_attributes)(const hal_pkey_handle_t pkey,
+ const hal_rpc_pkey_attribute_t *attributes,
+ const unsigned attributes_len);
+
+ hal_error_t (*get_attributes)(const hal_pkey_handle_t pkey,
+ hal_rpc_pkey_attribute_t *attributes,
+ const unsigned attributes_len,
+ uint8_t *attributes_buffer,
+ const size_t attributes_buffer_len);
+
+ hal_error_t (*delete_attributes)(const hal_pkey_handle_t pkey,
+ const uint32_t *types,
+ const unsigned types_len);
+
} hal_rpc_pkey_dispatch_t;
@@ -497,7 +512,7 @@ struct hal_ks_driver {
const hal_key_type_t type,
const hal_curve_name_t curve,
const hal_key_flags_t flags,
- hal_rpc_pkey_attribute_t *attributes,
+ const hal_rpc_pkey_attribute_t *attributes,
const unsigned attributes_len,
hal_uuid_t *result,
unsigned *result_len,
@@ -521,6 +536,23 @@ struct hal_ks_driver {
hal_pkey_slot_t *slot,
const uint32_t type);
+ hal_error_t (*set_attributes)(hal_ks_t *ks,
+ hal_pkey_slot_t *slot,
+ const hal_rpc_pkey_attribute_t *attributes,
+ const unsigned attributes_len);
+
+ hal_error_t (*get_attributes)(hal_ks_t *ks,
+ hal_pkey_slot_t *slot,
+ hal_rpc_pkey_attribute_t *attributes,
+ const unsigned attributes_len,
+ uint8_t *attributes_buffer,
+ const size_t attributes_buffer_len);
+
+ hal_error_t (*delete_attributes)(hal_ks_t *ks,
+ hal_pkey_slot_t *slot,
+ const uint32_t *types,
+ const unsigned types_len);
+
};
@@ -622,7 +654,7 @@ static inline hal_error_t hal_ks_match(hal_ks_t *ks,
const hal_key_type_t type,
const hal_curve_name_t curve,
const hal_key_flags_t flags,
- hal_rpc_pkey_attribute_t *attributes,
+ const hal_rpc_pkey_attribute_t *attributes,
const unsigned attributes_len,
hal_uuid_t *result,
unsigned *result_len,
@@ -649,11 +681,11 @@ static inline hal_error_t hal_ks_set_attribute(hal_ks_t *ks,
}
static inline hal_error_t hal_ks_get_attribute(hal_ks_t *ks,
- hal_pkey_slot_t *slot,
- const uint32_t type,
- uint8_t *value,
- size_t *value_len,
- const size_t value_max)
+ hal_pkey_slot_t *slot,
+ const uint32_t type,
+ uint8_t *value,
+ size_t *value_len,
+ const size_t value_max)
{
if (ks == NULL || ks->driver == NULL || ks->driver->get_attribute == NULL || slot == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
@@ -662,8 +694,8 @@ static inline hal_error_t hal_ks_get_attribute(hal_ks_t *ks,
}
static inline hal_error_t hal_ks_delete_attribute(hal_ks_t *ks,
- hal_pkey_slot_t *slot,
- const uint32_t type)
+ hal_pkey_slot_t *slot,
+ const uint32_t type)
{
if (ks == NULL || ks->driver == NULL || ks->driver->delete_attribute == NULL || slot == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
@@ -671,6 +703,50 @@ static inline hal_error_t hal_ks_delete_attribute(hal_ks_t *ks,
return ks->driver->delete_attribute(ks, slot, type);
}
+static inline hal_error_t hal_ks_set_attributes(hal_ks_t *ks,
+ hal_pkey_slot_t *slot,
+ const hal_rpc_pkey_attribute_t *attributes,
+ const unsigned attributes_len)
+{
+ if (ks == NULL || ks->driver == NULL || ks->driver->set_attributes == NULL || slot == NULL ||
+ attributes == NULL || attributes_len == 0)
+ return HAL_ERROR_BAD_ARGUMENTS;
+
+ for (int i = 0; i < attributes_len; i++)
+ if (attributes[i].length == 0 || attributes[i].value == NULL)
+ return HAL_ERROR_BAD_ARGUMENTS;
+
+ return ks->driver->set_attributes(ks, slot, attributes, attributes_len);
+}
+
+static inline hal_error_t hal_ks_get_attributes(hal_ks_t *ks,
+ hal_pkey_slot_t *slot,
+ hal_rpc_pkey_attribute_t *attributes,
+ const unsigned attributes_len,
+ uint8_t *attributes_buffer,
+ const size_t attributes_buffer_len)
+{
+ if (ks == NULL || ks->driver == NULL || ks->driver->get_attributes == NULL || slot == NULL ||
+ attributes == NULL || attributes_len == 0 ||
+ attributes_buffer == NULL || attributes_buffer_len == 0)
+ return HAL_ERROR_BAD_ARGUMENTS;
+
+ return ks->driver->get_attributes(ks, slot, attributes, attributes_len,
+ attributes_buffer, attributes_buffer_len);
+}
+
+static inline hal_error_t hal_ks_delete_attributes(hal_ks_t *ks,
+ hal_pkey_slot_t *slot,
+ const uint32_t *types,
+ const unsigned types_len)
+{
+ if (ks == NULL || ks->driver == NULL || ks->driver->delete_attributes == NULL || slot == NULL ||
+ types == NULL || types_len == 0)
+ return HAL_ERROR_BAD_ARGUMENTS;
+
+ return ks->driver->delete_attributes(ks, slot, types, types_len);
+}
+
/*
* Keystore index. This is intended to be usable by both memory-based
* (in-memory, mmap(), ...) keystores and keystores based on raw flash.
@@ -803,44 +879,6 @@ extern hal_error_t hal_ks_index_fsck(hal_ks_index_t *ksi);
/*
* Keystore attribute utilities, for use by keystore drivers.
- *
- * Basic model here is probably to replace the "der" block in a key
- * object with a byte array. We could use padding to get alignment,
- * but it's probably easier just to do this DNS style, pulling a
- * 16-bit length and 32-bit attribute type out of the byte array
- * directly. Well, maybe. I guess if we cast the uint8_t* to a
- * structure pointer we could use the structure to pull out the header
- * fields, but that has portability issues, particulary if the
- * compiler gets tetchy about type punning.
- *
- * Unclear whether we should treat the key DER specially. Might just
- * give it an attribute code of 0xFFFFFFFF and treat it same as
- * everything else, just always first for convenience. This assumes
- * that PKCS #11 will never use 0xFFFFFFFF, which is a bit risky, but
- * maybe the code just treats it a little bit specially and knows to
- * skip over the key DER when looking for attributes, etc.
- *
- * We probably don't want to let attributes span block boundaries. We
- * probably do want to attempt to fit a new attribute into the first
- * available space which can hold it. In theory, taken together, this
- * means we will only have to update multiple blocks when required to
- * add a new block (in which case the max_blocks count changes). Most
- * of this only applies to flash, for volatile we can use as much
- * memory as we like, although even there we might want smaller chunks
- * to avoid wasting huge tracts of space that don't end up being used.
- * But maybe that's just a configuration thing for the volatile
- * keystore(s).
- *
- * If we have to rewrite a block at all we might as well compact it,
- * so fragmentation in that sense is a non-issue. Might need to
- * collapse blocks when deletion has freed up enough space, but that
- * might be something we handle directly in ks_flash rather than in
- * the ks_attribute code.
- *
- * We need some way of figuring out how many attributes there are.
- * Options are a marker (like the IPv4 END-OF-OPTIONS option) or a
- * count in the header. Count is simpler and lets us pre-allocate
- * arrays so probably go with that.
*/
extern hal_error_t hal_ks_attribute_scan(const uint8_t * const bytes,
@@ -919,6 +957,9 @@ typedef enum {
RPC_FUNC_PKEY_GET_ATTRIBUTE,
RPC_FUNC_PKEY_DELETE_ATTRIBUTE,
RPC_FUNC_PKEY_GET_KEY_CURVE,
+ RPC_FUNC_PKEY_SET_ATTRIBUTES,
+ RPC_FUNC_PKEY_GET_ATTRIBUTES,
+ RPC_FUNC_PKEY_DELETE_ATTRIBUTES,
} rpc_func_num_t;
#define RPC_VERSION 0x01010000 /* 1.1.0.0 */
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 16:48:08 +0000