aboutsummaryrefslogtreecommitdiff
path: root/rpc_pkey.c
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2016-05-15 20:49:18 -0400
committerRob Austein <sra@hactrn.net>2016-05-15 20:49:18 -0400
commit0690aa3d48966a4b151a468fd3a0a65bb99de439 (patch)
treee88db7d7d677ea48d9bb3dbd57acc514785a44f7 /rpc_pkey.c
parent53b0dd22287e07ca32184c27b7ec0d75d358bde4 (diff)
Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.
Temporary nature of null string as key name is not enforced by the keystore code, it's just a convention to allow callers to generate a keypair, obtain the public key, hash that to a Subject Key Identifier (SKI), and rename the key using the SKI as the new name. This is a compromise to let us use SKI-based key names in PKCS #11 while keeping the keystore code simple.
Diffstat (limited to 'rpc_pkey.c')
-rw-r--r--rpc_pkey.c203
1 files changed, 114 insertions, 89 deletions
diff --git a/rpc_pkey.c b/rpc_pkey.c
index 7455bb1..da8bf58 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -71,7 +71,7 @@ static pkey_slot_t pkey_handle[HAL_STATIC_PKEY_STATE_BLOCKS];
#endif
/*
- * Handle allocation is simple: we look for an unused (name_len == 0)
+ * Handle allocation is simple: look for an unused (HAL_KEY_TYPE_NONE)
* slot in the table, and, assuming we find one, construct a composite
* handle consisting of the index into the table and a counter whose
* sole purpose is to keep the same handle from reoccurring anytime
@@ -95,7 +95,7 @@ static inline pkey_slot_t *alloc_slot(const hal_key_flags_t flags)
glop |= HAL_PKEY_HANDLE_PROXIMATE_FLAG;
for (int i = 0; i < sizeof(pkey_handle)/sizeof(*pkey_handle); i++) {
- if (pkey_handle[i].name_len > 0)
+ if (pkey_handle[i].type != HAL_KEY_TYPE_NONE)
continue;
pkey_handle[i].pkey_handle.handle = i | glop;
pkey_handle[i].ks_hint = -1;
@@ -212,14 +212,14 @@ static hal_error_t pkcs1_5_pad(const uint8_t * const data, const size_t data_len
* Receive key from application, store it with supplied name, return a key handle.
*/
-static hal_error_t load(const hal_client_handle_t client,
- const hal_session_handle_t session,
- hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
- const hal_curve_name_t curve,
- const uint8_t * const name, const size_t name_len,
- const uint8_t * const der, const size_t der_len,
- const hal_key_flags_t flags)
+static hal_error_t pkey_local_load(const hal_client_handle_t client,
+ const hal_session_handle_t session,
+ hal_pkey_handle_t *pkey,
+ const hal_key_type_t type,
+ const hal_curve_name_t curve,
+ const uint8_t * const name, const size_t name_len,
+ const uint8_t * const der, const size_t der_len,
+ const hal_key_flags_t flags)
{
pkey_slot_t *slot;
hal_error_t err;
@@ -248,12 +248,12 @@ static hal_error_t load(const hal_client_handle_t client,
* Look up a key given its name, return a key handle.
*/
-static hal_error_t find(const hal_client_handle_t client,
- const hal_session_handle_t session,
- hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
- const uint8_t * const name, const size_t name_len,
- const hal_key_flags_t flags)
+static hal_error_t pkey_local_find(const hal_client_handle_t client,
+ const hal_session_handle_t session,
+ hal_pkey_handle_t *pkey,
+ const hal_key_type_t type,
+ const uint8_t * const name, const size_t name_len,
+ const hal_key_flags_t flags)
{
pkey_slot_t *slot;
hal_error_t err;
@@ -280,13 +280,13 @@ static hal_error_t find(const hal_client_handle_t client,
* Generate a new RSA key with supplied name, return a key handle.
*/
-static hal_error_t generate_rsa(const hal_client_handle_t client,
- const hal_session_handle_t session,
- hal_pkey_handle_t *pkey,
- const uint8_t * const name, const size_t name_len,
- const unsigned key_length,
- const uint8_t * const public_exponent, const size_t public_exponent_len,
- const hal_key_flags_t flags)
+static hal_error_t pkey_local_generate_rsa(const hal_client_handle_t client,
+ const hal_session_handle_t session,
+ hal_pkey_handle_t *pkey,
+ const uint8_t * const name, const size_t name_len,
+ const unsigned key_length,
+ const uint8_t * const public_exponent, const size_t public_exponent_len,
+ const hal_key_flags_t flags)
{
pkey_slot_t *slot;
hal_error_t err;
@@ -333,12 +333,12 @@ static hal_error_t generate_rsa(const hal_client_handle_t client,
* At the moment, EC key == ECDSA key, but this is subject to change.
*/
-static hal_error_t generate_ec(const hal_client_handle_t client,
- const hal_session_handle_t session,
- hal_pkey_handle_t *pkey,
- const uint8_t * const name, const size_t name_len,
- const hal_curve_name_t curve,
- const hal_key_flags_t flags)
+static hal_error_t pkey_local_generate_ec(const hal_client_handle_t client,
+ const hal_session_handle_t session,
+ hal_pkey_handle_t *pkey,
+ const uint8_t * const name, const size_t name_len,
+ const hal_curve_name_t curve,
+ const hal_key_flags_t flags)
{
pkey_slot_t *slot;
hal_error_t err;
@@ -383,7 +383,7 @@ static hal_error_t generate_ec(const hal_client_handle_t client,
* Discard key handle, leaving key intact.
*/
-static hal_error_t close(const hal_pkey_handle_t pkey)
+static hal_error_t pkey_local_close(const hal_pkey_handle_t pkey)
{
pkey_slot_t *slot;
@@ -399,7 +399,7 @@ static hal_error_t close(const hal_pkey_handle_t pkey)
* Delete a key from the store, given its key handle.
*/
-static hal_error_t delete(const hal_pkey_handle_t pkey)
+static hal_error_t pkey_local_delete(const hal_pkey_handle_t pkey)
{
pkey_slot_t *slot = find_handle(pkey);
@@ -415,11 +415,35 @@ static hal_error_t delete(const hal_pkey_handle_t pkey)
}
/*
+ * Rename a key in the key store, given its key handle and a new name.
+ */
+
+static hal_error_t pkey_local_rename(const hal_pkey_handle_t pkey,
+ const uint8_t * const name, const size_t name_len)
+{
+ pkey_slot_t *slot = find_handle(pkey);
+
+ if (slot == NULL)
+ return HAL_ERROR_KEY_NOT_FOUND;
+
+ hal_error_t err = hal_ks_rename(slot->type, slot->name, slot->name_len, name, name_len, &slot->ks_hint);
+
+ if (err == HAL_OK) {
+ assert(name_len <= sizeof(slot->name));
+ memcpy(slot->name, name, name_len);
+ memset(slot->name + name_len, 0, sizeof(slot->name) - name_len);
+ slot->name_len = name_len;
+ }
+
+ return err;
+}
+
+/*
* Get type of key associated with handle.
*/
-static hal_error_t get_key_type(const hal_pkey_handle_t pkey,
- hal_key_type_t *type)
+static hal_error_t pkey_local_get_key_type(const hal_pkey_handle_t pkey,
+ hal_key_type_t *type)
{
if (type == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
@@ -438,8 +462,8 @@ static hal_error_t get_key_type(const hal_pkey_handle_t pkey,
* Get flags of key associated with handle.
*/
-static hal_error_t get_key_flags(const hal_pkey_handle_t pkey,
- hal_key_flags_t *flags)
+static hal_error_t pkey_local_get_key_flags(const hal_pkey_handle_t pkey,
+ hal_key_flags_t *flags)
{
if (flags == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
@@ -458,7 +482,7 @@ static hal_error_t get_key_flags(const hal_pkey_handle_t pkey,
* Get length of public key associated with handle.
*/
-static size_t get_public_key_len(const hal_pkey_handle_t pkey)
+static size_t pkey_local_get_public_key_len(const hal_pkey_handle_t pkey)
{
pkey_slot_t *slot = find_handle(pkey);
@@ -507,8 +531,8 @@ static size_t get_public_key_len(const hal_pkey_handle_t pkey)
* Get public key associated with handle.
*/
-static hal_error_t get_public_key(const hal_pkey_handle_t pkey,
- uint8_t *der, size_t *der_len, const size_t der_max)
+static hal_error_t pkey_local_get_public_key(const hal_pkey_handle_t pkey,
+ uint8_t *der, size_t *der_len, const size_t der_max)
{
pkey_slot_t *slot = find_handle(pkey);
@@ -565,11 +589,11 @@ static hal_error_t get_public_key(const hal_pkey_handle_t pkey,
* algorithm-specific functions.
*/
-static hal_error_t sign_rsa(uint8_t *keybuf, const size_t keybuf_len,
- const uint8_t * const der, const size_t der_len,
- const hal_hash_handle_t hash,
- const uint8_t * input, size_t input_len,
- uint8_t * signature, size_t *signature_len, const size_t signature_max)
+static hal_error_t pkey_local_sign_rsa(uint8_t *keybuf, const size_t keybuf_len,
+ const uint8_t * const der, const size_t der_len,
+ const hal_hash_handle_t hash,
+ const uint8_t * input, size_t input_len,
+ uint8_t * signature, size_t *signature_len, const size_t signature_max)
{
hal_rsa_key_t *key = NULL;
hal_error_t err;
@@ -597,11 +621,11 @@ static hal_error_t sign_rsa(uint8_t *keybuf, const size_t keybuf_len,
return HAL_OK;
}
-static hal_error_t sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len,
- const uint8_t * const der, const size_t der_len,
- const hal_hash_handle_t hash,
- const uint8_t * input, size_t input_len,
- uint8_t * signature, size_t *signature_len, const size_t signature_max)
+static hal_error_t pkey_local_sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len,
+ const uint8_t * const der, const size_t der_len,
+ const hal_hash_handle_t hash,
+ const uint8_t * input, size_t input_len,
+ uint8_t * signature, size_t *signature_len, const size_t signature_max)
{
hal_ecdsa_key_t *key = NULL;
hal_error_t err;
@@ -634,11 +658,11 @@ static hal_error_t sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len,
return HAL_OK;
}
-static hal_error_t sign(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
- const hal_hash_handle_t hash,
- const uint8_t * const input, const size_t input_len,
- uint8_t * signature, size_t *signature_len, const size_t signature_max)
+static hal_error_t pkey_local_sign(const hal_session_handle_t session,
+ const hal_pkey_handle_t pkey,
+ const hal_hash_handle_t hash,
+ const uint8_t * const input, const size_t input_len,
+ uint8_t * signature, size_t *signature_len, const size_t signature_max)
{
pkey_slot_t *slot = find_handle(pkey);
@@ -653,10 +677,10 @@ static hal_error_t sign(const hal_session_handle_t session,
switch (slot->type) {
case HAL_KEY_TYPE_RSA_PRIVATE:
- signer = sign_rsa;
+ signer = pkey_local_sign_rsa;
break;
case HAL_KEY_TYPE_EC_PRIVATE:
- signer = sign_ecdsa;
+ signer = pkey_local_sign_ecdsa;
break;
default:
return HAL_ERROR_UNSUPPORTED_KEY;
@@ -685,11 +709,11 @@ static hal_error_t sign(const hal_session_handle_t session,
* algorithm-specific functions.
*/
-static hal_error_t verify_rsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type,
- const uint8_t * const der, const size_t der_len,
- const hal_hash_handle_t hash,
- const uint8_t * input, size_t input_len,
- const uint8_t * const signature, const size_t signature_len)
+static hal_error_t pkey_local_verify_rsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type,
+ const uint8_t * const der, const size_t der_len,
+ const hal_hash_handle_t hash,
+ const uint8_t * input, size_t input_len,
+ const uint8_t * const signature, const size_t signature_len)
{
uint8_t expected[signature_len], received[signature_len];
hal_rsa_key_t *key = NULL;
@@ -732,11 +756,11 @@ static hal_error_t verify_rsa(uint8_t *keybuf, const size_t keybuf_len, const ha
return HAL_OK;
}
-static hal_error_t verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type,
- const uint8_t * const der, const size_t der_len,
- const hal_hash_handle_t hash,
- const uint8_t * input, size_t input_len,
- const uint8_t * const signature, const size_t signature_len)
+static hal_error_t pkey_local_verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type,
+ const uint8_t * const der, const size_t der_len,
+ const hal_hash_handle_t hash,
+ const uint8_t * input, size_t input_len,
+ const uint8_t * const signature, const size_t signature_len)
{
uint8_t digest[signature_len];
hal_ecdsa_key_t *key = NULL;
@@ -776,11 +800,11 @@ static hal_error_t verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const
return HAL_OK;
}
-static hal_error_t verify(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
- const hal_hash_handle_t hash,
- const uint8_t * const input, const size_t input_len,
- const uint8_t * const signature, const size_t signature_len)
+static hal_error_t pkey_local_verify(const hal_session_handle_t session,
+ const hal_pkey_handle_t pkey,
+ const hal_hash_handle_t hash,
+ const uint8_t * const input, const size_t input_len,
+ const uint8_t * const signature, const size_t signature_len)
{
pkey_slot_t *slot = find_handle(pkey);
@@ -796,11 +820,11 @@ static hal_error_t verify(const hal_session_handle_t session,
switch (slot->type) {
case HAL_KEY_TYPE_RSA_PRIVATE:
case HAL_KEY_TYPE_RSA_PUBLIC:
- verifier = verify_rsa;
+ verifier = pkey_local_verify_rsa;
break;
case HAL_KEY_TYPE_EC_PRIVATE:
case HAL_KEY_TYPE_EC_PUBLIC:
- verifier = verify_ecdsa;
+ verifier = pkey_local_verify_ecdsa;
break;
default:
return HAL_ERROR_UNSUPPORTED_KEY;
@@ -827,28 +851,29 @@ static hal_error_t verify(const hal_session_handle_t session,
* List keys in the key store.
*/
-static hal_error_t list(hal_pkey_info_t *result,
- unsigned *result_len,
- const unsigned result_max,
- hal_key_flags_t flags)
+static hal_error_t pkey_local_list(hal_pkey_info_t *result,
+ unsigned *result_len,
+ const unsigned result_max,
+ hal_key_flags_t flags)
{
return hal_ks_list(result, result_len, result_max);
}
const hal_rpc_pkey_dispatch_t hal_rpc_local_pkey_dispatch = {
- load,
- find,
- generate_rsa,
- generate_ec,
- close,
- delete,
- get_key_type,
- get_key_flags,
- get_public_key_len,
- get_public_key,
- sign,
- verify,
- list
+ pkey_local_load,
+ pkey_local_find,
+ pkey_local_generate_rsa,
+ pkey_local_generate_ec,
+ pkey_local_close,
+ pkey_local_delete,
+ pkey_local_rename,
+ pkey_local_get_key_type,
+ pkey_local_get_key_flags,
+ pkey_local_get_public_key_len,
+ pkey_local_get_public_key,
+ pkey_local_sign,
+ pkey_local_verify,
+ pkey_local_list
};
/*
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 14:12:33 +0000