diff options
| -rw-r--r-- | hal.h | 15 | ||||
| -rw-r--r-- | hal_internal.h | 31 | ||||
| -rw-r--r-- | ks_flash.c | 62 | ||||
| -rw-r--r-- | ks_volatile.c | 62 | ||||
| -rw-r--r-- | libhal.py | 11 | ||||
| -rw-r--r-- | rpc_api.c | 12 | ||||
| -rw-r--r-- | rpc_client.c | 145 | ||||
| -rw-r--r-- | rpc_hash.c | 12 | ||||
| -rw-r--r-- | rpc_misc.c | 14 | ||||
| -rw-r--r-- | rpc_pkey.c | 60 | ||||
| -rw-r--r-- | rpc_server.c | 50 | ||||
| -rw-r--r-- | unit-tests.py | 11 |
12 files changed, 97 insertions, 388 deletions
@@ -760,21 +760,6 @@ extern hal_error_t hal_rpc_pkey_verify(const hal_pkey_handle_t pkey, const uint8_t * const signature, const size_t signature_len); typedef struct { - hal_key_type_t type; - hal_curve_name_t curve; - hal_key_flags_t flags; - hal_uuid_t name; - /* ... */ -} hal_pkey_info_t; - -extern hal_error_t hal_rpc_pkey_list(const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_info_t *result, - unsigned *result_len, - const unsigned result_max, - hal_key_flags_t flags); - -typedef struct { uint32_t type; size_t length; const uint8_t *value; diff --git a/hal_internal.h b/hal_internal.h index e0c7d5a..20b89af 100644 --- a/hal_internal.h +++ b/hal_internal.h @@ -238,13 +238,6 @@ typedef struct { const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len); - hal_error_t (*list)(const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_info_t *result, - unsigned *result_len, - const unsigned result_max, - hal_key_flags_t flags); - hal_error_t (*match)(const hal_client_handle_t client, const hal_session_handle_t session, const hal_key_type_t type, @@ -480,13 +473,6 @@ struct hal_ks_driver { hal_error_t (*delete)(hal_ks_t *ks, hal_pkey_slot_t *slot); - hal_error_t (*list)(hal_ks_t *ks, - const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_info_t *result, - unsigned *result_len, - const unsigned result_max); - hal_error_t (*match)(hal_ks_t *ks, const hal_client_handle_t client, const hal_session_handle_t session, @@ -615,22 +601,6 @@ static inline hal_error_t hal_ks_delete(hal_ks_t *ks, return ks->driver->delete(ks, slot); } -static inline hal_error_t hal_ks_list(hal_ks_t *ks, - const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_info_t *result, - unsigned *result_len, - const unsigned result_max) -{ - if (ks == NULL || ks->driver == NULL) - return HAL_ERROR_BAD_ARGUMENTS; - - if (ks->driver->list == NULL) - return HAL_ERROR_NOT_IMPLEMENTED; - - return ks->driver->list(ks, client, session, result, result_len, result_max); -} - static inline hal_error_t hal_ks_match(hal_ks_t *ks, const hal_client_handle_t client, const hal_session_handle_t session, @@ -894,7 +864,6 @@ typedef enum { RPC_FUNC_PKEY_GET_PUBLIC_KEY, RPC_FUNC_PKEY_SIGN, RPC_FUNC_PKEY_VERIFY, - RPC_FUNC_PKEY_LIST, RPC_FUNC_PKEY_MATCH, RPC_FUNC_PKEY_GET_KEY_CURVE, RPC_FUNC_PKEY_SET_ATTRIBUTES, @@ -373,7 +373,7 @@ static hal_error_t block_read(const unsigned blockno, flash_block_t *block) /* * Read a block using the cache. Marking the block as used is left * for the caller, so we can avoid blowing out the cache when we - * perform a ks_list() operation. + * perform a ks_match() operation. */ static hal_error_t block_read_cached(const unsigned blockno, flash_block_t **block) @@ -1087,43 +1087,6 @@ static hal_error_t ks_delete(hal_ks_t *ks, return block_erase_maybe(db.ksi.index[db.ksi.used]); } -static hal_error_t ks_list(hal_ks_t *ks, - const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_info_t *result, - unsigned *result_len, - const unsigned result_max) -{ - if (ks != &db.ks || result == NULL || result_len == NULL) - return HAL_ERROR_BAD_ARGUMENTS; - - flash_block_t *block; - hal_error_t err; - - *result_len = 0; - - for (int i = 0; i < db.ksi.used; i++) { - unsigned b = db.ksi.index[i]; - - if (*result_len >= result_max) - return HAL_ERROR_RESULT_TOO_LONG; - - if ((err = block_read_cached(b, &block)) != HAL_OK) - return err; - - if (block_get_type(block) != BLOCK_TYPE_KEY || block->header.this_chunk > 0) - continue; - - result[*result_len].type = block->key.type; - result[*result_len].curve = block->key.curve; - result[*result_len].flags = block->key.flags; - result[*result_len].name = block->key.name; - ++ *result_len; - } - - return HAL_OK; -} - static inline hal_error_t locate_attributes(flash_block_t *block, const unsigned chunk, uint8_t **bytes, size_t *bytes_len, unsigned **attrs_len) @@ -1163,7 +1126,7 @@ static hal_error_t ks_match(hal_ks_t *ks, const unsigned result_max, const hal_uuid_t * const previous_uuid) { - if (ks == NULL || attributes == NULL || + if (ks == NULL || (attributes == NULL && attributes_len > 0) || result == NULL || result_len == NULL || previous_uuid == NULL) return HAL_ERROR_BAD_ARGUMENTS; @@ -1681,17 +1644,16 @@ static hal_error_t ks_get_attributes(hal_ks_t *ks, } const hal_ks_driver_t hal_ks_token_driver[1] = {{ - ks_init, - ks_shutdown, - ks_open, - ks_close, - ks_store, - ks_fetch, - ks_delete, - ks_list, - ks_match, - ks_set_attributes, - ks_get_attributes + .init = ks_init, + .shutdown = ks_shutdown, + .open = ks_open, + .close = ks_close, + .store = ks_store, + .fetch = ks_fetch, + .delete = ks_delete, + .match = ks_match, + .set_attributes = ks_set_attributes, + .get_attributes = ks_get_attributes }}; /* diff --git a/ks_volatile.c b/ks_volatile.c index 8767458..0ee19c8 100644 --- a/ks_volatile.c +++ b/ks_volatile.c @@ -345,45 +345,6 @@ static hal_error_t ks_delete(hal_ks_t *ks, return HAL_OK; } -static hal_error_t ks_list(hal_ks_t *ks, - hal_client_handle_t client, - hal_session_handle_t session, - hal_pkey_info_t *result, - unsigned *result_len, - const unsigned result_max) -{ - if (ks == NULL || result == NULL || result_len == NULL) - return HAL_ERROR_BAD_ARGUMENTS; - - ks_t *ksv = ks_to_ksv(ks); - - if (ksv->db == NULL) - return HAL_ERROR_KEYSTORE_ACCESS; - - *result_len = 0; - - for (int i = 0; i < ksv->db->ksi.used; i++) { - unsigned b = ksv->db->ksi.index[i]; - - if (ksv->db->ksi.names[b].chunk > 0) - continue; - - if (!key_visible_to_session(ksv, client, session, &ksv->db->keys[b])) - continue; - - if (*result_len >= result_max) - return HAL_ERROR_RESULT_TOO_LONG; - - result[i].name = ksv->db->ksi.names[b].name; - result[i].type = ksv->db->keys[b].type; - result[i].curve = ksv->db->keys[b].curve; - result[i].flags = ksv->db->keys[b].flags; - ++ *result_len; - } - - return HAL_OK; -} - static hal_error_t ks_match(hal_ks_t *ks, hal_client_handle_t client, hal_session_handle_t session, @@ -397,7 +358,7 @@ static hal_error_t ks_match(hal_ks_t *ks, const unsigned result_max, const hal_uuid_t * const previous_uuid) { - if (ks == NULL || attributes == NULL || + if (ks == NULL || (attributes == NULL && attributes_len > 0) || result == NULL || result_len == NULL || previous_uuid == NULL) return HAL_ERROR_BAD_ARGUMENTS; @@ -572,17 +533,16 @@ static hal_error_t ks_get_attributes(hal_ks_t *ks, } const hal_ks_driver_t hal_ks_volatile_driver[1] = {{ - ks_volatile_init, - ks_volatile_shutdown, - ks_volatile_open, - ks_volatile_close, - ks_store, - ks_fetch, - ks_delete, - ks_list, - ks_match, - ks_set_attributes, - ks_get_attributes + .init = ks_volatile_init, + .shutdown = ks_volatile_shutdown, + .open = ks_volatile_open, + .close = ks_volatile_close, + .store = ks_store, + .fetch = ks_fetch, + .delete = ks_delete, + .match = ks_match, + .set_attributes = ks_set_attributes, + .get_attributes = ks_get_attributes }}; #endif /* STATIC_KS_VOLATILE_SLOTS > 0 */ @@ -178,7 +178,6 @@ RPCFunc.define(''' RPC_FUNC_PKEY_GET_PUBLIC_KEY, RPC_FUNC_PKEY_SIGN, RPC_FUNC_PKEY_VERIFY, - RPC_FUNC_PKEY_LIST, RPC_FUNC_PKEY_MATCH, RPC_FUNC_PKEY_GET_KEY_CURVE, RPC_FUNC_PKEY_SET_ATTRIBUTES, @@ -629,16 +628,6 @@ class HSM(object): with self.rpc(RPC_FUNC_PKEY_VERIFY, pkey, hash, data, signature): return - def pkey_list(self, flags = 0, client = 0, session = 0, length = 512): - with self.rpc(RPC_FUNC_PKEY_LIST, session, length, flags, client = client) as r: - n = r.unpack_uint() - for i in xrange(n): - key_type = HALKeyType.index[r.unpack_uint()] - key_curve = HALCurve.index[r.unpack_uint()] - key_flags = r.unpack_uint() - key_name = UUID(bytes = r.unpack_bytes()) - yield key_type, key_curve, key_flags, key_name - def pkey_match(self, type = 0, curve = 0, flags = 0, attributes = {}, length = 64, client = 0, session = 0): u = UUID(int = 0) @@ -334,18 +334,6 @@ hal_error_t hal_rpc_pkey_verify(const hal_pkey_handle_t pkey, return hal_rpc_pkey_dispatch->verify(pkey, hash, input, input_len, signature, signature_len); } -hal_error_t hal_rpc_pkey_list(const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_info_t *result, - unsigned *result_len, - const unsigned result_max, - hal_key_flags_t flags) -{ - if (result == NULL || result_len == NULL || result_max == 0) - return HAL_ERROR_BAD_ARGUMENTS; - return hal_rpc_pkey_dispatch->list(client, session, result, result_len, result_max, flags); -} - hal_error_t hal_rpc_pkey_match(const hal_client_handle_t client, const hal_session_handle_t session, const hal_key_type_t type, diff --git a/rpc_client.c b/rpc_client.c index ffe5e54..0c57d51 100644 --- a/rpc_client.c +++ b/rpc_client.c @@ -772,59 +772,6 @@ static hal_error_t pkey_remote_verify(const hal_pkey_handle_t pkey, return rpc_ret; } -static hal_error_t hal_xdr_decode_pkey_info(const uint8_t **iptr, const uint8_t * const ilimit, - hal_pkey_info_t *info) -{ - uint32_t u32; - - check(hal_xdr_decode_int(iptr, ilimit, &u32)); info->type = u32; - check(hal_xdr_decode_int(iptr, ilimit, &u32)); info->curve = u32; - check(hal_xdr_decode_int(iptr, ilimit, &u32)); info->flags = u32; - - u32 = sizeof(info->name.uuid); - check(hal_xdr_decode_buffer(iptr, ilimit, info->name.uuid, &u32)); - if (u32 != sizeof(info->name.uuid)) - return HAL_ERROR_KEY_NAME_TOO_LONG; - - return HAL_OK; -} - -static hal_error_t pkey_remote_list(const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_info_t *result, - unsigned *result_len, - const unsigned result_max, - hal_key_flags_t flags) -{ - uint8_t outbuf[nargs(5)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); - uint8_t inbuf[nargs(4) + pad(result_max * sizeof(hal_pkey_info_t))]; - const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); - uint32_t len; - hal_error_t ret, rpc_ret; - - check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_LIST)); - check(hal_xdr_encode_int(&optr, olimit, client.handle)); - check(hal_xdr_encode_int(&optr, olimit, session.handle)); - check(hal_xdr_encode_int(&optr, olimit, result_max)); - check(hal_xdr_encode_int(&optr, olimit, flags)); - check(hal_rpc_send(outbuf, optr - outbuf)); - - check(read_matching_packet(RPC_FUNC_PKEY_LIST, inbuf, sizeof(inbuf), &iptr, &ilimit)); - - check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret)); - if (rpc_ret == HAL_OK) { - check(hal_xdr_decode_int(&iptr, ilimit, &len)); - *result_len = len; - for (int i = 0; i < len; ++i) { - if ((ret = hal_xdr_decode_pkey_info(&iptr, ilimit, &result[i])) != HAL_OK) { - *result_len = 0; - return ret; - } - } - } - return rpc_ret; -} - static hal_error_t pkey_remote_match(const hal_client_handle_t client, const hal_session_handle_t session, const hal_key_type_t type, @@ -1052,63 +999,61 @@ static hal_error_t pkey_mixed_verify(const hal_pkey_handle_t pkey, */ const hal_rpc_misc_dispatch_t hal_rpc_remote_misc_dispatch = { - set_pin, - login, - logout, - logout_all, - is_logged_in, - get_random, - get_version + .set_pin = set_pin, + .login = login, + .logout = logout, + .logout_all = logout_all, + .is_logged_in = is_logged_in, + .get_random = get_random, + .get_version = get_version }; const hal_rpc_hash_dispatch_t hal_rpc_remote_hash_dispatch = { - hash_get_digest_len, - hash_get_digest_algorithm_id, - hash_get_algorithm, - hash_initialize, - hash_update, - hash_finalize + .get_digest_length = hash_get_digest_len, + .get_digest_algorithm_id = hash_get_digest_algorithm_id, + .get_algorithm = hash_get_algorithm, + .initialize = hash_initialize, + .update = hash_update, + .finalize = hash_finalize }; const hal_rpc_pkey_dispatch_t hal_rpc_remote_pkey_dispatch = { - pkey_remote_load, - pkey_remote_open, - pkey_remote_generate_rsa, - pkey_remote_generate_ec, - pkey_remote_close, - pkey_remote_delete, - pkey_remote_get_key_type, - pkey_remote_get_key_curve, - pkey_remote_get_key_flags, - pkey_remote_get_public_key_len, - pkey_remote_get_public_key, - pkey_remote_sign, - pkey_remote_verify, - pkey_remote_list, - pkey_remote_match, - pkey_remote_set_attributes, - pkey_remote_get_attributes + .load = pkey_remote_load, + .open = pkey_remote_open, + .generate_rsa = pkey_remote_generate_rsa, + .generate_ec = pkey_remote_generate_ec, + .close = pkey_remote_close, + .delete = pkey_remote_delete, + .get_key_type = pkey_remote_get_key_type, + .get_key_curve = pkey_remote_get_key_curve, + .get_key_flags = pkey_remote_get_key_flags, + .get_public_key_len = pkey_remote_get_public_key_len, + .get_public_key = pkey_remote_get_public_key, + .sign = pkey_remote_sign, + .verify = pkey_remote_verify, + .match = pkey_remote_match, + .set_attributes = pkey_remote_set_attributes, + .get_attributes = pkey_remote_get_attributes }; #if RPC_CLIENT == RPC_CLIENT_MIXED const hal_rpc_pkey_dispatch_t hal_rpc_mixed_pkey_dispatch = { - pkey_remote_load, - pkey_remote_open, - pkey_remote_generate_rsa, - pkey_remote_generate_ec, - pkey_remote_close, - pkey_remote_delete, - pkey_remote_get_key_type, - pkey_remote_get_key_curve, - pkey_remote_get_key_flags, - pkey_remote_get_public_key_len, - pkey_remote_get_public_key, - pkey_mixed_sign, - pkey_mixed_verify, - pkey_remote_list, - pkey_remote_match, - pkey_remote_set_attributes, - pkey_remote_get_attributes + .load = pkey_remote_load, + .open = pkey_remote_open, + .generate_rsa = pkey_remote_generate_rsa, + .generate_ec = pkey_remote_generate_ec, + .close = pkey_remote_close, + .delete = pkey_remote_delete, + .get_key_type = pkey_remote_get_key_type, + .get_key_curve = pkey_remote_get_key_curve, + .get_key_flags = pkey_remote_get_key_flags, + .get_public_key_len = pkey_remote_get_public_key_len, + .get_public_key = pkey_remote_get_public_key, + .sign = pkey_mixed_sign, + .verify = pkey_mixed_verify, + .match = pkey_remote_match, + .set_attributes = pkey_remote_set_attributes, + .get_attributes = pkey_remote_get_attributes }; #endif /* RPC_CLIENT == RPC_CLIENT_MIXED */ @@ -303,12 +303,12 @@ static hal_error_t finalize(const hal_hash_handle_t handle, } const hal_rpc_hash_dispatch_t hal_rpc_local_hash_dispatch = { - get_digest_length, - get_digest_algorithm_id, - get_algorithm, - initialize, - update, - finalize + .get_digest_length = get_digest_length, + .get_digest_algorithm_id = get_digest_algorithm_id, + .get_algorithm = get_algorithm, + .initialize = initialize, + .update = update, + .finalize = finalize }; /* @@ -238,13 +238,13 @@ hal_error_t hal_set_pin_default_iterations(const hal_client_handle_t client, } const hal_rpc_misc_dispatch_t hal_rpc_local_misc_dispatch = { - set_pin, - login, - logout, - logout_all, - is_logged_in, - get_random, - get_version + .set_pin = set_pin, + .login = login, + .logout = logout, + .logout_all = logout_all, + .is_logged_in = is_logged_in, + .get_random = get_random, + .get_version = get_version }; /* @@ -922,33 +922,6 @@ static hal_error_t pkey_local_verify(const hal_pkey_handle_t pkey, return err; } - -/* - * List keys in the key store. - */ - -static hal_error_t pkey_local_list(const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_info_t *result, - unsigned *result_len, - const unsigned result_max, - hal_key_flags_t flags) -{ - hal_ks_t *ks = NULL; - hal_error_t err; - - if ((err = check_readable(client, flags)) != HAL_OK) - return err; - - if ((err = ks_open_from_flags(&ks, flags)) == HAL_OK && - (err = hal_ks_list(ks, client, session, result, result_len, result_max)) == HAL_OK) - err = hal_ks_close(ks); - else if (ks != NULL) - (void) hal_ks_close(ks); - - return err; -} - static hal_error_t pkey_local_match(const hal_client_handle_t client, const hal_session_handle_t session, const hal_key_type_t type, @@ -1026,23 +999,22 @@ static hal_error_t pkey_local_get_attributes(const hal_pkey_handle_t pkey, } const hal_rpc_pkey_dispatch_t hal_rpc_local_pkey_dispatch = { - pkey_local_load, - pkey_local_open, - pkey_local_generate_rsa, - pkey_local_generate_ec, - pkey_local_close, - pkey_local_delete, - pkey_local_get_key_type, - pkey_local_get_key_curve, - pkey_local_get_key_flags, - pkey_local_get_public_key_len, - pkey_local_get_public_key, - pkey_local_sign, - pkey_local_verify, - pkey_local_list, - pkey_local_match, - pkey_local_set_attributes, - pkey_local_get_attributes + .load = pkey_local_load, + .open = pkey_local_open, + .generate_rsa = pkey_local_generate_rsa, + .generate_ec = pkey_local_generate_ec, + .close = pkey_local_close, + .delete = pkey_local_delete, + .get_key_type = pkey_local_get_key_type, + .get_key_curve = pkey_local_get_key_curve, + .get_key_flags = pkey_local_get_key_flags, + .get_public_key_len = pkey_local_get_public_key_len, + .get_public_key = pkey_local_get_public_key, + .sign = pkey_local_sign, + .verify = pkey_local_verify, + .match = pkey_local_match, + .set_attributes = pkey_local_set_attributes, + .get_attributes = pkey_local_get_attributes }; /* diff --git a/rpc_server.c b/rpc_server.c index f96fcf1..b6c755e 100644 --- a/rpc_server.c +++ b/rpc_server.c @@ -640,53 +640,6 @@ static hal_error_t pkey_verify(const uint8_t **iptr, const uint8_t * const ilimi return ret; } -static hal_error_t hal_xdr_encode_pkey_info(uint8_t **optr, const uint8_t * const olimit, const hal_pkey_info_t *info) -{ - uint8_t *optr_orig = *optr; - hal_error_t ret; - - if ((ret = hal_xdr_encode_int(optr, olimit, info->type)) != HAL_OK || - (ret = hal_xdr_encode_int(optr, olimit, info->curve)) != HAL_OK || - (ret = hal_xdr_encode_int(optr, olimit, info->flags)) != HAL_OK || - (ret = hal_xdr_encode_buffer(optr, olimit, info->name.uuid, sizeof(info->name.uuid))) != HAL_OK) - *optr = optr_orig; - return ret; -} - -static hal_error_t pkey_list(const uint8_t **iptr, const uint8_t * const ilimit, - uint8_t **optr, const uint8_t * const olimit) -{ - hal_client_handle_t client; - hal_session_handle_t session; - uint8_t *optr_orig = *optr; - uint32_t result_max; - hal_key_flags_t flags; - hal_error_t ret; - - check(hal_xdr_decode_int(iptr, ilimit, &client.handle)); - check(hal_xdr_decode_int(iptr, ilimit, &session.handle)); - check(hal_xdr_decode_int(iptr, ilimit, &result_max)); - check(hal_xdr_decode_int(iptr, ilimit, &flags)); - - hal_pkey_info_t result[result_max]; - unsigned result_len; - - /* call the local function */ - ret = hal_rpc_pkey_list(client, session, result, &result_len, result_max, flags); - - if (ret == HAL_OK) { - check(hal_xdr_encode_int(optr, olimit, result_len)); - for (int i = 0; i < result_len; ++i) { - if ((ret = hal_xdr_encode_pkey_info(optr, olimit, &result[i])) != HAL_OK) { - *optr = optr_orig; - break; - } - } - } - - return ret; -} - static hal_error_t pkey_match(const uint8_t **iptr, const uint8_t * const ilimit, uint8_t **optr, const uint8_t * const olimit) { @@ -913,9 +866,6 @@ hal_error_t hal_rpc_server_dispatch(const uint8_t * const ibuf, const size_t ile case RPC_FUNC_PKEY_VERIFY: handler = pkey_verify; break; - case RPC_FUNC_PKEY_LIST: - handler = pkey_list; - break; case RPC_FUNC_PKEY_MATCH: handler = pkey_match; break; diff --git a/unit-tests.py b/unit-tests.py index 2b2433d..8ae9c74 100644 --- a/unit-tests.py +++ b/unit-tests.py @@ -508,17 +508,6 @@ class TestPKeyList(TestCaseLoggedIn): k.set_attributes(dict((i, a) for i, a in enumerate((str(obj.keytype), str(obj.fn2))))) return uuids - def ks_list(self, flags): - uuids = self.load_keys(flags) - self.assertLessEqual(len(uuids), len(set(hsm.pkey_list(flags = flags)))) - self.assertLessEqual(uuids, set(hsm.pkey_match(flags = flags))) - - def test_ks_list_volatile(self): - self.ks_list(0) - - def test_ks_list_token(self): - self.ks_list(HAL_KEY_FLAG_TOKEN) - def match(self, flags, **kwargs): uuids = kwargs.pop("uuids", None) kwargs.update(flags = flags) |