diff options
Diffstat (limited to 'hal.h')
| -rw-r--r-- | hal.h | 136 |
1 files changed, 98 insertions, 38 deletions
@@ -39,6 +39,7 @@ #include <stdint.h> #include <sys/types.h> #include <stdlib.h> +#include <string.h> /* * A handy macro from cryptlib. @@ -143,6 +144,20 @@ DEFINE_HAL_ERROR(HAL_ERROR_MASTERKEY_NOT_SET, "Master key (Key Encryption Key) not set") \ DEFINE_HAL_ERROR(HAL_ERROR_MASTERKEY_FAIL, "Master key generic failure") \ DEFINE_HAL_ERROR(HAL_ERROR_MASTERKEY_BAD_LENGTH, "Master key of unacceptable length") \ + DEFINE_HAL_ERROR(HAL_ERROR_KS_DRIVER_NOT_FOUND, "Keystore driver not found") \ + DEFINE_HAL_ERROR(HAL_ERROR_KEYSTORE_BAD_CRC, "Bad CRC in keystore") \ + DEFINE_HAL_ERROR(HAL_ERROR_KEYSTORE_BAD_BLOCK_TYPE, "Unsupported keystore block type") \ + DEFINE_HAL_ERROR(HAL_ERROR_KEYSTORE_LOST_DATA, "Keystore appears to have lost data") \ + DEFINE_HAL_ERROR(HAL_ERROR_BAD_ATTRIBUTE_LENGTH, "Bad attribute length") \ + DEFINE_HAL_ERROR(HAL_ERROR_ATTRIBUTE_NOT_FOUND, "Attribute not found") \ + DEFINE_HAL_ERROR(HAL_ERROR_NO_KEY_INDEX_SLOTS, "No key index slots available") \ + DEFINE_HAL_ERROR(HAL_ERROR_KSI_INDEX_UUID_MISORDERED, "Key index UUID misordered") \ + DEFINE_HAL_ERROR(HAL_ERROR_KSI_INDEX_CHUNK_ORPHANED, "Key index chunk orphaned") \ + DEFINE_HAL_ERROR(HAL_ERROR_KSI_INDEX_CHUNK_MISSING, "Key index chunk missing") \ + DEFINE_HAL_ERROR(HAL_ERROR_KSI_INDEX_CHUNK_OVERLAPS, "Key index chunk overlaps") \ + DEFINE_HAL_ERROR(HAL_ERROR_KEYSTORE_WRONG_BLOCK_TYPE, "Wrong block type in keystore") \ + DEFINE_HAL_ERROR(HAL_ERROR_RPC_PROTOCOL_ERROR, "RPC protocol error") \ + DEFINE_HAL_ERROR(HAL_ERROR_NOT_IMPLEMENTED, "Not implemented") \ END_OF_HAL_ERROR_LIST /* Marker to forestall silly line continuation errors */ @@ -246,14 +261,14 @@ typedef struct hal_hash_driver hal_hash_driver_t; */ typedef enum { - hal_digest_algorithm_none, - hal_digest_algorithm_sha1, - hal_digest_algorithm_sha224, - hal_digest_algorithm_sha256, - hal_digest_algorithm_sha512_224, - hal_digest_algorithm_sha512_256, - hal_digest_algorithm_sha384, - hal_digest_algorithm_sha512 + HAL_DIGEST_ALGORITHM_NONE, + HAL_DIGEST_ALGORITHM_SHA1, + HAL_DIGEST_ALGORITHM_SHA224, + HAL_DIGEST_ALGORITHM_SHA256, + HAL_DIGEST_ALGORITHM_SHA512_224, + HAL_DIGEST_ALGORITHM_SHA512_256, + HAL_DIGEST_ALGORITHM_SHA384, + HAL_DIGEST_ALGORITHM_SHA512 } hal_digest_algorithm_t; typedef struct { @@ -553,6 +568,26 @@ extern hal_error_t hal_ecdsa_verify(const hal_core_t *core, const uint8_t * const signature, const size_t signature_len); /* + * UUID stuff. All UUIDs we use (or are likely to use) are type 4 "random" UUIDs + */ + +typedef struct { uint8_t uuid[16]; } hal_uuid_t; + +#define HAL_UUID_TEXT_SIZE (sizeof("00112233-4455-6677-8899-aabbccddeeff")) + +static inline int hal_uuid_cmp(const hal_uuid_t * const a, const hal_uuid_t * const b) +{ + return memcmp(a, b, sizeof(hal_uuid_t)); +} + +extern hal_error_t hal_uuid_gen(hal_uuid_t *uuid); + +extern hal_error_t hal_uuid_parse(hal_uuid_t *uuid, const char * const string); + +extern hal_error_t hal_uuid_format(const hal_uuid_t * const uuid, + char *buffer, const size_t buffer_len); + +/* * Higher level RPC-based mechanism for working with HSM at arm's * length, using handles instead of direct access to the cores. * @@ -675,8 +710,6 @@ extern hal_error_t hal_rpc_hash_finalize(const hal_hash_handle_t hash, * a session handle and which ones don't...). */ -#define HAL_RPC_PKEY_NAME_MAX 128 - typedef struct { uint32_t handle; } hal_pkey_handle_t; typedef uint32_t hal_key_flags_t; @@ -684,28 +717,43 @@ typedef uint32_t hal_key_flags_t; #define HAL_KEY_FLAG_USAGE_DIGITALSIGNATURE (1 << 0) #define HAL_KEY_FLAG_USAGE_KEYENCIPHERMENT (1 << 1) #define HAL_KEY_FLAG_USAGE_DATAENCIPHERMENT (1 << 2) -#define HAL_KEY_FLAG_PROXIMATE (1 << 3) +#define HAL_KEY_FLAG_TOKEN (1 << 3) +#define HAL_KEY_FLAG_PUBLIC (1 << 4) + +/* + * hal_pkey_attribute_t.length would be size_t, except that we also + * need it to transport HAL_PKEY_ATTRIBUTE_NIL safely, which we can + * only do with a known-width type. The RPC code conveys size_t as a + * uint32_t in any case, so we just use that here and have done. + */ + +typedef struct { + uint32_t type; + uint32_t length; + const void *value; +} hal_pkey_attribute_t; + +#define HAL_PKEY_ATTRIBUTE_NIL (0xFFFFFFFF) extern hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, const hal_key_type_t type, const hal_curve_name_t curve, - const uint8_t * const name, const size_t name_len, + hal_uuid_t *name, const uint8_t * const der, const size_t der_len, const hal_key_flags_t flags); -extern hal_error_t hal_rpc_pkey_find(const hal_client_handle_t client, +extern hal_error_t hal_rpc_pkey_open(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, - const hal_key_type_t type, - const uint8_t * const name, const size_t name_len, + const hal_uuid_t * const name, const hal_key_flags_t flags); extern hal_error_t hal_rpc_pkey_generate_rsa(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, - const uint8_t * const name, const size_t name_len, + hal_uuid_t *name, const unsigned key_length, const uint8_t * const public_exponent, const size_t public_exponent_len, const hal_key_flags_t flags); @@ -713,7 +761,7 @@ extern hal_error_t hal_rpc_pkey_generate_rsa(const hal_client_handle_t client, extern hal_error_t hal_rpc_pkey_generate_ec(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, - const uint8_t * const name, const size_t name_len, + hal_uuid_t *name, const hal_curve_name_t curve, const hal_key_flags_t flags); @@ -721,12 +769,12 @@ extern hal_error_t hal_rpc_pkey_close(const hal_pkey_handle_t pkey); extern hal_error_t hal_rpc_pkey_delete(const hal_pkey_handle_t pkey); -extern hal_error_t hal_rpc_pkey_rename(const hal_pkey_handle_t pkey, - const uint8_t * const name, const size_t name_len); - extern hal_error_t hal_rpc_pkey_get_key_type(const hal_pkey_handle_t pkey, hal_key_type_t *type); +extern hal_error_t hal_rpc_pkey_get_key_curve(const hal_pkey_handle_t pkey, + hal_curve_name_t *curve); + extern hal_error_t hal_rpc_pkey_get_key_flags(const hal_pkey_handle_t pkey, hal_key_flags_t *flags); @@ -735,37 +783,49 @@ extern size_t hal_rpc_pkey_get_public_key_len(const hal_pkey_handle_t pkey); extern hal_error_t hal_rpc_pkey_get_public_key(const hal_pkey_handle_t pkey, uint8_t *der, size_t *der_len, const size_t der_max); -extern hal_error_t hal_rpc_pkey_sign(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +extern hal_error_t hal_rpc_pkey_sign(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max); -extern hal_error_t hal_rpc_pkey_verify(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +extern hal_error_t hal_rpc_pkey_verify(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len); -typedef struct { - hal_key_type_t type; - hal_curve_name_t curve; - hal_key_flags_t flags; - char name[HAL_RPC_PKEY_NAME_MAX]; - size_t name_len; - /* ... */ -} hal_pkey_info_t; - -extern hal_error_t hal_rpc_pkey_list(hal_pkey_info_t *result, - unsigned *result_len, - const unsigned result_max, - hal_key_flags_t flags); +extern hal_error_t hal_rpc_pkey_match(const hal_client_handle_t client, + const hal_session_handle_t session, + const hal_key_type_t type, + const hal_curve_name_t curve, + const hal_key_flags_t flags, + const hal_pkey_attribute_t *attributes, + const unsigned attributes_len, + hal_uuid_t *result, + unsigned *result_len, + const unsigned result_max, + const hal_uuid_t * const previous_uuid); + +extern hal_error_t hal_rpc_pkey_set_attributes(const hal_pkey_handle_t pkey, + const hal_pkey_attribute_t *const attributes, + const unsigned attributes_len); + +extern hal_error_t hal_rpc_pkey_get_attributes(const hal_pkey_handle_t pkey, + hal_pkey_attribute_t *attributes, + const unsigned attributes_len, + uint8_t *attributes_buffer, + const size_t attributes_buffer_len); extern hal_error_t hal_rpc_client_init(void); + extern hal_error_t hal_rpc_client_close(void); + extern hal_error_t hal_rpc_server_init(void); + extern hal_error_t hal_rpc_server_close(void); -extern hal_error_t hal_rpc_server_dispatch(const uint8_t * const ibuf, const size_t ilen, uint8_t * const obuf, size_t * const olen); + +extern hal_error_t hal_rpc_server_dispatch(const uint8_t * const ibuf, const size_t ilen, + uint8_t * const obuf, size_t * const olen); + extern void hal_rpc_server_main(void); #endif /* _HAL_H_ */ |