aboutsummaryrefslogtreecommitdiff
path: root/hal_internal.h
diff options
context:
space:
mode:
Diffstat (limited to 'hal_internal.h')
-rw-r--r--hal_internal.h58
1 files changed, 38 insertions, 20 deletions
diff --git a/hal_internal.h b/hal_internal.h
index 40a600c..1822781 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -192,8 +192,6 @@ typedef struct {
hal_error_t (*load)(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
- const hal_curve_name_t curve,
hal_uuid_t *name,
const uint8_t * const der, const size_t der_len,
const hal_key_flags_t flags);
@@ -201,8 +199,7 @@ typedef struct {
hal_error_t (*open)(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const hal_uuid_t * const name,
- const hal_key_flags_t flags);
+ const hal_uuid_t * const name);
hal_error_t (*generate_rsa)(const hal_client_handle_t client,
const hal_session_handle_t session,
@@ -251,9 +248,11 @@ typedef struct {
const hal_session_handle_t session,
const hal_key_type_t type,
const hal_curve_name_t curve,
+ const hal_key_flags_t mask,
const hal_key_flags_t flags,
const hal_pkey_attribute_t *attributes,
const unsigned attributes_len,
+ unsigned *state,
hal_uuid_t *result,
unsigned *result_len,
const unsigned result_max,
@@ -269,6 +268,20 @@ typedef struct {
uint8_t *attributes_buffer,
const size_t attributes_buffer_len);
+ hal_error_t (*export)(const hal_pkey_handle_t pkey_handle,
+ const hal_pkey_handle_t kekek_handle,
+ uint8_t *pkcs8, size_t *pkcs8_len, const size_t pkcs8_max,
+ uint8_t *kek, size_t *kek_len, const size_t kek_max);
+
+ hal_error_t (*import)(const hal_client_handle_t client,
+ const hal_session_handle_t session,
+ hal_pkey_handle_t *pkey,
+ hal_uuid_t *name,
+ const hal_pkey_handle_t kekek_handle,
+ const uint8_t * const pkcs8, const size_t pkcs8_len,
+ const uint8_t * const kek, const size_t kek_len,
+ const hal_key_flags_t flags);
+
} hal_rpc_pkey_dispatch_t;
@@ -317,15 +330,16 @@ static inline hal_crc32_t hal_crc32_finalize(hal_crc32_t crc)
}
/*
- * Sizes for ASN.1-encoded keys, this may not be exact due to ASN.1
- * INTEGER encoding rules but should be good enough for buffer sizing:
+ * Sizes for PKCS #8 encoded private keys. This may not be exact due
+ * to ASN.1 INTEGER encoding rules, but should be good enough for
+ * buffer sizing.
*
- * 2048-bit RSA: 1194 bytes
- * 4096-bit RSA: 2351 bytes
- * 8192-bit RSA: 4655 bytes
- * EC P-256: 121 bytes
- * EC P-384: 167 bytes
- * EC P-521: 223 bytes
+ * 2048-bit RSA: 1219 bytes
+ * 4096-bit RSA: 2373 bytes
+ * 8192-bit RSA: 4679 bytes
+ * EC P-256: 138 bytes
+ * EC P-384: 185 bytes
+ * EC P-521: 240 bytes
*
* Plus we need a bit of AES-keywrap overhead, since we're storing the
* wrapped form (see hal_aes_keywrap_cyphertext_length()).
@@ -338,7 +352,7 @@ static inline hal_crc32_t hal_crc32_finalize(hal_crc32_t crc)
* moment we take the easy way out and cap this at 4096-bit RSA.
*/
-#define HAL_KS_WRAPPED_KEYSIZE ((2351 + 15) & ~7)
+#define HAL_KS_WRAPPED_KEYSIZE ((2373 + 15) & ~7)
/*
* PINs.
@@ -458,11 +472,11 @@ struct hal_ks_driver {
hal_error_t (*store)(hal_ks_t *ks,
hal_pkey_slot_t *slot,
- const uint8_t * const der, const size_t der_len);
+ const uint8_t * const der, const size_t der_len);
hal_error_t (*fetch)(hal_ks_t *ks,
hal_pkey_slot_t *slot,
- uint8_t *der, size_t *der_len, const size_t der_max);
+ uint8_t *der, size_t *der_len, const size_t der_max);
hal_error_t (*delete)(hal_ks_t *ks,
hal_pkey_slot_t *slot);
@@ -472,6 +486,7 @@ struct hal_ks_driver {
const hal_session_handle_t session,
const hal_key_type_t type,
const hal_curve_name_t curve,
+ const hal_key_flags_t mask,
const hal_key_flags_t flags,
const hal_pkey_attribute_t *attributes,
const unsigned attributes_len,
@@ -536,7 +551,7 @@ static inline hal_error_t hal_ks_shutdown(const hal_ks_driver_t * const driver)
}
static inline hal_error_t hal_ks_open(const hal_ks_driver_t * const driver,
- hal_ks_t **ks)
+ hal_ks_t **ks)
{
if (driver == NULL || ks == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
@@ -601,6 +616,7 @@ static inline hal_error_t hal_ks_match(hal_ks_t *ks,
const hal_session_handle_t session,
const hal_key_type_t type,
const hal_curve_name_t curve,
+ const hal_key_flags_t mask,
const hal_key_flags_t flags,
const hal_pkey_attribute_t *attributes,
const unsigned attributes_len,
@@ -615,7 +631,7 @@ static inline hal_error_t hal_ks_match(hal_ks_t *ks,
if (ks->driver->match == NULL)
return HAL_ERROR_NOT_IMPLEMENTED;
- return ks->driver->match(ks, client, session, type, curve, flags, attributes, attributes_len,
+ return ks->driver->match(ks, client, session, type, curve, mask, flags, attributes, attributes_len,
result, result_len, result_max, previous_uuid);
}
@@ -862,6 +878,8 @@ typedef enum {
RPC_FUNC_PKEY_GET_KEY_CURVE,
RPC_FUNC_PKEY_SET_ATTRIBUTES,
RPC_FUNC_PKEY_GET_ATTRIBUTES,
+ RPC_FUNC_PKEY_EXPORT,
+ RPC_FUNC_PKEY_IMPORT,
} rpc_func_num_t;
#define RPC_VERSION 0x01010000 /* 1.1.0.0 */
@@ -897,7 +915,7 @@ typedef enum {
*/
#ifndef HAL_CLIENT_SERIAL_DEFAULT_DEVICE
-#define HAL_CLIENT_SERIAL_DEFAULT_DEVICE "/dev/ttyUSB0"
+#define HAL_CLIENT_SERIAL_DEFAULT_DEVICE "/dev/ttyUSB0"
#endif
#ifndef HAL_CLIENT_SERIAL_DEFAULT_SPEED
@@ -908,8 +926,8 @@ typedef enum {
* Names of environment variables for setting the above in RPC clients.
*/
-#define HAL_CLIENT_SERIAL_DEVICE_ENVVAR "CRYPTECH_RPC_CLIENT_SERIAL_DEVICE"
-#define HAL_CLIENT_SERIAL_SPEED_ENVVAR "CRYPTECH_RPC_CLIENT_SERIAL_SPEED"
+#define HAL_CLIENT_SERIAL_DEVICE_ENVVAR "CRYPTECH_RPC_CLIENT_SERIAL_DEVICE"
+#define HAL_CLIENT_SERIAL_SPEED_ENVVAR "CRYPTECH_RPC_CLIENT_SERIAL_SPEED"
#endif /* _HAL_INTERNAL_H_ */