diff options
Diffstat (limited to 'hal_internal.h')
-rw-r--r-- | hal_internal.h | 58 |
1 files changed, 38 insertions, 20 deletions
diff --git a/hal_internal.h b/hal_internal.h index 40a600c..1822781 100644 --- a/hal_internal.h +++ b/hal_internal.h @@ -192,8 +192,6 @@ typedef struct { hal_error_t (*load)(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, - const hal_key_type_t type, - const hal_curve_name_t curve, hal_uuid_t *name, const uint8_t * const der, const size_t der_len, const hal_key_flags_t flags); @@ -201,8 +199,7 @@ typedef struct { hal_error_t (*open)(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, - const hal_uuid_t * const name, - const hal_key_flags_t flags); + const hal_uuid_t * const name); hal_error_t (*generate_rsa)(const hal_client_handle_t client, const hal_session_handle_t session, @@ -251,9 +248,11 @@ typedef struct { const hal_session_handle_t session, const hal_key_type_t type, const hal_curve_name_t curve, + const hal_key_flags_t mask, const hal_key_flags_t flags, const hal_pkey_attribute_t *attributes, const unsigned attributes_len, + unsigned *state, hal_uuid_t *result, unsigned *result_len, const unsigned result_max, @@ -269,6 +268,20 @@ typedef struct { uint8_t *attributes_buffer, const size_t attributes_buffer_len); + hal_error_t (*export)(const hal_pkey_handle_t pkey_handle, + const hal_pkey_handle_t kekek_handle, + uint8_t *pkcs8, size_t *pkcs8_len, const size_t pkcs8_max, + uint8_t *kek, size_t *kek_len, const size_t kek_max); + + hal_error_t (*import)(const hal_client_handle_t client, + const hal_session_handle_t session, + hal_pkey_handle_t *pkey, + hal_uuid_t *name, + const hal_pkey_handle_t kekek_handle, + const uint8_t * const pkcs8, const size_t pkcs8_len, + const uint8_t * const kek, const size_t kek_len, + const hal_key_flags_t flags); + } hal_rpc_pkey_dispatch_t; @@ -317,15 +330,16 @@ static inline hal_crc32_t hal_crc32_finalize(hal_crc32_t crc) } /* - * Sizes for ASN.1-encoded keys, this may not be exact due to ASN.1 - * INTEGER encoding rules but should be good enough for buffer sizing: + * Sizes for PKCS #8 encoded private keys. This may not be exact due + * to ASN.1 INTEGER encoding rules, but should be good enough for + * buffer sizing. * - * 2048-bit RSA: 1194 bytes - * 4096-bit RSA: 2351 bytes - * 8192-bit RSA: 4655 bytes - * EC P-256: 121 bytes - * EC P-384: 167 bytes - * EC P-521: 223 bytes + * 2048-bit RSA: 1219 bytes + * 4096-bit RSA: 2373 bytes + * 8192-bit RSA: 4679 bytes + * EC P-256: 138 bytes + * EC P-384: 185 bytes + * EC P-521: 240 bytes * * Plus we need a bit of AES-keywrap overhead, since we're storing the * wrapped form (see hal_aes_keywrap_cyphertext_length()). @@ -338,7 +352,7 @@ static inline hal_crc32_t hal_crc32_finalize(hal_crc32_t crc) * moment we take the easy way out and cap this at 4096-bit RSA. */ -#define HAL_KS_WRAPPED_KEYSIZE ((2351 + 15) & ~7) +#define HAL_KS_WRAPPED_KEYSIZE ((2373 + 15) & ~7) /* * PINs. @@ -458,11 +472,11 @@ struct hal_ks_driver { hal_error_t (*store)(hal_ks_t *ks, hal_pkey_slot_t *slot, - const uint8_t * const der, const size_t der_len); + const uint8_t * const der, const size_t der_len); hal_error_t (*fetch)(hal_ks_t *ks, hal_pkey_slot_t *slot, - uint8_t *der, size_t *der_len, const size_t der_max); + uint8_t *der, size_t *der_len, const size_t der_max); hal_error_t (*delete)(hal_ks_t *ks, hal_pkey_slot_t *slot); @@ -472,6 +486,7 @@ struct hal_ks_driver { const hal_session_handle_t session, const hal_key_type_t type, const hal_curve_name_t curve, + const hal_key_flags_t mask, const hal_key_flags_t flags, const hal_pkey_attribute_t *attributes, const unsigned attributes_len, @@ -536,7 +551,7 @@ static inline hal_error_t hal_ks_shutdown(const hal_ks_driver_t * const driver) } static inline hal_error_t hal_ks_open(const hal_ks_driver_t * const driver, - hal_ks_t **ks) + hal_ks_t **ks) { if (driver == NULL || ks == NULL) return HAL_ERROR_BAD_ARGUMENTS; @@ -601,6 +616,7 @@ static inline hal_error_t hal_ks_match(hal_ks_t *ks, const hal_session_handle_t session, const hal_key_type_t type, const hal_curve_name_t curve, + const hal_key_flags_t mask, const hal_key_flags_t flags, const hal_pkey_attribute_t *attributes, const unsigned attributes_len, @@ -615,7 +631,7 @@ static inline hal_error_t hal_ks_match(hal_ks_t *ks, if (ks->driver->match == NULL) return HAL_ERROR_NOT_IMPLEMENTED; - return ks->driver->match(ks, client, session, type, curve, flags, attributes, attributes_len, + return ks->driver->match(ks, client, session, type, curve, mask, flags, attributes, attributes_len, result, result_len, result_max, previous_uuid); } @@ -862,6 +878,8 @@ typedef enum { RPC_FUNC_PKEY_GET_KEY_CURVE, RPC_FUNC_PKEY_SET_ATTRIBUTES, RPC_FUNC_PKEY_GET_ATTRIBUTES, + RPC_FUNC_PKEY_EXPORT, + RPC_FUNC_PKEY_IMPORT, } rpc_func_num_t; #define RPC_VERSION 0x01010000 /* 1.1.0.0 */ @@ -897,7 +915,7 @@ typedef enum { */ #ifndef HAL_CLIENT_SERIAL_DEFAULT_DEVICE -#define HAL_CLIENT_SERIAL_DEFAULT_DEVICE "/dev/ttyUSB0" +#define HAL_CLIENT_SERIAL_DEFAULT_DEVICE "/dev/ttyUSB0" #endif #ifndef HAL_CLIENT_SERIAL_DEFAULT_SPEED @@ -908,8 +926,8 @@ typedef enum { * Names of environment variables for setting the above in RPC clients. */ -#define HAL_CLIENT_SERIAL_DEVICE_ENVVAR "CRYPTECH_RPC_CLIENT_SERIAL_DEVICE" -#define HAL_CLIENT_SERIAL_SPEED_ENVVAR "CRYPTECH_RPC_CLIENT_SERIAL_SPEED" +#define HAL_CLIENT_SERIAL_DEVICE_ENVVAR "CRYPTECH_RPC_CLIENT_SERIAL_DEVICE" +#define HAL_CLIENT_SERIAL_SPEED_ENVVAR "CRYPTECH_RPC_CLIENT_SERIAL_SPEED" #endif /* _HAL_INTERNAL_H_ */ |