1 files changed, 33 insertions, 10 deletions

diff --git a/libhal.py b/libhal.py
index 510827c..0c6b3f6 100644
--- a/libhal.py
+++ b/libhal.py
@@ -192,6 +192,8 @@ RPCFunc.define('''
     RPC_FUNC_PKEY_GET_KEY_CURVE,
     RPC_FUNC_PKEY_SET_ATTRIBUTES,
     RPC_FUNC_PKEY_GET_ATTRIBUTES,
+    RPC_FUNC_PKEY_EXPORT,
+    RPC_FUNC_PKEY_IMPORT,
 ''')
 
 class HALDigestAlgorithm(Enum): pass
@@ -240,6 +242,7 @@ HAL_KEY_FLAG_USAGE_KEYENCIPHERMENT      = (1 << 1)
 HAL_KEY_FLAG_USAGE_DATAENCIPHERMENT     = (1 << 2)
 HAL_KEY_FLAG_TOKEN                      = (1 << 3)
 HAL_KEY_FLAG_PUBLIC                     = (1 << 4)
+HAL_KEY_FLAG_EXPORTABLE                 = (1 << 5)
 
 HAL_PKEY_ATTRIBUTE_NIL                  = (0xFFFFFFFF)
 
@@ -402,6 +405,11 @@ class PKey(Handle):
         result.update(self.hsm.pkey_get_attributes(self, attrs.iterkeys(), sum(attrs.itervalues())))
         return result
 
+    def export_pkey(self, pkey):
+        return self.hsm.pkey_export(pkey = pkey, kekek = self, pkcs8_max = 2560, kek_max = 512)
+
+    def import_pkey(self, pkcs8, kek, flags = 0):
+        return self.hsm.pkey_import(kekek = self, pkcs8 = pkcs8, kek = kek, flags = flags)
 
 class HSM(object):
 
@@ -412,7 +420,8 @@ class HSM(object):
         if status != 0:
             raise HALError.table[status]()
 
-    def __init__(self, sockname = os.getenv("CRYPTECH_RPC_CLIENT_SOCKET_NAME", "/tmp/.cryptech_muxd.rpc")):
+    def __init__(self, sockname = os.getenv("CRYPTECH_RPC_CLIENT_SOCKET_NAME",
+                                            "/tmp/.cryptech_muxd.rpc")):
         self.socket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
         self.socket.connect(sockname)
         self.sockfile = self.socket.makefile("rb")
@@ -547,19 +556,19 @@ class HSM(object):
         with self.rpc(RPC_FUNC_HASH_FINALIZE, handle, length) as r:
             return r.unpack_bytes()
 
-    def pkey_load(self, type, curve, der, flags = 0, client = 0, session = 0):
-        with self.rpc(RPC_FUNC_PKEY_LOAD, session, type, curve, der, flags, client = client) as r:
+    def pkey_load(self, der, flags = 0, client = 0, session = 0):
+        with self.rpc(RPC_FUNC_PKEY_LOAD, session, der, flags, client = client) as r:
             pkey = PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes()))
             logger.debug("Loaded pkey %s", pkey.uuid)
             return pkey
 
-    def pkey_open(self, uuid, flags = 0, client = 0, session = 0):
-        with self.rpc(RPC_FUNC_PKEY_OPEN, session, uuid, flags, client = client) as r:
+    def pkey_open(self, uuid, client = 0, session = 0):
+        with self.rpc(RPC_FUNC_PKEY_OPEN, session, uuid, client = client) as r:
             pkey = PKey(self, r.unpack_uint(), uuid)
             logger.debug("Opened pkey %s", pkey.uuid)
             return pkey
 
-    def pkey_generate_rsa(self, keylen, exponent = "\x01\x00\x01", flags = 0, client = 0, session = 0):
+    def pkey_generate_rsa(self, keylen, flags = 0, exponent = "\x01\x00\x01", client = 0, session = 0):
         with self.rpc(RPC_FUNC_PKEY_GENERATE_RSA, session, keylen, exponent, flags, client = client) as r:
             pkey = PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes()))
             logger.debug("Generated RSA pkey %s", pkey.uuid)
@@ -623,13 +632,15 @@ class HSM(object):
         with self.rpc(RPC_FUNC_PKEY_VERIFY, pkey, hash, data, signature):
             return
 
-    def pkey_match(self, type = 0, curve = 0, flags = 0, attributes = {},
-                   length = 64, client = 0, session = 0):
+    def pkey_match(self, type = 0, curve = 0, mask = 0, flags = 0,
+                   attributes = {}, length = 64, client = 0, session = 0):
         u = UUID(int = 0)
         n = length
+        s = 0
         while n == length:
-            with self.rpc(RPC_FUNC_PKEY_MATCH, session, type, curve, flags,
-                          attributes, length, u, client = client) as r:
+            with self.rpc(RPC_FUNC_PKEY_MATCH, session, type, curve, mask, flags,
+                          attributes, s, length, u, client = client) as r:
+                s = r.unpack_uint()
                 n = r.unpack_uint()
                 for i in xrange(n):
                     u = UUID(bytes = r.unpack_bytes())
@@ -649,3 +660,15 @@ class HSM(object):
                 return dict((r.unpack_uint(), r.unpack_bytes()) for i in xrange(n))
             else:
                 return dict((r.unpack_uint(), r.unpack_uint()) for i in xrange(n))
+
+    def pkey_export(self, pkey, kekek, pkcs8_max = 2560, kek_max = 512):
+        with self.rpc(RPC_FUNC_PKEY_EXPORT, pkey, kekek, pkcs8_max, kek_max) as r:
+            pkcs8, kek = r.unpack_bytes(), r.unpack_bytes()
+            logger.debug("Exported pkey %s", pkey.uuid)
+            return pkcs8, kek
+
+    def pkey_import(self, kekek, pkcs8, kek, flags = 0, client = 0, session = 0):
+        with self.rpc(RPC_FUNC_PKEY_IMPORT, session, kekek, pkcs8, kek, flags, client = client) as r:
+            pkey = PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes()))
+            logger.debug("Imported pkey %s", pkey.uuid)
+            return pkey