diff options
Diffstat (limited to 'rpc_client.c')
-rw-r--r-- | rpc_client.c | 489 |
1 files changed, 250 insertions, 239 deletions
diff --git a/rpc_client.c b/rpc_client.c index c4ceedd..4adf247 100644 --- a/rpc_client.c +++ b/rpc_client.c @@ -101,6 +101,16 @@ static hal_error_t read_matching_packet(const rpc_func_num_t expected_func, /* * RPC calls. + * + * In reading these, it helps to know that every call takes a minimum + * of two arguments (function code and client handle, even if the + * latter is just a dummy), and that every call returns a minimum of + * three values (function code, client handle, and return status). + * This may seem a bit redundant, but There Are Reasons: + * read_matching_packet() wants to make sure the result we're getting + * is from the function we thought we called, and having the client + * handle always present in a known place vastly simplifies the task + * of the client-side MUX daemon. */ static hal_error_t get_version(uint32_t *version) @@ -292,13 +302,14 @@ static hal_error_t hash_get_digest_algorithm_id(const hal_digest_algorithm_t alg hal_client_handle_t dummy_client = {0}; hal_error_t rpc_ret; - check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_HASH_GET_DIGEST_LEN)); + check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_HASH_GET_DIGEST_ALGORITHM_ID)); check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle)); check(hal_xdr_encode_int(&optr, olimit, alg)); check(hal_xdr_encode_int(&optr, olimit, len_max)); check(hal_rpc_send(outbuf, optr - outbuf)); - check(read_matching_packet(RPC_FUNC_HASH_GET_DIGEST_LEN, inbuf, sizeof(inbuf), &iptr, &ilimit)); + check(read_matching_packet(RPC_FUNC_HASH_GET_DIGEST_ALGORITHM_ID, + inbuf, sizeof(inbuf), &iptr, &ilimit)); check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret)); if (rpc_ret == HAL_OK) { @@ -411,13 +422,14 @@ static hal_error_t pkey_remote_load(const hal_client_handle_t client, hal_pkey_handle_t *pkey, const hal_key_type_t type, const hal_curve_name_t curve, - const uint8_t * const name, const size_t name_len, + hal_uuid_t *name, const uint8_t * const der, const size_t der_len, const hal_key_flags_t flags) { - uint8_t outbuf[nargs(8) + pad(name_len) + pad(der_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); - uint8_t inbuf[nargs(4)]; + uint8_t outbuf[nargs(7) + pad(der_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t inbuf[nargs(5) + pad(sizeof(name->uuid))]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); + uint32_t name_len = sizeof(name->uuid); hal_error_t rpc_ret; check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_LOAD)); @@ -425,7 +437,6 @@ static hal_error_t pkey_remote_load(const hal_client_handle_t client, check(hal_xdr_encode_int(&optr, olimit, session.handle)); check(hal_xdr_encode_int(&optr, olimit, type)); check(hal_xdr_encode_int(&optr, olimit, curve)); - check(hal_xdr_encode_buffer(&optr, olimit, name, name_len)); check(hal_xdr_encode_buffer(&optr, olimit, der, der_len)); check(hal_xdr_encode_int(&optr, olimit, flags)); check(hal_rpc_send(outbuf, optr - outbuf)); @@ -433,35 +444,39 @@ static hal_error_t pkey_remote_load(const hal_client_handle_t client, check(read_matching_packet(RPC_FUNC_PKEY_LOAD, inbuf, sizeof(inbuf), &iptr, &ilimit)); check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret)); - if (rpc_ret == HAL_OK) + + if (rpc_ret == HAL_OK) { check(hal_xdr_decode_int(&iptr, ilimit, &pkey->handle)); + check(hal_xdr_decode_buffer(&iptr, ilimit, name->uuid, &name_len)); + if (name_len != sizeof(name->uuid)) + return HAL_ERROR_KEY_NAME_TOO_LONG; + } return rpc_ret; } -static hal_error_t pkey_remote_find(const hal_client_handle_t client, +static hal_error_t pkey_remote_open(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, - const hal_key_type_t type, - const uint8_t * const name, const size_t name_len, + const hal_uuid_t * const name, const hal_key_flags_t flags) { - uint8_t outbuf[nargs(6) + pad(name_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t outbuf[nargs(5) + pad(sizeof(name->uuid))], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); uint8_t inbuf[nargs(4)]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); hal_error_t rpc_ret; - check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_FIND)); + check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_OPEN)); check(hal_xdr_encode_int(&optr, olimit, client.handle)); check(hal_xdr_encode_int(&optr, olimit, session.handle)); - check(hal_xdr_encode_int(&optr, olimit, type)); - check(hal_xdr_encode_buffer(&optr, olimit, name, name_len)); + check(hal_xdr_encode_buffer(&optr, olimit, name->uuid, sizeof(name->uuid))); check(hal_xdr_encode_int(&optr, olimit, flags)); check(hal_rpc_send(outbuf, optr - outbuf)); - check(read_matching_packet(RPC_FUNC_PKEY_FIND, inbuf, sizeof(inbuf), &iptr, &ilimit)); + check(read_matching_packet(RPC_FUNC_PKEY_OPEN, inbuf, sizeof(inbuf), &iptr, &ilimit)); check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret)); + if (rpc_ret == HAL_OK) check(hal_xdr_decode_int(&iptr, ilimit, &pkey->handle)); @@ -471,20 +486,20 @@ static hal_error_t pkey_remote_find(const hal_client_handle_t client, static hal_error_t pkey_remote_generate_rsa(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, - const uint8_t * const name, const size_t name_len, + hal_uuid_t *name, const unsigned key_len, const uint8_t * const exp, const size_t exp_len, const hal_key_flags_t flags) { - uint8_t outbuf[nargs(7) + pad(name_len) + pad(exp_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); - uint8_t inbuf[nargs(4)]; + uint8_t outbuf[nargs(6) + pad(exp_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t inbuf[nargs(5) + pad(sizeof(name->uuid))]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); + uint32_t name_len = sizeof(name->uuid); hal_error_t rpc_ret; check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_GENERATE_RSA)); check(hal_xdr_encode_int(&optr, olimit, client.handle)); check(hal_xdr_encode_int(&optr, olimit, session.handle)); - check(hal_xdr_encode_buffer(&optr, olimit, name, name_len)); check(hal_xdr_encode_int(&optr, olimit, key_len)); check(hal_xdr_encode_buffer(&optr, olimit, exp, exp_len)); check(hal_xdr_encode_int(&optr, olimit, flags)); @@ -493,8 +508,13 @@ static hal_error_t pkey_remote_generate_rsa(const hal_client_handle_t client, check(read_matching_packet(RPC_FUNC_PKEY_GENERATE_RSA, inbuf, sizeof(inbuf), &iptr, &ilimit)); check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret)); - if (rpc_ret == HAL_OK) + + if (rpc_ret == HAL_OK) { check(hal_xdr_decode_int(&iptr, ilimit, &pkey->handle)); + check(hal_xdr_decode_buffer(&iptr, ilimit, name->uuid, &name_len)); + if (name_len != sizeof(name->uuid)) + return HAL_ERROR_KEY_NAME_TOO_LONG; + } return rpc_ret; } @@ -502,19 +522,19 @@ static hal_error_t pkey_remote_generate_rsa(const hal_client_handle_t client, static hal_error_t pkey_remote_generate_ec(const hal_client_handle_t client, const hal_session_handle_t session, hal_pkey_handle_t *pkey, - const uint8_t * const name, const size_t name_len, + hal_uuid_t *name, const hal_curve_name_t curve, const hal_key_flags_t flags) { - uint8_t outbuf[nargs(6) + pad(name_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); - uint8_t inbuf[nargs(4)]; + uint8_t outbuf[nargs(5)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t inbuf[nargs(5) + pad(sizeof(name->uuid))]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); + uint32_t name_len = sizeof(name->uuid); hal_error_t rpc_ret; check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_GENERATE_EC)); check(hal_xdr_encode_int(&optr, olimit, client.handle)); check(hal_xdr_encode_int(&optr, olimit, session.handle)); - check(hal_xdr_encode_buffer(&optr, olimit, name, name_len)); check(hal_xdr_encode_int(&optr, olimit, curve)); check(hal_xdr_encode_int(&optr, olimit, flags)); check(hal_rpc_send(outbuf, optr - outbuf)); @@ -522,8 +542,13 @@ static hal_error_t pkey_remote_generate_ec(const hal_client_handle_t client, check(read_matching_packet(RPC_FUNC_PKEY_GENERATE_EC, inbuf, sizeof(inbuf), &iptr, &ilimit)); check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret)); - if (rpc_ret == HAL_OK) + + if (rpc_ret == HAL_OK) { check(hal_xdr_decode_int(&iptr, ilimit, &pkey->handle)); + check(hal_xdr_decode_buffer(&iptr, ilimit, name->uuid, &name_len)); + if (name_len != sizeof(name->uuid)) + return HAL_ERROR_KEY_NAME_TOO_LONG; + } return rpc_ret; } @@ -566,49 +591,52 @@ static hal_error_t pkey_remote_delete(const hal_pkey_handle_t pkey) return rpc_ret; } -static hal_error_t pkey_remote_rename(const hal_pkey_handle_t pkey, - const uint8_t * const name, const size_t name_len) +static hal_error_t pkey_remote_get_key_type(const hal_pkey_handle_t pkey, + hal_key_type_t *type) { - uint8_t outbuf[nargs(4) + pad(name_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); - uint8_t inbuf[nargs(3)]; + uint8_t outbuf[nargs(3)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t inbuf[nargs(4)]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); + uint32_t type32; hal_client_handle_t dummy_client = {0}; hal_error_t rpc_ret; - check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_RENAME)); + check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_GET_KEY_TYPE)); check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle)); check(hal_xdr_encode_int(&optr, olimit, pkey.handle)); - check(hal_xdr_encode_buffer(&optr, olimit, name, name_len)); check(hal_rpc_send(outbuf, optr - outbuf)); - check(read_matching_packet(RPC_FUNC_PKEY_RENAME, inbuf, sizeof(inbuf), &iptr, &ilimit)); + check(read_matching_packet(RPC_FUNC_PKEY_GET_KEY_TYPE, inbuf, sizeof(inbuf), &iptr, &ilimit)); check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret)); + if (rpc_ret == HAL_OK) { + check(hal_xdr_decode_int(&iptr, ilimit, &type32)); + *type = (hal_key_type_t)type32; + } return rpc_ret; } - -static hal_error_t pkey_remote_get_key_type(const hal_pkey_handle_t pkey, - hal_key_type_t *type) +static hal_error_t pkey_remote_get_key_curve(const hal_pkey_handle_t pkey, + hal_curve_name_t *curve) { uint8_t outbuf[nargs(3)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); uint8_t inbuf[nargs(4)]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); - uint32_t type32; + uint32_t curve32; hal_client_handle_t dummy_client = {0}; hal_error_t rpc_ret; - check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_GET_KEY_TYPE)); + check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_GET_KEY_CURVE)); check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle)); check(hal_xdr_encode_int(&optr, olimit, pkey.handle)); check(hal_rpc_send(outbuf, optr - outbuf)); - check(read_matching_packet(RPC_FUNC_PKEY_GET_KEY_TYPE, inbuf, sizeof(inbuf), &iptr, &ilimit)); + check(read_matching_packet(RPC_FUNC_PKEY_GET_KEY_CURVE, inbuf, sizeof(inbuf), &iptr, &ilimit)); check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret)); if (rpc_ret == HAL_OK) { - check(hal_xdr_decode_int(&iptr, ilimit, &type32)); - *type = (hal_key_type_t)type32; + check(hal_xdr_decode_int(&iptr, ilimit, &curve32)); + *curve = (hal_curve_name_t)curve32; } return rpc_ret; } @@ -689,13 +717,12 @@ static hal_error_t pkey_remote_get_public_key(const hal_pkey_handle_t pkey, return rpc_ret; } -static hal_error_t pkey_remote_sign(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +static hal_error_t pkey_remote_sign(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, - const uint8_t * const input, const size_t input_len, + const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max) { - uint8_t outbuf[nargs(7) + pad(input_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t outbuf[nargs(6) + pad(input_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); uint8_t inbuf[nargs(4) + pad(signature_max)]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); uint32_t slen32 = signature_max; @@ -704,7 +731,6 @@ static hal_error_t pkey_remote_sign(const hal_session_handle_t session, check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_SIGN)); check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle)); - check(hal_xdr_encode_int(&optr, olimit, session.handle)); check(hal_xdr_encode_int(&optr, olimit, pkey.handle)); check(hal_xdr_encode_int(&optr, olimit, hash.handle)); check(hal_xdr_encode_buffer(&optr, olimit, input, input_len)); @@ -721,13 +747,12 @@ static hal_error_t pkey_remote_sign(const hal_session_handle_t session, return rpc_ret; } -static hal_error_t pkey_remote_verify(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +static hal_error_t pkey_remote_verify(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len) { - uint8_t outbuf[nargs(7) + pad(input_len) + pad(signature_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t outbuf[nargs(6) + pad(input_len) + pad(signature_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); uint8_t inbuf[nargs(3)]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); hal_client_handle_t dummy_client = {0}; @@ -735,7 +760,6 @@ static hal_error_t pkey_remote_verify(const hal_session_handle_t session, check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_VERIFY)); check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle)); - check(hal_xdr_encode_int(&optr, olimit, session.handle)); check(hal_xdr_encode_int(&optr, olimit, pkey.handle)); check(hal_xdr_encode_int(&optr, olimit, hash.handle)); check(hal_xdr_encode_buffer(&optr, olimit, input, input_len)); @@ -748,46 +772,143 @@ static hal_error_t pkey_remote_verify(const hal_session_handle_t session, return rpc_ret; } -static hal_error_t hal_xdr_decode_pkey_info(const uint8_t **iptr, const uint8_t * const ilimit, hal_pkey_info_t *info) +static hal_error_t pkey_remote_match(const hal_client_handle_t client, + const hal_session_handle_t session, + const hal_key_type_t type, + const hal_curve_name_t curve, + const hal_key_flags_t flags, + const hal_pkey_attribute_t *attributes, + const unsigned attributes_len, + hal_uuid_t *result, + unsigned *result_len, + const unsigned result_max, + const hal_uuid_t * const previous_uuid) { - uint32_t i32; + size_t attributes_buffer_len = 0; + if (attributes != NULL) + for (int i = 0; i < attributes_len; i++) + attributes_buffer_len += pad(attributes[i].length); + + uint8_t outbuf[nargs(9 + attributes_len * 2) + attributes_buffer_len + pad(sizeof(hal_uuid_t))]; + uint8_t *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t inbuf[nargs(4) + pad(result_max * sizeof(hal_uuid_t))]; + const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); + hal_error_t rpc_ret; - check(hal_xdr_decode_int(iptr, ilimit, &i32)); info->type = i32; - check(hal_xdr_decode_int(iptr, ilimit, &i32)); info->curve = i32; - check(hal_xdr_decode_int(iptr, ilimit, &i32)); info->flags = i32; - check(hal_xdr_decode_buffer(iptr, ilimit, (uint8_t *)&info->name[0], &i32)); info->name_len = i32; - return HAL_OK; + check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_MATCH)); + check(hal_xdr_encode_int(&optr, olimit, client.handle)); + check(hal_xdr_encode_int(&optr, olimit, session.handle)); + check(hal_xdr_encode_int(&optr, olimit, type)); + check(hal_xdr_encode_int(&optr, olimit, curve)); + check(hal_xdr_encode_int(&optr, olimit, flags)); + check(hal_xdr_encode_int(&optr, olimit, attributes_len)); + if (attributes != NULL) { + for (int i = 0; i < attributes_len; i++) { + check(hal_xdr_encode_int(&optr, olimit, attributes[i].type)); + check(hal_xdr_encode_buffer(&optr, olimit, attributes[i].value, attributes[i].length)); + } + } + check(hal_xdr_encode_int(&optr, olimit, result_max)); + check(hal_xdr_encode_buffer(&optr, olimit, previous_uuid->uuid, sizeof(previous_uuid->uuid))); + check(hal_rpc_send(outbuf, optr - outbuf)); + + check(read_matching_packet(RPC_FUNC_PKEY_MATCH, inbuf, sizeof(inbuf), &iptr, &ilimit)); + + check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret)); + if (rpc_ret == HAL_OK) { + uint32_t array_len; + *result_len = 0; + check(hal_xdr_decode_int(&iptr, ilimit, &array_len)); + for (int i = 0; i < array_len; ++i) { + uint32_t uuid_len = sizeof(result[i].uuid); + check(hal_xdr_decode_buffer(&iptr, ilimit, result[i].uuid, &uuid_len)); + if (uuid_len != sizeof(result[i].uuid)) + return HAL_ERROR_KEY_NAME_TOO_LONG; + } + *result_len = array_len; + } + return rpc_ret; } -static hal_error_t pkey_remote_list(hal_pkey_info_t *result, - unsigned *result_len, - const unsigned result_max, - hal_key_flags_t flags) +static hal_error_t pkey_remote_set_attributes(const hal_pkey_handle_t pkey, + const hal_pkey_attribute_t *attributes, + const unsigned attributes_len) { - uint8_t outbuf[nargs(4)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); - uint8_t inbuf[nargs(4) + pad(result_max * sizeof(hal_pkey_info_t))]; + size_t outbuf_len = nargs(4 + 2 * attributes_len); + for (int i = 0; i < attributes_len; i++) + outbuf_len += pad(attributes[i].length); + + uint8_t outbuf[outbuf_len], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t inbuf[nargs(3)]; const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); - uint32_t len; hal_client_handle_t dummy_client = {0}; - hal_error_t ret, rpc_ret; + hal_error_t rpc_ret; - check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_LIST)); + check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_SET_ATTRIBUTES)); check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle)); - check(hal_xdr_encode_int(&optr, olimit, result_max)); - check(hal_xdr_encode_int(&optr, olimit, flags)); + check(hal_xdr_encode_int(&optr, olimit, pkey.handle)); + check(hal_xdr_encode_int(&optr, olimit, attributes_len)); + for (int i = 0; i < attributes_len; i++) { + check(hal_xdr_encode_int(&optr, olimit, attributes[i].type)); + if (attributes[i].length == HAL_PKEY_ATTRIBUTE_NIL) + check(hal_xdr_encode_int(&optr, olimit, HAL_PKEY_ATTRIBUTE_NIL)); + else + check(hal_xdr_encode_buffer(&optr, olimit, attributes[i].value, attributes[i].length)); + } check(hal_rpc_send(outbuf, optr - outbuf)); - check(read_matching_packet(RPC_FUNC_PKEY_LIST, inbuf, sizeof(inbuf), &iptr, &ilimit)); + check(read_matching_packet(RPC_FUNC_PKEY_SET_ATTRIBUTES, inbuf, sizeof(inbuf), &iptr, &ilimit)); + + check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret)); + return rpc_ret; +} + +static hal_error_t pkey_remote_get_attributes(const hal_pkey_handle_t pkey, + hal_pkey_attribute_t *attributes, + const unsigned attributes_len, + uint8_t *attributes_buffer, + const size_t attributes_buffer_len) +{ + /* inbuf[] here includes one extra word per attribute for padding */ + uint8_t outbuf[nargs(5 + attributes_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t inbuf[nargs(3 + 3 * attributes_len) + attributes_buffer_len]; + const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); + hal_client_handle_t dummy_client = {0}; + hal_error_t rpc_ret; + + check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_GET_ATTRIBUTES)); + check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle)); + check(hal_xdr_encode_int(&optr, olimit, pkey.handle)); + check(hal_xdr_encode_int(&optr, olimit, attributes_len)); + for (int i = 0; i < attributes_len; i++) + check(hal_xdr_encode_int(&optr, olimit, attributes[i].type)); + check(hal_xdr_encode_int(&optr, olimit, attributes_buffer_len)); + check(hal_rpc_send(outbuf, optr - outbuf)); + + check(read_matching_packet(RPC_FUNC_PKEY_GET_ATTRIBUTES, inbuf, sizeof(inbuf), &iptr, &ilimit)); check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret)); if (rpc_ret == HAL_OK) { - int i; - check(hal_xdr_decode_int(&iptr, ilimit, &len)); - *result_len = len; - for (i = 0; i < len; ++i) { - if ((ret = hal_xdr_decode_pkey_info(&iptr, ilimit, &result[i])) != HAL_OK) { - *result_len = 0; - return ret; + uint8_t *abuf = attributes_buffer; + uint32_t u32; + check(hal_xdr_decode_int(&iptr, ilimit, &u32)); + if (u32 != attributes_len) + return HAL_ERROR_RPC_PROTOCOL_ERROR; + for (int i = 0; i < attributes_len; i++) { + check(hal_xdr_decode_int(&iptr, ilimit, &u32)); + if (u32 != attributes[i].type) + return HAL_ERROR_RPC_PROTOCOL_ERROR; + if (attributes_buffer_len == 0) { + check(hal_xdr_decode_int(&iptr, ilimit, &u32)); + attributes[i].value = NULL; + attributes[i].length = u32; + } + else { + u32 = attributes_buffer + attributes_buffer_len - abuf; + check(hal_xdr_decode_buffer(&iptr, ilimit, abuf, &u32)); + attributes[i].value = abuf; + attributes[i].length = u32; + abuf += u32; } } } @@ -795,41 +916,21 @@ static hal_error_t pkey_remote_list(hal_pkey_info_t *result, } #if RPC_CLIENT == RPC_CLIENT_MIXED + /* * "Mixed" mode pkey operations, where the public key operation itself * takes place on the HSM but the hashing takes place locally. If * we're given a hash context in this case, it's local, so we have to * pull the digest from the hash context and send that to the HSM. - * - * These methods are also responsible for dispatching pkey operations - * to the local or remote key store based on the PROXIMATE flags. - * These flags are only meaningful when operating in mixed mode. */ -static inline const hal_rpc_pkey_dispatch_t *mixed_flags_dispatch(const hal_key_flags_t flags) -{ - if ((flags & HAL_KEY_FLAG_PROXIMATE) == 0) - return &hal_rpc_remote_pkey_dispatch; - else - return &hal_rpc_local_pkey_dispatch; -} - -static inline const hal_rpc_pkey_dispatch_t *mixed_handle_dispatch(const hal_pkey_handle_t pkey) -{ - if ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0) - return &hal_rpc_remote_pkey_dispatch; - else - return &hal_rpc_local_pkey_dispatch; -} - -static hal_error_t pkey_mixed_sign(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +static hal_error_t pkey_mixed_sign(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max) { if (input != NULL) - return mixed_handle_dispatch(pkey)->sign(session, pkey, hash, input, input_len, + return hal_rpc_remote_pkey_dispatch.sign(pkey, hash, input, input_len, signature, signature_len, signature_max); hal_digest_algorithm_t alg; @@ -848,7 +949,7 @@ static hal_error_t pkey_mixed_sign(const hal_session_handle_t session, case HAL_KEY_TYPE_RSA_PRIVATE: case HAL_KEY_TYPE_RSA_PUBLIC: - if ((err = hal_rpc_pkey_pkcs1_construct_digestinfo(hash, digest, &digest_len, sizeof(digest))) != HAL_OK) + if ((err = hal_rpc_pkcs1_construct_digestinfo(hash, digest, &digest_len, sizeof(digest))) != HAL_OK) return err; break; @@ -858,18 +959,17 @@ static hal_error_t pkey_mixed_sign(const hal_session_handle_t session, } - return mixed_handle_dispatch(pkey)->sign(session, pkey, hal_hash_handle_none, digest, digest_len, + return hal_rpc_remote_pkey_dispatch.sign(pkey, hal_hash_handle_none, digest, digest_len, signature, signature_len, signature_max); } -static hal_error_t pkey_mixed_verify(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, +static hal_error_t pkey_mixed_verify(const hal_pkey_handle_t pkey, const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len) { if (input != NULL) - return mixed_handle_dispatch(pkey)->verify(session, pkey, hash, input, input_len, + return hal_rpc_remote_pkey_dispatch.verify(pkey, hash, input, input_len, signature, signature_len); hal_digest_algorithm_t alg; @@ -888,7 +988,7 @@ static hal_error_t pkey_mixed_verify(const hal_session_handle_t session, case HAL_KEY_TYPE_RSA_PRIVATE: case HAL_KEY_TYPE_RSA_PUBLIC: - if ((err = hal_rpc_pkey_pkcs1_construct_digestinfo(hash, digest, &digest_len, sizeof(digest))) != HAL_OK) + if ((err = hal_rpc_pkcs1_construct_digestinfo(hash, digest, &digest_len, sizeof(digest))) != HAL_OK) return err; break; @@ -898,103 +998,10 @@ static hal_error_t pkey_mixed_verify(const hal_session_handle_t session, } - return mixed_handle_dispatch(pkey)->verify(session, pkey, hal_hash_handle_none, + return hal_rpc_remote_pkey_dispatch.verify(pkey, hal_hash_handle_none, digest, digest_len, signature, signature_len); } -static hal_error_t pkey_mixed_load(const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_handle_t *pkey, - const hal_key_type_t type, - const hal_curve_name_t curve, - const uint8_t * const name, const size_t name_len, - const uint8_t * const der, const size_t der_len, - const hal_key_flags_t flags) -{ - return mixed_flags_dispatch(flags)->load(client, session, pkey, type, curve, - name, name_len, der, der_len, flags); -} - -static hal_error_t pkey_mixed_find(const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_handle_t *pkey, - const hal_key_type_t type, - const uint8_t * const name, const size_t name_len, - const hal_key_flags_t flags) -{ - return mixed_flags_dispatch(flags)->find(client, session, pkey, type, - name, name_len, flags); -} - -static hal_error_t pkey_mixed_generate_rsa(const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_handle_t *pkey, - const uint8_t * const name, const size_t name_len, - const unsigned key_length, - const uint8_t * const public_exponent, const size_t public_exponent_len, - const hal_key_flags_t flags) -{ - return mixed_flags_dispatch(flags)->generate_rsa(client, session, pkey, - name, name_len, key_length, - public_exponent, public_exponent_len, flags); -} - -static hal_error_t pkey_mixed_generate_ec(const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_handle_t *pkey, - const uint8_t * const name, const size_t name_len, - const hal_curve_name_t curve, - const hal_key_flags_t flags) -{ - return mixed_flags_dispatch(flags)->generate_ec(client, session, pkey, name, name_len, curve, flags); -} - -static hal_error_t pkey_mixed_close(const hal_pkey_handle_t pkey) -{ - return mixed_handle_dispatch(pkey)->close(pkey); -} - -static hal_error_t pkey_mixed_delete(const hal_pkey_handle_t pkey) -{ - return mixed_handle_dispatch(pkey)->delete(pkey); -} - -static hal_error_t pkey_mixed_rename(const hal_pkey_handle_t pkey, - const uint8_t * const name, const size_t name_len) -{ - return mixed_handle_dispatch(pkey)->rename(pkey, name, name_len); -} - -static hal_error_t pkey_mixed_get_key_type(const hal_pkey_handle_t pkey, - hal_key_type_t *key_type) -{ - return mixed_handle_dispatch(pkey)->get_key_type(pkey, key_type); -} - -static hal_error_t pkey_mixed_get_key_flags(const hal_pkey_handle_t pkey, - hal_key_flags_t *flags) -{ - return mixed_handle_dispatch(pkey)->get_key_flags(pkey, flags); -} - -static size_t pkey_mixed_get_public_key_len(const hal_pkey_handle_t pkey) -{ - return mixed_handle_dispatch(pkey)->get_public_key_len(pkey); -} - -static hal_error_t pkey_mixed_get_public_key(const hal_pkey_handle_t pkey, - uint8_t *der, size_t *der_len, const size_t der_max) -{ - return mixed_handle_dispatch(pkey)->get_public_key(pkey, der, der_len, der_max); -} - -static hal_error_t pkey_mixed_list(hal_pkey_info_t *result, - unsigned *result_len, - const unsigned result_max, - hal_key_flags_t flags) -{ - return mixed_flags_dispatch(flags)->list(result, result_len, result_max, flags); -} #endif /* RPC_CLIENT == RPC_CLIENT_MIXED */ /* @@ -1002,57 +1009,61 @@ static hal_error_t pkey_mixed_list(hal_pkey_info_t *result, */ const hal_rpc_misc_dispatch_t hal_rpc_remote_misc_dispatch = { - set_pin, - login, - logout, - logout_all, - is_logged_in, - get_random, - get_version + .set_pin = set_pin, + .login = login, + .logout = logout, + .logout_all = logout_all, + .is_logged_in = is_logged_in, + .get_random = get_random, + .get_version = get_version }; const hal_rpc_hash_dispatch_t hal_rpc_remote_hash_dispatch = { - hash_get_digest_len, - hash_get_digest_algorithm_id, - hash_get_algorithm, - hash_initialize, - hash_update, - hash_finalize + .get_digest_length = hash_get_digest_len, + .get_digest_algorithm_id = hash_get_digest_algorithm_id, + .get_algorithm = hash_get_algorithm, + .initialize = hash_initialize, + .update = hash_update, + .finalize = hash_finalize }; const hal_rpc_pkey_dispatch_t hal_rpc_remote_pkey_dispatch = { - pkey_remote_load, - pkey_remote_find, - pkey_remote_generate_rsa, - pkey_remote_generate_ec, - pkey_remote_close, - pkey_remote_delete, - pkey_remote_rename, - pkey_remote_get_key_type, - pkey_remote_get_key_flags, - pkey_remote_get_public_key_len, - pkey_remote_get_public_key, - pkey_remote_sign, - pkey_remote_verify, - pkey_remote_list + .load = pkey_remote_load, + .open = pkey_remote_open, + .generate_rsa = pkey_remote_generate_rsa, + .generate_ec = pkey_remote_generate_ec, + .close = pkey_remote_close, + .delete = pkey_remote_delete, + .get_key_type = pkey_remote_get_key_type, + .get_key_curve = pkey_remote_get_key_curve, + .get_key_flags = pkey_remote_get_key_flags, + .get_public_key_len = pkey_remote_get_public_key_len, + .get_public_key = pkey_remote_get_public_key, + .sign = pkey_remote_sign, + .verify = pkey_remote_verify, + .match = pkey_remote_match, + .set_attributes = pkey_remote_set_attributes, + .get_attributes = pkey_remote_get_attributes }; #if RPC_CLIENT == RPC_CLIENT_MIXED const hal_rpc_pkey_dispatch_t hal_rpc_mixed_pkey_dispatch = { - pkey_mixed_load, - pkey_mixed_find, - pkey_mixed_generate_rsa, - pkey_mixed_generate_ec, - pkey_mixed_close, - pkey_mixed_delete, - pkey_mixed_rename, - pkey_mixed_get_key_type, - pkey_mixed_get_key_flags, - pkey_mixed_get_public_key_len, - pkey_mixed_get_public_key, - pkey_mixed_sign, - pkey_mixed_verify, - pkey_mixed_list + .load = pkey_remote_load, + .open = pkey_remote_open, + .generate_rsa = pkey_remote_generate_rsa, + .generate_ec = pkey_remote_generate_ec, + .close = pkey_remote_close, + .delete = pkey_remote_delete, + .get_key_type = pkey_remote_get_key_type, + .get_key_curve = pkey_remote_get_key_curve, + .get_key_flags = pkey_remote_get_key_flags, + .get_public_key_len = pkey_remote_get_public_key_len, + .get_public_key = pkey_remote_get_public_key, + .sign = pkey_mixed_sign, + .verify = pkey_mixed_verify, + .match = pkey_remote_match, + .set_attributes = pkey_remote_set_attributes, + .get_attributes = pkey_remote_get_attributes }; #endif /* RPC_CLIENT == RPC_CLIENT_MIXED */ |