aboutsummaryrefslogtreecommitdiff
path: root/rpc_client.c
diff options
context:
space:
mode:
Diffstat (limited to 'rpc_client.c')
-rw-r--r--rpc_client.c489
1 files changed, 250 insertions, 239 deletions
diff --git a/rpc_client.c b/rpc_client.c
index c4ceedd..4adf247 100644
--- a/rpc_client.c
+++ b/rpc_client.c
@@ -101,6 +101,16 @@ static hal_error_t read_matching_packet(const rpc_func_num_t expected_func,
/*
* RPC calls.
+ *
+ * In reading these, it helps to know that every call takes a minimum
+ * of two arguments (function code and client handle, even if the
+ * latter is just a dummy), and that every call returns a minimum of
+ * three values (function code, client handle, and return status).
+ * This may seem a bit redundant, but There Are Reasons:
+ * read_matching_packet() wants to make sure the result we're getting
+ * is from the function we thought we called, and having the client
+ * handle always present in a known place vastly simplifies the task
+ * of the client-side MUX daemon.
*/
static hal_error_t get_version(uint32_t *version)
@@ -292,13 +302,14 @@ static hal_error_t hash_get_digest_algorithm_id(const hal_digest_algorithm_t alg
hal_client_handle_t dummy_client = {0};
hal_error_t rpc_ret;
- check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_HASH_GET_DIGEST_LEN));
+ check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_HASH_GET_DIGEST_ALGORITHM_ID));
check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
check(hal_xdr_encode_int(&optr, olimit, alg));
check(hal_xdr_encode_int(&optr, olimit, len_max));
check(hal_rpc_send(outbuf, optr - outbuf));
- check(read_matching_packet(RPC_FUNC_HASH_GET_DIGEST_LEN, inbuf, sizeof(inbuf), &iptr, &ilimit));
+ check(read_matching_packet(RPC_FUNC_HASH_GET_DIGEST_ALGORITHM_ID,
+ inbuf, sizeof(inbuf), &iptr, &ilimit));
check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret));
if (rpc_ret == HAL_OK) {
@@ -411,13 +422,14 @@ static hal_error_t pkey_remote_load(const hal_client_handle_t client,
hal_pkey_handle_t *pkey,
const hal_key_type_t type,
const hal_curve_name_t curve,
- const uint8_t * const name, const size_t name_len,
+ hal_uuid_t *name,
const uint8_t * const der, const size_t der_len,
const hal_key_flags_t flags)
{
- uint8_t outbuf[nargs(8) + pad(name_len) + pad(der_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
- uint8_t inbuf[nargs(4)];
+ uint8_t outbuf[nargs(7) + pad(der_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t inbuf[nargs(5) + pad(sizeof(name->uuid))];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
+ uint32_t name_len = sizeof(name->uuid);
hal_error_t rpc_ret;
check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_LOAD));
@@ -425,7 +437,6 @@ static hal_error_t pkey_remote_load(const hal_client_handle_t client,
check(hal_xdr_encode_int(&optr, olimit, session.handle));
check(hal_xdr_encode_int(&optr, olimit, type));
check(hal_xdr_encode_int(&optr, olimit, curve));
- check(hal_xdr_encode_buffer(&optr, olimit, name, name_len));
check(hal_xdr_encode_buffer(&optr, olimit, der, der_len));
check(hal_xdr_encode_int(&optr, olimit, flags));
check(hal_rpc_send(outbuf, optr - outbuf));
@@ -433,35 +444,39 @@ static hal_error_t pkey_remote_load(const hal_client_handle_t client,
check(read_matching_packet(RPC_FUNC_PKEY_LOAD, inbuf, sizeof(inbuf), &iptr, &ilimit));
check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret));
- if (rpc_ret == HAL_OK)
+
+ if (rpc_ret == HAL_OK) {
check(hal_xdr_decode_int(&iptr, ilimit, &pkey->handle));
+ check(hal_xdr_decode_buffer(&iptr, ilimit, name->uuid, &name_len));
+ if (name_len != sizeof(name->uuid))
+ return HAL_ERROR_KEY_NAME_TOO_LONG;
+ }
return rpc_ret;
}
-static hal_error_t pkey_remote_find(const hal_client_handle_t client,
+static hal_error_t pkey_remote_open(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
- const uint8_t * const name, const size_t name_len,
+ const hal_uuid_t * const name,
const hal_key_flags_t flags)
{
- uint8_t outbuf[nargs(6) + pad(name_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t outbuf[nargs(5) + pad(sizeof(name->uuid))], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
uint8_t inbuf[nargs(4)];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
hal_error_t rpc_ret;
- check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_FIND));
+ check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_OPEN));
check(hal_xdr_encode_int(&optr, olimit, client.handle));
check(hal_xdr_encode_int(&optr, olimit, session.handle));
- check(hal_xdr_encode_int(&optr, olimit, type));
- check(hal_xdr_encode_buffer(&optr, olimit, name, name_len));
+ check(hal_xdr_encode_buffer(&optr, olimit, name->uuid, sizeof(name->uuid)));
check(hal_xdr_encode_int(&optr, olimit, flags));
check(hal_rpc_send(outbuf, optr - outbuf));
- check(read_matching_packet(RPC_FUNC_PKEY_FIND, inbuf, sizeof(inbuf), &iptr, &ilimit));
+ check(read_matching_packet(RPC_FUNC_PKEY_OPEN, inbuf, sizeof(inbuf), &iptr, &ilimit));
check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret));
+
if (rpc_ret == HAL_OK)
check(hal_xdr_decode_int(&iptr, ilimit, &pkey->handle));
@@ -471,20 +486,20 @@ static hal_error_t pkey_remote_find(const hal_client_handle_t client,
static hal_error_t pkey_remote_generate_rsa(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const uint8_t * const name, const size_t name_len,
+ hal_uuid_t *name,
const unsigned key_len,
const uint8_t * const exp, const size_t exp_len,
const hal_key_flags_t flags)
{
- uint8_t outbuf[nargs(7) + pad(name_len) + pad(exp_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
- uint8_t inbuf[nargs(4)];
+ uint8_t outbuf[nargs(6) + pad(exp_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t inbuf[nargs(5) + pad(sizeof(name->uuid))];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
+ uint32_t name_len = sizeof(name->uuid);
hal_error_t rpc_ret;
check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_GENERATE_RSA));
check(hal_xdr_encode_int(&optr, olimit, client.handle));
check(hal_xdr_encode_int(&optr, olimit, session.handle));
- check(hal_xdr_encode_buffer(&optr, olimit, name, name_len));
check(hal_xdr_encode_int(&optr, olimit, key_len));
check(hal_xdr_encode_buffer(&optr, olimit, exp, exp_len));
check(hal_xdr_encode_int(&optr, olimit, flags));
@@ -493,8 +508,13 @@ static hal_error_t pkey_remote_generate_rsa(const hal_client_handle_t client,
check(read_matching_packet(RPC_FUNC_PKEY_GENERATE_RSA, inbuf, sizeof(inbuf), &iptr, &ilimit));
check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret));
- if (rpc_ret == HAL_OK)
+
+ if (rpc_ret == HAL_OK) {
check(hal_xdr_decode_int(&iptr, ilimit, &pkey->handle));
+ check(hal_xdr_decode_buffer(&iptr, ilimit, name->uuid, &name_len));
+ if (name_len != sizeof(name->uuid))
+ return HAL_ERROR_KEY_NAME_TOO_LONG;
+ }
return rpc_ret;
}
@@ -502,19 +522,19 @@ static hal_error_t pkey_remote_generate_rsa(const hal_client_handle_t client,
static hal_error_t pkey_remote_generate_ec(const hal_client_handle_t client,
const hal_session_handle_t session,
hal_pkey_handle_t *pkey,
- const uint8_t * const name, const size_t name_len,
+ hal_uuid_t *name,
const hal_curve_name_t curve,
const hal_key_flags_t flags)
{
- uint8_t outbuf[nargs(6) + pad(name_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
- uint8_t inbuf[nargs(4)];
+ uint8_t outbuf[nargs(5)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t inbuf[nargs(5) + pad(sizeof(name->uuid))];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
+ uint32_t name_len = sizeof(name->uuid);
hal_error_t rpc_ret;
check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_GENERATE_EC));
check(hal_xdr_encode_int(&optr, olimit, client.handle));
check(hal_xdr_encode_int(&optr, olimit, session.handle));
- check(hal_xdr_encode_buffer(&optr, olimit, name, name_len));
check(hal_xdr_encode_int(&optr, olimit, curve));
check(hal_xdr_encode_int(&optr, olimit, flags));
check(hal_rpc_send(outbuf, optr - outbuf));
@@ -522,8 +542,13 @@ static hal_error_t pkey_remote_generate_ec(const hal_client_handle_t client,
check(read_matching_packet(RPC_FUNC_PKEY_GENERATE_EC, inbuf, sizeof(inbuf), &iptr, &ilimit));
check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret));
- if (rpc_ret == HAL_OK)
+
+ if (rpc_ret == HAL_OK) {
check(hal_xdr_decode_int(&iptr, ilimit, &pkey->handle));
+ check(hal_xdr_decode_buffer(&iptr, ilimit, name->uuid, &name_len));
+ if (name_len != sizeof(name->uuid))
+ return HAL_ERROR_KEY_NAME_TOO_LONG;
+ }
return rpc_ret;
}
@@ -566,49 +591,52 @@ static hal_error_t pkey_remote_delete(const hal_pkey_handle_t pkey)
return rpc_ret;
}
-static hal_error_t pkey_remote_rename(const hal_pkey_handle_t pkey,
- const uint8_t * const name, const size_t name_len)
+static hal_error_t pkey_remote_get_key_type(const hal_pkey_handle_t pkey,
+ hal_key_type_t *type)
{
- uint8_t outbuf[nargs(4) + pad(name_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
- uint8_t inbuf[nargs(3)];
+ uint8_t outbuf[nargs(3)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t inbuf[nargs(4)];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
+ uint32_t type32;
hal_client_handle_t dummy_client = {0};
hal_error_t rpc_ret;
- check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_RENAME));
+ check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_GET_KEY_TYPE));
check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
check(hal_xdr_encode_int(&optr, olimit, pkey.handle));
- check(hal_xdr_encode_buffer(&optr, olimit, name, name_len));
check(hal_rpc_send(outbuf, optr - outbuf));
- check(read_matching_packet(RPC_FUNC_PKEY_RENAME, inbuf, sizeof(inbuf), &iptr, &ilimit));
+ check(read_matching_packet(RPC_FUNC_PKEY_GET_KEY_TYPE, inbuf, sizeof(inbuf), &iptr, &ilimit));
check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret));
+ if (rpc_ret == HAL_OK) {
+ check(hal_xdr_decode_int(&iptr, ilimit, &type32));
+ *type = (hal_key_type_t)type32;
+ }
return rpc_ret;
}
-
-static hal_error_t pkey_remote_get_key_type(const hal_pkey_handle_t pkey,
- hal_key_type_t *type)
+static hal_error_t pkey_remote_get_key_curve(const hal_pkey_handle_t pkey,
+ hal_curve_name_t *curve)
{
uint8_t outbuf[nargs(3)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
uint8_t inbuf[nargs(4)];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
- uint32_t type32;
+ uint32_t curve32;
hal_client_handle_t dummy_client = {0};
hal_error_t rpc_ret;
- check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_GET_KEY_TYPE));
+ check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_GET_KEY_CURVE));
check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
check(hal_xdr_encode_int(&optr, olimit, pkey.handle));
check(hal_rpc_send(outbuf, optr - outbuf));
- check(read_matching_packet(RPC_FUNC_PKEY_GET_KEY_TYPE, inbuf, sizeof(inbuf), &iptr, &ilimit));
+ check(read_matching_packet(RPC_FUNC_PKEY_GET_KEY_CURVE, inbuf, sizeof(inbuf), &iptr, &ilimit));
check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret));
if (rpc_ret == HAL_OK) {
- check(hal_xdr_decode_int(&iptr, ilimit, &type32));
- *type = (hal_key_type_t)type32;
+ check(hal_xdr_decode_int(&iptr, ilimit, &curve32));
+ *curve = (hal_curve_name_t)curve32;
}
return rpc_ret;
}
@@ -689,13 +717,12 @@ static hal_error_t pkey_remote_get_public_key(const hal_pkey_handle_t pkey,
return rpc_ret;
}
-static hal_error_t pkey_remote_sign(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+static hal_error_t pkey_remote_sign(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
- const uint8_t * const input, const size_t input_len,
+ const uint8_t * const input, const size_t input_len,
uint8_t * signature, size_t *signature_len, const size_t signature_max)
{
- uint8_t outbuf[nargs(7) + pad(input_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t outbuf[nargs(6) + pad(input_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
uint8_t inbuf[nargs(4) + pad(signature_max)];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
uint32_t slen32 = signature_max;
@@ -704,7 +731,6 @@ static hal_error_t pkey_remote_sign(const hal_session_handle_t session,
check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_SIGN));
check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
- check(hal_xdr_encode_int(&optr, olimit, session.handle));
check(hal_xdr_encode_int(&optr, olimit, pkey.handle));
check(hal_xdr_encode_int(&optr, olimit, hash.handle));
check(hal_xdr_encode_buffer(&optr, olimit, input, input_len));
@@ -721,13 +747,12 @@ static hal_error_t pkey_remote_sign(const hal_session_handle_t session,
return rpc_ret;
}
-static hal_error_t pkey_remote_verify(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+static hal_error_t pkey_remote_verify(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
const uint8_t * const signature, const size_t signature_len)
{
- uint8_t outbuf[nargs(7) + pad(input_len) + pad(signature_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t outbuf[nargs(6) + pad(input_len) + pad(signature_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
uint8_t inbuf[nargs(3)];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
hal_client_handle_t dummy_client = {0};
@@ -735,7 +760,6 @@ static hal_error_t pkey_remote_verify(const hal_session_handle_t session,
check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_VERIFY));
check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
- check(hal_xdr_encode_int(&optr, olimit, session.handle));
check(hal_xdr_encode_int(&optr, olimit, pkey.handle));
check(hal_xdr_encode_int(&optr, olimit, hash.handle));
check(hal_xdr_encode_buffer(&optr, olimit, input, input_len));
@@ -748,46 +772,143 @@ static hal_error_t pkey_remote_verify(const hal_session_handle_t session,
return rpc_ret;
}
-static hal_error_t hal_xdr_decode_pkey_info(const uint8_t **iptr, const uint8_t * const ilimit, hal_pkey_info_t *info)
+static hal_error_t pkey_remote_match(const hal_client_handle_t client,
+ const hal_session_handle_t session,
+ const hal_key_type_t type,
+ const hal_curve_name_t curve,
+ const hal_key_flags_t flags,
+ const hal_pkey_attribute_t *attributes,
+ const unsigned attributes_len,
+ hal_uuid_t *result,
+ unsigned *result_len,
+ const unsigned result_max,
+ const hal_uuid_t * const previous_uuid)
{
- uint32_t i32;
+ size_t attributes_buffer_len = 0;
+ if (attributes != NULL)
+ for (int i = 0; i < attributes_len; i++)
+ attributes_buffer_len += pad(attributes[i].length);
+
+ uint8_t outbuf[nargs(9 + attributes_len * 2) + attributes_buffer_len + pad(sizeof(hal_uuid_t))];
+ uint8_t *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t inbuf[nargs(4) + pad(result_max * sizeof(hal_uuid_t))];
+ const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
+ hal_error_t rpc_ret;
- check(hal_xdr_decode_int(iptr, ilimit, &i32)); info->type = i32;
- check(hal_xdr_decode_int(iptr, ilimit, &i32)); info->curve = i32;
- check(hal_xdr_decode_int(iptr, ilimit, &i32)); info->flags = i32;
- check(hal_xdr_decode_buffer(iptr, ilimit, (uint8_t *)&info->name[0], &i32)); info->name_len = i32;
- return HAL_OK;
+ check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_MATCH));
+ check(hal_xdr_encode_int(&optr, olimit, client.handle));
+ check(hal_xdr_encode_int(&optr, olimit, session.handle));
+ check(hal_xdr_encode_int(&optr, olimit, type));
+ check(hal_xdr_encode_int(&optr, olimit, curve));
+ check(hal_xdr_encode_int(&optr, olimit, flags));
+ check(hal_xdr_encode_int(&optr, olimit, attributes_len));
+ if (attributes != NULL) {
+ for (int i = 0; i < attributes_len; i++) {
+ check(hal_xdr_encode_int(&optr, olimit, attributes[i].type));
+ check(hal_xdr_encode_buffer(&optr, olimit, attributes[i].value, attributes[i].length));
+ }
+ }
+ check(hal_xdr_encode_int(&optr, olimit, result_max));
+ check(hal_xdr_encode_buffer(&optr, olimit, previous_uuid->uuid, sizeof(previous_uuid->uuid)));
+ check(hal_rpc_send(outbuf, optr - outbuf));
+
+ check(read_matching_packet(RPC_FUNC_PKEY_MATCH, inbuf, sizeof(inbuf), &iptr, &ilimit));
+
+ check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret));
+ if (rpc_ret == HAL_OK) {
+ uint32_t array_len;
+ *result_len = 0;
+ check(hal_xdr_decode_int(&iptr, ilimit, &array_len));
+ for (int i = 0; i < array_len; ++i) {
+ uint32_t uuid_len = sizeof(result[i].uuid);
+ check(hal_xdr_decode_buffer(&iptr, ilimit, result[i].uuid, &uuid_len));
+ if (uuid_len != sizeof(result[i].uuid))
+ return HAL_ERROR_KEY_NAME_TOO_LONG;
+ }
+ *result_len = array_len;
+ }
+ return rpc_ret;
}
-static hal_error_t pkey_remote_list(hal_pkey_info_t *result,
- unsigned *result_len,
- const unsigned result_max,
- hal_key_flags_t flags)
+static hal_error_t pkey_remote_set_attributes(const hal_pkey_handle_t pkey,
+ const hal_pkey_attribute_t *attributes,
+ const unsigned attributes_len)
{
- uint8_t outbuf[nargs(4)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
- uint8_t inbuf[nargs(4) + pad(result_max * sizeof(hal_pkey_info_t))];
+ size_t outbuf_len = nargs(4 + 2 * attributes_len);
+ for (int i = 0; i < attributes_len; i++)
+ outbuf_len += pad(attributes[i].length);
+
+ uint8_t outbuf[outbuf_len], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t inbuf[nargs(3)];
const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
- uint32_t len;
hal_client_handle_t dummy_client = {0};
- hal_error_t ret, rpc_ret;
+ hal_error_t rpc_ret;
- check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_LIST));
+ check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_SET_ATTRIBUTES));
check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
- check(hal_xdr_encode_int(&optr, olimit, result_max));
- check(hal_xdr_encode_int(&optr, olimit, flags));
+ check(hal_xdr_encode_int(&optr, olimit, pkey.handle));
+ check(hal_xdr_encode_int(&optr, olimit, attributes_len));
+ for (int i = 0; i < attributes_len; i++) {
+ check(hal_xdr_encode_int(&optr, olimit, attributes[i].type));
+ if (attributes[i].length == HAL_PKEY_ATTRIBUTE_NIL)
+ check(hal_xdr_encode_int(&optr, olimit, HAL_PKEY_ATTRIBUTE_NIL));
+ else
+ check(hal_xdr_encode_buffer(&optr, olimit, attributes[i].value, attributes[i].length));
+ }
check(hal_rpc_send(outbuf, optr - outbuf));
- check(read_matching_packet(RPC_FUNC_PKEY_LIST, inbuf, sizeof(inbuf), &iptr, &ilimit));
+ check(read_matching_packet(RPC_FUNC_PKEY_SET_ATTRIBUTES, inbuf, sizeof(inbuf), &iptr, &ilimit));
+
+ check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret));
+ return rpc_ret;
+}
+
+static hal_error_t pkey_remote_get_attributes(const hal_pkey_handle_t pkey,
+ hal_pkey_attribute_t *attributes,
+ const unsigned attributes_len,
+ uint8_t *attributes_buffer,
+ const size_t attributes_buffer_len)
+{
+ /* inbuf[] here includes one extra word per attribute for padding */
+ uint8_t outbuf[nargs(5 + attributes_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+ uint8_t inbuf[nargs(3 + 3 * attributes_len) + attributes_buffer_len];
+ const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
+ hal_client_handle_t dummy_client = {0};
+ hal_error_t rpc_ret;
+
+ check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_GET_ATTRIBUTES));
+ check(hal_xdr_encode_int(&optr, olimit, dummy_client.handle));
+ check(hal_xdr_encode_int(&optr, olimit, pkey.handle));
+ check(hal_xdr_encode_int(&optr, olimit, attributes_len));
+ for (int i = 0; i < attributes_len; i++)
+ check(hal_xdr_encode_int(&optr, olimit, attributes[i].type));
+ check(hal_xdr_encode_int(&optr, olimit, attributes_buffer_len));
+ check(hal_rpc_send(outbuf, optr - outbuf));
+
+ check(read_matching_packet(RPC_FUNC_PKEY_GET_ATTRIBUTES, inbuf, sizeof(inbuf), &iptr, &ilimit));
check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret));
if (rpc_ret == HAL_OK) {
- int i;
- check(hal_xdr_decode_int(&iptr, ilimit, &len));
- *result_len = len;
- for (i = 0; i < len; ++i) {
- if ((ret = hal_xdr_decode_pkey_info(&iptr, ilimit, &result[i])) != HAL_OK) {
- *result_len = 0;
- return ret;
+ uint8_t *abuf = attributes_buffer;
+ uint32_t u32;
+ check(hal_xdr_decode_int(&iptr, ilimit, &u32));
+ if (u32 != attributes_len)
+ return HAL_ERROR_RPC_PROTOCOL_ERROR;
+ for (int i = 0; i < attributes_len; i++) {
+ check(hal_xdr_decode_int(&iptr, ilimit, &u32));
+ if (u32 != attributes[i].type)
+ return HAL_ERROR_RPC_PROTOCOL_ERROR;
+ if (attributes_buffer_len == 0) {
+ check(hal_xdr_decode_int(&iptr, ilimit, &u32));
+ attributes[i].value = NULL;
+ attributes[i].length = u32;
+ }
+ else {
+ u32 = attributes_buffer + attributes_buffer_len - abuf;
+ check(hal_xdr_decode_buffer(&iptr, ilimit, abuf, &u32));
+ attributes[i].value = abuf;
+ attributes[i].length = u32;
+ abuf += u32;
}
}
}
@@ -795,41 +916,21 @@ static hal_error_t pkey_remote_list(hal_pkey_info_t *result,
}
#if RPC_CLIENT == RPC_CLIENT_MIXED
+
/*
* "Mixed" mode pkey operations, where the public key operation itself
* takes place on the HSM but the hashing takes place locally. If
* we're given a hash context in this case, it's local, so we have to
* pull the digest from the hash context and send that to the HSM.
- *
- * These methods are also responsible for dispatching pkey operations
- * to the local or remote key store based on the PROXIMATE flags.
- * These flags are only meaningful when operating in mixed mode.
*/
-static inline const hal_rpc_pkey_dispatch_t *mixed_flags_dispatch(const hal_key_flags_t flags)
-{
- if ((flags & HAL_KEY_FLAG_PROXIMATE) == 0)
- return &hal_rpc_remote_pkey_dispatch;
- else
- return &hal_rpc_local_pkey_dispatch;
-}
-
-static inline const hal_rpc_pkey_dispatch_t *mixed_handle_dispatch(const hal_pkey_handle_t pkey)
-{
- if ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0)
- return &hal_rpc_remote_pkey_dispatch;
- else
- return &hal_rpc_local_pkey_dispatch;
-}
-
-static hal_error_t pkey_mixed_sign(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+static hal_error_t pkey_mixed_sign(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
uint8_t * signature, size_t *signature_len, const size_t signature_max)
{
if (input != NULL)
- return mixed_handle_dispatch(pkey)->sign(session, pkey, hash, input, input_len,
+ return hal_rpc_remote_pkey_dispatch.sign(pkey, hash, input, input_len,
signature, signature_len, signature_max);
hal_digest_algorithm_t alg;
@@ -848,7 +949,7 @@ static hal_error_t pkey_mixed_sign(const hal_session_handle_t session,
case HAL_KEY_TYPE_RSA_PRIVATE:
case HAL_KEY_TYPE_RSA_PUBLIC:
- if ((err = hal_rpc_pkey_pkcs1_construct_digestinfo(hash, digest, &digest_len, sizeof(digest))) != HAL_OK)
+ if ((err = hal_rpc_pkcs1_construct_digestinfo(hash, digest, &digest_len, sizeof(digest))) != HAL_OK)
return err;
break;
@@ -858,18 +959,17 @@ static hal_error_t pkey_mixed_sign(const hal_session_handle_t session,
}
- return mixed_handle_dispatch(pkey)->sign(session, pkey, hal_hash_handle_none, digest, digest_len,
+ return hal_rpc_remote_pkey_dispatch.sign(pkey, hal_hash_handle_none, digest, digest_len,
signature, signature_len, signature_max);
}
-static hal_error_t pkey_mixed_verify(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
+static hal_error_t pkey_mixed_verify(const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
const uint8_t * const signature, const size_t signature_len)
{
if (input != NULL)
- return mixed_handle_dispatch(pkey)->verify(session, pkey, hash, input, input_len,
+ return hal_rpc_remote_pkey_dispatch.verify(pkey, hash, input, input_len,
signature, signature_len);
hal_digest_algorithm_t alg;
@@ -888,7 +988,7 @@ static hal_error_t pkey_mixed_verify(const hal_session_handle_t session,
case HAL_KEY_TYPE_RSA_PRIVATE:
case HAL_KEY_TYPE_RSA_PUBLIC:
- if ((err = hal_rpc_pkey_pkcs1_construct_digestinfo(hash, digest, &digest_len, sizeof(digest))) != HAL_OK)
+ if ((err = hal_rpc_pkcs1_construct_digestinfo(hash, digest, &digest_len, sizeof(digest))) != HAL_OK)
return err;
break;
@@ -898,103 +998,10 @@ static hal_error_t pkey_mixed_verify(const hal_session_handle_t session,
}
- return mixed_handle_dispatch(pkey)->verify(session, pkey, hal_hash_handle_none,
+ return hal_rpc_remote_pkey_dispatch.verify(pkey, hal_hash_handle_none,
digest, digest_len, signature, signature_len);
}
-static hal_error_t pkey_mixed_load(const hal_client_handle_t client,
- const hal_session_handle_t session,
- hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
- const hal_curve_name_t curve,
- const uint8_t * const name, const size_t name_len,
- const uint8_t * const der, const size_t der_len,
- const hal_key_flags_t flags)
-{
- return mixed_flags_dispatch(flags)->load(client, session, pkey, type, curve,
- name, name_len, der, der_len, flags);
-}
-
-static hal_error_t pkey_mixed_find(const hal_client_handle_t client,
- const hal_session_handle_t session,
- hal_pkey_handle_t *pkey,
- const hal_key_type_t type,
- const uint8_t * const name, const size_t name_len,
- const hal_key_flags_t flags)
-{
- return mixed_flags_dispatch(flags)->find(client, session, pkey, type,
- name, name_len, flags);
-}
-
-static hal_error_t pkey_mixed_generate_rsa(const hal_client_handle_t client,
- const hal_session_handle_t session,
- hal_pkey_handle_t *pkey,
- const uint8_t * const name, const size_t name_len,
- const unsigned key_length,
- const uint8_t * const public_exponent, const size_t public_exponent_len,
- const hal_key_flags_t flags)
-{
- return mixed_flags_dispatch(flags)->generate_rsa(client, session, pkey,
- name, name_len, key_length,
- public_exponent, public_exponent_len, flags);
-}
-
-static hal_error_t pkey_mixed_generate_ec(const hal_client_handle_t client,
- const hal_session_handle_t session,
- hal_pkey_handle_t *pkey,
- const uint8_t * const name, const size_t name_len,
- const hal_curve_name_t curve,
- const hal_key_flags_t flags)
-{
- return mixed_flags_dispatch(flags)->generate_ec(client, session, pkey, name, name_len, curve, flags);
-}
-
-static hal_error_t pkey_mixed_close(const hal_pkey_handle_t pkey)
-{
- return mixed_handle_dispatch(pkey)->close(pkey);
-}
-
-static hal_error_t pkey_mixed_delete(const hal_pkey_handle_t pkey)
-{
- return mixed_handle_dispatch(pkey)->delete(pkey);
-}
-
-static hal_error_t pkey_mixed_rename(const hal_pkey_handle_t pkey,
- const uint8_t * const name, const size_t name_len)
-{
- return mixed_handle_dispatch(pkey)->rename(pkey, name, name_len);
-}
-
-static hal_error_t pkey_mixed_get_key_type(const hal_pkey_handle_t pkey,
- hal_key_type_t *key_type)
-{
- return mixed_handle_dispatch(pkey)->get_key_type(pkey, key_type);
-}
-
-static hal_error_t pkey_mixed_get_key_flags(const hal_pkey_handle_t pkey,
- hal_key_flags_t *flags)
-{
- return mixed_handle_dispatch(pkey)->get_key_flags(pkey, flags);
-}
-
-static size_t pkey_mixed_get_public_key_len(const hal_pkey_handle_t pkey)
-{
- return mixed_handle_dispatch(pkey)->get_public_key_len(pkey);
-}
-
-static hal_error_t pkey_mixed_get_public_key(const hal_pkey_handle_t pkey,
- uint8_t *der, size_t *der_len, const size_t der_max)
-{
- return mixed_handle_dispatch(pkey)->get_public_key(pkey, der, der_len, der_max);
-}
-
-static hal_error_t pkey_mixed_list(hal_pkey_info_t *result,
- unsigned *result_len,
- const unsigned result_max,
- hal_key_flags_t flags)
-{
- return mixed_flags_dispatch(flags)->list(result, result_len, result_max, flags);
-}
#endif /* RPC_CLIENT == RPC_CLIENT_MIXED */
/*
@@ -1002,57 +1009,61 @@ static hal_error_t pkey_mixed_list(hal_pkey_info_t *result,
*/
const hal_rpc_misc_dispatch_t hal_rpc_remote_misc_dispatch = {
- set_pin,
- login,
- logout,
- logout_all,
- is_logged_in,
- get_random,
- get_version
+ .set_pin = set_pin,
+ .login = login,
+ .logout = logout,
+ .logout_all = logout_all,
+ .is_logged_in = is_logged_in,
+ .get_random = get_random,
+ .get_version = get_version
};
const hal_rpc_hash_dispatch_t hal_rpc_remote_hash_dispatch = {
- hash_get_digest_len,
- hash_get_digest_algorithm_id,
- hash_get_algorithm,
- hash_initialize,
- hash_update,
- hash_finalize
+ .get_digest_length = hash_get_digest_len,
+ .get_digest_algorithm_id = hash_get_digest_algorithm_id,
+ .get_algorithm = hash_get_algorithm,
+ .initialize = hash_initialize,
+ .update = hash_update,
+ .finalize = hash_finalize
};
const hal_rpc_pkey_dispatch_t hal_rpc_remote_pkey_dispatch = {
- pkey_remote_load,
- pkey_remote_find,
- pkey_remote_generate_rsa,
- pkey_remote_generate_ec,
- pkey_remote_close,
- pkey_remote_delete,
- pkey_remote_rename,
- pkey_remote_get_key_type,
- pkey_remote_get_key_flags,
- pkey_remote_get_public_key_len,
- pkey_remote_get_public_key,
- pkey_remote_sign,
- pkey_remote_verify,
- pkey_remote_list
+ .load = pkey_remote_load,
+ .open = pkey_remote_open,
+ .generate_rsa = pkey_remote_generate_rsa,
+ .generate_ec = pkey_remote_generate_ec,
+ .close = pkey_remote_close,
+ .delete = pkey_remote_delete,
+ .get_key_type = pkey_remote_get_key_type,
+ .get_key_curve = pkey_remote_get_key_curve,
+ .get_key_flags = pkey_remote_get_key_flags,
+ .get_public_key_len = pkey_remote_get_public_key_len,
+ .get_public_key = pkey_remote_get_public_key,
+ .sign = pkey_remote_sign,
+ .verify = pkey_remote_verify,
+ .match = pkey_remote_match,
+ .set_attributes = pkey_remote_set_attributes,
+ .get_attributes = pkey_remote_get_attributes
};
#if RPC_CLIENT == RPC_CLIENT_MIXED
const hal_rpc_pkey_dispatch_t hal_rpc_mixed_pkey_dispatch = {
- pkey_mixed_load,
- pkey_mixed_find,
- pkey_mixed_generate_rsa,
- pkey_mixed_generate_ec,
- pkey_mixed_close,
- pkey_mixed_delete,
- pkey_mixed_rename,
- pkey_mixed_get_key_type,
- pkey_mixed_get_key_flags,
- pkey_mixed_get_public_key_len,
- pkey_mixed_get_public_key,
- pkey_mixed_sign,
- pkey_mixed_verify,
- pkey_mixed_list
+ .load = pkey_remote_load,
+ .open = pkey_remote_open,
+ .generate_rsa = pkey_remote_generate_rsa,
+ .generate_ec = pkey_remote_generate_ec,
+ .close = pkey_remote_close,
+ .delete = pkey_remote_delete,
+ .get_key_type = pkey_remote_get_key_type,
+ .get_key_curve = pkey_remote_get_key_curve,
+ .get_key_flags = pkey_remote_get_key_flags,
+ .get_public_key_len = pkey_remote_get_public_key_len,
+ .get_public_key = pkey_remote_get_public_key,
+ .sign = pkey_mixed_sign,
+ .verify = pkey_mixed_verify,
+ .match = pkey_remote_match,
+ .set_attributes = pkey_remote_set_attributes,
+ .get_attributes = pkey_remote_get_attributes
};
#endif /* RPC_CLIENT == RPC_CLIENT_MIXED */