From 0690aa3d48966a4b151a468fd3a0a65bb99de439 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 15 May 2016 20:49:18 -0400 Subject: Add hal_rpc_pkey_rename(); allow null string as (temporary) key name. Temporary nature of null string as key name is not enforced by the keystore code, it's just a convention to allow callers to generate a keypair, obtain the public key, hash that to a Subject Key Identifier (SKI), and rename the key using the SKI as the new name. This is a compromise to let us use SKI-based key names in PKCS #11 while keeping the keystore code simple. --- hal.h | 6 +- hal_internal.h | 9 +++ ks.c | 47 +++++++++++-- rpc_api.c | 28 ++++++-- rpc_client.c | 29 +++++++++ rpc_pkey.c | 203 ++++++++++++++++++++++++++++++++------------------------- rpc_server.c | 19 ++++++ 7 files changed, 239 insertions(+), 102 deletions(-) diff --git a/hal.h b/hal.h index 6fbfb9f..ee97e8a 100644 --- a/hal.h +++ b/hal.h @@ -129,6 +129,7 @@ DEFINE_HAL_ERROR(HAL_ERROR_RPC_TRANSPORT, "RPC transport error") \ DEFINE_HAL_ERROR(HAL_ERROR_RPC_PACKET_OVERFLOW, "RPC packet overflow") \ DEFINE_HAL_ERROR(HAL_ERROR_RPC_BAD_FUNCTION, "Bad RPC function number") \ + DEFINE_HAL_ERROR(HAL_ERROR_KEY_NAME_TOO_LONG, "Key name too long") \ END_OF_HAL_ERROR_LIST /* Marker to forestall silly line continuation errors */ @@ -350,7 +351,7 @@ extern hal_error_t hal_modexp(const hal_core_t *core, */ typedef enum { - HAL_KEY_TYPE_NONE, + HAL_KEY_TYPE_NONE = 0, HAL_KEY_TYPE_RSA_PRIVATE, HAL_KEY_TYPE_RSA_PUBLIC, HAL_KEY_TYPE_EC_PRIVATE, @@ -685,6 +686,9 @@ extern hal_error_t hal_rpc_pkey_close(const hal_pkey_handle_t pkey); extern hal_error_t hal_rpc_pkey_delete(const hal_pkey_handle_t pkey); +extern hal_error_t hal_rpc_pkey_rename(const hal_pkey_handle_t pkey, + const uint8_t * const name, const size_t name_len); + extern hal_error_t hal_rpc_pkey_get_key_type(const hal_pkey_handle_t pkey, hal_key_type_t *type); diff --git a/hal_internal.h b/hal_internal.h index c460ed8..4b572eb 100644 --- a/hal_internal.h +++ b/hal_internal.h @@ -178,6 +178,9 @@ typedef struct { hal_error_t (*delete)(const hal_pkey_handle_t pkey); + hal_error_t (*rename)(const hal_pkey_handle_t pkey, + const uint8_t * const name, const size_t name_len); + hal_error_t (*get_key_type)(const hal_pkey_handle_t pkey, hal_key_type_t *key_type); @@ -337,6 +340,11 @@ extern hal_error_t hal_ks_delete(const hal_key_type_t type, const uint8_t * const name, const size_t name_len, int *hint); +extern hal_error_t hal_ks_rename(const hal_key_type_t type, + const uint8_t * const old_name, const size_t old_name_len, + const uint8_t * const new_name, const size_t new_name_len, + int *hint); + extern hal_error_t hal_ks_list(hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max); @@ -396,6 +404,7 @@ typedef enum { RPC_FUNC_PKEY_REMOTE_SIGN, RPC_FUNC_PKEY_REMOTE_VERIFY, RPC_FUNC_PKEY_LIST, + RPC_FUNC_PKEY_RENAME, } rpc_func_num_t; #define RPC_VERSION 0x00010000 /* 0.1.0.0 */ diff --git a/ks.c b/ks.c index 33d3e47..758162b 100644 --- a/ks.c +++ b/ks.c @@ -61,11 +61,11 @@ hal_error_t hal_ks_store(const hal_key_type_t type, const uint8_t * const der, const size_t der_len, int *hint) { - if (name == NULL || name_len == 0 || der == NULL || der_len == 0 || !acceptable_key_type(type)) + if (name == NULL || der == NULL || der_len == 0 || !acceptable_key_type(type)) return HAL_ERROR_BAD_ARGUMENTS; if (name_len > HAL_RPC_PKEY_NAME_MAX) - return HAL_ERROR_RESULT_TOO_LONG; + return HAL_ERROR_KEY_NAME_TOO_LONG; const hal_ks_keydb_t * const db = hal_ks_get_keydb(); hal_error_t err; @@ -124,7 +124,7 @@ static int find(const hal_ks_keydb_t * const db, const uint8_t * const name, const size_t name_len, int *hint) { - assert(db != NULL && name != NULL && name_len > 0 && acceptable_key_type(type)); + assert(db != NULL && name != NULL && acceptable_key_type(type)); if (hint != NULL && *hint >= 0 && *hint < sizeof(db->keys)/sizeof(*db->keys) && db->keys[*hint].in_use && @@ -150,7 +150,7 @@ hal_error_t hal_ks_exists(const hal_key_type_t type, const uint8_t * const name, const size_t name_len, int *hint) { - if (name == NULL || name_len == 0 || !acceptable_key_type(type)) + if (name == NULL || !acceptable_key_type(type)) return HAL_ERROR_BAD_ARGUMENTS; const hal_ks_keydb_t * const db = hal_ks_get_keydb(); @@ -171,7 +171,7 @@ hal_error_t hal_ks_fetch(const hal_key_type_t type, uint8_t *der, size_t *der_len, const size_t der_max, int *hint) { - if (name == NULL || name_len == 0 || !acceptable_key_type(type)) + if (name == NULL || !acceptable_key_type(type)) return HAL_ERROR_BAD_ARGUMENTS; const hal_ks_keydb_t * const db = hal_ks_get_keydb(); @@ -223,7 +223,7 @@ hal_error_t hal_ks_delete(const hal_key_type_t type, const uint8_t * const name, const size_t name_len, int *hint) { - if (name == NULL || name_len == 0 || !acceptable_key_type(type)) + if (name == NULL || !acceptable_key_type(type)) return HAL_ERROR_BAD_ARGUMENTS; const hal_ks_keydb_t * const db = hal_ks_get_keydb(); @@ -241,6 +241,41 @@ hal_error_t hal_ks_delete(const hal_key_type_t type, return hal_ks_del_keydb(*hint); } +hal_error_t hal_ks_rename(const hal_key_type_t type, + const uint8_t * const old_name, const size_t old_name_len, + const uint8_t * const new_name, const size_t new_name_len, + int *hint) +{ + if (old_name == NULL || new_name == NULL || !acceptable_key_type(type)) + return HAL_ERROR_BAD_ARGUMENTS; + + if (new_name_len > HAL_RPC_PKEY_NAME_MAX) + return HAL_ERROR_KEY_NAME_TOO_LONG; + + const hal_ks_keydb_t * const db = hal_ks_get_keydb(); + int hint_ = -1; + + if (db == NULL) + return HAL_ERROR_KEYSTORE_ACCESS; + + if (find(db, type, new_name, new_name_len, NULL)) + return HAL_ERROR_KEY_NAME_IN_USE; + + if (hint == NULL) + hint = &hint_; + + if (!find(db, type, old_name, old_name_len, hint)) + return HAL_ERROR_KEY_NOT_FOUND; + + hal_ks_key_t k = db->keys[*hint]; + + assert(new_name_len <= sizeof(k.name)); + memcpy(k.name, new_name, new_name_len); + k.name_len = new_name_len; + + return hal_ks_set_keydb(&k, *hint); +} + hal_error_t hal_ks_list(hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max) diff --git a/rpc_api.c b/rpc_api.c index 8010f54..5bab506 100644 --- a/rpc_api.c +++ b/rpc_api.c @@ -199,11 +199,11 @@ hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client, const uint8_t * const der, const size_t der_len, const hal_key_flags_t flags) { - if (pkey == NULL || - name == NULL || name_len == 0 || - der == NULL || der_len == 0 || + if (pkey == NULL || name == NULL || der == NULL || der_len == 0 || !check_pkey_type_curve_flags(type, curve, flags)) return HAL_ERROR_BAD_ARGUMENTS; + if (name_len > HAL_RPC_PKEY_NAME_MAX) + return HAL_ERROR_KEY_NAME_TOO_LONG; return hal_rpc_pkey_dispatch->load(client, session, pkey, type, curve, name, name_len, der, der_len, flags); } @@ -214,8 +214,10 @@ hal_error_t hal_rpc_pkey_find(const hal_client_handle_t client, const uint8_t * const name, const size_t name_len, const hal_key_flags_t flags) { - if (pkey == NULL || name == NULL || name_len == 0 || !check_pkey_type(type)) + if (pkey == NULL || name == NULL || !check_pkey_type(type)) return HAL_ERROR_BAD_ARGUMENTS; + if (name_len > HAL_RPC_PKEY_NAME_MAX) + return HAL_ERROR_KEY_NAME_TOO_LONG; return hal_rpc_pkey_dispatch->find(client, session, pkey, type, name, name_len, flags); } @@ -227,9 +229,11 @@ hal_error_t hal_rpc_pkey_generate_rsa(const hal_client_handle_t client, const uint8_t * const exp, const size_t exp_len, const hal_key_flags_t flags) { - if (pkey == NULL || name == NULL || name_len == 0 || key_len == 0 || (key_len & 7) != 0 || + if (pkey == NULL || name == NULL || key_len == 0 || (key_len & 7) != 0 || exp == NULL || exp_len == 0 || !check_pkey_flags(flags)) return HAL_ERROR_BAD_ARGUMENTS; + if (name_len > HAL_RPC_PKEY_NAME_MAX) + return HAL_ERROR_KEY_NAME_TOO_LONG; return hal_rpc_pkey_dispatch->generate_rsa(client, session, pkey, name, name_len, key_len, exp, exp_len, flags); } @@ -240,9 +244,11 @@ hal_error_t hal_rpc_pkey_generate_ec(const hal_client_handle_t client, const hal_curve_name_t curve, const hal_key_flags_t flags) { - if (pkey == NULL || name == NULL || name_len == 0 || + if (pkey == NULL || name == NULL || !check_pkey_type_curve_flags(HAL_KEY_TYPE_EC_PRIVATE, curve, flags)) return HAL_ERROR_BAD_ARGUMENTS; + if (name_len > HAL_RPC_PKEY_NAME_MAX) + return HAL_ERROR_KEY_NAME_TOO_LONG; return hal_rpc_pkey_dispatch->generate_ec(client, session, pkey, name, name_len, curve, flags); } @@ -256,6 +262,16 @@ hal_error_t hal_rpc_pkey_delete(const hal_pkey_handle_t pkey) return hal_rpc_pkey_dispatch->delete(pkey); } +hal_error_t hal_rpc_pkey_rename(const hal_pkey_handle_t pkey, + const uint8_t * const name, const size_t name_len) +{ + if (name == NULL) + return HAL_ERROR_BAD_ARGUMENTS; + if (name_len > HAL_RPC_PKEY_NAME_MAX) + return HAL_ERROR_KEY_NAME_TOO_LONG; + return hal_rpc_pkey_dispatch->rename(pkey, name, name_len); +} + hal_error_t hal_rpc_pkey_get_key_type(const hal_pkey_handle_t pkey, hal_key_type_t *type) { diff --git a/rpc_client.c b/rpc_client.c index 71dcc7c..3a84305 100644 --- a/rpc_client.c +++ b/rpc_client.c @@ -513,6 +513,27 @@ static hal_error_t pkey_remote_delete(const hal_pkey_handle_t pkey) return rpc_ret; } +static hal_error_t pkey_remote_rename(const hal_pkey_handle_t pkey, + const uint8_t * const name, const size_t name_len) +{ + uint8_t outbuf[nargs(3) + pad(name_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf); + uint8_t inbuf[nargs(1)]; + const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf); + size_t ilen = sizeof(inbuf); + hal_error_t rpc_ret; + + check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_DELETE)); + check(hal_xdr_encode_int(&optr, olimit, pkey.handle)); + check(hal_xdr_encode_buffer(&optr, olimit, name, name_len)); + check(hal_rpc_send(outbuf, optr - outbuf)); + + check(hal_rpc_recv(inbuf, &ilen)); + assert(ilen <= sizeof(inbuf)); + check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret)); + return rpc_ret; +} + + static hal_error_t pkey_remote_get_key_type(const hal_pkey_handle_t pkey, hal_key_type_t *type) { @@ -851,6 +872,12 @@ static hal_error_t pkey_mixed_delete(const hal_pkey_handle_t pkey) return mixed_handle_dispatch(pkey)->delete(pkey); } +static hal_error_t pkey_mixed_rename(const hal_pkey_handle_t pkey, + const uint8_t * const name, const size_t name_len) +{ + return mixed_handle_dispatch(pkey)->rename(pkey, name, name_len); +} + static hal_error_t pkey_mixed_get_key_type(const hal_pkey_handle_t pkey, hal_key_type_t *key_type) { @@ -912,6 +939,7 @@ const hal_rpc_pkey_dispatch_t hal_rpc_remote_pkey_dispatch = { pkey_remote_generate_ec, pkey_remote_close, pkey_remote_delete, + pkey_remote_rename, pkey_remote_get_key_type, pkey_remote_get_key_flags, pkey_remote_get_public_key_len, @@ -928,6 +956,7 @@ const hal_rpc_pkey_dispatch_t hal_rpc_mixed_pkey_dispatch = { pkey_mixed_generate_ec, pkey_mixed_close, pkey_mixed_delete, + pkey_mixed_rename, pkey_mixed_get_key_type, pkey_mixed_get_key_flags, pkey_mixed_get_public_key_len, diff --git a/rpc_pkey.c b/rpc_pkey.c index 7455bb1..da8bf58 100644 --- a/rpc_pkey.c +++ b/rpc_pkey.c @@ -71,7 +71,7 @@ static pkey_slot_t pkey_handle[HAL_STATIC_PKEY_STATE_BLOCKS]; #endif /* - * Handle allocation is simple: we look for an unused (name_len == 0) + * Handle allocation is simple: look for an unused (HAL_KEY_TYPE_NONE) * slot in the table, and, assuming we find one, construct a composite * handle consisting of the index into the table and a counter whose * sole purpose is to keep the same handle from reoccurring anytime @@ -95,7 +95,7 @@ static inline pkey_slot_t *alloc_slot(const hal_key_flags_t flags) glop |= HAL_PKEY_HANDLE_PROXIMATE_FLAG; for (int i = 0; i < sizeof(pkey_handle)/sizeof(*pkey_handle); i++) { - if (pkey_handle[i].name_len > 0) + if (pkey_handle[i].type != HAL_KEY_TYPE_NONE) continue; pkey_handle[i].pkey_handle.handle = i | glop; pkey_handle[i].ks_hint = -1; @@ -212,14 +212,14 @@ static hal_error_t pkcs1_5_pad(const uint8_t * const data, const size_t data_len * Receive key from application, store it with supplied name, return a key handle. */ -static hal_error_t load(const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_handle_t *pkey, - const hal_key_type_t type, - const hal_curve_name_t curve, - const uint8_t * const name, const size_t name_len, - const uint8_t * const der, const size_t der_len, - const hal_key_flags_t flags) +static hal_error_t pkey_local_load(const hal_client_handle_t client, + const hal_session_handle_t session, + hal_pkey_handle_t *pkey, + const hal_key_type_t type, + const hal_curve_name_t curve, + const uint8_t * const name, const size_t name_len, + const uint8_t * const der, const size_t der_len, + const hal_key_flags_t flags) { pkey_slot_t *slot; hal_error_t err; @@ -248,12 +248,12 @@ static hal_error_t load(const hal_client_handle_t client, * Look up a key given its name, return a key handle. */ -static hal_error_t find(const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_handle_t *pkey, - const hal_key_type_t type, - const uint8_t * const name, const size_t name_len, - const hal_key_flags_t flags) +static hal_error_t pkey_local_find(const hal_client_handle_t client, + const hal_session_handle_t session, + hal_pkey_handle_t *pkey, + const hal_key_type_t type, + const uint8_t * const name, const size_t name_len, + const hal_key_flags_t flags) { pkey_slot_t *slot; hal_error_t err; @@ -280,13 +280,13 @@ static hal_error_t find(const hal_client_handle_t client, * Generate a new RSA key with supplied name, return a key handle. */ -static hal_error_t generate_rsa(const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_handle_t *pkey, - const uint8_t * const name, const size_t name_len, - const unsigned key_length, - const uint8_t * const public_exponent, const size_t public_exponent_len, - const hal_key_flags_t flags) +static hal_error_t pkey_local_generate_rsa(const hal_client_handle_t client, + const hal_session_handle_t session, + hal_pkey_handle_t *pkey, + const uint8_t * const name, const size_t name_len, + const unsigned key_length, + const uint8_t * const public_exponent, const size_t public_exponent_len, + const hal_key_flags_t flags) { pkey_slot_t *slot; hal_error_t err; @@ -333,12 +333,12 @@ static hal_error_t generate_rsa(const hal_client_handle_t client, * At the moment, EC key == ECDSA key, but this is subject to change. */ -static hal_error_t generate_ec(const hal_client_handle_t client, - const hal_session_handle_t session, - hal_pkey_handle_t *pkey, - const uint8_t * const name, const size_t name_len, - const hal_curve_name_t curve, - const hal_key_flags_t flags) +static hal_error_t pkey_local_generate_ec(const hal_client_handle_t client, + const hal_session_handle_t session, + hal_pkey_handle_t *pkey, + const uint8_t * const name, const size_t name_len, + const hal_curve_name_t curve, + const hal_key_flags_t flags) { pkey_slot_t *slot; hal_error_t err; @@ -383,7 +383,7 @@ static hal_error_t generate_ec(const hal_client_handle_t client, * Discard key handle, leaving key intact. */ -static hal_error_t close(const hal_pkey_handle_t pkey) +static hal_error_t pkey_local_close(const hal_pkey_handle_t pkey) { pkey_slot_t *slot; @@ -399,7 +399,7 @@ static hal_error_t close(const hal_pkey_handle_t pkey) * Delete a key from the store, given its key handle. */ -static hal_error_t delete(const hal_pkey_handle_t pkey) +static hal_error_t pkey_local_delete(const hal_pkey_handle_t pkey) { pkey_slot_t *slot = find_handle(pkey); @@ -414,12 +414,36 @@ static hal_error_t delete(const hal_pkey_handle_t pkey) return err; } +/* + * Rename a key in the key store, given its key handle and a new name. + */ + +static hal_error_t pkey_local_rename(const hal_pkey_handle_t pkey, + const uint8_t * const name, const size_t name_len) +{ + pkey_slot_t *slot = find_handle(pkey); + + if (slot == NULL) + return HAL_ERROR_KEY_NOT_FOUND; + + hal_error_t err = hal_ks_rename(slot->type, slot->name, slot->name_len, name, name_len, &slot->ks_hint); + + if (err == HAL_OK) { + assert(name_len <= sizeof(slot->name)); + memcpy(slot->name, name, name_len); + memset(slot->name + name_len, 0, sizeof(slot->name) - name_len); + slot->name_len = name_len; + } + + return err; +} + /* * Get type of key associated with handle. */ -static hal_error_t get_key_type(const hal_pkey_handle_t pkey, - hal_key_type_t *type) +static hal_error_t pkey_local_get_key_type(const hal_pkey_handle_t pkey, + hal_key_type_t *type) { if (type == NULL) return HAL_ERROR_BAD_ARGUMENTS; @@ -438,8 +462,8 @@ static hal_error_t get_key_type(const hal_pkey_handle_t pkey, * Get flags of key associated with handle. */ -static hal_error_t get_key_flags(const hal_pkey_handle_t pkey, - hal_key_flags_t *flags) +static hal_error_t pkey_local_get_key_flags(const hal_pkey_handle_t pkey, + hal_key_flags_t *flags) { if (flags == NULL) return HAL_ERROR_BAD_ARGUMENTS; @@ -458,7 +482,7 @@ static hal_error_t get_key_flags(const hal_pkey_handle_t pkey, * Get length of public key associated with handle. */ -static size_t get_public_key_len(const hal_pkey_handle_t pkey) +static size_t pkey_local_get_public_key_len(const hal_pkey_handle_t pkey) { pkey_slot_t *slot = find_handle(pkey); @@ -507,8 +531,8 @@ static size_t get_public_key_len(const hal_pkey_handle_t pkey) * Get public key associated with handle. */ -static hal_error_t get_public_key(const hal_pkey_handle_t pkey, - uint8_t *der, size_t *der_len, const size_t der_max) +static hal_error_t pkey_local_get_public_key(const hal_pkey_handle_t pkey, + uint8_t *der, size_t *der_len, const size_t der_max) { pkey_slot_t *slot = find_handle(pkey); @@ -565,11 +589,11 @@ static hal_error_t get_public_key(const hal_pkey_handle_t pkey, * algorithm-specific functions. */ -static hal_error_t sign_rsa(uint8_t *keybuf, const size_t keybuf_len, - const uint8_t * const der, const size_t der_len, - const hal_hash_handle_t hash, - const uint8_t * input, size_t input_len, - uint8_t * signature, size_t *signature_len, const size_t signature_max) +static hal_error_t pkey_local_sign_rsa(uint8_t *keybuf, const size_t keybuf_len, + const uint8_t * const der, const size_t der_len, + const hal_hash_handle_t hash, + const uint8_t * input, size_t input_len, + uint8_t * signature, size_t *signature_len, const size_t signature_max) { hal_rsa_key_t *key = NULL; hal_error_t err; @@ -597,11 +621,11 @@ static hal_error_t sign_rsa(uint8_t *keybuf, const size_t keybuf_len, return HAL_OK; } -static hal_error_t sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len, - const uint8_t * const der, const size_t der_len, - const hal_hash_handle_t hash, - const uint8_t * input, size_t input_len, - uint8_t * signature, size_t *signature_len, const size_t signature_max) +static hal_error_t pkey_local_sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len, + const uint8_t * const der, const size_t der_len, + const hal_hash_handle_t hash, + const uint8_t * input, size_t input_len, + uint8_t * signature, size_t *signature_len, const size_t signature_max) { hal_ecdsa_key_t *key = NULL; hal_error_t err; @@ -634,11 +658,11 @@ static hal_error_t sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len, return HAL_OK; } -static hal_error_t sign(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, - const hal_hash_handle_t hash, - const uint8_t * const input, const size_t input_len, - uint8_t * signature, size_t *signature_len, const size_t signature_max) +static hal_error_t pkey_local_sign(const hal_session_handle_t session, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, + const uint8_t * const input, const size_t input_len, + uint8_t * signature, size_t *signature_len, const size_t signature_max) { pkey_slot_t *slot = find_handle(pkey); @@ -653,10 +677,10 @@ static hal_error_t sign(const hal_session_handle_t session, switch (slot->type) { case HAL_KEY_TYPE_RSA_PRIVATE: - signer = sign_rsa; + signer = pkey_local_sign_rsa; break; case HAL_KEY_TYPE_EC_PRIVATE: - signer = sign_ecdsa; + signer = pkey_local_sign_ecdsa; break; default: return HAL_ERROR_UNSUPPORTED_KEY; @@ -685,11 +709,11 @@ static hal_error_t sign(const hal_session_handle_t session, * algorithm-specific functions. */ -static hal_error_t verify_rsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type, - const uint8_t * const der, const size_t der_len, - const hal_hash_handle_t hash, - const uint8_t * input, size_t input_len, - const uint8_t * const signature, const size_t signature_len) +static hal_error_t pkey_local_verify_rsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type, + const uint8_t * const der, const size_t der_len, + const hal_hash_handle_t hash, + const uint8_t * input, size_t input_len, + const uint8_t * const signature, const size_t signature_len) { uint8_t expected[signature_len], received[signature_len]; hal_rsa_key_t *key = NULL; @@ -732,11 +756,11 @@ static hal_error_t verify_rsa(uint8_t *keybuf, const size_t keybuf_len, const ha return HAL_OK; } -static hal_error_t verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type, - const uint8_t * const der, const size_t der_len, - const hal_hash_handle_t hash, - const uint8_t * input, size_t input_len, - const uint8_t * const signature, const size_t signature_len) +static hal_error_t pkey_local_verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type, + const uint8_t * const der, const size_t der_len, + const hal_hash_handle_t hash, + const uint8_t * input, size_t input_len, + const uint8_t * const signature, const size_t signature_len) { uint8_t digest[signature_len]; hal_ecdsa_key_t *key = NULL; @@ -776,11 +800,11 @@ static hal_error_t verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const return HAL_OK; } -static hal_error_t verify(const hal_session_handle_t session, - const hal_pkey_handle_t pkey, - const hal_hash_handle_t hash, - const uint8_t * const input, const size_t input_len, - const uint8_t * const signature, const size_t signature_len) +static hal_error_t pkey_local_verify(const hal_session_handle_t session, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, + const uint8_t * const input, const size_t input_len, + const uint8_t * const signature, const size_t signature_len) { pkey_slot_t *slot = find_handle(pkey); @@ -796,11 +820,11 @@ static hal_error_t verify(const hal_session_handle_t session, switch (slot->type) { case HAL_KEY_TYPE_RSA_PRIVATE: case HAL_KEY_TYPE_RSA_PUBLIC: - verifier = verify_rsa; + verifier = pkey_local_verify_rsa; break; case HAL_KEY_TYPE_EC_PRIVATE: case HAL_KEY_TYPE_EC_PUBLIC: - verifier = verify_ecdsa; + verifier = pkey_local_verify_ecdsa; break; default: return HAL_ERROR_UNSUPPORTED_KEY; @@ -827,28 +851,29 @@ static hal_error_t verify(const hal_session_handle_t session, * List keys in the key store. */ -static hal_error_t list(hal_pkey_info_t *result, - unsigned *result_len, - const unsigned result_max, - hal_key_flags_t flags) +static hal_error_t pkey_local_list(hal_pkey_info_t *result, + unsigned *result_len, + const unsigned result_max, + hal_key_flags_t flags) { return hal_ks_list(result, result_len, result_max); } const hal_rpc_pkey_dispatch_t hal_rpc_local_pkey_dispatch = { - load, - find, - generate_rsa, - generate_ec, - close, - delete, - get_key_type, - get_key_flags, - get_public_key_len, - get_public_key, - sign, - verify, - list + pkey_local_load, + pkey_local_find, + pkey_local_generate_rsa, + pkey_local_generate_ec, + pkey_local_close, + pkey_local_delete, + pkey_local_rename, + pkey_local_get_key_type, + pkey_local_get_key_flags, + pkey_local_get_public_key_len, + pkey_local_get_public_key, + pkey_local_sign, + pkey_local_verify, + pkey_local_list }; /* diff --git a/rpc_server.c b/rpc_server.c index 7e8e036..a1bca26 100644 --- a/rpc_server.c +++ b/rpc_server.c @@ -415,6 +415,22 @@ static hal_error_t pkey_delete(const uint8_t **iptr, const uint8_t * const ilimi return ret; } +static hal_error_t pkey_rename(const uint8_t **iptr, const uint8_t * const ilimit, + uint8_t **optr, const uint8_t * const olimit) +{ + hal_pkey_handle_t pkey; + const uint8_t *name; + uint32_t name_len; + hal_error_t ret; + + check(hal_xdr_decode_int(iptr, ilimit, &pkey.handle)); + check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &name, &name_len)); + + /* call the local function */ + ret = hal_rpc_local_pkey_dispatch.rename(pkey, name, name_len); + return ret; +} + static hal_error_t pkey_get_key_type(const uint8_t **iptr, const uint8_t * const ilimit, uint8_t **optr, const uint8_t * const olimit) { @@ -683,6 +699,9 @@ void hal_rpc_server_dispatch(const uint8_t * const ibuf, const size_t ilen, case RPC_FUNC_PKEY_LIST: ret = pkey_list(&iptr, ilimit, &optr, olimit); break; + case RPC_FUNC_PKEY_RENAME: + ret = pkey_rename(&iptr, ilimit, &optr, olimit); + break; default: ret = HAL_ERROR_RPC_BAD_FUNCTION; break; -- cgit v1.2.3