From 7dfad9f2b40f32fb2f2d38c4637ae9faad4228d9 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 24 Dec 2015 01:16:10 -0500 Subject: More work on PIN/login/logout code. Access control still missing, committing now so Paul has a chance to look at the current RPC API. --- hal.h | 52 +++++++++++++++++++++++++----------------------- hal_internal.h | 43 ++++++++++++++++++++-------------------- ks.c | 2 +- rpc_api.c | 55 ++++++++++++++++++++++++++------------------------- rpc_client.c | 53 +++++++++++++++++++++++++------------------------ rpc_hash.c | 12 ++++++------ rpc_misc.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- rpc_pkey.c | 56 ++++++++++++++++++++++++++-------------------------- 8 files changed, 196 insertions(+), 139 deletions(-) diff --git a/hal.h b/hal.h index d95e475..36b69dc 100644 --- a/hal.h +++ b/hal.h @@ -123,6 +123,7 @@ DEFINE_HAL_ERROR(HAL_ERROR_KEY_NAME_IN_USE, "Key name in use") \ DEFINE_HAL_ERROR(HAL_ERROR_NO_KEY_SLOTS_AVAILABLE, "No key slots available") \ DEFINE_HAL_ERROR(HAL_ERROR_PIN_INCORRECT, "PIN incorrect") \ + DEFINE_HAL_ERROR(HAL_ERROR_NO_CLIENT_SLOTS_AVAILABLE, "No client slots available") \ END_OF_HAL_ERROR_LIST /* Marker to forestall silly line continuation errors */ @@ -543,7 +544,8 @@ typedef struct { uint32_t handle; } hal_session_handle_t; typedef enum { HAL_USER_NONE, HAL_USER_NORMAL, HAL_USER_SO, HAL_USER_WHEEL } hal_user_t; -extern hal_error_t hal_rpc_set_pin(const hal_user_t user, +extern hal_error_t hal_rpc_set_pin(const hal_client_handle_t client, + const hal_user_t user, const char * const newpin, const size_t newpin_len); extern hal_error_t hal_rpc_login(const hal_client_handle_t client, @@ -562,16 +564,16 @@ extern hal_error_t hal_rpc_get_random(void *buffer, const size_t length); * Combined hash and HMAC functions: pass NULL key for plain hashing. */ -typedef struct { uint32_t handle; } hal_rpc_hash_handle_t; +typedef struct { uint32_t handle; } hal_hash_handle_t; -extern const hal_rpc_hash_handle_t hal_rpc_hash_handle_none; +extern const hal_hash_handle_t hal_hash_handle_none; extern hal_error_t hal_rpc_hash_get_digest_length(const hal_digest_algorithm_t alg, size_t *length); extern hal_error_t hal_rpc_hash_get_digest_algorithm_id(const hal_digest_algorithm_t alg, uint8_t *id, size_t *len, const size_t len_max); -extern hal_error_t hal_rpc_hash_get_algorithm(const hal_rpc_hash_handle_t hash, hal_digest_algorithm_t *alg); +extern hal_error_t hal_rpc_hash_get_algorithm(const hal_hash_handle_t hash, hal_digest_algorithm_t *alg); /* * Once started, a hash or HMAC operation is bound to a particular @@ -580,21 +582,21 @@ extern hal_error_t hal_rpc_hash_get_algorithm(const hal_rpc_hash_handle_t hash, extern hal_error_t hal_rpc_hash_initialize(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_hash_handle_t *hash, + hal_hash_handle_t *hash, const hal_digest_algorithm_t alg, const uint8_t * const key, const size_t key_length); -extern hal_error_t hal_rpc_hash_update(const hal_rpc_hash_handle_t hash, +extern hal_error_t hal_rpc_hash_update(const hal_hash_handle_t hash, const uint8_t * data, const size_t length); -extern hal_error_t hal_rpc_hash_finalize(const hal_rpc_hash_handle_t hash, +extern hal_error_t hal_rpc_hash_finalize(const hal_hash_handle_t hash, uint8_t *digest, const size_t length); /* * Public key functions. * * The _sign() and _verify() methods accept a hash OR an input string; - * either "hash" should be hal_rpc_hash_handle_none or input should be NULL, + * either "hash" should be hal_hash_handle_none or input should be NULL, * but not both. * * Use of client and session handles here needs a bit more thought. @@ -620,7 +622,7 @@ extern hal_error_t hal_rpc_hash_finalize(const hal_rpc_hash_handle_t hash, #define HAL_RPC_PKEY_NAME_MAX 128 -typedef struct { uint32_t handle; } hal_rpc_pkey_handle_t; +typedef struct { uint32_t handle; } hal_pkey_handle_t; typedef uint32_t hal_key_flags_t; @@ -630,7 +632,7 @@ typedef uint32_t hal_key_flags_t; extern hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const hal_key_type_t type, const hal_curve_name_t curve, const uint8_t * const name, const size_t name_len, @@ -639,13 +641,13 @@ extern hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client, extern hal_error_t hal_rpc_pkey_find(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const hal_key_type_t type, const uint8_t * const name, const size_t name_len); extern hal_error_t hal_rpc_pkey_generate_rsa(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const uint8_t * const name, const size_t name_len, const unsigned key_length, const uint8_t * const public_exponent, const size_t public_exponent_len, @@ -653,35 +655,35 @@ extern hal_error_t hal_rpc_pkey_generate_rsa(const hal_client_handle_t client, extern hal_error_t hal_rpc_pkey_generate_ec(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const uint8_t * const name, const size_t name_len, const hal_curve_name_t curve, const hal_key_flags_t flags); -extern hal_error_t hal_rpc_pkey_close(const hal_rpc_pkey_handle_t pkey); +extern hal_error_t hal_rpc_pkey_close(const hal_pkey_handle_t pkey); -extern hal_error_t hal_rpc_pkey_delete(const hal_rpc_pkey_handle_t pkey); +extern hal_error_t hal_rpc_pkey_delete(const hal_pkey_handle_t pkey); -extern hal_error_t hal_rpc_pkey_get_key_type(const hal_rpc_pkey_handle_t pkey, +extern hal_error_t hal_rpc_pkey_get_key_type(const hal_pkey_handle_t pkey, hal_key_type_t *type); -extern hal_error_t hal_rpc_pkey_get_key_flags(const hal_rpc_pkey_handle_t pkey, +extern hal_error_t hal_rpc_pkey_get_key_flags(const hal_pkey_handle_t pkey, hal_key_flags_t *flags); -extern size_t hal_rpc_pkey_get_public_key_len(const hal_rpc_pkey_handle_t pkey); +extern size_t hal_rpc_pkey_get_public_key_len(const hal_pkey_handle_t pkey); -extern hal_error_t hal_rpc_pkey_get_public_key(const hal_rpc_pkey_handle_t pkey, +extern hal_error_t hal_rpc_pkey_get_public_key(const hal_pkey_handle_t pkey, uint8_t *der, size_t *der_len, const size_t der_max); extern hal_error_t hal_rpc_pkey_sign(const hal_session_handle_t session, - const hal_rpc_pkey_handle_t pkey, - const hal_rpc_hash_handle_t hash, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max); extern hal_error_t hal_rpc_pkey_verify(const hal_session_handle_t session, - const hal_rpc_pkey_handle_t pkey, - const hal_rpc_hash_handle_t hash, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len); @@ -692,9 +694,9 @@ typedef struct { char name[HAL_RPC_PKEY_NAME_MAX]; size_t name_len; /* ... */ -} hal_rpc_pkey_key_info_t; +} hal_pkey_info_t; -extern hal_error_t hal_rpc_pkey_list(hal_rpc_pkey_key_info_t *result, +extern hal_error_t hal_rpc_pkey_list(hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max); diff --git a/hal_internal.h b/hal_internal.h index 176e1c8..1c6489f 100644 --- a/hal_internal.h +++ b/hal_internal.h @@ -85,7 +85,8 @@ typedef struct { - hal_error_t (*set_pin)(const hal_user_t user, + hal_error_t (*set_pin)(const hal_client_handle_t client, + const hal_user_t user, const char * const newpin, const size_t newpin_len); hal_error_t (*login)(const hal_client_handle_t client, @@ -106,18 +107,18 @@ typedef struct { hal_error_t (*get_digest_algorithm_id)(const hal_digest_algorithm_t alg, uint8_t *id, size_t *len, const size_t len_max); - hal_error_t (*get_algorithm)(const hal_rpc_hash_handle_t hash, hal_digest_algorithm_t *alg); + hal_error_t (*get_algorithm)(const hal_hash_handle_t hash, hal_digest_algorithm_t *alg); hal_error_t (*initialize)(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_hash_handle_t *hash, + hal_hash_handle_t *hash, const hal_digest_algorithm_t alg, const uint8_t * const key, const size_t key_length); - hal_error_t (*update)(const hal_rpc_hash_handle_t hash, + hal_error_t (*update)(const hal_hash_handle_t hash, const uint8_t * data, const size_t length); - hal_error_t (*finalize)(const hal_rpc_hash_handle_t hash, + hal_error_t (*finalize)(const hal_hash_handle_t hash, uint8_t *digest, const size_t length); } hal_rpc_hash_dispatch_t; @@ -126,7 +127,7 @@ typedef struct { hal_error_t (*load)(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const hal_key_type_t type, const hal_curve_name_t curve, const uint8_t * const name, const size_t name_len, @@ -135,13 +136,13 @@ typedef struct { hal_error_t (*find)(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const hal_key_type_t type, const uint8_t * const name, const size_t name_len); hal_error_t (*generate_rsa)(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const uint8_t * const name, const size_t name_len, const unsigned key_length, const uint8_t * const public_exponent, const size_t public_exponent_len, @@ -149,39 +150,39 @@ typedef struct { hal_error_t (*generate_ec)(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const uint8_t * const name, const size_t name_len, const hal_curve_name_t curve, const hal_key_flags_t flags); - hal_error_t (*close)(const hal_rpc_pkey_handle_t pkey); + hal_error_t (*close)(const hal_pkey_handle_t pkey); - hal_error_t (*delete)(const hal_rpc_pkey_handle_t pkey); + hal_error_t (*delete)(const hal_pkey_handle_t pkey); - hal_error_t (*get_key_type)(const hal_rpc_pkey_handle_t pkey, + hal_error_t (*get_key_type)(const hal_pkey_handle_t pkey, hal_key_type_t *key_type); - hal_error_t (*get_key_flags)(const hal_rpc_pkey_handle_t pkey, + hal_error_t (*get_key_flags)(const hal_pkey_handle_t pkey, hal_key_flags_t *flags); - size_t (*get_public_key_len)(const hal_rpc_pkey_handle_t pkey); + size_t (*get_public_key_len)(const hal_pkey_handle_t pkey); - hal_error_t (*get_public_key)(const hal_rpc_pkey_handle_t pkey, + hal_error_t (*get_public_key)(const hal_pkey_handle_t pkey, uint8_t *der, size_t *der_len, const size_t der_max); hal_error_t (*sign)(const hal_session_handle_t session, - const hal_rpc_pkey_handle_t pkey, - const hal_rpc_hash_handle_t hash, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max); hal_error_t (*verify)(const hal_session_handle_t session, - const hal_rpc_pkey_handle_t pkey, - const hal_rpc_hash_handle_t hash, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len); - hal_error_t (*list)(hal_rpc_pkey_key_info_t *result, + hal_error_t (*list)(hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max); @@ -310,7 +311,7 @@ extern hal_error_t hal_ks_delete(const hal_key_type_t type, const uint8_t * const name, const size_t name_len, int *hint); -extern hal_error_t hal_ks_list(hal_rpc_pkey_key_info_t *result, +extern hal_error_t hal_ks_list(hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max); diff --git a/ks.c b/ks.c index 7466b75..a856bbf 100644 --- a/ks.c +++ b/ks.c @@ -240,7 +240,7 @@ hal_error_t hal_ks_delete(const hal_key_type_t type, return hal_ks_del_keydb(*hint); } -hal_error_t hal_ks_list(hal_rpc_pkey_key_info_t *result, +hal_error_t hal_ks_list(hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max) { diff --git a/rpc_api.c b/rpc_api.c index 3f4a6ac..08ba4cd 100644 --- a/rpc_api.c +++ b/rpc_api.c @@ -62,7 +62,7 @@ static const hal_rpc_pkey_dispatch_t * const pkey_dispatch = &hal_rpc_local_pkey #endif -const hal_rpc_hash_handle_t hal_rpc_hash_handle_none = {0}; +const hal_hash_handle_t hal_hash_handle_none = {0}; static inline int check_pkey_type(const hal_key_type_t type) { @@ -125,12 +125,13 @@ hal_error_t hal_rpc_get_random(void *buffer, const size_t length) #warning Perhaps we should be enforcing a minimum PIN length here -hal_error_t hal_rpc_set_pin(const hal_user_t user, +hal_error_t hal_rpc_set_pin(const hal_client_handle_t client, + const hal_user_t user, const char * const newpin, const size_t newpin_len) { if (newpin == NULL || newpin_len == 0 || (user != HAL_USER_NORMAL && user != HAL_USER_SO && user != HAL_USER_WHEEL)) return HAL_ERROR_BAD_ARGUMENTS; - return misc_dispatch->set_pin(user, newpin, newpin_len); + return misc_dispatch->set_pin(client, user, newpin, newpin_len); } hal_error_t hal_rpc_login(const hal_client_handle_t client, @@ -160,16 +161,16 @@ hal_error_t hal_rpc_hash_get_digest_algorithm_id(const hal_digest_algorithm_t al return hash_dispatch->get_digest_algorithm_id(alg, id, len, len_max); } -hal_error_t hal_rpc_hash_get_algorithm(const hal_rpc_hash_handle_t hash, hal_digest_algorithm_t *alg) +hal_error_t hal_rpc_hash_get_algorithm(const hal_hash_handle_t hash, hal_digest_algorithm_t *alg) { - if (hash.handle == hal_rpc_hash_handle_none.handle || alg == NULL) + if (hash.handle == hal_hash_handle_none.handle || alg == NULL) return HAL_ERROR_BAD_ARGUMENTS; return hash_dispatch->get_algorithm(hash, alg); } hal_error_t hal_rpc_hash_initialize(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_hash_handle_t *hash, + hal_hash_handle_t *hash, const hal_digest_algorithm_t alg, const uint8_t * const key, const size_t key_len) { @@ -178,27 +179,27 @@ hal_error_t hal_rpc_hash_initialize(const hal_client_handle_t client, return hash_dispatch->initialize(client, session, hash, alg, key, key_len); } -hal_error_t hal_rpc_hash_update(const hal_rpc_hash_handle_t hash, +hal_error_t hal_rpc_hash_update(const hal_hash_handle_t hash, const uint8_t * data, const size_t length) { - if (hash.handle == hal_rpc_hash_handle_none.handle || data == NULL) + if (hash.handle == hal_hash_handle_none.handle || data == NULL) return HAL_ERROR_BAD_ARGUMENTS; if (length == 0) return HAL_OK; return hash_dispatch->update(hash, data, length); } -hal_error_t hal_rpc_hash_finalize(const hal_rpc_hash_handle_t hash, +hal_error_t hal_rpc_hash_finalize(const hal_hash_handle_t hash, uint8_t *digest, const size_t length) { - if (hash.handle == hal_rpc_hash_handle_none.handle || digest == NULL || length == 0) + if (hash.handle == hal_hash_handle_none.handle || digest == NULL || length == 0) return HAL_ERROR_BAD_ARGUMENTS; return hash_dispatch->finalize(hash, digest, length); } hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const hal_key_type_t type, const hal_curve_name_t curve, const uint8_t * const name, const size_t name_len, @@ -215,7 +216,7 @@ hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client, hal_error_t hal_rpc_pkey_find(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const hal_key_type_t type, const uint8_t * const name, const size_t name_len) { @@ -226,7 +227,7 @@ hal_error_t hal_rpc_pkey_find(const hal_client_handle_t client, hal_error_t hal_rpc_pkey_generate_rsa(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const uint8_t * const name, const size_t name_len, const unsigned key_len, const uint8_t * const exp, const size_t exp_len, @@ -240,7 +241,7 @@ hal_error_t hal_rpc_pkey_generate_rsa(const hal_client_handle_t client, hal_error_t hal_rpc_pkey_generate_ec(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const uint8_t * const name, const size_t name_len, const hal_curve_name_t curve, const hal_key_flags_t flags) @@ -251,17 +252,17 @@ hal_error_t hal_rpc_pkey_generate_ec(const hal_client_handle_t client, return pkey_dispatch->generate_ec(client, session, pkey, name, name_len, curve, flags); } -hal_error_t hal_rpc_pkey_close(const hal_rpc_pkey_handle_t pkey) +hal_error_t hal_rpc_pkey_close(const hal_pkey_handle_t pkey) { return pkey_dispatch->close(pkey); } -hal_error_t hal_rpc_pkey_delete(const hal_rpc_pkey_handle_t pkey) +hal_error_t hal_rpc_pkey_delete(const hal_pkey_handle_t pkey) { return pkey_dispatch->delete(pkey); } -hal_error_t hal_rpc_pkey_get_key_type(const hal_rpc_pkey_handle_t pkey, +hal_error_t hal_rpc_pkey_get_key_type(const hal_pkey_handle_t pkey, hal_key_type_t *type) { if (type == NULL) @@ -269,7 +270,7 @@ hal_error_t hal_rpc_pkey_get_key_type(const hal_rpc_pkey_handle_t pkey, return pkey_dispatch->get_key_type(pkey, type); } -hal_error_t hal_rpc_pkey_get_key_flags(const hal_rpc_pkey_handle_t pkey, +hal_error_t hal_rpc_pkey_get_key_flags(const hal_pkey_handle_t pkey, hal_key_flags_t *flags) { if (flags == NULL) @@ -277,12 +278,12 @@ hal_error_t hal_rpc_pkey_get_key_flags(const hal_rpc_pkey_handle_t pkey, return pkey_dispatch->get_key_flags(pkey, flags); } -size_t hal_rpc_pkey_get_public_key_len(const hal_rpc_pkey_handle_t pkey) +size_t hal_rpc_pkey_get_public_key_len(const hal_pkey_handle_t pkey) { return pkey_dispatch->get_public_key_len(pkey); } -hal_error_t hal_rpc_pkey_get_public_key(const hal_rpc_pkey_handle_t pkey, +hal_error_t hal_rpc_pkey_get_public_key(const hal_pkey_handle_t pkey, uint8_t *der, size_t *der_len, const size_t der_max) { if (der == NULL || der_len == NULL || der_max == 0) @@ -291,30 +292,30 @@ hal_error_t hal_rpc_pkey_get_public_key(const hal_rpc_pkey_handle_t pkey, } hal_error_t hal_rpc_pkey_sign(const hal_session_handle_t session, - const hal_rpc_pkey_handle_t pkey, - const hal_rpc_hash_handle_t hash, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max) { if (signature == NULL || signature_len == NULL || signature_max == 0 || - (hash.handle == hal_rpc_hash_handle_none.handle) == (input == NULL || input_len == 0)) + (hash.handle == hal_hash_handle_none.handle) == (input == NULL || input_len == 0)) return HAL_ERROR_BAD_ARGUMENTS; return pkey_dispatch->sign(session, pkey, hash, input, input_len, signature, signature_len, signature_max); } hal_error_t hal_rpc_pkey_verify(const hal_session_handle_t session, - const hal_rpc_pkey_handle_t pkey, - const hal_rpc_hash_handle_t hash, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len) { if (signature == NULL || signature_len == 0 || - (hash.handle == hal_rpc_hash_handle_none.handle) == (input == NULL || input_len == 0)) + (hash.handle == hal_hash_handle_none.handle) == (input == NULL || input_len == 0)) return HAL_ERROR_BAD_ARGUMENTS; return pkey_dispatch->verify(session, pkey, hash, input, input_len, signature, signature_len); } -hal_error_t hal_rpc_pkey_list(hal_rpc_pkey_key_info_t *result, +hal_error_t hal_rpc_pkey_list(hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max) { diff --git a/rpc_client.c b/rpc_client.c index baac5ba..1fcc914 100644 --- a/rpc_client.c +++ b/rpc_client.c @@ -47,7 +47,8 @@ static hal_error_t get_random(void *buffer, const size_t length) return HAL_ERROR_IMPOSSIBLE; } -static hal_error_t set_pin(const hal_user_t user, +static hal_error_t set_pin(const hal_client_handle_t client, + const hal_user_t user, const char * const newpin, const size_t newpin_len) { return HAL_ERROR_IMPOSSIBLE; @@ -76,27 +77,27 @@ static hal_error_t hash_get_digest_algorithm_id(const hal_digest_algorithm_t alg return HAL_ERROR_IMPOSSIBLE; } -static hal_error_t hash_get_algorithm(const hal_rpc_hash_handle_t hash, hal_digest_algorithm_t *alg) +static hal_error_t hash_get_algorithm(const hal_hash_handle_t hash, hal_digest_algorithm_t *alg) { return HAL_ERROR_IMPOSSIBLE; } static hal_error_t hash_initialize(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_hash_handle_t *hash, + hal_hash_handle_t *hash, const hal_digest_algorithm_t alg, const uint8_t * const key, const size_t key_len) { return HAL_ERROR_IMPOSSIBLE; } -static hal_error_t hash_update(const hal_rpc_hash_handle_t hash, +static hal_error_t hash_update(const hal_hash_handle_t hash, const uint8_t * data, const size_t length) { return HAL_ERROR_IMPOSSIBLE; } -static hal_error_t hash_finalize(const hal_rpc_hash_handle_t hash, +static hal_error_t hash_finalize(const hal_hash_handle_t hash, uint8_t *digest, const size_t length) { return HAL_ERROR_IMPOSSIBLE; @@ -104,7 +105,7 @@ static hal_error_t hash_finalize(const hal_rpc_hash_handle_t hash, static hal_error_t pkey_load(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const hal_key_type_t type, const hal_curve_name_t curve, const uint8_t * const name, const size_t name_len, @@ -116,7 +117,7 @@ static hal_error_t pkey_load(const hal_client_handle_t client, static hal_error_t pkey_find(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const hal_key_type_t type, const uint8_t * const name, const size_t name_len) { @@ -125,7 +126,7 @@ static hal_error_t pkey_find(const hal_client_handle_t client, static hal_error_t pkey_generate_rsa(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const uint8_t * const name, const size_t name_len, const unsigned key_len, const uint8_t * const exp, const size_t exp_len, @@ -136,7 +137,7 @@ static hal_error_t pkey_generate_rsa(const hal_client_handle_t client, static hal_error_t pkey_generate_ec(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const uint8_t * const name, const size_t name_len, const hal_curve_name_t curve, const hal_key_flags_t flags) @@ -144,42 +145,42 @@ static hal_error_t pkey_generate_ec(const hal_client_handle_t client, return HAL_ERROR_IMPOSSIBLE; } -static hal_error_t pkey_close(const hal_rpc_pkey_handle_t pkey) +static hal_error_t pkey_close(const hal_pkey_handle_t pkey) { return HAL_ERROR_IMPOSSIBLE; } -static hal_error_t pkey_delete(const hal_rpc_pkey_handle_t pkey) +static hal_error_t pkey_delete(const hal_pkey_handle_t pkey) { return HAL_ERROR_IMPOSSIBLE; } -static hal_error_t pkey_get_key_type(const hal_rpc_pkey_handle_t pkey, +static hal_error_t pkey_get_key_type(const hal_pkey_handle_t pkey, hal_key_type_t *type) { return HAL_ERROR_IMPOSSIBLE; } -static hal_error_t pkey_get_key_flags(const hal_rpc_pkey_handle_t pkey, +static hal_error_t pkey_get_key_flags(const hal_pkey_handle_t pkey, hal_key_flags_t *flags) { return HAL_ERROR_IMPOSSIBLE; } -static size_t pkey_get_public_key_len(const hal_rpc_pkey_handle_t pkey) +static size_t pkey_get_public_key_len(const hal_pkey_handle_t pkey) { return 0; } -static hal_error_t pkey_get_public_key(const hal_rpc_pkey_handle_t pkey, +static hal_error_t pkey_get_public_key(const hal_pkey_handle_t pkey, uint8_t *der, size_t *der_len, const size_t der_max) { return HAL_ERROR_IMPOSSIBLE; } static hal_error_t pkey_remote_sign(const hal_session_handle_t session, - const hal_rpc_pkey_handle_t pkey, - const hal_rpc_hash_handle_t hash, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max) { @@ -187,15 +188,15 @@ static hal_error_t pkey_remote_sign(const hal_session_handle_t session, } static hal_error_t pkey_remote_verify(const hal_session_handle_t session, - const hal_rpc_pkey_handle_t pkey, - const hal_rpc_hash_handle_t hash, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len) { return HAL_ERROR_IMPOSSIBLE; } -static hal_error_t pkey_list(hal_rpc_pkey_key_info_t *result, +static hal_error_t pkey_list(hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max) { @@ -211,8 +212,8 @@ static hal_error_t pkey_list(hal_rpc_pkey_key_info_t *result, */ static hal_error_t pkey_mixed_sign(const hal_session_handle_t session, - const hal_rpc_pkey_handle_t pkey, - const hal_rpc_hash_handle_t hash, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max) { @@ -233,13 +234,13 @@ static hal_error_t pkey_mixed_sign(const hal_session_handle_t session, if ((err = hal_rpc_hash_finalize(hash, digest, digest_len)) != HAL_OK) return err; - return pkey_remote_sign(session, pkey, hal_rpc_hash_handle_none, digest, digest_len, + return pkey_remote_sign(session, pkey, hal_hash_handle_none, digest, digest_len, signature, signature_len, signature_max); } static hal_error_t pkey_mixed_verify(const hal_session_handle_t session, - const hal_rpc_pkey_handle_t pkey, - const hal_rpc_hash_handle_t hash, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len) { @@ -260,7 +261,7 @@ static hal_error_t pkey_mixed_verify(const hal_session_handle_t session, if ((err = hal_rpc_hash_finalize(hash, digest, digest_len)) != HAL_OK) return err; - return pkey_remote_verify(session, pkey, hal_rpc_hash_handle_none, digest, digest_len, + return pkey_remote_verify(session, pkey, hal_hash_handle_none, digest, digest_len, signature, signature_len); } diff --git a/rpc_hash.c b/rpc_hash.c index 407e581..c6eab3a 100644 --- a/rpc_hash.c +++ b/rpc_hash.c @@ -49,7 +49,7 @@ typedef struct { hal_client_handle_t client_handle; hal_session_handle_t session_handle; - hal_rpc_hash_handle_t hash_handle; + hal_hash_handle_t hash_handle; union { hal_hash_state_t *hash; hal_hmac_state_t *hmac; @@ -121,7 +121,7 @@ static inline handle_slot_t *alloc_handle(const int is_hmac) * the right glop. Returns slot pointer on success, NULL otherwise. */ -static inline handle_slot_t *find_handle(const hal_rpc_hash_handle_t handle) +static inline handle_slot_t *find_handle(const hal_hash_handle_t handle) { #if HAL_STATIC_HASH_STATE_BLOCKS > 0 || HAL_STATIC_HMAC_STATE_BLOCKS > 0 const int i = (int) (handle.handle & 0xFFFF); @@ -211,7 +211,7 @@ static hal_error_t get_digest_algorithm_id(const hal_digest_algorithm_t alg, return HAL_OK; } -static hal_error_t get_algorithm(const hal_rpc_hash_handle_t handle, hal_digest_algorithm_t *alg) +static hal_error_t get_algorithm(const hal_hash_handle_t handle, hal_digest_algorithm_t *alg) { handle_slot_t *slot = find_handle(handle); const hal_hash_descriptor_t *descriptor = slot_to_descriptor(slot); @@ -228,7 +228,7 @@ static hal_error_t get_algorithm(const hal_rpc_hash_handle_t handle, hal_digest_ static hal_error_t initialize(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_hash_handle_t *hash, + hal_hash_handle_t *hash, const hal_digest_algorithm_t alg, const uint8_t * const key, const size_t key_len) { @@ -253,7 +253,7 @@ static hal_error_t initialize(const hal_client_handle_t client, return hal_hmac_initialize(NULL, descriptor, &slot->state.hmac, NULL, 0, key, key_len); } -static hal_error_t update(const hal_rpc_hash_handle_t handle, +static hal_error_t update(const hal_hash_handle_t handle, const uint8_t * data, const size_t length) { handle_slot_t *slot = find_handle(handle); @@ -267,7 +267,7 @@ static hal_error_t update(const hal_rpc_hash_handle_t handle, return hal_hmac_update(slot->state.hmac, data, length); } -static hal_error_t finalize(const hal_rpc_hash_handle_t handle, +static hal_error_t finalize(const hal_hash_handle_t handle, uint8_t *digest, const size_t length) { handle_slot_t *slot = find_handle(handle); diff --git a/rpc_misc.c b/rpc_misc.c index 2f1c9ad..695e0df 100644 --- a/rpc_misc.c +++ b/rpc_misc.c @@ -72,6 +72,11 @@ static hal_error_t get_random(void *buffer, const size_t length) #warning PIN code not yet fully implemented +typedef struct { + hal_client_handle_t handle; + hal_user_t logged_in; +} client_slot_t; + #ifndef HAL_PIN_MINIMUM_ITERATIONS #define HAL_PIN_MINIMUM_ITERATIONS 10000 #endif @@ -80,13 +85,50 @@ static hal_error_t get_random(void *buffer, const size_t length) #define HAL_PIN_DEFAULT_ITERATIONS 20000 #endif -static hal_error_t set_pin(const hal_user_t user, +#ifndef HAL_STATIC_CLIENT_STATE_BLOCKS +#define HAL_STATIC_CLIENT_STATE_BLOCKS 10 +#endif + +#if HAL_STATIC_CLIENT_STATE_BLOCKS > 0 +static client_slot_t client_handle[HAL_STATIC_CLIENT_STATE_BLOCKS]; +#endif + +/* + * Client handles are supplied by the application, we don't get to + * pick them, we just store them and associate a login state with + * them. HAL_USER_NONE indicates an empty slot in the table. + */ + +static inline client_slot_t *alloc_slot(void) +{ +#if HAL_STATIC_CLIENT_STATE_BLOCKS > 0 + for (int i = 0; i < sizeof(client_handle)/sizeof(*client_handle); i++) + if (client_handle[i].logged_in == HAL_USER_NONE) + return &client_handle[i]; +#endif + + return NULL; +} + +static inline client_slot_t *find_handle(const hal_client_handle_t handle) +{ +#if HAL_STATIC_CLIENT_STATE_BLOCKS > 0 + for (int i = 0; i < sizeof(client_handle)/sizeof(*client_handle); i++) + if (client_handle[i].logged_in != HAL_USER_NONE && client_handle[i].handle.handle == handle.handle) + return &client_handle[i]; +#endif + + return NULL; +} + +static hal_error_t set_pin(const hal_client_handle_t client, + const hal_user_t user, const char * const newpin, const size_t newpin_len) { assert(newpin != NULL && newpin_len != 0); #warning Need access control to decide who is allowed to set this PIN -#warning Need length checks on supplied PIN +#warning Need length checks (here or in caller) on supplied PIN const hal_ks_pin_t *pp; hal_error_t err; @@ -136,15 +178,25 @@ static hal_error_t login(const hal_client_handle_t client, if (diff != 0) return HAL_ERROR_PIN_INCORRECT; -#warning Do something with client table here + client_slot_t *slot = find_handle(client); + + if (slot != NULL && (slot = alloc_slot()) == NULL) + return HAL_ERROR_NO_CLIENT_SLOTS_AVAILABLE; + + slot->handle = client; + slot->logged_in = user; return HAL_OK; } static hal_error_t logout(const hal_client_handle_t client) { -#warning And do something else with client table here - return HAL_ERROR_IMPOSSIBLE; + client_slot_t *slot = find_handle(client); + + if (slot != NULL) + slot->logged_in = HAL_USER_NONE; + + return HAL_OK; } const hal_rpc_misc_dispatch_t hal_rpc_remote_misc_dispatch = { diff --git a/rpc_pkey.c b/rpc_pkey.c index fdbc7cc..e7331ab 100644 --- a/rpc_pkey.c +++ b/rpc_pkey.c @@ -42,7 +42,7 @@ typedef struct { hal_client_handle_t client_handle; hal_session_handle_t session_handle; - hal_rpc_pkey_handle_t pkey_handle; + hal_pkey_handle_t pkey_handle; hal_key_type_t type; hal_curve_name_t curve; hal_key_flags_t flags; @@ -102,7 +102,7 @@ static inline pkey_slot_t *alloc_slot(void) * the right glop. Returns slot pointer on success, NULL otherwise. */ -static inline pkey_slot_t *find_handle(const hal_rpc_pkey_handle_t handle) +static inline pkey_slot_t *find_handle(const hal_pkey_handle_t handle) { #if HAL_STATIC_PKEY_STATE_BLOCKS > 0 const int i = (int) (handle.handle & 0xFFFF); @@ -119,7 +119,7 @@ static inline pkey_slot_t *find_handle(const hal_rpc_pkey_handle_t handle) * basic) ASN.1 encoding, which we perform inline. */ -static hal_error_t pkcs1_construct_digestinfo(const hal_rpc_hash_handle_t handle, +static hal_error_t pkcs1_construct_digestinfo(const hal_hash_handle_t handle, uint8_t *digest_info, size_t *digest_info_len, const size_t digest_info_max) { assert(digest_info != NULL && digest_info_len != NULL); @@ -205,7 +205,7 @@ static hal_error_t pkcs1_5_pad(const uint8_t * const data, const size_t data_len static hal_error_t load(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const hal_key_type_t type, const hal_curve_name_t curve, const uint8_t * const name, const size_t name_len, @@ -241,7 +241,7 @@ static hal_error_t load(const hal_client_handle_t client, static hal_error_t find(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const hal_key_type_t type, const uint8_t * const name, const size_t name_len) { @@ -272,7 +272,7 @@ static hal_error_t find(const hal_client_handle_t client, static hal_error_t generate_rsa(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const uint8_t * const name, const size_t name_len, const unsigned key_length, const uint8_t * const public_exponent, const size_t public_exponent_len, @@ -325,7 +325,7 @@ static hal_error_t generate_rsa(const hal_client_handle_t client, static hal_error_t generate_ec(const hal_client_handle_t client, const hal_session_handle_t session, - hal_rpc_pkey_handle_t *pkey, + hal_pkey_handle_t *pkey, const uint8_t * const name, const size_t name_len, const hal_curve_name_t curve, const hal_key_flags_t flags) @@ -373,7 +373,7 @@ static hal_error_t generate_ec(const hal_client_handle_t client, * Discard key handle, leaving key intact. */ -static hal_error_t close(const hal_rpc_pkey_handle_t pkey) +static hal_error_t close(const hal_pkey_handle_t pkey) { pkey_slot_t *slot; @@ -389,7 +389,7 @@ static hal_error_t close(const hal_rpc_pkey_handle_t pkey) * Delete a key from the store, given its key handle. */ -static hal_error_t delete(const hal_rpc_pkey_handle_t pkey) +static hal_error_t delete(const hal_pkey_handle_t pkey) { pkey_slot_t *slot = find_handle(pkey); @@ -408,7 +408,7 @@ static hal_error_t delete(const hal_rpc_pkey_handle_t pkey) * Get type of key associated with handle. */ -static hal_error_t get_key_type(const hal_rpc_pkey_handle_t pkey, +static hal_error_t get_key_type(const hal_pkey_handle_t pkey, hal_key_type_t *type) { if (type == NULL) @@ -428,7 +428,7 @@ static hal_error_t get_key_type(const hal_rpc_pkey_handle_t pkey, * Get flags of key associated with handle. */ -static hal_error_t get_key_flags(const hal_rpc_pkey_handle_t pkey, +static hal_error_t get_key_flags(const hal_pkey_handle_t pkey, hal_key_flags_t *flags) { if (flags == NULL) @@ -448,7 +448,7 @@ static hal_error_t get_key_flags(const hal_rpc_pkey_handle_t pkey, * Get length of public key associated with handle. */ -static size_t get_public_key_len(const hal_rpc_pkey_handle_t pkey) +static size_t get_public_key_len(const hal_pkey_handle_t pkey) { pkey_slot_t *slot = find_handle(pkey); @@ -497,7 +497,7 @@ static size_t get_public_key_len(const hal_rpc_pkey_handle_t pkey) * Get public key associated with handle. */ -static hal_error_t get_public_key(const hal_rpc_pkey_handle_t pkey, +static hal_error_t get_public_key(const hal_pkey_handle_t pkey, uint8_t *der, size_t *der_len, const size_t der_max) { pkey_slot_t *slot = find_handle(pkey); @@ -557,7 +557,7 @@ static hal_error_t get_public_key(const hal_rpc_pkey_handle_t pkey, static hal_error_t sign_rsa(uint8_t *keybuf, const size_t keybuf_len, const uint8_t * const der, const size_t der_len, - const hal_rpc_hash_handle_t hash, + const hal_hash_handle_t hash, const uint8_t * input, size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max) { @@ -565,7 +565,7 @@ static hal_error_t sign_rsa(uint8_t *keybuf, const size_t keybuf_len, hal_error_t err; assert(signature != NULL && signature_len != NULL); - assert((hash.handle == hal_rpc_hash_handle_none.handle) != (input == NULL || input_len == 0)); + assert((hash.handle == hal_hash_handle_none.handle) != (input == NULL || input_len == 0)); if ((err = hal_rsa_private_key_from_der(&key, keybuf, keybuf_len, der, der_len)) != HAL_OK || (err = hal_rsa_key_get_modulus(key, NULL, signature_len, 0)) != HAL_OK) @@ -589,7 +589,7 @@ static hal_error_t sign_rsa(uint8_t *keybuf, const size_t keybuf_len, static hal_error_t sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const uint8_t * const der, const size_t der_len, - const hal_rpc_hash_handle_t hash, + const hal_hash_handle_t hash, const uint8_t * input, size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max) { @@ -597,7 +597,7 @@ static hal_error_t sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len, hal_error_t err; assert(signature != NULL && signature_len != NULL); - assert((hash.handle == hal_rpc_hash_handle_none.handle) != (input == NULL || input_len == 0)); + assert((hash.handle == hal_hash_handle_none.handle) != (input == NULL || input_len == 0)); if ((err = hal_ecdsa_private_key_from_der(&key, keybuf, keybuf_len, der, der_len)) != HAL_OK) return err; @@ -625,8 +625,8 @@ static hal_error_t sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len, } static hal_error_t sign(const hal_session_handle_t session, - const hal_rpc_pkey_handle_t pkey, - const hal_rpc_hash_handle_t hash, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max) { @@ -637,7 +637,7 @@ static hal_error_t sign(const hal_session_handle_t session, hal_error_t (*signer)(uint8_t *keybuf, const size_t keybuf_len, const uint8_t * const der, const size_t der_len, - const hal_rpc_hash_handle_t hash, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, uint8_t * signature, size_t *signature_len, const size_t signature_max); @@ -677,7 +677,7 @@ static hal_error_t sign(const hal_session_handle_t session, static hal_error_t verify_rsa(uint8_t *keybuf, const size_t keybuf_len, const uint8_t * const der, const size_t der_len, - const hal_rpc_hash_handle_t hash, + const hal_hash_handle_t hash, const uint8_t * input, size_t input_len, const uint8_t * const signature, const size_t signature_len) { @@ -686,7 +686,7 @@ static hal_error_t verify_rsa(uint8_t *keybuf, const size_t keybuf_len, hal_error_t err; assert(signature != NULL && signature_len > 0); - assert((hash.handle == hal_rpc_hash_handle_none.handle) != (input == NULL || input_len == 0)); + assert((hash.handle == hal_hash_handle_none.handle) != (input == NULL || input_len == 0)); if ((err = hal_rsa_private_key_from_der(&key, keybuf, keybuf_len, der, der_len)) != HAL_OK) return err; @@ -713,7 +713,7 @@ static hal_error_t verify_rsa(uint8_t *keybuf, const size_t keybuf_len, static hal_error_t verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const uint8_t * const der, const size_t der_len, - const hal_rpc_hash_handle_t hash, + const hal_hash_handle_t hash, const uint8_t * input, size_t input_len, const uint8_t * const signature, const size_t signature_len) { @@ -722,7 +722,7 @@ static hal_error_t verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, hal_error_t err; assert(signature != NULL && signature_len > 0); - assert((hash.handle == hal_rpc_hash_handle_none.handle) != (input == NULL || input_len == 0)); + assert((hash.handle == hal_hash_handle_none.handle) != (input == NULL || input_len == 0)); if ((err = hal_ecdsa_private_key_from_der(&key, keybuf, keybuf_len, der, der_len)) != HAL_OK) return err; @@ -745,8 +745,8 @@ static hal_error_t verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, } static hal_error_t verify(const hal_session_handle_t session, - const hal_rpc_pkey_handle_t pkey, - const hal_rpc_hash_handle_t hash, + const hal_pkey_handle_t pkey, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len) { @@ -757,7 +757,7 @@ static hal_error_t verify(const hal_session_handle_t session, hal_error_t (*verifier)(uint8_t *keybuf, const size_t keybuf_len, const uint8_t * const der, const size_t der_len, - const hal_rpc_hash_handle_t hash, + const hal_hash_handle_t hash, const uint8_t * const input, const size_t input_len, const uint8_t * const signature, const size_t signature_len); @@ -795,7 +795,7 @@ static hal_error_t verify(const hal_session_handle_t session, * List keys in the key store. */ -static hal_error_t list(hal_rpc_pkey_key_info_t *result, +static hal_error_t list(hal_pkey_info_t *result, unsigned *result_len, const unsigned result_max) { -- cgit v1.2.3