/* * rpc_misc.c * ---------- * RPC interface to TRNG and PIN functions * * Authors: Rob Austein * Copyright (c) 2015, NORDUnet A/S All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * - Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * - Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * - Neither the name of the NORDUnet nor the names of its contributors may * be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "hal.h" #include "hal_internal.h" static hal_error_t get_version(uint32_t *version) { *version = RPC_VERSION; return HAL_OK; } static hal_error_t get_random(void *buffer, const size_t length) { if (buffer == NULL || length == 0) return HAL_ERROR_IMPOSSIBLE; return hal_get_random(NULL, buffer, length); } /* * PINs, salt, and iteration count live in the keystore. * * We also need a client table in conventional memory (here, probably) * to record login status. * * The USER and SO PINs correspond to PKCS #11. * * The WHEEL PIN is the one that's allowed to change the SO PIN. * * It's a bit unclear how we should manage changes to the WHEEL PIN. * Implementing a factory default would be easy enough (just * pre-compute and compile in a const hal_ks_pin_t), question is * whether doing so provides anything useful. Certainly adds no real * security, question is whether it would help prevent accidently * bricking the HSM right out of the shrink wrap. * * More interesting question is whether we should ever allow the WHEEL * PIN to be changed a second time without toasting the keystore. */ typedef struct { hal_client_handle_t handle; hal_user_t logged_in; } client_slot_t; #ifndef HAL_PIN_MINIMUM_ITERATIONS #define HAL_PIN_MINIMUM_ITERATIONS 1000 #endif #ifndef HAL_PIN_DEFAULT_ITERATIONS #define HAL_PIN_DEFAULT_ITERATIONS 2000 #endif static uint32_t hal_pin_default_iterations = HAL_PIN_DEFAULT_ITERATIONS; /* * Seconds to delay when given a bad PIN. */ #ifndef HAL_PIN_DELAY_ON_FAILURE #define HAL_PIN_DELAY_ON_FAILURE 5 #endif #ifndef HAL_STATIC_CLIENT_STATE_BLOCKS #define HAL_STATIC_CLIENT_STATE_BLOCKS 10 #endif #if HAL_STATIC_CLIENT_STATE_BLOCKS > 0 static client_slot_t client_handle[HAL_STATIC_CLIENT_STATE_BLOCKS]; #endif /* * Client handles are supplied by the application, we don't get to * pick them, we just store them and associate a login state with * them. HAL_USER_NONE indicates an empty slot in the table. */ static inline hal_error_t alloc_slot(const hal_client_handle_t client, const hal_user_t user) { client_slot_t *slot = NULL; hal_critical_section_start(); #if HAL_STATIC_CLIENT_STATE_BLOCKS > 0 for (int i = 0; slot == NULL && i < sizeof(client_handle)/sizeof(*client_handle); i++) if (client_handle[i].logged_in != HAL_USER_NONE && client_handle[i].handle.handle == client.handle) slot = &client_handle[i]; for (int i = 0; slot == NULL && i < sizeof(client_handle)/sizeof(*client_handle); i++) if (client_handle[i].logged_in == HAL_USER_NONE) slot = &client_handle[i]; #endif if (slot != NULL) { slot->handle = client; slot->logged_in = user; } hal_critical_section_end(); return slot == NULL ? HAL_ERROR_NO_CLIENT_SLOTS_AVAILABLE : HAL_OK; } static inline hal_error_t clear_slot(client_slot_t *slot) { if (slot == NULL) return HAL_OK; hal_error_t err; if ((err = hal_pkey_logout(slot->handle)) != HAL_OK) return err; hal_critical_section_start(); memset(slot, 0, sizeof(*slot)); hal_critical_section_end(); return HAL_OK; } static inline client_slot_t *find_handle(const hal_client_handle_t handle) { client_slot_t *slot = NULL; hal_critical_section_start(); #if HAL_STATIC_CLIENT_STATE_BLOCKS > 0 for (int i = 0; slot == NULL && i < sizeof(client_handle)/sizeof(*client_handle); i++) if (client_handle[i].logged_in != HAL_USER_NONE && client_handle[i].handle.handle ==
# Copyright (c) 2015-2016, NORDUnet A/S
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# - Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# - Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# - Neither the name of the NORDUnet nor the names of its contributors may
# be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
ifndef CRYPTECH_ROOT
CRYPTECH_ROOT := $(abspath ../../..)
endif
LIBTFM_SRC ?= ${CRYPTECH_ROOT}/sw/thirdparty/libtfm
LIBTFM_BLD ?= ${LIBTFM_SRC}
LIBHAL_SRC ?= ${CRYPTECH_ROOT}/sw/libhal
LIBHAL_BLD ?= ${LIBHAL_SRC}
LIBS = ${LIBHAL_BLD}/libhal.a ${LIBTFM_BLD}/libtfm.a
CFLAGS ?= -g3 -Wall -fPIC -std=c99 -I${LIBHAL_SRC} -I${LIBTFM_BLD}
BIN = eim_peek_poke cores
all: $(if $(wildcard ${LIBHAL_BLD}/hal_io_eim.o),eim_peek_poke) $(if $(wildcard ${LIBHAL_BLD}/core.o),cores)
clean:
rm -f *.o ${BIN}
${BIN}: %: %.o ${LIBS}
${CC} ${CFLAGS} -o $@ $^ ${LDFLAGS}
%.o: %.c ${LIBHAL_SRC}/*.h
${CC} ${CFLAGS} -c -o $@ $<