aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2016-11-14 18:07:41 -0500
committerRob Austein <sra@hactrn.net>2016-11-14 18:07:41 -0500
commit08c377d92306656f32d36e4efad06d65c4f0b6ba (patch)
treee9c8047442c08dac5a7dc7c11c2b4f0789722b7c
parentc6d3a52cffd3f4360f400286ceb0cdbf48f11f6a (diff)
Track removal of hal_rpc_pkey_list().
Diffstat
-rw-r--r--projects/cli-test/mgmt-keystore.c115
-rw-r--r--projects/hsm/mgmt-keystore.c130
2 files changed, 155 insertions, 90 deletions
diff --git a/projects/cli-test/mgmt-keystore.c b/projects/cli-test/mgmt-keystore.c
index 1fb720b..3afd238 100644
--- a/projects/cli-test/mgmt-keystore.c
+++ b/projects/cli-test/mgmt-keystore.c
@@ -231,53 +231,96 @@ static int cmd_keystore_show_data(struct cli_def *cli, const char *command, char
return CLI_OK;
}
-static int cmd_keystore_show_keys(struct cli_def *cli, const char *command, char *argv[], int argc)
+static int show_keys(struct cli_def *cli, const char *title, const hal_key_flags_t qflags)
{
- hal_pkey_info_t keys[64];
- unsigned n;
+ const hal_client_handle_t client = { -1 };
+ const hal_session_handle_t session = { HAL_HANDLE_NONE };
+ char key_name[HAL_UUID_TEXT_SIZE];
+ hal_uuid_t previous_uuid = {{0}};
+ hal_pkey_handle_t pkey;
+ hal_curve_name_t curve;
+ hal_key_flags_t flags;
+ hal_key_type_t type;
hal_error_t status;
- hal_client_handle_t client = {HAL_HANDLE_NONE};
- hal_session_handle_t session = {HAL_HANDLE_NONE};
-
- if ((status = hal_rpc_pkey_list(client, session, keys, &n, sizeof(keys)/sizeof(*keys),
- HAL_KEY_FLAG_TOKEN)) != LIBHAL_OK) {
- cli_print(cli, "Could not fetch key info: %s", hal_error_string(status));
- return CLI_ERROR;
- }
+ hal_uuid_t uuids[50];
+ unsigned n;
+ int done = 0;
- for (int i = 0; i < n; i++) {
- char name[HAL_UUID_TEXT_SIZE];
- const char *type, *curve;
+ cli_print(cli, title);
- switch (keys[i].type) {
- case HAL_KEY_TYPE_RSA_PRIVATE: type = "RSA private"; break;
- case HAL_KEY_TYPE_RSA_PUBLIC: type = "RSA public"; break;
- case HAL_KEY_TYPE_EC_PRIVATE: type = "EC private"; break;
- case HAL_KEY_TYPE_EC_PUBLIC: type = "EC public"; break;
- default: type = "unknown"; break;
- }
+ while (!done) {
- switch (keys[i].curve) {
- case HAL_CURVE_NONE: curve = "none"; break;
- case HAL_CURVE_P256: curve = "P-256"; break;
- case HAL_CURVE_P384: curve = "P-384"; break;
- case HAL_CURVE_P521: curve = "P-521"; break;
- default: curve = "unknown"; break;
+ if ((status = hal_rpc_pkey_match(client, session, HAL_KEY_TYPE_NONE, HAL_CURVE_NONE,
+ qflags, NULL, 0, uuids, &n, sizeof(uuids)/sizeof(*uuids),
+ &previous_uuid)) != LIBHAL_OK) {
+ cli_print(cli, "Could not fetch UUID list: %s", hal_error_string(status));
+ return 0;
}
- if ((status = hal_uuid_format(&keys[i].name, name, sizeof(name))) != LIBHAL_OK) {
- cli_print(cli, "Could not convert key name: %s", hal_error_string(status));
- return CLI_ERROR;
+ done = n < sizeof(uuids)/sizeof(*uuids);
+
+ if (!done)
+ previous_uuid = uuids[sizeof(uuids)/sizeof(*uuids) - 1];
+
+ for (int i = 0; i < n; i++) {
+
+ if ((status = hal_uuid_format(&uuids[i], key_name, sizeof(key_name))) != LIBHAL_OK) {
+ cli_print(cli, "Could not convert key name: %s",
+ hal_error_string(status));
+ return 0;
+ }
+
+ if ((status = hal_rpc_pkey_open(client, session, &pkey, &uuids[i], qflags)) != LIBHAL_OK) {
+ cli_print(cli, "Could not open key %s: %s",
+ key_name, hal_error_string(status));
+ return 0;
+ }
+
+ if ((status = hal_rpc_pkey_get_key_type(pkey, &type)) != LIBHAL_OK ||
+ (status = hal_rpc_pkey_get_key_curve(pkey, &curve)) != LIBHAL_OK ||
+ (status = hal_rpc_pkey_get_key_flags(pkey, &flags)) != LIBHAL_OK)
+ cli_print(cli, "Could not fetch metadata for key %s: %s",
+ key_name, hal_error_string(status));
+
+ if (status == LIBHAL_OK)
+ status = hal_rpc_pkey_close(pkey);
+ else
+ (void) hal_rpc_pkey_close(pkey);
+
+ if (status != LIBHAL_OK)
+ return 0;
+
+ const char *type_name = "unknown";
+ switch (type) {
+ case HAL_KEY_TYPE_NONE: type_name = "none"; break;
+ case HAL_KEY_TYPE_RSA_PRIVATE: type_name = "RSA private"; break;
+ case HAL_KEY_TYPE_RSA_PUBLIC: type_name = "RSA public"; break;
+ case HAL_KEY_TYPE_EC_PRIVATE: type_name = "EC private"; break;
+ case HAL_KEY_TYPE_EC_PUBLIC: type_name = "EC public"; break;
+ }
+
+ const char *curve_name = "unknown";
+ switch (curve) {
+ case HAL_CURVE_NONE: curve_name = "none"; break;
+ case HAL_CURVE_P256: curve_name = "P-256"; break;
+ case HAL_CURVE_P384: curve_name = "P-384"; break;
+ case HAL_CURVE_P521: curve_name = "P-521"; break;
+ }
+
+ cli_print(cli, "Key %2i, name %s, type %s, curve %s, flags 0x%lx",
+ i, key_name, type_name, curve_name, (unsigned long) flags);
}
-
- cli_print(cli, "Key %2i, name %s, type %s, curve %s, flags 0x%lx",
- i, name, type, curve, (unsigned long) keys[i].flags);
-
}
- cli_print(cli, "\n");
+ return 1;
+}
- return CLI_OK;
+static int cmd_keystore_show_keys(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+ int ok = 1;
+ ok &= show_keys(cli, "Memory keystore:", 0);
+ ok &= show_keys(cli, "Token keystore:", HAL_KEY_FLAG_TOKEN);
+ return ok ? CLI_OK : CLI_ERROR;
}
static int cmd_keystore_erase(struct cli_def *cli, const char *command, char *argv[], int argc)
diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c
index 9c1d427..a15243f 100644
--- a/projects/hsm/mgmt-keystore.c
+++ b/projects/hsm/mgmt-keystore.c
@@ -171,74 +171,96 @@ static int cmd_keystore_delete_key(struct cli_def *cli, const char *command, cha
return CLI_OK;
}
-static int show_keys(struct cli_def *cli, const hal_pkey_info_t * const keys, const unsigned n)
+static int show_keys(struct cli_def *cli, const char *title, const hal_key_flags_t qflags)
{
- char name[HAL_UUID_TEXT_SIZE];
- const char *type, *curve;
+ const hal_client_handle_t client = { -1 };
+ const hal_session_handle_t session = { HAL_HANDLE_NONE };
+ char key_name[HAL_UUID_TEXT_SIZE];
+ hal_uuid_t previous_uuid = {{0}};
+ hal_pkey_handle_t pkey;
+ hal_curve_name_t curve;
+ hal_key_flags_t flags;
+ hal_key_type_t type;
hal_error_t status;
+ hal_uuid_t uuids[50];
+ unsigned n;
+ int done = 0;
- for (int i = 0; i < n; i++) {
+ cli_print(cli, title);
- switch (keys[i].type) {
- case HAL_KEY_TYPE_RSA_PRIVATE: type = "RSA private"; break;
- case HAL_KEY_TYPE_RSA_PUBLIC: type = "RSA public"; break;
- case HAL_KEY_TYPE_EC_PRIVATE: type = "EC private"; break;
- case HAL_KEY_TYPE_EC_PUBLIC: type = "EC public"; break;
- default: type = "unknown"; break;
- }
+ while (!done) {
- switch (keys[i].curve) {
- case HAL_CURVE_NONE: curve = "none"; break;
- case HAL_CURVE_P256: curve = "P-256"; break;
- case HAL_CURVE_P384: curve = "P-384"; break;
- case HAL_CURVE_P521: curve = "P-521"; break;
- default: curve = "unknown"; break;
+ if ((status = hal_rpc_pkey_match(client, session, HAL_KEY_TYPE_NONE, HAL_CURVE_NONE,
+ qflags, NULL, 0, uuids, &n, sizeof(uuids)/sizeof(*uuids),
+ &previous_uuid)) != LIBHAL_OK) {
+ cli_print(cli, "Could not fetch UUID list: %s", hal_error_string(status));
+ return 0;
}
- if ((status = hal_uuid_format(&keys[i].name, name, sizeof(name))) != LIBHAL_OK) {
- cli_print(cli, "Could not convert key name: %s", hal_error_string(status));
- return CLI_ERROR;
+ done = n < sizeof(uuids)/sizeof(*uuids);
+
+ if (!done)
+ previous_uuid = uuids[sizeof(uuids)/sizeof(*uuids) - 1];
+
+ for (int i = 0; i < n; i++) {
+
+ if ((status = hal_uuid_format(&uuids[i], key_name, sizeof(key_name))) != LIBHAL_OK) {
+ cli_print(cli, "Could not convert key name: %s",
+ hal_error_string(status));
+ return 0;
+ }
+
+ if ((status = hal_rpc_pkey_open(client, session, &pkey, &uuids[i], qflags)) != LIBHAL_OK) {
+ cli_print(cli, "Could not open key %s: %s",
+ key_name, hal_error_string(status));
+ return 0;
+ }
+
+ if ((status = hal_rpc_pkey_get_key_type(pkey, &type)) != LIBHAL_OK ||
+ (status = hal_rpc_pkey_get_key_curve(pkey, &curve)) != LIBHAL_OK ||
+ (status = hal_rpc_pkey_get_key_flags(pkey, &flags)) != LIBHAL_OK)
+ cli_print(cli, "Could not fetch metadata for key %s: %s",
+ key_name, hal_error_string(status));
+
+ if (status == LIBHAL_OK)
+ status = hal_rpc_pkey_close(pkey);
+ else
+ (void) hal_rpc_pkey_close(pkey);
+
+ if (status != LIBHAL_OK)
+ return 0;
+
+ const char *type_name = "unknown";
+ switch (type) {
+ case HAL_KEY_TYPE_NONE: type_name = "none"; break;
+ case HAL_KEY_TYPE_RSA_PRIVATE: type_name = "RSA private"; break;
+ case HAL_KEY_TYPE_RSA_PUBLIC: type_name = "RSA public"; break;
+ case HAL_KEY_TYPE_EC_PRIVATE: type_name = "EC private"; break;
+ case HAL_KEY_TYPE_EC_PUBLIC: type_name = "EC public"; break;
+ }
+
+ const char *curve_name = "unknown";
+ switch (curve) {
+ case HAL_CURVE_NONE: curve_name = "none"; break;
+ case HAL_CURVE_P256: curve_name = "P-256"; break;
+ case HAL_CURVE_P384: curve_name = "P-384"; break;
+ case HAL_CURVE_P521: curve_name = "P-521"; break;
+ }
+
+ cli_print(cli, "Key %2i, name %s, type %s, curve %s, flags 0x%lx",
+ i, key_name, type_name, curve_name, (unsigned long) flags);
}
-
- cli_print(cli, "Key %2i, name %s, type %s, curve %s, flags 0x%lx",
- i, name, type, curve, (unsigned long) keys[i].flags);
-
}
- return CLI_OK;
+ return 1;
}
static int cmd_keystore_show_keys(struct cli_def *cli, const char *command, char *argv[], int argc)
{
- hal_pkey_info_t keys[128];
- unsigned n;
- hal_error_t status;
- hal_client_handle_t client = { -1 };
- hal_session_handle_t session = { HAL_HANDLE_NONE };
-
- if ((status = hal_rpc_pkey_list(client, session, keys, &n, sizeof(keys)/sizeof(*keys),
- 0)) != LIBHAL_OK) {
- cli_print(cli, "Could not fetch memory key info: %s", hal_error_string(status));
- return CLI_ERROR;
- }
-
- cli_print(cli, "Memory keystore:");
-
- if (show_keys(cli, keys, n) != CLI_OK)
- return CLI_ERROR;
-
- if ((status = hal_rpc_pkey_list(client, session, keys, &n, sizeof(keys)/sizeof(*keys),
- HAL_KEY_FLAG_TOKEN)) != LIBHAL_OK) {
- cli_print(cli, "Could not fetch token key info: %s", hal_error_string(status));
- return CLI_ERROR;
- }
-
- cli_print(cli, "Token keystore:");
-
- if (show_keys(cli, keys, n) != CLI_OK)
- return CLI_ERROR;
-
- return CLI_OK;
+ int ok = 1;
+ ok &= show_keys(cli, "Memory keystore:", 0);
+ ok &= show_keys(cli, "Token keystore:", HAL_KEY_FLAG_TOKEN);
+ return ok ? CLI_OK : CLI_ERROR;
}
static int cmd_keystore_erase(struct cli_def *cli, const char *command, char *argv[], int argc)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 06:58:08 +0000
#0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */
/*
 * rpc_serial.c
 * ------------
 * Remote procedure call transport over serial line with SLIP framing.
 *
 * Copyright (c) 2016, NORDUnet A/S All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 * - Redistributions of source code must retain the above copyright notice,
 *   this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 *
 * - Neither the name of the NORDUnet nor the names of its contributors may
 *   be used to endorse or promote products derived from this software
 *   without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/file.h>
#include <netinet/in.h>
#include <termios.h>
#include <unistd.h>
#include <fcntl.h>

#include "hal.h"
#include "hal_internal.h"
#include "slip_internal.h"

/*
 * Not thrilled about having OS-specific conditionals, but as such things
 * go, this seems relatively safe: gcc and clang both define it on Mac OS X,
 * and anything *not* on Mac OS X which defines it is begging for trouble.
 */

#ifndef HAL_RPC_SERIAL_USE_MACOSX_IOCTL
#define HAL_RPC_SERIAL_USE_MACOSX_IOCTL	(defined(__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__))
#endif

#if HAL_RPC_SERIAL_USE_MACOSX_IOCTL
#include <IOKit/serial/ioss.h>
#include <sys/ioctl.h>
#endif

static int fd = -1;

hal_error_t hal_serial_init(const char * const device, const uint32_t speed)
{
    struct termios tty;
    speed_t termios_speed;

    /*
     * Apparently Linux is too cool to need an atomic mechanism for
     * locking an existing file, so we can't uses O_EXLOCK.  Sigh.
     */

    fd = open(device, O_RDWR | O_NOCTTY | O_SYNC);
    if (fd == -1)
	return perror(device), HAL_ERROR_RPC_TRANSPORT;

    if (flock(fd, LOCK_EX) < 0)
        return perror(device), HAL_ERROR_RPC_TRANSPORT;

    if (tcgetattr (fd, &tty) != 0)
	return perror("tcgetattr"), HAL_ERROR_RPC_TRANSPORT;

#if !HAL_RPC_SERIAL_USE_MACOSX_IOCTL

    switch (speed) {
    case 115200:
        termios_speed = B115200;
	break;
    case 921600:
        termios_speed = B921600;
	break;
    default:
        hal_log(HAL_LOG_ERROR, "invalid line speed %lu\n", (unsigned long) speed);
	return HAL_ERROR_RPC_TRANSPORT;
    }

    cfsetospeed (&tty, termios_speed);
    cfsetispeed (&tty, termios_speed);

#endif

    tty.c_cflag &= ~CSIZE;
    tty.c_cflag |= (CS8 | CLOCAL | CREAD);

    tty.c_iflag = 0;
    tty.c_oflag = 0;
    tty.c_lflag = 0;

    tty.c_cc[VMIN] = 1;
    tty.c_cc[VTIME] = 0;

    if (tcsetattr (fd, TCSANOW, &tty) != 0)
	return perror("tcsetattr"), HAL_ERROR_RPC_TRANSPORT;

#if HAL_RPC_SERIAL_USE_MACOSX_IOCTL

    termios_speed = speed;

    if (ioctl(fd, IOSSIOSPEED, &speed) < 0)
        return perror("ioctl(IOSSIOSPEED)"), HAL_ERROR_RPC_TRANSPORT;

#endif

    return HAL_OK;
}

hal_error_t hal_serial_close(void)
{
    int ret = close(fd);
    fd = -1;
    if (ret != 0)
        return perror("close"), HAL_ERROR_RPC_TRANSPORT;
    return HAL_OK;
}

hal_error_t hal_serial_send_char(const uint8_t c)
{
    if (write(fd, &c, 1) != 1)
	return perror("write"), HAL_ERROR_RPC_TRANSPORT;
    return HAL_OK;
}

hal_error_t hal_serial_recv_char(uint8_t * const c)
{
    if (read(fd, c, 1) != 1)
	return perror("read"), HAL_ERROR_RPC_TRANSPORT;
    return HAL_OK;
}

/* Access routine for the file descriptor, so daemon can poll on it.
 */
int hal_serial_get_fd(void)
{
    return fd;
}