aboutsummaryrefslogtreecommitdiff
path: root/projects/hsm
diff options
context:
space:
mode:
authorPaul Selkirk <paul@psgd.org>2018-02-26 16:06:42 -0500
committerPaul Selkirk <paul@psgd.org>2018-04-19 18:50:32 -0400
commitaf127e807008b2153d597e756ff26da69daf9e45 (patch)
tree6bab36ce01ffbbafa0e9d19f5bfd07e2471f58e6 /projects/hsm
parent33ac5751d8e56b8cbec0cc5ac41a18f2692e4bf9 (diff)
Implement hash-based signatures, per draft-mcgrew-hash-sigs-08.txt
Diffstat (limited to 'projects/hsm')
-rw-r--r--projects/hsm/hsm.c9
-rw-r--r--projects/hsm/mgmt-keystore.c16
2 files changed, 17 insertions, 8 deletions
diff --git a/projects/hsm/hsm.c b/projects/hsm/hsm.c
index f20ee64..d971f14 100644
--- a/projects/hsm/hsm.c
+++ b/projects/hsm/hsm.c
@@ -90,18 +90,11 @@ static uint8_t busy_stack[BUSY_STACK_SIZE];
#endif
static uint8_t cli_stack[CLI_STACK_SIZE];
-#ifndef MAX_PKT_SIZE
-/* An arbitrary number, more or less driven by the 4096-bit RSA
- * keygen test.
- */
-#define MAX_PKT_SIZE 4096
-#endif
-
/* RPC buffers. For each active request, there will be two - input and output.
*/
typedef struct rpc_buffer_s {
size_t len;
- uint8_t buf[MAX_PKT_SIZE];
+ uint8_t buf[HAL_RPC_MAX_PKT_SIZE];
struct rpc_buffer_s *next; /* for ibuf queue linking */
} rpc_buffer_t;
diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c
index b79a5fe..a7fdffe 100644
--- a/projects/hsm/mgmt-keystore.c
+++ b/projects/hsm/mgmt-keystore.c
@@ -180,6 +180,8 @@ static int cmd_keystore_delete_key(struct cli_def *cli, const char *command, cha
return CLI_OK;
}
+#include "ks.h"
+
static int show_keys(struct cli_def *cli, const char *title)
{
const hal_client_handle_t client = { -1 };
@@ -198,6 +200,16 @@ static int show_keys(struct cli_def *cli, const char *title)
cli_print(cli, title);
+ size_t avail;
+ if ((status = hal_ks_available(hal_ks_token, &avail)) == HAL_OK)
+ cli_print(cli, "Token keystore: %d available", avail);
+ else
+ cli_print(cli, "Error reading token keystore: %s", hal_error_string(status));
+ if ((status = hal_ks_available(hal_ks_volatile, &avail)) == HAL_OK)
+ cli_print(cli, "Volatile keystore: %d available", avail);
+ else
+ cli_print(cli, "Error reading volatile keystore: %s", hal_error_string(status));
+
while (!done) {
if ((status = hal_rpc_pkey_match(client, session, HAL_KEY_TYPE_NONE, HAL_CURVE_NONE,
@@ -248,6 +260,10 @@ static int show_keys(struct cli_def *cli, const char *title)
case HAL_KEY_TYPE_RSA_PUBLIC: type_name = "RSA public"; break;
case HAL_KEY_TYPE_EC_PRIVATE: type_name = "EC private"; break;
case HAL_KEY_TYPE_EC_PUBLIC: type_name = "EC public"; break;
+ case HAL_KEY_TYPE_HASHSIG_PRIVATE: type_name = "hashsig private"; break;
+ case HAL_KEY_TYPE_HASHSIG_PUBLIC: type_name = "hashsig public"; break;
+ case HAL_KEY_TYPE_HASHSIG_LMS: type_name = "hashsig lms"; break;
+ case HAL_KEY_TYPE_HASHSIG_LMOTS: type_name = "hashsig lmots"; break;
}
const char *curve_name = "unknown";