aboutsummaryrefslogtreecommitdiff
path: root/projects/hsm
diff options
context:
space:
mode:
Diffstat (limited to 'projects/hsm')
-rw-r--r--projects/hsm/mgmt-keystore.c130
1 files changed, 76 insertions, 54 deletions
diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c
index 9c1d427..a15243f 100644
--- a/projects/hsm/mgmt-keystore.c
+++ b/projects/hsm/mgmt-keystore.c
@@ -171,74 +171,96 @@ static int cmd_keystore_delete_key(struct cli_def *cli, const char *command, cha
return CLI_OK;
}
-static int show_keys(struct cli_def *cli, const hal_pkey_info_t * const keys, const unsigned n)
+static int show_keys(struct cli_def *cli, const char *title, const hal_key_flags_t qflags)
{
- char name[HAL_UUID_TEXT_SIZE];
- const char *type, *curve;
+ const hal_client_handle_t client = { -1 };
+ const hal_session_handle_t session = { HAL_HANDLE_NONE };
+ char key_name[HAL_UUID_TEXT_SIZE];
+ hal_uuid_t previous_uuid = {{0}};
+ hal_pkey_handle_t pkey;
+ hal_curve_name_t curve;
+ hal_key_flags_t flags;
+ hal_key_type_t type;
hal_error_t status;
+ hal_uuid_t uuids[50];
+ unsigned n;
+ int done = 0;
- for (int i = 0; i < n; i++) {
+ cli_print(cli, title);
- switch (keys[i].type) {
- case HAL_KEY_TYPE_RSA_PRIVATE: type = "RSA private"; break;
- case HAL_KEY_TYPE_RSA_PUBLIC: type = "RSA public"; break;
- case HAL_KEY_TYPE_EC_PRIVATE: type = "EC private"; break;
- case HAL_KEY_TYPE_EC_PUBLIC: type = "EC public"; break;
- default: type = "unknown"; break;
- }
+ while (!done) {
- switch (keys[i].curve) {
- case HAL_CURVE_NONE: curve = "none"; break;
- case HAL_CURVE_P256: curve = "P-256"; break;
- case HAL_CURVE_P384: curve = "P-384"; break;
- case HAL_CURVE_P521: curve = "P-521"; break;
- default: curve = "unknown"; break;
+ if ((status = hal_rpc_pkey_match(client, session, HAL_KEY_TYPE_NONE, HAL_CURVE_NONE,
+ qflags, NULL, 0, uuids, &n, sizeof(uuids)/sizeof(*uuids),
+ &previous_uuid)) != LIBHAL_OK) {
+ cli_print(cli, "Could not fetch UUID list: %s", hal_error_string(status));
+ return 0;
}
- if ((status = hal_uuid_format(&keys[i].name, name, sizeof(name))) != LIBHAL_OK) {
- cli_print(cli, "Could not convert key name: %s", hal_error_string(status));
- return CLI_ERROR;
+ done = n < sizeof(uuids)/sizeof(*uuids);
+
+ if (!done)
+ previous_uuid = uuids[sizeof(uuids)/sizeof(*uuids) - 1];
+
+ for (int i = 0; i < n; i++) {
+
+ if ((status = hal_uuid_format(&uuids[i], key_name, sizeof(key_name))) != LIBHAL_OK) {
+ cli_print(cli, "Could not convert key name: %s",
+ hal_error_string(status));
+ return 0;
+ }
+
+ if ((status = hal_rpc_pkey_open(client, session, &pkey, &uuids[i], qflags)) != LIBHAL_OK) {
+ cli_print(cli, "Could not open key %s: %s",
+ key_name, hal_error_string(status));
+ return 0;
+ }
+
+ if ((status = hal_rpc_pkey_get_key_type(pkey, &type)) != LIBHAL_OK ||
+ (status = hal_rpc_pkey_get_key_curve(pkey, &curve)) != LIBHAL_OK ||
+ (status = hal_rpc_pkey_get_key_flags(pkey, &flags)) != LIBHAL_OK)
+ cli_print(cli, "Could not fetch metadata for key %s: %s",
+ key_name, hal_error_string(status));
+
+ if (status == LIBHAL_OK)
+ status = hal_rpc_pkey_close(pkey);
+ else
+ (void) hal_rpc_pkey_close(pkey);
+
+ if (status != LIBHAL_OK)
+ return 0;
+
+ const char *type_name = "unknown";
+ switch (type) {
+ case HAL_KEY_TYPE_NONE: type_name = "none"; break;
+ case HAL_KEY_TYPE_RSA_PRIVATE: type_name = "RSA private"; break;
+ case HAL_KEY_TYPE_RSA_PUBLIC: type_name = "RSA public"; break;
+ case HAL_KEY_TYPE_EC_PRIVATE: type_name = "EC private"; break;
+ case HAL_KEY_TYPE_EC_PUBLIC: type_name = "EC public"; break;
+ }
+
+ const char *curve_name = "unknown";
+ switch (curve) {
+ case HAL_CURVE_NONE: curve_name = "none"; break;
+ case HAL_CURVE_P256: curve_name = "P-256"; break;
+ case HAL_CURVE_P384: curve_name = "P-384"; break;
+ case HAL_CURVE_P521: curve_name = "P-521"; break;
+ }
+
+ cli_print(cli, "Key %2i, name %s, type %s, curve %s, flags 0x%lx",
+ i, key_name, type_name, curve_name, (unsigned long) flags);
}
-
- cli_print(cli, "Key %2i, name %s, type %s, curve %s, flags 0x%lx",
- i, name, type, curve, (unsigned long) keys[i].flags);
-
}
- return CLI_OK;
+ return 1;
}
static int cmd_keystore_show_keys(struct cli_def *cli, const char *command, char *argv[], int argc)
{
- hal_pkey_info_t keys[128];
- unsigned n;
- hal_error_t status;
- hal_client_handle_t client = { -1 };
- hal_session_handle_t session = { HAL_HANDLE_NONE };
-
- if ((status = hal_rpc_pkey_list(client, session, keys, &n, sizeof(keys)/sizeof(*keys),
- 0)) != LIBHAL_OK) {
- cli_print(cli, "Could not fetch memory key info: %s", hal_error_string(status));
- return CLI_ERROR;
- }
-
- cli_print(cli, "Memory keystore:");
-
- if (show_keys(cli, keys, n) != CLI_OK)
- return CLI_ERROR;
-
- if ((status = hal_rpc_pkey_list(client, session, keys, &n, sizeof(keys)/sizeof(*keys),
- HAL_KEY_FLAG_TOKEN)) != LIBHAL_OK) {
- cli_print(cli, "Could not fetch token key info: %s", hal_error_string(status));
- return CLI_ERROR;
- }
-
- cli_print(cli, "Token keystore:");
-
- if (show_keys(cli, keys, n) != CLI_OK)
- return CLI_ERROR;
-
- return CLI_OK;
+ int ok = 1;
+ ok &= show_keys(cli, "Memory keystore:", 0);
+ ok &= show_keys(cli, "Token keystore:", HAL_KEY_FLAG_TOKEN);
+ return ok ? CLI_OK : CLI_ERROR;
}
static int cmd_keystore_erase(struct cli_def *cli, const char *command, char *argv[], int argc)