[Cryptech-Commits] [sw/libhal] 01/03: Clean up pkey mixed mode.

git at cryptech.is git at cryptech.is
Sat May 14 20:35:08 UTC 2016


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch rpc
in repository sw/libhal.

commit c861f7d2f3c5f69c02a633c51113518b70eedc27
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sat May 14 11:56:41 2016 -0400

    Clean up pkey mixed mode.
---
 rpc_client.c | 109 +++++++++++++++++++++++------------------------------------
 rpc_pkey.c   |  13 ++++---
 2 files changed, 51 insertions(+), 71 deletions(-)

diff --git a/rpc_client.c b/rpc_client.c
index 02e3320..be680ed 100644
--- a/rpc_client.c
+++ b/rpc_client.c
@@ -718,25 +718,37 @@ static hal_error_t pkey_remote_list(hal_pkey_info_t *result,
  * takes place on the HSM but the hashing takes place locally.  If
  * we're given a hash context in this case, it's local, so we have to
  * pull the digest from the hash context and send that to the HSM.
+ *
+ * These methods are also responsible for dispatching pkey operations
+ * to the local or remote key store based on the PROXIMATE flags.
+ * These flags are only meaningful when operating in mixed mode.
  */
 
+static inline const hal_rpc_pkey_dispatch_t *mixed_flags_dispatch(const hal_key_flags_t flags)
+{
+  if ((flags & HAL_KEY_FLAG_PROXIMATE) == 0)
+    return &hal_rpc_remote_pkey_dispatch;
+  else
+    return &hal_rpc_local_pkey_dispatch;
+}
+
+static inline const hal_rpc_pkey_dispatch_t *mixed_handle_dispatch(const hal_pkey_handle_t pkey)
+{
+  if  ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0)
+    return &hal_rpc_remote_pkey_dispatch;
+  else
+    return &hal_rpc_local_pkey_dispatch;
+}
+
 static hal_error_t pkey_mixed_sign(const hal_session_handle_t session,
                                    const hal_pkey_handle_t pkey,
                                    const hal_hash_handle_t hash,
                                    const uint8_t * const input,  const size_t input_len,
                                    uint8_t * signature, size_t *signature_len, const size_t signature_max)
 {
-  hal_error_t  (* const sign)(const hal_session_handle_t session,
-                              const hal_pkey_handle_t pkey,
-                              const hal_hash_handle_t hash,
-                              const uint8_t * const input,  const size_t input_len,
-                              uint8_t * signature, size_t *signature_len, const size_t signature_max)
-    = ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
-       ? hal_rpc_remote_pkey_dispatch.sign
-       : hal_rpc_local_pkey_dispatch.sign);
-
   if (input != NULL)
-    return sign(session, pkey, hash, input, input_len, signature, signature_len, signature_max);
+    return mixed_handle_dispatch(pkey)->sign(session, pkey, hash, input, input_len,
+                                             signature, signature_len, signature_max);
 
   hal_digest_algorithm_t alg;
   size_t digest_len;
@@ -751,7 +763,8 @@ static hal_error_t pkey_mixed_sign(const hal_session_handle_t session,
   if ((err = hal_rpc_hash_finalize(hash, digest, digest_len)) != HAL_OK)
     return err;
 
-  return sign(session, pkey, hal_hash_handle_none, digest, digest_len, signature, signature_len, signature_max);
+  return mixed_handle_dispatch(pkey)->sign(session, pkey, hal_hash_handle_none, digest, digest_len, 
+                                           signature, signature_len, signature_max);
 }
 
 static hal_error_t pkey_mixed_verify(const hal_session_handle_t session,
@@ -760,17 +773,9 @@ static hal_error_t pkey_mixed_verify(const hal_session_handle_t session,
                                      const uint8_t * const input, const size_t input_len,
                                      const uint8_t * const signature, const size_t signature_len)
 {
-  hal_error_t  (* const verify)(const hal_session_handle_t session,
-                                const hal_pkey_handle_t pkey,
-                                const hal_hash_handle_t hash,
-                                const uint8_t * const input, const size_t input_len,
-                                const uint8_t * const signature, const size_t signature_len)
-    = ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
-       ? hal_rpc_remote_pkey_dispatch.verify
-       : hal_rpc_local_pkey_dispatch.verify);
-
   if (input != NULL)
-    return verify(session, pkey, hash, input, input_len, signature, signature_len);
+    return mixed_handle_dispatch(pkey)->verify(session, pkey, hash, input, input_len, 
+                                               signature, signature_len);
 
   hal_digest_algorithm_t alg;
   size_t digest_len;
@@ -785,7 +790,8 @@ static hal_error_t pkey_mixed_verify(const hal_session_handle_t session,
   if ((err = hal_rpc_hash_finalize(hash, digest, digest_len)) != HAL_OK)
     return err;
 
-  return verify(session, pkey, hal_hash_handle_none, digest, digest_len, signature, signature_len);
+  return mixed_handle_dispatch(pkey)->verify(session, pkey, hal_hash_handle_none, 
+                                             digest, digest_len, signature, signature_len);
 }
 
 static hal_error_t pkey_mixed_load(const hal_client_handle_t client,
@@ -797,10 +803,8 @@ static hal_error_t pkey_mixed_load(const hal_client_handle_t client,
 				   const uint8_t * const der, const size_t der_len,
 				   const hal_key_flags_t flags)
 {
-  return ((flags & HAL_KEY_FLAG_PROXIMATE) == 0
-	  ? hal_rpc_remote_pkey_dispatch.load
-	  : hal_rpc_local_pkey_dispatch.load
-	  )(client, session, pkey, type, curve, name, name_len, der, der_len, flags);
+  return mixed_flags_dispatch(flags)->load(client, session, pkey, type, curve,
+                                           name, name_len, der, der_len, flags);
 }
 
 static hal_error_t pkey_mixed_find(const hal_client_handle_t client,
@@ -810,10 +814,8 @@ static hal_error_t pkey_mixed_find(const hal_client_handle_t client,
 				   const uint8_t * const name, const size_t name_len,
 				   const hal_key_flags_t flags)
 {
-  return ((flags & HAL_KEY_FLAG_PROXIMATE) == 0
-	  ? hal_rpc_remote_pkey_dispatch.find
-	  : hal_rpc_local_pkey_dispatch.find
-	  )(client, session, pkey, type, name, name_len, flags);
+  return mixed_flags_dispatch(flags)->find(client, session, pkey, type,
+                                           name, name_len, flags);
 }
 
 static hal_error_t pkey_mixed_generate_rsa(const hal_client_handle_t client,
@@ -824,10 +826,9 @@ static hal_error_t pkey_mixed_generate_rsa(const hal_client_handle_t client,
 					   const uint8_t * const public_exponent, const size_t public_exponent_len,
 					   const hal_key_flags_t flags)
 {
-  return ((flags & HAL_KEY_FLAG_PROXIMATE) == 0
-	  ? hal_rpc_remote_pkey_dispatch.generate_rsa
-	  : hal_rpc_local_pkey_dispatch.generate_rsa
-	  )(client, session, pkey, name, name_len, key_length, public_exponent, public_exponent_len, flags);
+  return mixed_flags_dispatch(flags)->generate_rsa(client, session, pkey,
+                                                   name, name_len, key_length,
+                                                   public_exponent, public_exponent_len, flags);
 }
 
 static hal_error_t pkey_mixed_generate_ec(const hal_client_handle_t client,
@@ -837,61 +838,40 @@ static hal_error_t pkey_mixed_generate_ec(const hal_client_handle_t client,
 					  const hal_curve_name_t curve,
 					  const hal_key_flags_t flags)
 {
-  return ((flags & HAL_KEY_FLAG_PROXIMATE) == 0
-	  ? hal_rpc_remote_pkey_dispatch.generate_ec
-	  : hal_rpc_local_pkey_dispatch.generate_ec
-	  )(client, session, pkey, name, name_len, curve, flags);
+  return mixed_flags_dispatch(flags)->generate_ec(client, session, pkey, name, name_len, curve, flags);
 }
 
 static hal_error_t pkey_mixed_close(const hal_pkey_handle_t pkey)
 {
-  return ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
-	  ? hal_rpc_remote_pkey_dispatch.close
-	  : hal_rpc_local_pkey_dispatch.close
-	  )(pkey);
+  return mixed_handle_dispatch(pkey)->close(pkey);
 }
 
 static hal_error_t pkey_mixed_delete(const hal_pkey_handle_t pkey)
 {
-  return ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
-	  ? hal_rpc_remote_pkey_dispatch.delete
-	  : hal_rpc_local_pkey_dispatch.delete
-	  )(pkey);
+  return mixed_handle_dispatch(pkey)->delete(pkey);
 }
 
 static hal_error_t pkey_mixed_get_key_type(const hal_pkey_handle_t pkey,
 					   hal_key_type_t *key_type)
 {
-  return ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
-	  ? hal_rpc_remote_pkey_dispatch.get_key_type
-	  : hal_rpc_local_pkey_dispatch.get_key_type
-	  )(pkey, key_type);
+  return mixed_handle_dispatch(pkey)->get_key_type(pkey, key_type);
 }
 
 static hal_error_t pkey_mixed_get_key_flags(const hal_pkey_handle_t pkey,
 					    hal_key_flags_t *flags)
 {
-  return ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
-	  ? hal_rpc_remote_pkey_dispatch.get_key_flags
-	  : hal_rpc_local_pkey_dispatch.get_key_flags
-	  )(pkey, flags);
+  return mixed_handle_dispatch(pkey)->get_key_flags(pkey, flags);
 }
 
 static size_t pkey_mixed_get_public_key_len(const hal_pkey_handle_t pkey)
 {
-  return ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
-	  ? hal_rpc_remote_pkey_dispatch.get_public_key_len
-	  : hal_rpc_local_pkey_dispatch.get_public_key_len
-	  )(pkey);
+  return mixed_handle_dispatch(pkey)->get_public_key_len(pkey);
 }
 
 static hal_error_t pkey_mixed_get_public_key(const hal_pkey_handle_t pkey,
 					     uint8_t *der, size_t *der_len, const size_t der_max)
 {
-  return ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
-	  ? hal_rpc_remote_pkey_dispatch.get_public_key
-	  : hal_rpc_local_pkey_dispatch.get_public_key
-	  )(pkey, der, der_len, der_max);
+  return mixed_handle_dispatch(pkey)->get_public_key(pkey, der, der_len, der_max);
 }
 
 static hal_error_t pkey_mixed_list(hal_pkey_info_t *result,
@@ -899,10 +879,7 @@ static hal_error_t pkey_mixed_list(hal_pkey_info_t *result,
 				   const unsigned result_max,
                                    hal_key_flags_t flags)
 {
-  return ((flags & HAL_KEY_FLAG_PROXIMATE) == 0
-	  ? hal_rpc_remote_pkey_dispatch.list
-	  : hal_rpc_local_pkey_dispatch.list
-	  )(result, result_len, result_max, flags);
+  return mixed_flags_dispatch(flags)->list(result, result_len, result_max, flags);
 }
 
 /*
diff --git a/rpc_pkey.c b/rpc_pkey.c
index bcf4905..0838694 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -82,7 +82,7 @@ static pkey_slot_t pkey_handle[HAL_STATIC_PKEY_STATE_BLOCKS];
  * handlers to route calls to the appropriate destination.
  */
 
-static inline pkey_slot_t *alloc_slot(void)
+static inline pkey_slot_t *alloc_slot(const hal_key_flags_t flags)
 {
 #if HAL_STATIC_PKEY_STATE_BLOCKS > 0
   static uint16_t next_glop = 0;
@@ -91,6 +91,9 @@ static inline pkey_slot_t *alloc_slot(void)
 
   assert((glop & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0);
 
+  if ((flags & HAL_KEY_FLAG_PROXIMATE) != 0)
+    glop |= HAL_PKEY_HANDLE_PROXIMATE_FLAG;
+
   for (int i = 0; i < sizeof(pkey_handle)/sizeof(*pkey_handle); i++) {
     if (pkey_handle[i].name_len > 0)
       continue;
@@ -223,7 +226,7 @@ static hal_error_t load(const hal_client_handle_t client,
 
   assert(sizeof(slot->name) >= name_len && pkey != NULL);
 
-  if ((slot = alloc_slot()) == NULL)
+  if ((slot = alloc_slot(flags)) == NULL)
     return HAL_ERROR_NO_KEY_SLOTS_AVAILABLE;
 
   if ((err = hal_ks_store(type, curve, flags, name, name_len, der, der_len, &slot->ks_hint)) != HAL_OK)
@@ -257,7 +260,7 @@ static hal_error_t find(const hal_client_handle_t client,
 
   assert(sizeof(slot->name) >= name_len && pkey != NULL);
 
-  if ((slot = alloc_slot()) == NULL)
+  if ((slot = alloc_slot(flags)) == NULL)
     return HAL_ERROR_NO_KEY_SLOTS_AVAILABLE;
 
   if ((err = hal_ks_fetch(type, name, name_len, &slot->curve, &slot->flags, NULL, NULL, 0, &slot->ks_hint)) != HAL_OK)
@@ -290,7 +293,7 @@ static hal_error_t generate_rsa(const hal_client_handle_t client,
 
   assert(sizeof(slot->name) >= name_len && pkey != NULL && (key_length & 7) == 0);
 
-  if ((slot = alloc_slot()) == NULL)
+  if ((slot = alloc_slot(flags)) == NULL)
     return HAL_ERROR_NO_KEY_SLOTS_AVAILABLE;
 
   uint8_t keybuf[hal_rsa_key_t_size];
@@ -342,7 +345,7 @@ static hal_error_t generate_ec(const hal_client_handle_t client,
 
   assert(sizeof(slot->name) >= name_len && pkey != NULL);
 
-  if ((slot = alloc_slot()) == NULL)
+  if ((slot = alloc_slot(flags)) == NULL)
     return HAL_ERROR_NO_KEY_SLOTS_AVAILABLE;
 
   uint8_t keybuf[hal_ecdsa_key_t_size];



More information about the Commits mailing list