[Cryptech-Commits] [sw/libhal] 01/03: Clean up pkey mixed mode.
git at cryptech.is
git at cryptech.is
Sat May 14 20:35:08 UTC 2016
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch rpc
in repository sw/libhal.
commit c861f7d2f3c5f69c02a633c51113518b70eedc27
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sat May 14 11:56:41 2016 -0400
Clean up pkey mixed mode.
---
rpc_client.c | 109 +++++++++++++++++++++++------------------------------------
rpc_pkey.c | 13 ++++---
2 files changed, 51 insertions(+), 71 deletions(-)
diff --git a/rpc_client.c b/rpc_client.c
index 02e3320..be680ed 100644
--- a/rpc_client.c
+++ b/rpc_client.c
@@ -718,25 +718,37 @@ static hal_error_t pkey_remote_list(hal_pkey_info_t *result,
* takes place on the HSM but the hashing takes place locally. If
* we're given a hash context in this case, it's local, so we have to
* pull the digest from the hash context and send that to the HSM.
+ *
+ * These methods are also responsible for dispatching pkey operations
+ * to the local or remote key store based on the PROXIMATE flags.
+ * These flags are only meaningful when operating in mixed mode.
*/
+static inline const hal_rpc_pkey_dispatch_t *mixed_flags_dispatch(const hal_key_flags_t flags)
+{
+ if ((flags & HAL_KEY_FLAG_PROXIMATE) == 0)
+ return &hal_rpc_remote_pkey_dispatch;
+ else
+ return &hal_rpc_local_pkey_dispatch;
+}
+
+static inline const hal_rpc_pkey_dispatch_t *mixed_handle_dispatch(const hal_pkey_handle_t pkey)
+{
+ if ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0)
+ return &hal_rpc_remote_pkey_dispatch;
+ else
+ return &hal_rpc_local_pkey_dispatch;
+}
+
static hal_error_t pkey_mixed_sign(const hal_session_handle_t session,
const hal_pkey_handle_t pkey,
const hal_hash_handle_t hash,
const uint8_t * const input, const size_t input_len,
uint8_t * signature, size_t *signature_len, const size_t signature_max)
{
- hal_error_t (* const sign)(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
- const hal_hash_handle_t hash,
- const uint8_t * const input, const size_t input_len,
- uint8_t * signature, size_t *signature_len, const size_t signature_max)
- = ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
- ? hal_rpc_remote_pkey_dispatch.sign
- : hal_rpc_local_pkey_dispatch.sign);
-
if (input != NULL)
- return sign(session, pkey, hash, input, input_len, signature, signature_len, signature_max);
+ return mixed_handle_dispatch(pkey)->sign(session, pkey, hash, input, input_len,
+ signature, signature_len, signature_max);
hal_digest_algorithm_t alg;
size_t digest_len;
@@ -751,7 +763,8 @@ static hal_error_t pkey_mixed_sign(const hal_session_handle_t session,
if ((err = hal_rpc_hash_finalize(hash, digest, digest_len)) != HAL_OK)
return err;
- return sign(session, pkey, hal_hash_handle_none, digest, digest_len, signature, signature_len, signature_max);
+ return mixed_handle_dispatch(pkey)->sign(session, pkey, hal_hash_handle_none, digest, digest_len,
+ signature, signature_len, signature_max);
}
static hal_error_t pkey_mixed_verify(const hal_session_handle_t session,
@@ -760,17 +773,9 @@ static hal_error_t pkey_mixed_verify(const hal_session_handle_t session,
const uint8_t * const input, const size_t input_len,
const uint8_t * const signature, const size_t signature_len)
{
- hal_error_t (* const verify)(const hal_session_handle_t session,
- const hal_pkey_handle_t pkey,
- const hal_hash_handle_t hash,
- const uint8_t * const input, const size_t input_len,
- const uint8_t * const signature, const size_t signature_len)
- = ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
- ? hal_rpc_remote_pkey_dispatch.verify
- : hal_rpc_local_pkey_dispatch.verify);
-
if (input != NULL)
- return verify(session, pkey, hash, input, input_len, signature, signature_len);
+ return mixed_handle_dispatch(pkey)->verify(session, pkey, hash, input, input_len,
+ signature, signature_len);
hal_digest_algorithm_t alg;
size_t digest_len;
@@ -785,7 +790,8 @@ static hal_error_t pkey_mixed_verify(const hal_session_handle_t session,
if ((err = hal_rpc_hash_finalize(hash, digest, digest_len)) != HAL_OK)
return err;
- return verify(session, pkey, hal_hash_handle_none, digest, digest_len, signature, signature_len);
+ return mixed_handle_dispatch(pkey)->verify(session, pkey, hal_hash_handle_none,
+ digest, digest_len, signature, signature_len);
}
static hal_error_t pkey_mixed_load(const hal_client_handle_t client,
@@ -797,10 +803,8 @@ static hal_error_t pkey_mixed_load(const hal_client_handle_t client,
const uint8_t * const der, const size_t der_len,
const hal_key_flags_t flags)
{
- return ((flags & HAL_KEY_FLAG_PROXIMATE) == 0
- ? hal_rpc_remote_pkey_dispatch.load
- : hal_rpc_local_pkey_dispatch.load
- )(client, session, pkey, type, curve, name, name_len, der, der_len, flags);
+ return mixed_flags_dispatch(flags)->load(client, session, pkey, type, curve,
+ name, name_len, der, der_len, flags);
}
static hal_error_t pkey_mixed_find(const hal_client_handle_t client,
@@ -810,10 +814,8 @@ static hal_error_t pkey_mixed_find(const hal_client_handle_t client,
const uint8_t * const name, const size_t name_len,
const hal_key_flags_t flags)
{
- return ((flags & HAL_KEY_FLAG_PROXIMATE) == 0
- ? hal_rpc_remote_pkey_dispatch.find
- : hal_rpc_local_pkey_dispatch.find
- )(client, session, pkey, type, name, name_len, flags);
+ return mixed_flags_dispatch(flags)->find(client, session, pkey, type,
+ name, name_len, flags);
}
static hal_error_t pkey_mixed_generate_rsa(const hal_client_handle_t client,
@@ -824,10 +826,9 @@ static hal_error_t pkey_mixed_generate_rsa(const hal_client_handle_t client,
const uint8_t * const public_exponent, const size_t public_exponent_len,
const hal_key_flags_t flags)
{
- return ((flags & HAL_KEY_FLAG_PROXIMATE) == 0
- ? hal_rpc_remote_pkey_dispatch.generate_rsa
- : hal_rpc_local_pkey_dispatch.generate_rsa
- )(client, session, pkey, name, name_len, key_length, public_exponent, public_exponent_len, flags);
+ return mixed_flags_dispatch(flags)->generate_rsa(client, session, pkey,
+ name, name_len, key_length,
+ public_exponent, public_exponent_len, flags);
}
static hal_error_t pkey_mixed_generate_ec(const hal_client_handle_t client,
@@ -837,61 +838,40 @@ static hal_error_t pkey_mixed_generate_ec(const hal_client_handle_t client,
const hal_curve_name_t curve,
const hal_key_flags_t flags)
{
- return ((flags & HAL_KEY_FLAG_PROXIMATE) == 0
- ? hal_rpc_remote_pkey_dispatch.generate_ec
- : hal_rpc_local_pkey_dispatch.generate_ec
- )(client, session, pkey, name, name_len, curve, flags);
+ return mixed_flags_dispatch(flags)->generate_ec(client, session, pkey, name, name_len, curve, flags);
}
static hal_error_t pkey_mixed_close(const hal_pkey_handle_t pkey)
{
- return ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
- ? hal_rpc_remote_pkey_dispatch.close
- : hal_rpc_local_pkey_dispatch.close
- )(pkey);
+ return mixed_handle_dispatch(pkey)->close(pkey);
}
static hal_error_t pkey_mixed_delete(const hal_pkey_handle_t pkey)
{
- return ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
- ? hal_rpc_remote_pkey_dispatch.delete
- : hal_rpc_local_pkey_dispatch.delete
- )(pkey);
+ return mixed_handle_dispatch(pkey)->delete(pkey);
}
static hal_error_t pkey_mixed_get_key_type(const hal_pkey_handle_t pkey,
hal_key_type_t *key_type)
{
- return ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
- ? hal_rpc_remote_pkey_dispatch.get_key_type
- : hal_rpc_local_pkey_dispatch.get_key_type
- )(pkey, key_type);
+ return mixed_handle_dispatch(pkey)->get_key_type(pkey, key_type);
}
static hal_error_t pkey_mixed_get_key_flags(const hal_pkey_handle_t pkey,
hal_key_flags_t *flags)
{
- return ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
- ? hal_rpc_remote_pkey_dispatch.get_key_flags
- : hal_rpc_local_pkey_dispatch.get_key_flags
- )(pkey, flags);
+ return mixed_handle_dispatch(pkey)->get_key_flags(pkey, flags);
}
static size_t pkey_mixed_get_public_key_len(const hal_pkey_handle_t pkey)
{
- return ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
- ? hal_rpc_remote_pkey_dispatch.get_public_key_len
- : hal_rpc_local_pkey_dispatch.get_public_key_len
- )(pkey);
+ return mixed_handle_dispatch(pkey)->get_public_key_len(pkey);
}
static hal_error_t pkey_mixed_get_public_key(const hal_pkey_handle_t pkey,
uint8_t *der, size_t *der_len, const size_t der_max)
{
- return ((pkey.handle & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0
- ? hal_rpc_remote_pkey_dispatch.get_public_key
- : hal_rpc_local_pkey_dispatch.get_public_key
- )(pkey, der, der_len, der_max);
+ return mixed_handle_dispatch(pkey)->get_public_key(pkey, der, der_len, der_max);
}
static hal_error_t pkey_mixed_list(hal_pkey_info_t *result,
@@ -899,10 +879,7 @@ static hal_error_t pkey_mixed_list(hal_pkey_info_t *result,
const unsigned result_max,
hal_key_flags_t flags)
{
- return ((flags & HAL_KEY_FLAG_PROXIMATE) == 0
- ? hal_rpc_remote_pkey_dispatch.list
- : hal_rpc_local_pkey_dispatch.list
- )(result, result_len, result_max, flags);
+ return mixed_flags_dispatch(flags)->list(result, result_len, result_max, flags);
}
/*
diff --git a/rpc_pkey.c b/rpc_pkey.c
index bcf4905..0838694 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -82,7 +82,7 @@ static pkey_slot_t pkey_handle[HAL_STATIC_PKEY_STATE_BLOCKS];
* handlers to route calls to the appropriate destination.
*/
-static inline pkey_slot_t *alloc_slot(void)
+static inline pkey_slot_t *alloc_slot(const hal_key_flags_t flags)
{
#if HAL_STATIC_PKEY_STATE_BLOCKS > 0
static uint16_t next_glop = 0;
@@ -91,6 +91,9 @@ static inline pkey_slot_t *alloc_slot(void)
assert((glop & HAL_PKEY_HANDLE_PROXIMATE_FLAG) == 0);
+ if ((flags & HAL_KEY_FLAG_PROXIMATE) != 0)
+ glop |= HAL_PKEY_HANDLE_PROXIMATE_FLAG;
+
for (int i = 0; i < sizeof(pkey_handle)/sizeof(*pkey_handle); i++) {
if (pkey_handle[i].name_len > 0)
continue;
@@ -223,7 +226,7 @@ static hal_error_t load(const hal_client_handle_t client,
assert(sizeof(slot->name) >= name_len && pkey != NULL);
- if ((slot = alloc_slot()) == NULL)
+ if ((slot = alloc_slot(flags)) == NULL)
return HAL_ERROR_NO_KEY_SLOTS_AVAILABLE;
if ((err = hal_ks_store(type, curve, flags, name, name_len, der, der_len, &slot->ks_hint)) != HAL_OK)
@@ -257,7 +260,7 @@ static hal_error_t find(const hal_client_handle_t client,
assert(sizeof(slot->name) >= name_len && pkey != NULL);
- if ((slot = alloc_slot()) == NULL)
+ if ((slot = alloc_slot(flags)) == NULL)
return HAL_ERROR_NO_KEY_SLOTS_AVAILABLE;
if ((err = hal_ks_fetch(type, name, name_len, &slot->curve, &slot->flags, NULL, NULL, 0, &slot->ks_hint)) != HAL_OK)
@@ -290,7 +293,7 @@ static hal_error_t generate_rsa(const hal_client_handle_t client,
assert(sizeof(slot->name) >= name_len && pkey != NULL && (key_length & 7) == 0);
- if ((slot = alloc_slot()) == NULL)
+ if ((slot = alloc_slot(flags)) == NULL)
return HAL_ERROR_NO_KEY_SLOTS_AVAILABLE;
uint8_t keybuf[hal_rsa_key_t_size];
@@ -342,7 +345,7 @@ static hal_error_t generate_ec(const hal_client_handle_t client,
assert(sizeof(slot->name) >= name_len && pkey != NULL);
- if ((slot = alloc_slot()) == NULL)
+ if ((slot = alloc_slot(flags)) == NULL)
return HAL_ERROR_NO_KEY_SLOTS_AVAILABLE;
uint8_t keybuf[hal_ecdsa_key_t_size];
More information about the Commits
mailing list