[Cryptech-Commits] [sw/libhal] 01/02: Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.

git at cryptech.is git at cryptech.is
Mon May 16 04:12:09 UTC 2016


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch rpc
in repository sw/libhal.

commit 0690aa3d48966a4b151a468fd3a0a65bb99de439
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sun May 15 20:49:18 2016 -0400

    Add hal_rpc_pkey_rename(); allow null string as (temporary) key name.
    
    Temporary nature of null string as key name is not enforced by the
    keystore code, it's just a convention to allow callers to generate a
    keypair, obtain the public key, hash that to a Subject Key Identifier
    (SKI), and rename the key using the SKI as the new name.
    
    This is a compromise to let us use SKI-based key names in PKCS #11
    while keeping the keystore code simple.
---
 hal.h          |   6 +-
 hal_internal.h |   9 +++
 ks.c           |  47 +++++++++++--
 rpc_api.c      |  28 ++++++--
 rpc_client.c   |  29 +++++++++
 rpc_pkey.c     | 203 ++++++++++++++++++++++++++++++++-------------------------
 rpc_server.c   |  19 ++++++
 7 files changed, 239 insertions(+), 102 deletions(-)

diff --git a/hal.h b/hal.h
index 6fbfb9f..ee97e8a 100644
--- a/hal.h
+++ b/hal.h
@@ -129,6 +129,7 @@
   DEFINE_HAL_ERROR(HAL_ERROR_RPC_TRANSPORT,             "RPC transport error")                          \
   DEFINE_HAL_ERROR(HAL_ERROR_RPC_PACKET_OVERFLOW,       "RPC packet overflow")                          \
   DEFINE_HAL_ERROR(HAL_ERROR_RPC_BAD_FUNCTION,          "Bad RPC function number")                      \
+  DEFINE_HAL_ERROR(HAL_ERROR_KEY_NAME_TOO_LONG,         "Key name too long")                            \
   END_OF_HAL_ERROR_LIST
 
 /* Marker to forestall silly line continuation errors */
@@ -350,7 +351,7 @@ extern hal_error_t hal_modexp(const hal_core_t *core,
  */
 
 typedef enum {
-  HAL_KEY_TYPE_NONE,
+  HAL_KEY_TYPE_NONE = 0,
   HAL_KEY_TYPE_RSA_PRIVATE,
   HAL_KEY_TYPE_RSA_PUBLIC,
   HAL_KEY_TYPE_EC_PRIVATE,
@@ -685,6 +686,9 @@ extern hal_error_t hal_rpc_pkey_close(const hal_pkey_handle_t pkey);
 
 extern hal_error_t hal_rpc_pkey_delete(const hal_pkey_handle_t pkey);
 
+extern hal_error_t hal_rpc_pkey_rename(const hal_pkey_handle_t pkey,
+                                       const uint8_t * const name, const size_t name_len);
+
 extern hal_error_t hal_rpc_pkey_get_key_type(const hal_pkey_handle_t pkey,
                                              hal_key_type_t *type);
 
diff --git a/hal_internal.h b/hal_internal.h
index c460ed8..4b572eb 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -178,6 +178,9 @@ typedef struct {
 
   hal_error_t  (*delete)(const hal_pkey_handle_t pkey);
 
+  hal_error_t  (*rename)(const hal_pkey_handle_t pkey,
+                         const uint8_t * const name, const size_t name_len);
+
   hal_error_t  (*get_key_type)(const hal_pkey_handle_t pkey,
                                hal_key_type_t *key_type);
 
@@ -337,6 +340,11 @@ extern hal_error_t hal_ks_delete(const hal_key_type_t type,
                                  const uint8_t * const name, const size_t name_len,
                                  int *hint);
 
+extern hal_error_t hal_ks_rename(const hal_key_type_t type,
+                                 const uint8_t * const old_name, const size_t old_name_len,
+                                 const uint8_t * const new_name, const size_t new_name_len,
+                                 int *hint);
+
 extern hal_error_t hal_ks_list(hal_pkey_info_t *result,
                                unsigned *result_len,
                                const unsigned result_max);
@@ -396,6 +404,7 @@ typedef enum {
     RPC_FUNC_PKEY_REMOTE_SIGN,
     RPC_FUNC_PKEY_REMOTE_VERIFY,
     RPC_FUNC_PKEY_LIST,
+    RPC_FUNC_PKEY_RENAME,
 } rpc_func_num_t;
 
 #define RPC_VERSION 0x00010000		/* 0.1.0.0 */
diff --git a/ks.c b/ks.c
index 33d3e47..758162b 100644
--- a/ks.c
+++ b/ks.c
@@ -61,11 +61,11 @@ hal_error_t hal_ks_store(const hal_key_type_t type,
                          const uint8_t * const der,  const size_t der_len,
                          int *hint)
 {
-  if (name == NULL || name_len == 0 || der == NULL || der_len == 0 || !acceptable_key_type(type))
+  if (name == NULL || der == NULL || der_len == 0 || !acceptable_key_type(type))
     return HAL_ERROR_BAD_ARGUMENTS;
 
   if (name_len > HAL_RPC_PKEY_NAME_MAX)
-    return HAL_ERROR_RESULT_TOO_LONG;
+    return HAL_ERROR_KEY_NAME_TOO_LONG;
 
   const hal_ks_keydb_t * const db = hal_ks_get_keydb();
   hal_error_t err;
@@ -124,7 +124,7 @@ static int find(const hal_ks_keydb_t * const db,
                 const uint8_t * const name, const size_t name_len,
                 int *hint)
 {
-  assert(db != NULL && name != NULL && name_len > 0 && acceptable_key_type(type));
+  assert(db != NULL && name != NULL && acceptable_key_type(type));
 
   if (hint != NULL && *hint >= 0 && *hint < sizeof(db->keys)/sizeof(*db->keys) &&
       db->keys[*hint].in_use &&
@@ -150,7 +150,7 @@ hal_error_t hal_ks_exists(const hal_key_type_t type,
                           const uint8_t * const name, const size_t name_len,
                           int *hint)
 {
-  if (name == NULL || name_len == 0 || !acceptable_key_type(type))
+  if (name == NULL || !acceptable_key_type(type))
     return HAL_ERROR_BAD_ARGUMENTS;
 
   const hal_ks_keydb_t * const db = hal_ks_get_keydb();
@@ -171,7 +171,7 @@ hal_error_t hal_ks_fetch(const hal_key_type_t type,
                          uint8_t *der, size_t *der_len, const size_t der_max,
                          int *hint)
 {
-  if (name == NULL || name_len == 0 || !acceptable_key_type(type))
+  if (name == NULL || !acceptable_key_type(type))
     return HAL_ERROR_BAD_ARGUMENTS;
 
   const hal_ks_keydb_t * const db = hal_ks_get_keydb();
@@ -223,7 +223,7 @@ hal_error_t hal_ks_delete(const hal_key_type_t type,
                           const uint8_t * const name, const size_t name_len,
                           int *hint)
 {
-  if (name == NULL || name_len == 0 || !acceptable_key_type(type))
+  if (name == NULL || !acceptable_key_type(type))
     return HAL_ERROR_BAD_ARGUMENTS;
 
   const hal_ks_keydb_t * const db = hal_ks_get_keydb();
@@ -241,6 +241,41 @@ hal_error_t hal_ks_delete(const hal_key_type_t type,
   return hal_ks_del_keydb(*hint);
 }
 
+hal_error_t hal_ks_rename(const hal_key_type_t type,
+                          const uint8_t * const old_name, const size_t old_name_len,
+                          const uint8_t * const new_name, const size_t new_name_len,
+                          int *hint)
+{
+  if (old_name == NULL || new_name == NULL || !acceptable_key_type(type))
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  if (new_name_len > HAL_RPC_PKEY_NAME_MAX)
+    return HAL_ERROR_KEY_NAME_TOO_LONG;
+
+  const hal_ks_keydb_t * const db = hal_ks_get_keydb();
+  int hint_ = -1;
+
+  if (db == NULL)
+    return HAL_ERROR_KEYSTORE_ACCESS;
+
+  if (find(db, type, new_name, new_name_len, NULL))
+    return HAL_ERROR_KEY_NAME_IN_USE;
+
+  if (hint == NULL)
+    hint = &hint_;
+
+  if (!find(db, type, old_name, old_name_len, hint))
+    return HAL_ERROR_KEY_NOT_FOUND;
+
+  hal_ks_key_t k = db->keys[*hint];
+
+  assert(new_name_len <= sizeof(k.name));
+  memcpy(k.name, new_name, new_name_len);
+  k.name_len = new_name_len;
+
+  return hal_ks_set_keydb(&k, *hint);
+}
+
 hal_error_t hal_ks_list(hal_pkey_info_t *result,
                         unsigned *result_len,
                         const unsigned result_max)
diff --git a/rpc_api.c b/rpc_api.c
index 8010f54..5bab506 100644
--- a/rpc_api.c
+++ b/rpc_api.c
@@ -199,11 +199,11 @@ hal_error_t hal_rpc_pkey_load(const hal_client_handle_t client,
                               const uint8_t * const der, const size_t der_len,
                               const hal_key_flags_t flags)
 {
-  if (pkey == NULL ||
-      name == NULL || name_len == 0 ||
-      der == NULL || der_len == 0 ||
+  if (pkey == NULL || name == NULL || der == NULL || der_len == 0 ||
       !check_pkey_type_curve_flags(type, curve, flags))
     return HAL_ERROR_BAD_ARGUMENTS;
+  if (name_len > HAL_RPC_PKEY_NAME_MAX)
+    return HAL_ERROR_KEY_NAME_TOO_LONG;
   return hal_rpc_pkey_dispatch->load(client, session, pkey, type, curve, name, name_len, der, der_len, flags);
 }
 
@@ -214,8 +214,10 @@ hal_error_t hal_rpc_pkey_find(const hal_client_handle_t client,
                               const uint8_t * const name, const size_t name_len,
                               const hal_key_flags_t flags)
 {
-  if (pkey == NULL || name == NULL || name_len == 0 || !check_pkey_type(type))
+  if (pkey == NULL || name == NULL || !check_pkey_type(type))
     return HAL_ERROR_BAD_ARGUMENTS;
+  if (name_len > HAL_RPC_PKEY_NAME_MAX)
+    return HAL_ERROR_KEY_NAME_TOO_LONG;
   return hal_rpc_pkey_dispatch->find(client, session, pkey, type, name, name_len, flags);
 }
 
@@ -227,9 +229,11 @@ hal_error_t hal_rpc_pkey_generate_rsa(const hal_client_handle_t client,
                                       const uint8_t * const exp, const size_t exp_len,
                                       const hal_key_flags_t flags)
 {
-  if (pkey == NULL || name == NULL || name_len == 0 || key_len == 0 || (key_len & 7) != 0 ||
+  if (pkey == NULL || name == NULL || key_len == 0 || (key_len & 7) != 0 ||
       exp == NULL || exp_len == 0 || !check_pkey_flags(flags))
     return HAL_ERROR_BAD_ARGUMENTS;
+  if (name_len > HAL_RPC_PKEY_NAME_MAX)
+    return HAL_ERROR_KEY_NAME_TOO_LONG;
   return hal_rpc_pkey_dispatch->generate_rsa(client, session, pkey, name, name_len, key_len, exp, exp_len, flags);
 }
 
@@ -240,9 +244,11 @@ hal_error_t hal_rpc_pkey_generate_ec(const hal_client_handle_t client,
                                      const hal_curve_name_t curve,
                                      const hal_key_flags_t flags)
 {
-  if (pkey == NULL || name == NULL || name_len == 0 ||
+  if (pkey == NULL || name == NULL ||
       !check_pkey_type_curve_flags(HAL_KEY_TYPE_EC_PRIVATE, curve, flags))
     return HAL_ERROR_BAD_ARGUMENTS;
+  if (name_len > HAL_RPC_PKEY_NAME_MAX)
+    return HAL_ERROR_KEY_NAME_TOO_LONG;
   return hal_rpc_pkey_dispatch->generate_ec(client, session, pkey, name, name_len, curve, flags);
 }
 
@@ -256,6 +262,16 @@ hal_error_t hal_rpc_pkey_delete(const hal_pkey_handle_t pkey)
   return hal_rpc_pkey_dispatch->delete(pkey);
 }
 
+hal_error_t hal_rpc_pkey_rename(const hal_pkey_handle_t pkey,
+                                const uint8_t * const name, const size_t name_len)
+{
+  if (name == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
+  if (name_len > HAL_RPC_PKEY_NAME_MAX)
+    return HAL_ERROR_KEY_NAME_TOO_LONG;
+  return hal_rpc_pkey_dispatch->rename(pkey, name, name_len);
+}
+
 hal_error_t hal_rpc_pkey_get_key_type(const hal_pkey_handle_t pkey,
                                       hal_key_type_t *type)
 {
diff --git a/rpc_client.c b/rpc_client.c
index 71dcc7c..3a84305 100644
--- a/rpc_client.c
+++ b/rpc_client.c
@@ -513,6 +513,27 @@ static hal_error_t pkey_remote_delete(const hal_pkey_handle_t pkey)
   return rpc_ret;
 }
 
+static hal_error_t pkey_remote_rename(const hal_pkey_handle_t pkey,
+                                      const uint8_t * const name, const size_t name_len)
+{
+  uint8_t outbuf[nargs(3) + pad(name_len)], *optr = outbuf, *olimit = outbuf + sizeof(outbuf);
+  uint8_t inbuf[nargs(1)];
+  const uint8_t *iptr = inbuf, *ilimit = inbuf + sizeof(inbuf);
+  size_t ilen = sizeof(inbuf);
+  hal_error_t rpc_ret;
+
+  check(hal_xdr_encode_int(&optr, olimit, RPC_FUNC_PKEY_DELETE));
+  check(hal_xdr_encode_int(&optr, olimit, pkey.handle));
+  check(hal_xdr_encode_buffer(&optr, olimit, name, name_len));
+  check(hal_rpc_send(outbuf, optr - outbuf));
+
+  check(hal_rpc_recv(inbuf, &ilen));
+  assert(ilen <= sizeof(inbuf));
+  check(hal_xdr_decode_int(&iptr, ilimit, &rpc_ret));
+  return rpc_ret;
+}
+
+
 static hal_error_t pkey_remote_get_key_type(const hal_pkey_handle_t pkey,
                                             hal_key_type_t *type)
 {
@@ -851,6 +872,12 @@ static hal_error_t pkey_mixed_delete(const hal_pkey_handle_t pkey)
   return mixed_handle_dispatch(pkey)->delete(pkey);
 }
 
+static hal_error_t pkey_mixed_rename(const hal_pkey_handle_t pkey,
+                                     const uint8_t * const name, const size_t name_len)
+{
+  return mixed_handle_dispatch(pkey)->rename(pkey, name, name_len);
+}
+
 static hal_error_t pkey_mixed_get_key_type(const hal_pkey_handle_t pkey,
 					   hal_key_type_t *key_type)
 {
@@ -912,6 +939,7 @@ const hal_rpc_pkey_dispatch_t hal_rpc_remote_pkey_dispatch = {
   pkey_remote_generate_ec,
   pkey_remote_close,
   pkey_remote_delete,
+  pkey_remote_rename,
   pkey_remote_get_key_type,
   pkey_remote_get_key_flags,
   pkey_remote_get_public_key_len,
@@ -928,6 +956,7 @@ const hal_rpc_pkey_dispatch_t hal_rpc_mixed_pkey_dispatch = {
   pkey_mixed_generate_ec,
   pkey_mixed_close,
   pkey_mixed_delete,
+  pkey_mixed_rename,
   pkey_mixed_get_key_type,
   pkey_mixed_get_key_flags,
   pkey_mixed_get_public_key_len,
diff --git a/rpc_pkey.c b/rpc_pkey.c
index 7455bb1..da8bf58 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -71,7 +71,7 @@ static pkey_slot_t pkey_handle[HAL_STATIC_PKEY_STATE_BLOCKS];
 #endif
 
 /*
- * Handle allocation is simple: we look for an unused (name_len == 0)
+ * Handle allocation is simple: look for an unused (HAL_KEY_TYPE_NONE)
  * slot in the table, and, assuming we find one, construct a composite
  * handle consisting of the index into the table and a counter whose
  * sole purpose is to keep the same handle from reoccurring anytime
@@ -95,7 +95,7 @@ static inline pkey_slot_t *alloc_slot(const hal_key_flags_t flags)
     glop |= HAL_PKEY_HANDLE_PROXIMATE_FLAG;
 
   for (int i = 0; i < sizeof(pkey_handle)/sizeof(*pkey_handle); i++) {
-    if (pkey_handle[i].name_len > 0)
+    if (pkey_handle[i].type != HAL_KEY_TYPE_NONE)
       continue;
     pkey_handle[i].pkey_handle.handle = i | glop;
     pkey_handle[i].ks_hint = -1;
@@ -212,14 +212,14 @@ static hal_error_t pkcs1_5_pad(const uint8_t * const data, const size_t data_len
  * Receive key from application, store it with supplied name, return a key handle.
  */
 
-static hal_error_t load(const hal_client_handle_t client,
-                        const hal_session_handle_t session,
-                        hal_pkey_handle_t *pkey,
-                        const hal_key_type_t type,
-                        const hal_curve_name_t curve,
-                        const uint8_t * const name, const size_t name_len,
-                        const uint8_t * const der, const size_t der_len,
-                        const hal_key_flags_t flags)
+static hal_error_t pkey_local_load(const hal_client_handle_t client,
+                                   const hal_session_handle_t session,
+                                   hal_pkey_handle_t *pkey,
+                                   const hal_key_type_t type,
+                                   const hal_curve_name_t curve,
+                                   const uint8_t * const name, const size_t name_len,
+                                   const uint8_t * const der, const size_t der_len,
+                                   const hal_key_flags_t flags)
 {
   pkey_slot_t *slot;
   hal_error_t err;
@@ -248,12 +248,12 @@ static hal_error_t load(const hal_client_handle_t client,
  * Look up a key given its name, return a key handle.
  */
 
-static hal_error_t find(const hal_client_handle_t client,
-                        const hal_session_handle_t session,
-                        hal_pkey_handle_t *pkey,
-                        const hal_key_type_t type,
-                        const uint8_t * const name, const size_t name_len,
-                        const hal_key_flags_t flags)
+static hal_error_t pkey_local_find(const hal_client_handle_t client,
+                                   const hal_session_handle_t session,
+                                   hal_pkey_handle_t *pkey,
+                                   const hal_key_type_t type,
+                                   const uint8_t * const name, const size_t name_len,
+                                   const hal_key_flags_t flags)
 {
   pkey_slot_t *slot;
   hal_error_t err;
@@ -280,13 +280,13 @@ static hal_error_t find(const hal_client_handle_t client,
  * Generate a new RSA key with supplied name, return a key handle.
  */
 
-static hal_error_t generate_rsa(const hal_client_handle_t client,
-                                const hal_session_handle_t session,
-                                hal_pkey_handle_t *pkey,
-                                const uint8_t * const name, const size_t name_len,
-                                const unsigned key_length,
-                                const uint8_t * const public_exponent, const size_t public_exponent_len,
-                                const hal_key_flags_t flags)
+static hal_error_t pkey_local_generate_rsa(const hal_client_handle_t client,
+                                           const hal_session_handle_t session,
+                                           hal_pkey_handle_t *pkey,
+                                           const uint8_t * const name, const size_t name_len,
+                                           const unsigned key_length,
+                                           const uint8_t * const public_exponent, const size_t public_exponent_len,
+                                           const hal_key_flags_t flags)
 {
   pkey_slot_t *slot;
   hal_error_t err;
@@ -333,12 +333,12 @@ static hal_error_t generate_rsa(const hal_client_handle_t client,
  * At the moment, EC key == ECDSA key, but this is subject to change.
  */
 
-static hal_error_t generate_ec(const hal_client_handle_t client,
-                               const hal_session_handle_t session,
-                               hal_pkey_handle_t *pkey,
-                               const uint8_t * const name, const size_t name_len,
-                               const hal_curve_name_t curve,
-                               const hal_key_flags_t flags)
+static hal_error_t pkey_local_generate_ec(const hal_client_handle_t client,
+                                          const hal_session_handle_t session,
+                                          hal_pkey_handle_t *pkey,
+                                          const uint8_t * const name, const size_t name_len,
+                                          const hal_curve_name_t curve,
+                                          const hal_key_flags_t flags)
 {
   pkey_slot_t *slot;
   hal_error_t err;
@@ -383,7 +383,7 @@ static hal_error_t generate_ec(const hal_client_handle_t client,
  * Discard key handle, leaving key intact.
  */
 
-static hal_error_t close(const hal_pkey_handle_t pkey)
+static hal_error_t pkey_local_close(const hal_pkey_handle_t pkey)
 {
   pkey_slot_t *slot;
 
@@ -399,7 +399,7 @@ static hal_error_t close(const hal_pkey_handle_t pkey)
  * Delete a key from the store, given its key handle.
  */
 
-static hal_error_t delete(const hal_pkey_handle_t pkey)
+static hal_error_t pkey_local_delete(const hal_pkey_handle_t pkey)
 {
   pkey_slot_t *slot = find_handle(pkey);
 
@@ -415,11 +415,35 @@ static hal_error_t delete(const hal_pkey_handle_t pkey)
 }
 
 /*
+ * Rename a key in the key store, given its key handle and a new name.
+ */
+
+static hal_error_t pkey_local_rename(const hal_pkey_handle_t pkey,
+                                     const uint8_t * const name, const size_t name_len)
+{
+  pkey_slot_t *slot = find_handle(pkey);
+
+  if (slot == NULL)
+    return HAL_ERROR_KEY_NOT_FOUND;
+
+  hal_error_t err = hal_ks_rename(slot->type, slot->name, slot->name_len, name, name_len, &slot->ks_hint);
+
+  if (err == HAL_OK) {
+    assert(name_len <= sizeof(slot->name));
+    memcpy(slot->name, name, name_len);
+    memset(slot->name + name_len, 0, sizeof(slot->name) - name_len);
+    slot->name_len = name_len;
+  }
+
+  return err;
+}
+
+/*
  * Get type of key associated with handle.
  */
 
-static hal_error_t get_key_type(const hal_pkey_handle_t pkey,
-                                hal_key_type_t *type)
+static hal_error_t pkey_local_get_key_type(const hal_pkey_handle_t pkey,
+                                           hal_key_type_t *type)
 {
   if (type == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
@@ -438,8 +462,8 @@ static hal_error_t get_key_type(const hal_pkey_handle_t pkey,
  * Get flags of key associated with handle.
  */
 
-static hal_error_t get_key_flags(const hal_pkey_handle_t pkey,
-                                 hal_key_flags_t *flags)
+static hal_error_t pkey_local_get_key_flags(const hal_pkey_handle_t pkey,
+                                            hal_key_flags_t *flags)
 {
   if (flags == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
@@ -458,7 +482,7 @@ static hal_error_t get_key_flags(const hal_pkey_handle_t pkey,
  * Get length of public key associated with handle.
  */
 
-static size_t get_public_key_len(const hal_pkey_handle_t pkey)
+static size_t pkey_local_get_public_key_len(const hal_pkey_handle_t pkey)
 {
   pkey_slot_t *slot = find_handle(pkey);
 
@@ -507,8 +531,8 @@ static size_t get_public_key_len(const hal_pkey_handle_t pkey)
  * Get public key associated with handle.
  */
 
-static hal_error_t get_public_key(const hal_pkey_handle_t pkey,
-                                  uint8_t *der, size_t *der_len, const size_t der_max)
+static hal_error_t pkey_local_get_public_key(const hal_pkey_handle_t pkey,
+                                             uint8_t *der, size_t *der_len, const size_t der_max)
 {
   pkey_slot_t *slot = find_handle(pkey);
 
@@ -565,11 +589,11 @@ static hal_error_t get_public_key(const hal_pkey_handle_t pkey,
  * algorithm-specific functions.
  */
 
-static hal_error_t sign_rsa(uint8_t *keybuf, const size_t keybuf_len,
-                            const uint8_t * const der, const size_t der_len,
-                            const hal_hash_handle_t hash,
-                            const uint8_t * input, size_t input_len,
-                            uint8_t * signature, size_t *signature_len, const size_t signature_max)
+static hal_error_t pkey_local_sign_rsa(uint8_t *keybuf, const size_t keybuf_len,
+                                       const uint8_t * const der, const size_t der_len,
+                                       const hal_hash_handle_t hash,
+                                       const uint8_t * input, size_t input_len,
+                                       uint8_t * signature, size_t *signature_len, const size_t signature_max)
 {
   hal_rsa_key_t *key = NULL;
   hal_error_t err;
@@ -597,11 +621,11 @@ static hal_error_t sign_rsa(uint8_t *keybuf, const size_t keybuf_len,
   return HAL_OK;
 }
 
-static hal_error_t sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len,
-                              const uint8_t * const der, const size_t der_len,
-                              const hal_hash_handle_t hash,
-                              const uint8_t * input, size_t input_len,
-                              uint8_t * signature, size_t *signature_len, const size_t signature_max)
+static hal_error_t pkey_local_sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len,
+                                         const uint8_t * const der, const size_t der_len,
+                                         const hal_hash_handle_t hash,
+                                         const uint8_t * input, size_t input_len,
+                                         uint8_t * signature, size_t *signature_len, const size_t signature_max)
 {
   hal_ecdsa_key_t *key = NULL;
   hal_error_t err;
@@ -634,11 +658,11 @@ static hal_error_t sign_ecdsa(uint8_t *keybuf, const size_t keybuf_len,
   return HAL_OK;
 }
 
-static hal_error_t sign(const hal_session_handle_t session,
-                        const hal_pkey_handle_t pkey,
-                        const hal_hash_handle_t hash,
-                        const uint8_t * const input,  const size_t input_len,
-                        uint8_t * signature, size_t *signature_len, const size_t signature_max)
+static hal_error_t pkey_local_sign(const hal_session_handle_t session,
+                                   const hal_pkey_handle_t pkey,
+                                   const hal_hash_handle_t hash,
+                                   const uint8_t * const input,  const size_t input_len,
+                                   uint8_t * signature, size_t *signature_len, const size_t signature_max)
 {
   pkey_slot_t *slot = find_handle(pkey);
 
@@ -653,10 +677,10 @@ static hal_error_t sign(const hal_session_handle_t session,
 
   switch (slot->type) {
   case HAL_KEY_TYPE_RSA_PRIVATE:
-    signer = sign_rsa;
+    signer = pkey_local_sign_rsa;
     break;
   case HAL_KEY_TYPE_EC_PRIVATE:
-    signer = sign_ecdsa;
+    signer = pkey_local_sign_ecdsa;
     break;
   default:
     return HAL_ERROR_UNSUPPORTED_KEY;
@@ -685,11 +709,11 @@ static hal_error_t sign(const hal_session_handle_t session,
  * algorithm-specific functions.
  */
 
-static hal_error_t verify_rsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type,
-                              const uint8_t * const der, const size_t der_len,
-                              const hal_hash_handle_t hash,
-                              const uint8_t * input, size_t input_len,
-                              const uint8_t * const signature, const size_t signature_len)
+static hal_error_t pkey_local_verify_rsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type,
+                                         const uint8_t * const der, const size_t der_len,
+                                         const hal_hash_handle_t hash,
+                                         const uint8_t * input, size_t input_len,
+                                         const uint8_t * const signature, const size_t signature_len)
 {
   uint8_t expected[signature_len], received[signature_len];
   hal_rsa_key_t *key = NULL;
@@ -732,11 +756,11 @@ static hal_error_t verify_rsa(uint8_t *keybuf, const size_t keybuf_len, const ha
   return HAL_OK;
 }
 
-static hal_error_t verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type,
-                                const uint8_t * const der, const size_t der_len,
-                                const hal_hash_handle_t hash,
-                                const uint8_t * input, size_t input_len,
-                                const uint8_t * const signature, const size_t signature_len)
+static hal_error_t pkey_local_verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const hal_key_type_t type,
+                                           const uint8_t * const der, const size_t der_len,
+                                           const hal_hash_handle_t hash,
+                                           const uint8_t * input, size_t input_len,
+                                           const uint8_t * const signature, const size_t signature_len)
 {
   uint8_t digest[signature_len];
   hal_ecdsa_key_t *key = NULL;
@@ -776,11 +800,11 @@ static hal_error_t verify_ecdsa(uint8_t *keybuf, const size_t keybuf_len, const
   return HAL_OK;
 }
 
-static hal_error_t verify(const hal_session_handle_t session,
-                          const hal_pkey_handle_t pkey,
-                          const hal_hash_handle_t hash,
-                          const uint8_t * const input, const size_t input_len,
-                          const uint8_t * const signature, const size_t signature_len)
+static hal_error_t pkey_local_verify(const hal_session_handle_t session,
+                                     const hal_pkey_handle_t pkey,
+                                     const hal_hash_handle_t hash,
+                                     const uint8_t * const input, const size_t input_len,
+                                     const uint8_t * const signature, const size_t signature_len)
 {
   pkey_slot_t *slot = find_handle(pkey);
 
@@ -796,11 +820,11 @@ static hal_error_t verify(const hal_session_handle_t session,
   switch (slot->type) {
   case HAL_KEY_TYPE_RSA_PRIVATE:
   case HAL_KEY_TYPE_RSA_PUBLIC:
-    verifier = verify_rsa;
+    verifier = pkey_local_verify_rsa;
     break;
   case HAL_KEY_TYPE_EC_PRIVATE:
   case HAL_KEY_TYPE_EC_PUBLIC:
-    verifier = verify_ecdsa;
+    verifier = pkey_local_verify_ecdsa;
     break;
   default:
     return HAL_ERROR_UNSUPPORTED_KEY;
@@ -827,28 +851,29 @@ static hal_error_t verify(const hal_session_handle_t session,
  * List keys in the key store.
  */
 
-static hal_error_t list(hal_pkey_info_t *result,
-                        unsigned *result_len,
-                        const unsigned result_max,
-                        hal_key_flags_t flags)
+static hal_error_t pkey_local_list(hal_pkey_info_t *result,
+                                   unsigned *result_len,
+                                   const unsigned result_max,
+                                   hal_key_flags_t flags)
 {
   return hal_ks_list(result, result_len, result_max);
 }
 
 const hal_rpc_pkey_dispatch_t hal_rpc_local_pkey_dispatch = {
-  load,
-  find,
-  generate_rsa,
-  generate_ec,
-  close,
-  delete,
-  get_key_type,
-  get_key_flags,
-  get_public_key_len,
-  get_public_key,
-  sign,
-  verify,
-  list
+  pkey_local_load,
+  pkey_local_find,
+  pkey_local_generate_rsa,
+  pkey_local_generate_ec,
+  pkey_local_close,
+  pkey_local_delete,
+  pkey_local_rename,
+  pkey_local_get_key_type,
+  pkey_local_get_key_flags,
+  pkey_local_get_public_key_len,
+  pkey_local_get_public_key,
+  pkey_local_sign,
+  pkey_local_verify,
+  pkey_local_list
 };
 
 /*
diff --git a/rpc_server.c b/rpc_server.c
index 7e8e036..a1bca26 100644
--- a/rpc_server.c
+++ b/rpc_server.c
@@ -415,6 +415,22 @@ static hal_error_t pkey_delete(const uint8_t **iptr, const uint8_t * const ilimi
     return ret;
 }
 
+static hal_error_t pkey_rename(const uint8_t **iptr, const uint8_t * const ilimit,
+                               uint8_t **optr, const uint8_t * const olimit)
+{
+    hal_pkey_handle_t pkey;
+    const uint8_t *name;
+    uint32_t name_len;
+    hal_error_t ret;
+
+    check(hal_xdr_decode_int(iptr, ilimit, &pkey.handle));
+    check(hal_xdr_decode_buffer_in_place(iptr, ilimit, &name, &name_len));
+
+    /* call the local function */
+    ret = hal_rpc_local_pkey_dispatch.rename(pkey, name, name_len);
+    return ret;
+}
+
 static hal_error_t pkey_get_key_type(const uint8_t **iptr, const uint8_t * const ilimit,
                                      uint8_t **optr, const uint8_t * const olimit)
 {
@@ -683,6 +699,9 @@ void hal_rpc_server_dispatch(const uint8_t * const ibuf, const size_t ilen,
     case RPC_FUNC_PKEY_LIST:
         ret = pkey_list(&iptr, ilimit, &optr, olimit);
         break;
+    case RPC_FUNC_PKEY_RENAME:
+        ret = pkey_rename(&iptr, ilimit, &optr, olimit);
+        break;
     default:
         ret = HAL_ERROR_RPC_BAD_FUNCTION;
         break;



More information about the Commits mailing list