OpenDNSSEC-libhsm
2.1.4
|
#include <stdint.h>
#include <ldns/rbtree.h>
#include <pthread.h>
Go to the source code of this file.
Data Structures | |
struct | hsm_config_t |
struct | hsm_module_t |
struct | hsm_session_t |
struct | libhsm_key_t |
struct | libhsm_key_info_t |
struct | hsm_repository_struct |
struct | hsm_ctx_t |
Macros | |
#define | HSM_MAX_SESSIONS 100 |
#define | HSM_MAX_SESSIONS 100 |
#define | HSM_MAX_ALGONAME 16 |
#define | HSM_ERROR_MSGSIZE 512 |
#define | HSM_MAX_SIGNATURE_LENGTH 512 |
#define | HSM_MAX_PIN_LENGTH 255 |
#define | HSM_OK 0 |
#define | HSM_ERROR 0x10000001 |
#define | HSM_PIN_INCORRECT 0x10000002 |
#define | HSM_CONFIG_FILE_ERROR 0x10000003 |
#define | HSM_REPOSITORY_NOT_FOUND 0x10000004 |
#define | HSM_NO_REPOSITORIES 0x10000005 |
#define | HSM_MODULE_NOT_FOUND 0x10000006 |
#define | HSM_PIN_FIRST 0 /* Used when getting the PIN for the first time. */ |
#define | HSM_PIN_RETRY 1 /* Used when we failed to login the first time. */ |
#define | HSM_PIN_SAVE |
Typedefs | |
typedef struct hsm_repository_struct | hsm_repository_t |
Functions | |
void | hsm_ctx_set_error (hsm_ctx_t *ctx, int error, const char *action, const char *message,...) |
int | hsm_open2 (hsm_repository_t *rlist, char *(pin_callback)(unsigned int, const char *, unsigned int)) |
hsm_repository_t * | hsm_repository_new (char *name, char *module, char *tokenlabel, char *pin, uint8_t use_pubkey, uint8_t allowextract, uint8_t require_backup) |
void | hsm_repository_free (hsm_repository_t *r) |
char * | hsm_prompt_pin (unsigned int id, const char *repository, unsigned int mode) |
char * | hsm_check_pin (unsigned int id, const char *repository, unsigned int mode) |
int | hsm_logout_pin (void) |
void | hsm_close (void) |
hsm_ctx_t * | hsm_create_context (void) |
int | hsm_check_context () |
void | hsm_destroy_context (hsm_ctx_t *context) |
void | libhsm_key_free (libhsm_key_t *key) |
libhsm_key_t ** | hsm_list_keys (hsm_ctx_t *context, size_t *count) |
libhsm_key_t ** | hsm_list_keys_repository (hsm_ctx_t *context, size_t *count, const char *repository) |
libhsm_key_t * | hsm_find_key_by_id (hsm_ctx_t *context, const char *id) |
libhsm_key_t * | hsm_generate_rsa_key (hsm_ctx_t *context, const char *repository, unsigned long keysize) |
libhsm_key_t * | hsm_generate_dsa_key (hsm_ctx_t *context, const char *repository, unsigned long keysize) |
libhsm_key_t * | hsm_generate_gost_key (hsm_ctx_t *context, const char *repository) |
libhsm_key_t * | hsm_generate_ecdsa_key (hsm_ctx_t *context, const char *repository, const char *curve) |
int | hsm_remove_key (hsm_ctx_t *context, libhsm_key_t *key) |
void | libhsm_key_list_free (libhsm_key_t **key_list, size_t count) |
char * | hsm_get_key_id (hsm_ctx_t *context, const libhsm_key_t *key) |
libhsm_key_info_t * | hsm_get_key_info (hsm_ctx_t *context, const libhsm_key_t *key) |
void | libhsm_key_info_free (libhsm_key_info_t *key_info) |
int | hsm_random_buffer (hsm_ctx_t *ctx, unsigned char *buffer, unsigned long length) |
uint32_t | hsm_random32 (hsm_ctx_t *ctx) |
uint64_t | hsm_random64 (hsm_ctx_t *ctx) |
int | hsm_attach (const char *repository, const char *token_name, const char *path, const char *pin, const hsm_config_t *config) |
int | hsm_token_attached (hsm_ctx_t *ctx, const char *repository) |
char * | hsm_get_error (hsm_ctx_t *gctx) |
void | hsm_print_session (hsm_session_t *session) |
void | hsm_print_ctx (hsm_ctx_t *ctx) |
void | hsm_print_key (hsm_ctx_t *ctx, libhsm_key_t *key) |
void | hsm_print_error (hsm_ctx_t *ctx) |
void | hsm_print_tokeninfo (hsm_ctx_t *ctx) |
void | keycache_create (hsm_ctx_t *ctx) |
void | keycache_destroy (hsm_ctx_t *ctx) |
const libhsm_key_t * | keycache_lookup (hsm_ctx_t *ctx, const char *locator) |
#define HSM_ERROR 0x10000001 |
Definition at line 66 of file libhsm.h.
Referenced by hsm_logout_pin().
#define HSM_ERROR_MSGSIZE 512 |
Definition at line 49 of file libhsm.h.
Referenced by hsm_get_error().
#define HSM_MAX_PIN_LENGTH 255 |
Definition at line 59 of file libhsm.h.
Referenced by hsm_check_pin(), and hsm_prompt_pin().
#define HSM_MAX_SESSIONS 100 |
Definition at line 45 of file libhsm.h.
Referenced by hsm_check_pin(), and hsm_prompt_pin().
#define HSM_OK 0 |
Return codes for some of the functions
These should be different than the list of CKR_ values defined by pkcs11 (for easier debugging purposes of calling applications)
Definition at line 65 of file libhsm.h.
Referenced by hsm_logout_pin(), and hsm_open2().
#define HSM_PIN_FIRST 0 /* Used when getting the PIN for the first time. */ |
The mode for the PIN callback functions
Definition at line 74 of file libhsm.h.
Referenced by hsm_check_pin(), and hsm_prompt_pin().
#define HSM_PIN_RETRY 1 /* Used when we failed to login the first time. */ |
Definition at line 75 of file libhsm.h.
Referenced by hsm_check_pin(), and hsm_prompt_pin().
#define HSM_PIN_SAVE |
Definition at line 76 of file libhsm.h.
Referenced by hsm_check_pin(), and hsm_prompt_pin().
#define HSM_REPOSITORY_NOT_FOUND 0x10000004 |
Definition at line 69 of file libhsm.h.
Referenced by hsm_token_attached().
typedef struct hsm_repository_struct hsm_repository_t |
int hsm_attach | ( | const char * | repository, |
const char * | token_name, | ||
const char * | path, | ||
const char * | pin, | ||
const hsm_config_t * | config | ||
) |
Attached a named HSM using a PKCS#11 shared library and optional credentials (may be NULL, but then undefined) This function changes the global state, and is not threadsafe
repository | the name of the repository |
token_label | the name of the token to attach |
path | the path of the shared PKCS#11 library |
pin | the PIN to log into the token |
config | optional configuration |
int hsm_check_context | ( | ) |
Check HSM context
Check if the associated sessions are still alive. If they are not alive, then try re-open libhsm.
context | HSM context |
Definition at line 2279 of file libhsm.c.
References _hsm_ctx, _hsm_ctx_mutex, ctx, hsm_session_t::module, hsm_session_t::session, hsm_ctx_t::session, hsm_ctx_t::session_count, and hsm_module_t::sym.
char* hsm_check_pin | ( | unsigned int | id, |
const char * | repository, | ||
unsigned int | mode | ||
) |
Function that will check if there is a PIN in the shared memory and returns it.
id | Used for identifying the repository. Will have a value between zero and HSM_MAX_SESSIONS. |
repository | The repository name will be included in the prompt |
mode | The type of mode the function should run in. |
Definition at line 325 of file pin.c.
References HSM_MAX_PIN_LENGTH, HSM_MAX_SESSIONS, HSM_PIN_FIRST, HSM_PIN_RETRY, and HSM_PIN_SAVE.
void hsm_close | ( | void | ) |
Close HSM library
Log out and detach from all configured HSMs This cleans up all data for libhsm, and should be the last function called.
Definition at line 2259 of file libhsm.c.
References _hsm_ctx_mutex, and keycache_destroy().
hsm_ctx_t* hsm_create_context | ( | void | ) |
Create new HSM context
Creates a new session for each attached HSM. The returned hsm_ctx_t * can be freed with hsm_destroy_context()
Definition at line 2269 of file libhsm.c.
References _hsm_ctx_mutex.
Referenced by hsm_keytag().
void hsm_ctx_set_error | ( | hsm_ctx_t * | ctx, |
int | error, | ||
const char * | action, | ||
const char * | message, | ||
... | |||
) |
Set HSM Context Error
If the ctx is given, and it's error value is still 0, the value will be set to 'error', and the error_message and error_action will be set to the given strings.
ctx | HSM context |
error | error code |
action | action for which the error occured |
message | error message format string |
void hsm_destroy_context | ( | hsm_ctx_t * | context | ) |
Destroy HSM context
context | HSM context |
Also destroys any associated sessions.
Definition at line 2334 of file libhsm.c.
Referenced by hsm_keytag().
libhsm_key_t* hsm_find_key_by_id | ( | hsm_ctx_t * | context, |
const char * | id | ||
) |
Find a key pair by CKA_ID (as hex string)
The returned key structure can be freed with libhsm_key_free()
context | HSM context |
id | CKA_ID of key to find (null-terminated string of hex characters) |
Definition at line 2419 of file libhsm.c.
Referenced by hsm_keytag(), and keycache_lookup().
libhsm_key_t* hsm_generate_dsa_key | ( | hsm_ctx_t * | context, |
const char * | repository, | ||
unsigned long | keysize | ||
) |
Generate new key pair in HSM
Keys generated by libhsm will have a 16-byte identifier set as CKA_ID and the hexadecimal representation of it set as CKA_LABEL.
The returned key structure can be freed with libhsm_key_free()
context | HSM context |
repository | repository in where to create the key |
keysize | Size of DSA key |
libhsm_key_t* hsm_generate_ecdsa_key | ( | hsm_ctx_t * | context, |
const char * | repository, | ||
const char * | curve | ||
) |
Generate new key pair in HSM
Keys generated by libhsm will have a 16-byte identifier set as CKA_ID and the hexadecimal representation of it set as CKA_LABEL.
The returned key structure can be freed with libhsm_key_free()
context | HSM context |
repository | repository in where to create the key |
curve | which curve to use |
libhsm_key_t* hsm_generate_gost_key | ( | hsm_ctx_t * | context, |
const char * | repository | ||
) |
Generate new key pair in HSM
Keys generated by libhsm will have a 16-byte identifier set as CKA_ID and the hexadecimal representation of it set as CKA_LABEL.
The returned key structure can be freed with libhsm_key_free()
context | HSM context |
repository | repository in where to create the key |
libhsm_key_t* hsm_generate_rsa_key | ( | hsm_ctx_t * | context, |
const char * | repository, | ||
unsigned long | keysize | ||
) |
Generate new key pair in HSM
Keys generated by libhsm will have a 16-byte identifier set as CKA_ID and the hexadecimal representation of it set as CKA_LABEL. Other stuff, like exponent, may be needed here as well.
The returned key structure can be freed with libhsm_key_free()
context | HSM context |
repository | repository in where to create the key |
keysize | Size of RSA key |
Definition at line 2448 of file libhsm.c.
References CK_FALSE, CK_TRUE, CKK_RSA, CKM_RSA_PKCS_KEY_PAIR_GEN, and NULL_PTR.
Referenced by hsm_test().
char* hsm_get_error | ( | hsm_ctx_t * | gctx | ) |
Return the current error message
The returned message is allocated data, and must be free()d by the caller
ctx | HSM context |
Definition at line 3217 of file libhsm.c.
References _hsm_ctx, ctx, hsm_ctx_t::error, hsm_ctx_t::error_action, hsm_ctx_t::error_message, and HSM_ERROR_MSGSIZE.
Referenced by hsm_print_error().
char* hsm_get_key_id | ( | hsm_ctx_t * | context, |
const libhsm_key_t * | key | ||
) |
Get id as null-terminated hex string using key identifier
The returned id is allocated data, and must be free()d by the caller
context | HSM context |
key | Key pair to get the ID from |
Definition at line 2865 of file libhsm.c.
Referenced by hsm_test().
libhsm_key_info_t* hsm_get_key_info | ( | hsm_ctx_t * | context, |
const libhsm_key_t * | key | ||
) |
Get extended key information
The returned id is allocated data, and must be freed by the caller With libhsm_key_info_free()
context | HSM context |
key | Key pair to get information about |
Definition at line 2895 of file libhsm.c.
Referenced by hsm_print_key().
libhsm_key_t** hsm_list_keys | ( | hsm_ctx_t * | context, |
size_t * | count | ||
) |
List all known keys in all attached HSMs
After the function has run, the value at count contains the number of keys found.
The resulting key list can be freed with libhsm_key_list_free() Alternatively, each individual key structure in the list could be freed with libhsm_key_free()
context | HSM context |
count | location to store the number of keys found |
Definition at line 2376 of file libhsm.c.
References hsm_ctx_t::session_count.
libhsm_key_t** hsm_list_keys_repository | ( | hsm_ctx_t * | context, |
size_t * | count, | ||
const char * | repository | ||
) |
List all known keys in a HSM
After the function has run, the value at count contains the number of keys found.
The resulting key list can be freed with libhsm_key_list_free() Alternatively, each individual key structure in the list could be freed with libhsm_key_free()
context | HSM context |
count | location to store the number of keys found |
repository | repository to list the keys in |
int hsm_logout_pin | ( | void | ) |
Logout
Function that will logout the user by deleting the shared memory and semaphore. Any authenticated process will still be able to interact with the HSM.
Definition at line 413 of file pin.c.
References hsm_ctx_set_error(), HSM_ERROR, HSM_OK, SEM_KEY, SHM_KEY, and semun::val.
int hsm_open2 | ( | hsm_repository_t * | rlist, |
char * | pin_callback)(unsigned int, const char *, unsigned int | ||
) |
Open HSM library
rlist | Repository list. |
pin_callback | This function will be called for tokens that have no PIN configured. The default hsm_prompt_pin() can be used. If this value is NULL, these tokens will be skipped. |
Attaches all HSMs in the repository list, querying for PINs (using the given callback function) if not known. Also creates initial sessions (not part of any context; every API function that takes a context can be passed NULL, in which case the global context will be used) and log into each HSM.
Definition at line 2192 of file libhsm.c.
References _hsm_ctx_mutex, and HSM_OK.
void hsm_print_ctx | ( | hsm_ctx_t * | ctx | ) |
Definition at line 3263 of file libhsm.c.
References hsm_print_session(), hsm_ctx_t::session, and hsm_ctx_t::session_count.
void hsm_print_error | ( | hsm_ctx_t * | ctx | ) |
void hsm_print_key | ( | hsm_ctx_t * | ctx, |
libhsm_key_t * | key | ||
) |
Definition at line 3274 of file libhsm.c.
References libhsm_key_info_t::algorithm_name, hsm_get_key_info(), libhsm_key_info_t::id, libhsm_key_info_t::keysize, libhsm_key_info_free(), libhsm_key_t::modulename, libhsm_key_t::private_key, and libhsm_key_t::public_key.
void hsm_print_session | ( | hsm_session_t * | session | ) |
Definition at line 3253 of file libhsm.c.
References hsm_session_t::module, hsm_module_t::name, hsm_module_t::path, hsm_session_t::session, hsm_module_t::sym, and hsm_module_t::token_label.
Referenced by hsm_print_ctx().
void hsm_print_tokeninfo | ( | hsm_ctx_t * | ctx | ) |
Definition at line 3315 of file libhsm.c.
References hsm_ctx_t::session, hsm_ctx_t::session_count, and slot_id.
char* hsm_prompt_pin | ( | unsigned int | id, |
const char * | repository, | ||
unsigned int | mode | ||
) |
Function that queries for a PIN, can be used as callback for hsm_open(). Stores the PIN in the shared memory.
id | Used for identifying the repository. Will have a value between zero and HSM_MAX_SESSIONS. |
repository | The repository name will be included in the prompt |
mode | The type of mode the function should run in. |
Definition at line 228 of file pin.c.
References HSM_MAX_PIN_LENGTH, HSM_MAX_SESSIONS, HSM_PIN_FIRST, HSM_PIN_RETRY, and HSM_PIN_SAVE.
uint32_t hsm_random32 | ( | hsm_ctx_t * | ctx | ) |
Return unsigned 32-bit random number from any attached HSM
context | HSM context |
Definition at line 3143 of file libhsm.c.
References hsm_random_buffer().
uint64_t hsm_random64 | ( | hsm_ctx_t * | ctx | ) |
Return unsigned 64-bit random number from any attached HSM
context | HSM context |
Definition at line 3158 of file libhsm.c.
References hsm_random_buffer().
int hsm_random_buffer | ( | hsm_ctx_t * | ctx, |
unsigned char * | buffer, | ||
unsigned long | length | ||
) |
Fill a buffer with random data from any attached HSM
context | HSM context |
buffer | Buffer to fill with random data |
length | Size of random buffer |
Definition at line 3116 of file libhsm.c.
References CKR_OK, hsm_session_t::module, hsm_session_t::session, hsm_ctx_t::session, hsm_ctx_t::session_count, and hsm_module_t::sym.
Referenced by hsm_random32(), and hsm_random64().
int hsm_remove_key | ( | hsm_ctx_t * | context, |
libhsm_key_t * | key | ||
) |
Remove a key pair from HSM
When a key is removed, the module pointer is set to NULL, and the public and private key handles are set to 0. The structure still needs to be freed.
context | HSM context |
key | Key pair to be removed |
void hsm_repository_free | ( | hsm_repository_t * | r | ) |
Free configured repositories.
r | Repository list. |
Definition at line 404 of file libhsm.c.
References hsm_repository_free(), hsm_repository_struct::module, hsm_repository_struct::name, hsm_repository_struct::next, hsm_repository_struct::pin, and hsm_repository_struct::tokenlabel.
Referenced by hsm_repository_free().
hsm_repository_t* hsm_repository_new | ( | char * | name, |
char * | module, | ||
char * | tokenlabel, | ||
char * | pin, | ||
uint8_t | use_pubkey, | ||
uint8_t | allowextract, | ||
uint8_t | require_backup | ||
) |
int hsm_token_attached | ( | hsm_ctx_t * | ctx, |
const char * | repository | ||
) |
Check whether a named token has been initialized in this context
ctx | HSM context |
token_name | The name of the token |
Definition at line 3200 of file libhsm.c.
References hsm_ctx_set_error(), HSM_REPOSITORY_NOT_FOUND, hsm_session_t::module, hsm_module_t::name, hsm_ctx_t::session, and hsm_ctx_t::session_count.
Referenced by hsm_test().
void keycache_create | ( | hsm_ctx_t * | ctx | ) |
Definition at line 3375 of file libhsm.c.
References hsm_ctx_t::keycache.
void keycache_destroy | ( | hsm_ctx_t * | ctx | ) |
Definition at line 3383 of file libhsm.c.
References hsm_ctx_t::keycache.
Referenced by hsm_close().
const libhsm_key_t* keycache_lookup | ( | hsm_ctx_t * | ctx, |
const char * | locator | ||
) |
Definition at line 3393 of file libhsm.c.
References hsm_find_key_by_id(), hsm_ctx_t::keycache, and hsm_ctx_t::keycache_lock.
void libhsm_key_free | ( | libhsm_key_t * | key | ) |
Definition at line 2369 of file libhsm.c.
References libhsm_key_t::modulename.
Referenced by hsm_keytag(), and libhsm_key_list_free().
void libhsm_key_info_free | ( | libhsm_key_info_t * | key_info | ) |
Frees the libhsm_key_info_t structure
key_info | The structure to free |
Definition at line 2943 of file libhsm.c.
References libhsm_key_info_t::algorithm_name, and libhsm_key_info_t::id.
Referenced by hsm_print_key().
void libhsm_key_list_free | ( | libhsm_key_t ** | key_list, |
size_t | count | ||
) |
Free the memory of an array of key structures, as returned by hsm_list_keys()
key_list | The array of keys to free |
count | The number of keys in the array |
Definition at line 2855 of file libhsm.c.
References libhsm_key_free().