OpenDNSSEC-libhsm  2.1.3
libhsm.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 .SE (The Internet Infrastructure Foundation).
3  * Copyright (c) 2009 NLNet Labs.
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 #ifndef HSM_H
29 #define HSM_H 1
30 
31 #include <stdint.h>
32 #include <ldns/rbtree.h>
33 #include <pthread.h>
34 
35 #define HSM_MAX_SESSIONS 100
36 /*
37  * Note that currently the MySQL kasp schema limits the number of HSMs to
38  * 127; so to increase it beyond that requires some database changes similar
39  * to when keypairs(id) was increased, see svn r4465.
40  *
41  * Note that this constant also determines the size of the shared PIN memory.
42  * Increasing this size requires any existing memory to be removed and should
43  * be part of a migration script.
44  */
45 #define HSM_MAX_SESSIONS 100
46 
47 #define HSM_MAX_ALGONAME 16
48 
49 #define HSM_ERROR_MSGSIZE 512
50 
51 /* TODO: depends on type and key, or just leave it at current
52  * maximum? */
53 #define HSM_MAX_SIGNATURE_LENGTH 512
54 
55 /* Note that this constant also determines the size of the shared PIN memory.
56  * Increasing this size requires any existing memory to be removed and should
57  * be part of a migration script.
58  */
59 #define HSM_MAX_PIN_LENGTH 255
60 
65 #define HSM_OK 0
66 #define HSM_ERROR 0x10000001
67 #define HSM_PIN_INCORRECT 0x10000002
68 #define HSM_CONFIG_FILE_ERROR 0x10000003
69 #define HSM_REPOSITORY_NOT_FOUND 0x10000004
70 #define HSM_NO_REPOSITORIES 0x10000005
71 #define HSM_MODULE_NOT_FOUND 0x10000006
72 
74 #define HSM_PIN_FIRST 0 /* Used when getting the PIN for the first time. */
75 #define HSM_PIN_RETRY 1 /* Used when we failed to login the first time. */
76 #define HSM_PIN_SAVE 2 /* The latest PIN can be saved for future use. Called
77  after a successful login. */
78 
80 typedef struct {
81  unsigned int use_pubkey;
82  unsigned int allow_extract;
83 } hsm_config_t;
84 
86 typedef struct {
87  unsigned int id;
88  char *name;
89  char *token_label;
90  char *path;
91  void *handle;
92  void *sym;
94 } hsm_module_t;
95 
97 typedef struct {
99  unsigned long session;
100 } hsm_session_t;
101 
103 typedef struct {
104  char *modulename;
105  unsigned long private_key;
106  unsigned long public_key;
107 } libhsm_key_t;
108 
110 typedef struct {
111  char *id;
112  unsigned long algorithm;
114  unsigned long keysize;
116 
121  char *name;
122  char *module;
123  char *tokenlabel;
124  char *pin;
125  uint8_t require_backup;
126  uint8_t use_pubkey;
127  unsigned int allow_extract;
128 };
129 
131 typedef struct {
133  size_t session_count;
136  int error;
137 
140  const char *error_action;
141 
143  char error_message[HSM_ERROR_MSGSIZE];
144 
145  ldns_rbtree_t* keycache;
146  pthread_mutex_t *keycache_lock;
147 } hsm_ctx_t;
148 
149 
161 void
162 hsm_ctx_set_error(hsm_ctx_t *ctx, int error, const char *action,
163  const char *message, ...);
164 
180 int
182  char *(pin_callback)(unsigned int, const char *, unsigned int));
183 
184 
195 hsm_repository_new(char* name, char* module, char* tokenlabel, char* pin,
196  uint8_t use_pubkey, uint8_t allowextract, uint8_t require_backup);
197 
202 void
204 
214 char *
215 hsm_prompt_pin(unsigned int id, const char *repository, unsigned int mode);
216 
217 
226 char *
227 hsm_check_pin(unsigned int id, const char *repository, unsigned int mode);
228 
229 
236 int
237 hsm_logout_pin(void);
238 
239 
246 void
247 hsm_close(void);
248 
249 
255 hsm_ctx_t *
256 hsm_create_context(void);
257 
258 
267 int
269 
270 
277 void
279 
280 void
282 
295 libhsm_key_t **
296 hsm_list_keys(hsm_ctx_t *context, size_t *count);
297 
298 
312 libhsm_key_t **
314  size_t *count,
315  const char *repository);
316 
317 
318 
328 libhsm_key_t *
330  const char *id);
331 
345 libhsm_key_t *
347  const char *repository,
348  unsigned long keysize);
349 
362 libhsm_key_t *
364  const char *repository,
365  unsigned long keysize);
366 
378 libhsm_key_t *
380  const char *repository);
381 
394 libhsm_key_t *
396  const char *repository,
397  const char *curve);
398 
409 int
410 hsm_remove_key(hsm_ctx_t *context, libhsm_key_t *key);
411 
412 
419 void
420 libhsm_key_list_free(libhsm_key_t **key_list, size_t count);
421 
422 
431 char *
432 hsm_get_key_id(hsm_ctx_t *context,
433  const libhsm_key_t *key);
434 
435 
446 hsm_get_key_info(hsm_ctx_t *context,
447  const libhsm_key_t *key);
448 
449 
454 void
456 
465 int
467  unsigned char *buffer,
468  unsigned long length);
469 
470 
476 uint32_t
478 
479 
485 uint64_t
487 
488 
489 
490 /*
491  * Additional functions for debugging, and non-general use-cases.
492  */
493 
505 int
506 hsm_attach(const char *repository,
507  const char *token_name,
508  const char *path,
509  const char *pin,
510  const hsm_config_t *config);
511 
517 int
519  const char *repository);
520 
529 char *
530 hsm_get_error(hsm_ctx_t *gctx);
531 
532 /* a few debug functions for applications */
533 void hsm_print_session(hsm_session_t *session);
538 
539 /* implementation of a key cache per context, needs changing see
540  * OPENDNSSEC-799.
541  */
542 extern void keycache_create(hsm_ctx_t* ctx);
543 extern void keycache_destroy(hsm_ctx_t* ctx);
544 extern const libhsm_key_t* keycache_lookup(hsm_ctx_t* ctx, const char* locator);
545 
546 #endif /* HSM_H */
uint64_t hsm_random64(hsm_ctx_t *ctx)
Definition: libhsm.c:3158
unsigned long public_key
Definition: libhsm.h:106
char * hsm_get_error(hsm_ctx_t *gctx)
Definition: libhsm.c:3217
hsm_ctx_t * hsm_create_context(void)
Definition: libhsm.c:2269
const char * error_action
Definition: libhsm.h:140
libhsm_key_t * hsm_generate_gost_key(hsm_ctx_t *context, const char *repository)
Definition: libhsm.c:2650
void * handle
Definition: libhsm.h:91
ldns_rbtree_t * keycache
Definition: libhsm.h:145
hsm_module_t * module
Definition: libhsm.h:98
hsm_repository_t * next
Definition: libhsm.h:120
char * path
Definition: libhsm.h:90
char * name
Definition: libhsm.h:88
void libhsm_key_list_free(libhsm_key_t **key_list, size_t count)
Definition: libhsm.c:2855
uint8_t require_backup
Definition: libhsm.h:125
libhsm_key_info_t * hsm_get_key_info(hsm_ctx_t *context, const libhsm_key_t *key)
Definition: libhsm.c:2895
int hsm_logout_pin(void)
Definition: pin.c:413
char * modulename
Definition: libhsm.h:104
void * sym
Definition: libhsm.h:92
char * hsm_get_key_id(hsm_ctx_t *context, const libhsm_key_t *key)
Definition: libhsm.c:2865
unsigned int allow_extract
Definition: libhsm.h:82
void hsm_close(void)
Definition: libhsm.c:2259
unsigned long algorithm
Definition: libhsm.h:112
void hsm_print_key(hsm_ctx_t *ctx, libhsm_key_t *key)
Definition: libhsm.c:3269
void hsm_print_tokeninfo(hsm_ctx_t *ctx)
Definition: libhsm.c:3310
const libhsm_key_t * keycache_lookup(hsm_ctx_t *ctx, const char *locator)
Definition: libhsm.c:3388
unsigned long keysize
Definition: libhsm.h:114
libhsm_key_t * hsm_generate_rsa_key(hsm_ctx_t *context, const char *repository, unsigned long keysize)
Definition: libhsm.c:2448
void hsm_ctx_set_error(hsm_ctx_t *ctx, int error, const char *action, const char *message,...)
Definition: libhsm.c:206
int hsm_random_buffer(hsm_ctx_t *ctx, unsigned char *buffer, unsigned long length)
Definition: libhsm.c:3116
void keycache_create(hsm_ctx_t *ctx)
Definition: libhsm.c:3370
hsm_repository_t * hsm_repository_new(char *name, char *module, char *tokenlabel, char *pin, uint8_t use_pubkey, uint8_t allowextract, uint8_t require_backup)
Definition: libhsm.c:371
void keycache_destroy(hsm_ctx_t *ctx)
Definition: libhsm.c:3378
void hsm_destroy_context(hsm_ctx_t *context)
Definition: libhsm.c:2334
#define HSM_ERROR_MSGSIZE
Definition: libhsm.h:49
unsigned int use_pubkey
Definition: libhsm.h:81
void hsm_repository_free(hsm_repository_t *r)
Definition: libhsm.c:404
unsigned int allow_extract
Definition: libhsm.h:127
size_t session_count
Definition: libhsm.h:133
unsigned long session
Definition: libhsm.h:99
unsigned int id
Definition: libhsm.h:87
pthread_mutex_t * keycache_lock
Definition: libhsm.h:146
int hsm_attach(const char *repository, const char *token_name, const char *path, const char *pin, const hsm_config_t *config)
Definition: libhsm.c:3177
hsm_config_t * config
Definition: libhsm.h:93
int hsm_check_context()
Definition: libhsm.c:2279
#define HSM_MAX_SESSIONS
Definition: libhsm.h:45
uint32_t hsm_random32(hsm_ctx_t *ctx)
Definition: libhsm.c:3143
libhsm_key_t ** hsm_list_keys_repository(hsm_ctx_t *context, size_t *count, const char *repository)
Definition: libhsm.c:2402
hsm_ctx_t * ctx
Definition: hsmutil.c:46
libhsm_key_t ** hsm_list_keys(hsm_ctx_t *context, size_t *count)
Definition: libhsm.c:2376
libhsm_key_t * hsm_generate_ecdsa_key(hsm_ctx_t *context, const char *repository, const char *curve)
Definition: libhsm.c:2730
void hsm_print_ctx(hsm_ctx_t *ctx)
Definition: libhsm.c:3258
uint8_t use_pubkey
Definition: libhsm.h:126
int error
Definition: libhsm.h:136
void hsm_print_error(hsm_ctx_t *ctx)
Definition: libhsm.c:3295
int hsm_open2(hsm_repository_t *rlist, char *(pin_callback)(unsigned int, const char *, unsigned int))
Definition: libhsm.c:2192
int hsm_token_attached(hsm_ctx_t *ctx, const char *repository)
Definition: libhsm.c:3200
int hsm_remove_key(hsm_ctx_t *context, libhsm_key_t *key)
Definition: libhsm.c:2826
libhsm_key_t * hsm_generate_dsa_key(hsm_ctx_t *context, const char *repository, unsigned long keysize)
Definition: libhsm.c:2536
void hsm_print_session(hsm_session_t *session)
Definition: libhsm.c:3248
unsigned long private_key
Definition: libhsm.h:105
char * hsm_prompt_pin(unsigned int id, const char *repository, unsigned int mode)
Definition: pin.c:228
void libhsm_key_free(libhsm_key_t *key)
Definition: libhsm.c:2369
char * token_label
Definition: libhsm.h:89
libhsm_key_t * hsm_find_key_by_id(hsm_ctx_t *context, const char *id)
Definition: libhsm.c:2419
char * algorithm_name
Definition: libhsm.h:113
void libhsm_key_info_free(libhsm_key_info_t *key_info)
Definition: libhsm.c:2943
char * hsm_check_pin(unsigned int id, const char *repository, unsigned int mode)
Definition: pin.c:325