OpenDNSSEC-libhsm  1.4.1
Data Structures | Macros | Functions
libhsm.h File Reference
#include <stdint.h>
Include dependency graph for libhsm.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  hsm_config_t
 
struct  hsm_module_t
 
struct  hsm_session_t
 
struct  hsm_key_t
 
struct  hsm_key_info_t
 
struct  hsm_ctx_t
 

Macros

#define HSM_MAX_SESSIONS   100
 
#define HSM_MAX_ALGONAME   16
 
#define HSM_ERROR_MSGSIZE   512
 
#define HSM_MAX_SIGNATURE_LENGTH   512
 
#define HSM_MAX_PIN_LENGTH   255
 
#define HSM_OK   0
 
#define HSM_ERROR   0x10000001
 
#define HSM_PIN_INCORRECT   0x10000002
 
#define HSM_CONFIG_FILE_ERROR   0x10000003
 
#define HSM_REPOSITORY_NOT_FOUND   0x10000004
 
#define HSM_NO_REPOSITORIES   0x10000005
 
#define HSM_MODULE_NOT_FOUND   0x10000006
 
#define HSM_PIN_FIRST   0 /* Used when getting the PIN for the first time. */
 
#define HSM_PIN_RETRY   1 /* Used when we failed to login the first time. */
 
#define HSM_PIN_SAVE
 

Functions

int hsm_open (const char *config, char *(pin_callback)(unsigned int, const char *, unsigned int))
 
char * hsm_prompt_pin (unsigned int id, const char *repository, unsigned int mode)
 
char * hsm_check_pin (unsigned int id, const char *repository, unsigned int mode)
 
int hsm_logout_pin ()
 
int hsm_close ()
 
hsm_ctx_thsm_create_context (void)
 
int hsm_check_context (hsm_ctx_t *context)
 
void hsm_destroy_context (hsm_ctx_t *context)
 
hsm_key_t ** hsm_list_keys (hsm_ctx_t *context, size_t *count)
 
hsm_key_t ** hsm_list_keys_repository (hsm_ctx_t *context, size_t *count, const char *repository)
 
size_t hsm_count_keys (hsm_ctx_t *context)
 
size_t hsm_count_keys_repository (hsm_ctx_t *context, const char *repository)
 
hsm_key_thsm_find_key_by_id (hsm_ctx_t *context, const char *id)
 
hsm_key_thsm_generate_rsa_key (hsm_ctx_t *context, const char *repository, unsigned long keysize)
 
hsm_key_thsm_generate_dsa_key (hsm_ctx_t *context, const char *repository, unsigned long keysize)
 
hsm_key_thsm_generate_gost_key (hsm_ctx_t *context, const char *repository)
 
int hsm_remove_key (hsm_ctx_t *context, hsm_key_t *key)
 
void hsm_key_free (hsm_key_t *key)
 
void hsm_key_list_free (hsm_key_t **key_list, size_t count)
 
char * hsm_get_key_id (hsm_ctx_t *context, const hsm_key_t *key)
 
hsm_key_info_thsm_get_key_info (hsm_ctx_t *context, const hsm_key_t *key)
 
void hsm_key_info_free (hsm_key_info_t *key_info)
 
int hsm_random_buffer (hsm_ctx_t *ctx, unsigned char *buffer, unsigned long length)
 
uint32_t hsm_random32 (hsm_ctx_t *ctx)
 
uint64_t hsm_random64 (hsm_ctx_t *ctx)
 
int hsm_attach (const char *repository, const char *token_name, const char *path, const char *pin, const hsm_config_t *config)
 
int hsm_detach (const char *repository)
 
int hsm_token_attached (hsm_ctx_t *ctx, const char *repository)
 
char * hsm_get_error (hsm_ctx_t *gctx)
 
void hsm_print_session (hsm_session_t *session)
 
void hsm_print_ctx (hsm_ctx_t *gctx)
 
void hsm_print_key (hsm_key_t *key)
 
void hsm_print_error (hsm_ctx_t *ctx)
 
void hsm_print_tokeninfo (hsm_ctx_t *gctx)
 

Macro Definition Documentation

#define HSM_CONFIG_FILE_ERROR   0x10000003

Definition at line 66 of file libhsm.h.

Referenced by hsm_open().

#define HSM_ERROR   0x10000001
#define HSM_ERROR_MSGSIZE   512

Definition at line 47 of file libhsm.h.

Referenced by hsm_get_error().

#define HSM_MAX_ALGONAME   16

Definition at line 45 of file libhsm.h.

Referenced by cmd_list(), and hsm_get_key_info().

#define HSM_MAX_PIN_LENGTH   255

Definition at line 57 of file libhsm.h.

Referenced by hsm_check_pin(), hsm_prompt_pin(), hsm_shm_open(), and prompt_pass().

#define HSM_MAX_SESSIONS   100

Definition at line 43 of file libhsm.h.

Referenced by hsm_check_pin(), hsm_prompt_pin(), and hsm_shm_open().

#define HSM_MAX_SIGNATURE_LENGTH   512

Definition at line 51 of file libhsm.h.

#define HSM_MODULE_NOT_FOUND   0x10000006

Definition at line 69 of file libhsm.h.

#define HSM_NO_REPOSITORIES   0x10000005

Definition at line 68 of file libhsm.h.

Referenced by hsm_open().

#define HSM_OK   0

Return codes for some of the functions

These should be different than the list of CKR_ values defined by pkcs11 (for easier debugging purposes of calling applications)

Definition at line 63 of file libhsm.h.

Referenced by cmd_logout(), hsm_attach(), hsm_check_context(), hsm_get_slot_id(), hsm_logout_pin(), hsm_open(), and hsm_print_tokeninfo().

#define HSM_PIN_FIRST   0 /* Used when getting the PIN for the first time. */

The mode for the PIN callback functions

Definition at line 72 of file libhsm.h.

Referenced by hsm_check_pin(), hsm_open(), and hsm_prompt_pin().

#define HSM_PIN_INCORRECT   0x10000002

Definition at line 65 of file libhsm.h.

Referenced by hsm_open().

#define HSM_PIN_RETRY   1 /* Used when we failed to login the first time. */

Definition at line 73 of file libhsm.h.

Referenced by hsm_check_pin(), hsm_open(), and hsm_prompt_pin().

#define HSM_PIN_SAVE
Value:
2 /* The latest PIN can be saved for future use. Called
after a successful login. */

Definition at line 74 of file libhsm.h.

Referenced by hsm_check_pin(), hsm_open(), and hsm_prompt_pin().

#define HSM_REPOSITORY_NOT_FOUND   0x10000004

Definition at line 67 of file libhsm.h.

Referenced by hsm_token_attached().

Function Documentation

int hsm_attach ( const char *  repository,
const char *  token_name,
const char *  path,
const char *  pin,
const hsm_config_t config 
)
Attached a named HSM using a PKCS#11 shared library and

optional credentials (may be NULL, but then undefined) This function changes the global state, and is not threadsafe

Parameters
repositorythe name of the repository
token_labelthe name of the token to attach
paththe path of the shared PKCS#11 library
pinthe PIN to log into the token
configoptional configuration
Returns
0 on success, -1 on error

Definition at line 3052 of file libhsm.c.

References HSM_OK.

Referenced by hsm_open().

int hsm_check_context ( hsm_ctx_t context)
Check HSM context

Check if the associated sessions are still alive. If they are not alive, then try re-open libhsm.

Parameters
contextHSM context
Returns
0 if successful, !0 if failed

Definition at line 2134 of file libhsm.c.

References _hsm_ctx, CKF_RW_SESSION, CKF_SERIAL_SESSION, CKS_RW_USER_FUNCTIONS, hsm_ctx_set_error(), HSM_ERROR, HSM_OK, hsm_session_t::module, hsm_session_t::session, hsm_ctx_t::session, hsm_ctx_t::session_count, ck_session_info::state, and hsm_module_t::sym.

char* hsm_check_pin ( unsigned int  id,
const char *  repository,
unsigned int  mode 
)
Function that will check if there is a PIN in the shared memory and returns it.
Parameters
idUsed for identifying the repository. Will have a value between zero and HSM_MAX_SESSIONS.
repositoryThe repository name will be included in the prompt
modeThe type of mode the function should run in.
Returns
The string the user enters

Definition at line 327 of file pin.c.

References hsm_ctx_set_error(), HSM_ERROR, HSM_MAX_PIN_LENGTH, HSM_MAX_SESSIONS, HSM_PIN_FIRST, HSM_PIN_RETRY, HSM_PIN_SAVE, hsm_sem_open(), hsm_sem_post(), hsm_sem_wait(), and hsm_shm_open().

int hsm_close ( )

Close HSM library

Log out and detach from all configured HSMs This cleans up all data for libhsm, and should be the last function called.

Definition at line 2121 of file libhsm.c.

Referenced by main().

size_t hsm_count_keys ( hsm_ctx_t context)
Count all known keys in all attached HSMs
Parameters
contextHSM context

Definition at line 2264 of file libhsm.c.

References _hsm_ctx, hsm_count_keys_session(), hsm_ctx_t::session, and hsm_ctx_t::session_count.

size_t hsm_count_keys_repository ( hsm_ctx_t context,
const char *  repository 
)
Count all known keys in a HSM
Parameters
contextHSM context
repositoryrepository in where to count the keys

Definition at line 2277 of file libhsm.c.

References _hsm_ctx, and hsm_count_keys_session().

hsm_ctx_t* hsm_create_context ( void  )
Create new HSM context

Creates a new session for each attached HSM. The returned hsm_ctx_t * can be freed with hsm_destroy_context()

Definition at line 2128 of file libhsm.c.

Referenced by main().

void hsm_destroy_context ( hsm_ctx_t context)
Destroy HSM context
Parameters
contextHSM context

Also destroys any associated sessions.

Definition at line 2184 of file libhsm.c.

Referenced by main(), and sign().

int hsm_detach ( const char *  repository)
Detach a named HSM

This function changes the global state, and is not threadsafe

Parameters
token_namethe token to detach
Returns
0 on success, -1 on error

Detach a named HSM

Definition at line 3076 of file libhsm.c.

References hsm_session_t::module, hsm_module_t::name, hsm_ctx_t::session, and hsm_ctx_t::session_count.

hsm_key_t* hsm_find_key_by_id ( hsm_ctx_t context,
const char *  id 
)
Find a key pair by CKA_ID (as hex string)

The returned key structure can be freed with hsm_key_free()

Parameters
contextHSM context
idCKA_ID of key to find (null-terminated string of hex characters)
Returns
key identifier or NULL if not found (or invalid input)

Definition at line 2293 of file libhsm.c.

Referenced by cmd_dnskey(), cmd_remove(), and main().

hsm_key_t* hsm_generate_dsa_key ( hsm_ctx_t context,
const char *  repository,
unsigned long  keysize 
)
Generate new key pair in HSM

Keys generated by libhsm will have a 16-byte identifier set as CKA_ID and the hexadecimal representation of it set as CKA_LABEL.

The returned key structure can be freed with hsm_key_free()

Parameters
contextHSM context
repositoryrepository in where to create the key
keysizeSize of DSA key
Returns
return key identifier or NULL if key generation failed

Definition at line 2395 of file libhsm.c.

References _hsm_ctx, CK_FALSE, CK_TRUE, CKA_BASE, CKA_DECRYPT, CKA_ENCRYPT, CKA_EXTRACTABLE, CKA_ID, CKA_KEY_TYPE, CKA_LABEL, CKA_PRIME, CKA_PRIME_BITS, CKA_PRIVATE, CKA_SENSITIVE, CKA_SIGN, CKA_SUBPRIME, CKA_TOKEN, CKA_UNWRAP, CKA_VERIFY, CKA_WRAP, CKK_DSA, CKM_DSA_KEY_PAIR_GEN, CKM_DSA_PARAMETER_GEN, hsm_random_buffer(), hsm_session_t::module, hsm_key_t::module, NULL_PTR, hsm_key_t::private_key, hsm_key_t::public_key, hsm_session_t::session, and hsm_module_t::sym.

Referenced by hsm_test().

hsm_key_t* hsm_generate_gost_key ( hsm_ctx_t context,
const char *  repository 
)
Generate new key pair in HSM

Keys generated by libhsm will have a 16-byte identifier set as CKA_ID and the hexadecimal representation of it set as CKA_LABEL.

The returned key structure can be freed with hsm_key_free()

Parameters
contextHSM context
repositoryrepository in where to create the key
Returns
return key identifier or NULL if key generation failed

Definition at line 2509 of file libhsm.c.

References _hsm_ctx, CK_FALSE, CK_TRUE, CKA_DECRYPT, CKA_ENCRYPT, CKA_EXTRACTABLE, CKA_GOSTR3410PARAMS, CKA_ID, CKA_KEY_TYPE, CKA_LABEL, CKA_PRIVATE, CKA_SENSITIVE, CKA_SIGN, CKA_TOKEN, CKA_UNWRAP, CKA_VERIFY, CKA_WRAP, CKK_GOSTR3410, CKM_GOSTR3410_KEY_PAIR_GEN, hsm_random_buffer(), hsm_session_t::module, hsm_key_t::module, NULL_PTR, hsm_key_t::private_key, hsm_key_t::public_key, hsm_session_t::session, and hsm_module_t::sym.

Referenced by hsm_test().

hsm_key_t* hsm_generate_rsa_key ( hsm_ctx_t context,
const char *  repository,
unsigned long  keysize 
)
Generate new key pair in HSM

Keys generated by libhsm will have a 16-byte identifier set as CKA_ID and the hexadecimal representation of it set as CKA_LABEL. Other stuff, like exponent, may be needed here as well.

The returned key structure can be freed with hsm_key_free()

Parameters
contextHSM context
repositoryrepository in where to create the key
keysizeSize of RSA key
Returns
return key identifier or NULL if key generation failed

Definition at line 2309 of file libhsm.c.

References _hsm_ctx, CK_FALSE, CK_TRUE, CKA_DECRYPT, CKA_ENCRYPT, CKA_EXTRACTABLE, CKA_ID, CKA_KEY_TYPE, CKA_LABEL, CKA_MODULUS_BITS, CKA_PRIVATE, CKA_PUBLIC_EXPONENT, CKA_SENSITIVE, CKA_SIGN, CKA_TOKEN, CKA_UNWRAP, CKA_VERIFY, CKA_WRAP, CKK_RSA, CKM_RSA_PKCS_KEY_PAIR_GEN, hsm_module_t::config, hsm_random_buffer(), hsm_session_t::module, hsm_key_t::module, NULL_PTR, hsm_key_t::private_key, hsm_key_t::public_key, hsm_session_t::session, hsm_module_t::sym, and hsm_config_t::use_pubkey.

Referenced by cmd_generate(), hsm_test(), and main().

char* hsm_get_error ( hsm_ctx_t gctx)
Return the current error message

The returned message is allocated data, and must be free()d by the caller

Parameters
ctxHSM context
Returns
error message string

Definition at line 3141 of file libhsm.c.

References _hsm_ctx, hsm_ctx_t::error, hsm_ctx_t::error_action, hsm_ctx_t::error_message, and HSM_ERROR_MSGSIZE.

Referenced by hsm_print_error().

char* hsm_get_key_id ( hsm_ctx_t context,
const hsm_key_t key 
)
Get id as null-terminated hex string using key identifier

The returned id is allocated data, and must be free()d by the caller

Parameters
contextHSM context
keyKey pair to get the ID from
Returns
id of key pair

Definition at line 2637 of file libhsm.c.

References _hsm_ctx, and hsm_key_t::private_key.

Referenced by hsm_get_key_info(), hsm_test(), and main().

hsm_key_info_t* hsm_get_key_info ( hsm_ctx_t context,
const hsm_key_t key 
)
Get extended key information

The returned id is allocated data, and must be freed by the caller With hsm_key_info_free()

Parameters
contextHSM context
keyKey pair to get information about
Returns
key information

Definition at line 2665 of file libhsm.c.

References _hsm_ctx, hsm_key_info_t::algorithm, hsm_key_info_t::algorithm_name, CKK_DSA, CKK_GOSTR3410, CKK_RSA, hsm_get_key_id(), HSM_MAX_ALGONAME, hsm_key_info_t::id, and hsm_key_info_t::keysize.

Referenced by cmd_generate(), cmd_list(), cmd_purge(), and hsm_print_key().

void hsm_key_free ( hsm_key_t key)
Free the memory for a key structure.
Parameters
keyThe key structure to free

Definition at line 2619 of file libhsm.c.

Referenced by cmd_dnskey(), cmd_generate(), cmd_remove(), hsm_key_list_free(), and main().

void hsm_key_info_free ( hsm_key_info_t key_info)
Frees the hsm_key_info_t structure
Parameters
key_infoThe structure to free

Definition at line 2712 of file libhsm.c.

References hsm_key_info_t::algorithm_name, and hsm_key_info_t::id.

Referenced by cmd_generate(), cmd_list(), cmd_purge(), and hsm_print_key().

void hsm_key_list_free ( hsm_key_t **  key_list,
size_t  count 
)
Free the memory of an array of key structures, as returned by

hsm_list_keys()

Parameters
key_listThe array of keys to free
countThe number of keys in the array

Definition at line 2627 of file libhsm.c.

References hsm_key_free().

Referenced by cmd_list(), and cmd_purge().

hsm_key_t** hsm_list_keys ( hsm_ctx_t context,
size_t *  count 
)
List all known keys in all attached HSMs

After the function has run, the value at count contains the number of keys found.

The resulting key list can be freed with hsm_key_list_free() Alternatively, each individual key structure in the list could be freed with hsm_key_free()

Parameters
contextHSM context
countlocation to store the number of keys found

Definition at line 2216 of file libhsm.c.

References _hsm_ctx, hsm_list_keys_session(), hsm_ctx_t::session, and hsm_ctx_t::session_count.

Referenced by cmd_list(), and main().

hsm_key_t** hsm_list_keys_repository ( hsm_ctx_t context,
size_t *  count,
const char *  repository 
)
List all known keys in a HSM

After the function has run, the value at count contains the number of keys found.

The resulting key list can be freed with hsm_key_list_free() Alternatively, each individual key structure in the list could be freed with hsm_key_free()

Parameters
contextHSM context
countlocation to store the number of keys found
repositoryrepository to list the keys in

Definition at line 2246 of file libhsm.c.

References _hsm_ctx, and hsm_list_keys_session().

Referenced by cmd_list(), and cmd_purge().

int hsm_logout_pin ( )

Logout

Function that will logout the user by deleting the shared memory and semaphore. Any authenticated process will still be able to interact with the HSM.

Definition at line 415 of file pin.c.

References hsm_ctx_set_error(), HSM_ERROR, HSM_OK, SEM_KEY, and SHM_KEY.

Referenced by cmd_logout().

int hsm_open ( const char *  config,
char *  pin_callback)(unsigned int, const char *, unsigned int 
)
Open HSM library
Parameters
configpath to OpenDNSSEC XML configuration file
pin_callbackThis function will be called for tokens that have no PIN configured. The default hsm_prompt_pin() can be used. If this value is NULL, these tokens will be skipped
Returns
0 if successful, !0 if failed

Attaches all configured HSMs, querying for PINs (using the given callback function) if not known. Also creates initial sessions (not part of any context; every API function that takes a context can be passed NULL, in which case the global context will be used) and log into each HSM.

Definition at line 1967 of file libhsm.c.

References hsm_attach(), HSM_CONFIG_FILE_ERROR, hsm_ctx_set_error(), HSM_ERROR, HSM_NO_REPOSITORIES, HSM_OK, HSM_PIN_FIRST, HSM_PIN_INCORRECT, HSM_PIN_RETRY, HSM_PIN_SAVE, hsm_ctx_t::session_count, and hsm_config_t::use_pubkey.

Referenced by main().

void hsm_print_ctx ( hsm_ctx_t gctx)

Definition at line 3182 of file libhsm.c.

References _hsm_ctx, hsm_print_session(), hsm_ctx_t::session, and hsm_ctx_t::session_count.

Referenced by cmd_debug(), and main().

void hsm_print_error ( hsm_ctx_t ctx)

Definition at line 3226 of file libhsm.c.

References hsm_get_error().

Referenced by cmd_generate(), cmd_list(), cmd_logout(), cmd_purge(), hsm_test(), and main().

void hsm_print_key ( hsm_key_t key)
void hsm_print_session ( hsm_session_t session)
void hsm_print_tokeninfo ( hsm_ctx_t gctx)
char* hsm_prompt_pin ( unsigned int  id,
const char *  repository,
unsigned int  mode 
)
Function that queries for a PIN, can be used as callback
for hsm_open(). Stores the PIN in the shared memory.
Parameters
idUsed for identifying the repository. Will have a value between zero and HSM_MAX_SESSIONS.
repositoryThe repository name will be included in the prompt
modeThe type of mode the function should run in.
Returns
The string the user enters

Definition at line 230 of file pin.c.

References HSM_MAX_PIN_LENGTH, HSM_MAX_SESSIONS, HSM_PIN_FIRST, HSM_PIN_RETRY, HSM_PIN_SAVE, hsm_sem_open(), hsm_sem_post(), hsm_sem_wait(), hsm_shm_open(), and prompt_pass().

Referenced by main().

uint32_t hsm_random32 ( hsm_ctx_t ctx)
Return unsigned 32-bit random number from any attached HSM
Parameters
contextHSM context
Returns
32-bit random number, or 0 if no HSM with a random generator is attached

Definition at line 3018 of file libhsm.c.

References hsm_random_buffer().

Referenced by main().

uint64_t hsm_random64 ( hsm_ctx_t ctx)
Return unsigned 64-bit random number from any attached HSM
Parameters
contextHSM context
Returns
64-bit random number, or 0 if no HSM with a random generator is attached

Definition at line 3033 of file libhsm.c.

References hsm_random_buffer().

Referenced by main().

int hsm_random_buffer ( hsm_ctx_t ctx,
unsigned char *  buffer,
unsigned long  length 
)
Fill a buffer with random data from any attached HSM
Parameters
contextHSM context
bufferBuffer to fill with random data
lengthSize of random buffer
Returns
0 if successful, !0 if failed

Definition at line 2990 of file libhsm.c.

References _hsm_ctx, CKR_OK, hsm_session_t::module, hsm_session_t::session, hsm_ctx_t::session, hsm_ctx_t::session_count, and hsm_module_t::sym.

Referenced by hsm_generate_dsa_key(), hsm_generate_gost_key(), hsm_generate_rsa_key(), hsm_random32(), and hsm_random64().

int hsm_remove_key ( hsm_ctx_t context,
hsm_key_t key 
)
Remove a key pair from HSM

When a key is removed, the module pointer is set to NULL, and the public and private key handles are set to 0. The structure still needs to be freed.

Parameters
contextHSM context
keyKey pair to be removed
Returns
0 if successful, !0 if failed

Definition at line 2589 of file libhsm.c.

References _hsm_ctx, hsm_module_t::config, hsm_session_t::module, hsm_key_t::private_key, hsm_key_t::public_key, hsm_session_t::session, hsm_module_t::sym, and hsm_config_t::use_pubkey.

Referenced by cmd_purge(), cmd_remove(), hsm_test(), and main().

int hsm_token_attached ( hsm_ctx_t ctx,
const char *  repository 
)
Check whether a named token has been initialized in this context
Parameters
ctxHSM context
token_nameThe name of the token
Returns
1 if the token is attached, 0 if not found

Definition at line 3100 of file libhsm.c.

References _hsm_ctx, hsm_ctx_set_error(), HSM_REPOSITORY_NOT_FOUND, hsm_session_t::module, hsm_module_t::name, hsm_ctx_t::session, and hsm_ctx_t::session_count.

Referenced by cmd_generate(), cmd_list(), cmd_purge(), and hsm_test().