OpenDNSSEC-libhsm
1.4.10
|
#include "config.h"
#include <stdio.h>
#include <string.h>
#include <strings.h>
#include <stdlib.h>
#include <unistd.h>
#include <dlfcn.h>
#include <ldns/ldns.h>
#include <libxml/tree.h>
#include <libxml/parser.h>
#include <libxml/xpath.h>
#include <libxml/xpathInternals.h>
#include <libxml/relaxng.h>
#include "libhsm.h"
#include "libhsmdns.h"
#include "compat.h"
#include <pkcs11.h>
#include <pthread.h>
Go to the source code of this file.
Macros | |
#define | HSM_TOKEN_LABEL_LENGTH 32 |
Functions | |
void | hsm_ctx_set_error (hsm_ctx_t *ctx, int error, const char *action, const char *message,...) |
int | hsm_get_slot_id (hsm_ctx_t *ctx, CK_FUNCTION_LIST_PTR pkcs11_functions, const char *token_name, CK_SLOT_ID *slotId) |
hsm_key_t ** | hsm_list_keys_session (hsm_ctx_t *ctx, const hsm_session_t *session, size_t *count) |
size_t | hsm_count_keys_session (hsm_ctx_t *ctx, const hsm_session_t *session) |
int | hsm_open (const char *config, char *(pin_callback)(unsigned int, const char *, unsigned int)) |
void | hsm_close () |
hsm_ctx_t * | hsm_create_context () |
int | hsm_check_context () |
void | hsm_destroy_context (hsm_ctx_t *ctx) |
hsm_sign_params_t * | hsm_sign_params_new () |
void | hsm_sign_params_free (hsm_sign_params_t *params) |
hsm_key_t ** | hsm_list_keys (hsm_ctx_t *ctx, size_t *count) |
hsm_key_t ** | hsm_list_keys_repository (hsm_ctx_t *ctx, size_t *count, const char *repository) |
size_t | hsm_count_keys (hsm_ctx_t *ctx) |
size_t | hsm_count_keys_repository (hsm_ctx_t *ctx, const char *repository) |
hsm_key_t * | hsm_find_key_by_id (hsm_ctx_t *ctx, const char *id) |
hsm_key_t * | hsm_generate_rsa_key (hsm_ctx_t *ctx, const char *repository, unsigned long keysize) |
hsm_key_t * | hsm_generate_dsa_key (hsm_ctx_t *ctx, const char *repository, unsigned long keysize) |
hsm_key_t * | hsm_generate_gost_key (hsm_ctx_t *ctx, const char *repository) |
int | hsm_remove_key (hsm_ctx_t *ctx, hsm_key_t *key) |
void | hsm_key_free (hsm_key_t *key) |
void | hsm_key_list_free (hsm_key_t **key_list, size_t count) |
char * | hsm_get_key_id (hsm_ctx_t *ctx, const hsm_key_t *key) |
hsm_key_info_t * | hsm_get_key_info (hsm_ctx_t *ctx, const hsm_key_t *key) |
void | hsm_key_info_free (hsm_key_info_t *key_info) |
ldns_rr * | hsm_sign_rrset (hsm_ctx_t *ctx, const ldns_rr_list *rrset, const hsm_key_t *key, const hsm_sign_params_t *sign_params) |
ldns_rdf * | hsm_nsec3_hash_name (hsm_ctx_t *ctx, ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt) |
ldns_rr * | hsm_get_dnskey (hsm_ctx_t *ctx, const hsm_key_t *key, const hsm_sign_params_t *sign_params) |
int | hsm_random_buffer (hsm_ctx_t *ctx, unsigned char *buffer, unsigned long length) |
uint32_t | hsm_random32 (hsm_ctx_t *ctx) |
uint64_t | hsm_random64 (hsm_ctx_t *ctx) |
int | hsm_attach (const char *repository, const char *token_label, const char *path, const char *pin, const hsm_config_t *config) |
int | hsm_detach (const char *repository) |
int | hsm_token_attached (hsm_ctx_t *ctx, const char *repository) |
int | hsm_supported_algorithm (ldns_algorithm algorithm) |
char * | hsm_get_error (hsm_ctx_t *gctx) |
void | hsm_print_session (hsm_session_t *session) |
void | hsm_print_ctx (hsm_ctx_t *ctx) |
void | hsm_print_key (hsm_ctx_t *ctx, hsm_key_t *key) |
void | hsm_print_error (hsm_ctx_t *gctx) |
void | hsm_print_tokeninfo (hsm_ctx_t *ctx) |
void | keycache_create (hsm_ctx_t *ctx) |
void | keycache_destroy (hsm_ctx_t *ctx) |
const hsm_key_t * | keycache_lookup (hsm_ctx_t *ctx, const char *locator) |
Variables | |
hsm_ctx_t * | _hsm_ctx |
pthread_mutex_t | _hsm_ctx_mutex = PTHREAD_MUTEX_INITIALIZER |
#define HSM_TOKEN_LABEL_LENGTH 32 |
Fixed length from PKCS#11 specification
Definition at line 52 of file libhsm.c.
Referenced by hsm_ctx_set_error().
int hsm_attach | ( | const char * | repository, |
const char * | token_name, | ||
const char * | path, | ||
const char * | pin, | ||
const hsm_config_t * | config | ||
) |
Attached a named HSM using a PKCS#11 shared library and optional credentials (may be NULL, but then undefined) This function changes the global state, and is not threadsafe
repository | the name of the repository |
token_label | the name of the token to attach |
path | the path of the shared PKCS#11 library |
pin | the PIN to log into the token |
config | optional configuration |
Definition at line 3140 of file libhsm.c.
References HSM_OK.
Referenced by hsm_open().
int hsm_check_context | ( | ) |
Check HSM context
Check if the associated sessions are still alive. If they are not alive, then try re-open libhsm.
context | HSM context |
Definition at line 2172 of file libhsm.c.
References _hsm_ctx, _hsm_ctx_mutex, CKF_RW_SESSION, CKF_SERIAL_SESSION, CKS_RW_USER_FUNCTIONS, ctx, hsm_ctx_set_error(), HSM_ERROR, HSM_OK, hsm_session_t::module, hsm_session_t::session, hsm_ctx_t::session, hsm_ctx_t::session_count, ck_session_info::state, and hsm_module_t::sym.
void hsm_close | ( | ) |
Close HSM library
Log out and detach from all configured HSMs This cleans up all data for libhsm, and should be the last function called.
Definition at line 2153 of file libhsm.c.
References _hsm_ctx_mutex.
Referenced by main().
size_t hsm_count_keys | ( | hsm_ctx_t * | context | ) |
Count all known keys in all attached HSMs
context | HSM context |
Definition at line 2311 of file libhsm.c.
References _hsm_ctx, hsm_count_keys_session(), hsm_ctx_t::session, and hsm_ctx_t::session_count.
size_t hsm_count_keys_repository | ( | hsm_ctx_t * | context, |
const char * | repository | ||
) |
Count all known keys in a HSM
context | HSM context |
repository | repository in where to count the keys |
Definition at line 2324 of file libhsm.c.
References _hsm_ctx, and hsm_count_keys_session().
size_t hsm_count_keys_session | ( | hsm_ctx_t * | ctx, |
const hsm_session_t * | session | ||
) |
Definition at line 1259 of file libhsm.c.
References hsm_sign_params_t::algorithm, algorithm, CKA_BASE, CKA_MODULUS, CKA_PRIME, CKA_PUBLIC_EXPONENT, CKA_SUBPRIME, CKA_VALUE, CKK_DSA, CKK_GOSTR3410, CKK_RSA, CKM_DSA, CKM_GOSTR3410, CKM_GOSTR3411, CKM_MD5, CKM_RSA_PKCS, CKO_PRIVATE_KEY, hsm_module_t::config, hsm_sign_params_t::expiration, hsm_ctx_set_error(), HSM_MAX_SIGNATURE_LENGTH, HSM_REPOSITORY_NOT_FOUND, hsm_sign_params_t::inception, hsm_sign_params_t::keytag, ck_mechanism::mechanism, hsm_session_t::module, hsm_module_t::name, hsm_sign_params_t::owner, hsm_key_t::private_key, hsm_key_t::public_key, hsm_session_t::session, hsm_ctx_t::session, hsm_ctx_t::session_count, hsm_module_t::sym, hsm_config_t::use_pubkey, value, and value_len.
Referenced by hsm_count_keys(), and hsm_count_keys_repository().
hsm_ctx_t* hsm_create_context | ( | void | ) |
Create new HSM context
Creates a new session for each attached HSM. The returned hsm_ctx_t * can be freed with hsm_destroy_context()
Definition at line 2162 of file libhsm.c.
References _hsm_ctx_mutex.
Referenced by main().
void hsm_ctx_set_error | ( | hsm_ctx_t * | ctx, |
int | error, | ||
const char * | action, | ||
const char * | message, | ||
... | |||
) |
Set HSM Context Error
If the ctx is given, and it's error value is still 0, the value will be set to 'error', and the error_message and error_action will be set to the given strings.
ctx | HSM context |
error | error code |
action | action for which the error occured |
message | error message format string |
Definition at line 213 of file libhsm.c.
References ck_function_list::C_GetTokenInfo, CKR_FUNCTION_FAILED, CKR_OK, ctx, hsm_ctx_t::error, hsm_ctx_t::error_action, hsm_ctx_t::error_message, hsm_module_t::handle, HSM_TOKEN_LABEL_LENGTH, ck_token_info::label, hsm_module_t::path, and hsm_module_t::sym.
Referenced by hsm_check_context(), hsm_check_pin(), hsm_count_keys_session(), hsm_get_dnskey(), hsm_get_slot_id(), hsm_logout_pin(), hsm_nsec3_hash_name(), hsm_open(), hsm_sem_open(), hsm_sem_post(), hsm_sem_wait(), hsm_shm_open(), and hsm_token_attached().
void hsm_destroy_context | ( | hsm_ctx_t * | context | ) |
int hsm_detach | ( | const char * | repository | ) |
Detach a named HSM
Definition at line 3163 of file libhsm.c.
References hsm_session_t::module, hsm_module_t::name, hsm_ctx_t::session, and hsm_ctx_t::session_count.
Find a key pair by CKA_ID (as hex string)
The returned key structure can be freed with hsm_key_free()
context | HSM context |
id | CKA_ID of key to find (null-terminated string of hex characters) |
Definition at line 2340 of file libhsm.c.
Referenced by cmd_dnskey(), cmd_remove(), keycache_lookup(), and main().
hsm_key_t* hsm_generate_dsa_key | ( | hsm_ctx_t * | context, |
const char * | repository, | ||
unsigned long | keysize | ||
) |
Generate new key pair in HSM
Keys generated by libhsm will have a 16-byte identifier set as CKA_ID and the hexadecimal representation of it set as CKA_LABEL.
The returned key structure can be freed with hsm_key_free()
context | HSM context |
repository | repository in where to create the key |
keysize | Size of DSA key |
Definition at line 2448 of file libhsm.c.
References _hsm_ctx, hsm_config_t::allow_extract, CK_FALSE, CK_TRUE, CKA_BASE, CKA_DECRYPT, CKA_ENCRYPT, CKA_EXTRACTABLE, CKA_ID, CKA_KEY_TYPE, CKA_LABEL, CKA_PRIME, CKA_PRIME_BITS, CKA_PRIVATE, CKA_SENSITIVE, CKA_SIGN, CKA_SUBPRIME, CKA_TOKEN, CKA_UNWRAP, CKA_VERIFY, CKA_WRAP, CKK_DSA, CKM_DSA_KEY_PAIR_GEN, CKM_DSA_PARAMETER_GEN, hsm_module_t::config, hsm_key_free(), hsm_random_buffer(), hsm_session_t::module, hsm_key_t::modulename, hsm_module_t::name, NULL_PTR, hsm_key_t::private_key, hsm_key_t::public_key, hsm_session_t::session, and hsm_module_t::sym.
Referenced by hsm_test().
Generate new key pair in HSM
Keys generated by libhsm will have a 16-byte identifier set as CKA_ID and the hexadecimal representation of it set as CKA_LABEL.
The returned key structure can be freed with hsm_key_free()
context | HSM context |
repository | repository in where to create the key |
Definition at line 2578 of file libhsm.c.
References hsm_config_t::allow_extract, CK_FALSE, CK_TRUE, CKA_DECRYPT, CKA_ENCRYPT, CKA_EXTRACTABLE, CKA_GOSTR3410PARAMS, CKA_GOSTR3411PARAMS, CKA_ID, CKA_KEY_TYPE, CKA_LABEL, CKA_PRIVATE, CKA_SENSITIVE, CKA_SIGN, CKA_TOKEN, CKA_UNWRAP, CKA_VERIFY, CKA_WRAP, CKK_GOSTR3410, CKM_GOSTR3410_KEY_PAIR_GEN, hsm_module_t::config, hsm_key_free(), hsm_random_buffer(), hsm_session_t::module, hsm_key_t::modulename, hsm_module_t::name, NULL_PTR, hsm_key_t::private_key, hsm_key_t::public_key, hsm_session_t::session, and hsm_module_t::sym.
Referenced by hsm_test().
hsm_key_t* hsm_generate_rsa_key | ( | hsm_ctx_t * | context, |
const char * | repository, | ||
unsigned long | keysize | ||
) |
Generate new key pair in HSM
Keys generated by libhsm will have a 16-byte identifier set as CKA_ID and the hexadecimal representation of it set as CKA_LABEL. Other stuff, like exponent, may be needed here as well.
The returned key structure can be freed with hsm_key_free()
context | HSM context |
repository | repository in where to create the key |
keysize | Size of RSA key |
Definition at line 2356 of file libhsm.c.
References hsm_config_t::allow_extract, CK_FALSE, CK_TRUE, CKA_DECRYPT, CKA_ENCRYPT, CKA_EXTRACTABLE, CKA_ID, CKA_KEY_TYPE, CKA_LABEL, CKA_MODULUS_BITS, CKA_PRIVATE, CKA_PUBLIC_EXPONENT, CKA_SENSITIVE, CKA_SIGN, CKA_TOKEN, CKA_UNWRAP, CKA_VERIFY, CKA_WRAP, CKK_RSA, CKM_RSA_PKCS_KEY_PAIR_GEN, hsm_module_t::config, hsm_random_buffer(), hsm_session_t::module, hsm_key_t::modulename, hsm_module_t::name, NULL_PTR, hsm_key_t::private_key, hsm_key_t::public_key, hsm_session_t::session, hsm_module_t::sym, and hsm_config_t::use_pubkey.
Referenced by cmd_generate(), hsm_test(), and main().
ldns_rr* hsm_get_dnskey | ( | hsm_ctx_t * | ctx, |
const hsm_key_t * | key, | ||
const hsm_sign_params_t * | sign_params | ||
) |
Get DNSKEY RR
The returned ldns_rr structure can be freed with ldns_rr_free()
context | HSM context |
key | Key to get DNSKEY RR from |
sign_params | the signing parameters (flags, algorithm, etc) |
Definition at line 3033 of file libhsm.c.
References hsm_sign_params_t::algorithm, hsm_sign_params_t::flags, hsm_ctx_set_error(), and hsm_sign_params_t::owner.
Referenced by cmd_dnskey(), main(), and sign().
char* hsm_get_error | ( | hsm_ctx_t * | gctx | ) |
Return the current error message
The returned message is allocated data, and must be free()d by the caller
ctx | HSM context |
Definition at line 3227 of file libhsm.c.
References _hsm_ctx, ctx, hsm_ctx_t::error, hsm_ctx_t::error_action, hsm_ctx_t::error_message, and HSM_ERROR_MSGSIZE.
Referenced by hsm_print_error(), and main().
Get id as null-terminated hex string using key identifier
The returned id is allocated data, and must be free()d by the caller
context | HSM context |
key | Key pair to get the ID from |
Definition at line 2723 of file libhsm.c.
References hsm_key_t::private_key.
Referenced by hsm_get_key_info(), hsm_test(), and main().
hsm_key_info_t* hsm_get_key_info | ( | hsm_ctx_t * | context, |
const hsm_key_t * | key | ||
) |
Get extended key information
The returned id is allocated data, and must be freed by the caller With hsm_key_info_free()
context | HSM context |
key | Key pair to get information about |
Definition at line 2753 of file libhsm.c.
References hsm_key_info_t::algorithm, hsm_key_info_t::algorithm_name, CKK_DSA, CKK_GOSTR3410, CKK_RSA, hsm_get_key_id(), HSM_MAX_ALGONAME, hsm_key_info_t::id, and hsm_key_info_t::keysize.
Referenced by cmd_generate(), cmd_list(), cmd_purge(), and hsm_print_key().
int hsm_get_slot_id | ( | hsm_ctx_t * | ctx, |
CK_FUNCTION_LIST_PTR | pkcs11_functions, | ||
const char * | token_name, | ||
CK_SLOT_ID * | slotId | ||
) |
Definition at line 379 of file libhsm.c.
References algorithm, hsm_config_t::allow_extract, ck_function_list::C_GetSlotList, CK_TRUE, CKA_CLASS, CKA_ID, CKA_KEY_TYPE, CKA_MODULUS, CKA_MODULUS_BITS, CKA_PRIME, CKF_OS_LOCKING_OK, CKF_RW_SESSION, CKF_SERIAL_SESSION, CKK_DSA, CKK_GOSTR3410, CKK_RSA, CKO_PRIVATE_KEY, CKO_PUBLIC_KEY, CKR_CRYPTOKI_ALREADY_INITIALIZED, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_OK, CKR_PIN_INCORRECT, CKU_USER, hsm_module_t::config, ctx, hsm_ctx_t::error, hsm_module_t::handle, hsm_ctx_set_error(), HSM_ERROR, HSM_MAX_SESSIONS, HSM_MODULE_NOT_FOUND, HSM_OK, HSM_PIN_INCORRECT, hsm_module_t::id, keycache_create(), keycache_destroy(), hsm_session_t::module, hsm_key_t::modulename, hsm_module_t::name, NULL_PTR, hsm_module_t::path, hsm_key_t::private_key, hsm_key_t::public_key, hsm_session_t::session, hsm_ctx_t::session, hsm_ctx_t::session_count, slot_id, hsm_module_t::sym, hsm_module_t::token_label, and hsm_config_t::use_pubkey.
Referenced by hsm_print_tokeninfo().
void hsm_key_free | ( | hsm_key_t * | key | ) |
Free the memory for a key structure.
key | The key structure to free |
Definition at line 2704 of file libhsm.c.
Referenced by cmd_dnskey(), cmd_generate(), cmd_remove(), hsm_generate_dsa_key(), hsm_generate_gost_key(), hsm_key_list_free(), and main().
void hsm_key_info_free | ( | hsm_key_info_t * | key_info | ) |
Frees the hsm_key_info_t structure
key_info | The structure to free |
Definition at line 2799 of file libhsm.c.
References hsm_key_info_t::algorithm_name, and hsm_key_info_t::id.
Referenced by cmd_generate(), cmd_list(), cmd_purge(), and hsm_print_key().
void hsm_key_list_free | ( | hsm_key_t ** | key_list, |
size_t | count | ||
) |
Free the memory of an array of key structures, as returned by hsm_list_keys()
key_list | The array of keys to free |
count | The number of keys in the array |
Definition at line 2712 of file libhsm.c.
References hsm_key_free().
Referenced by cmd_list(), and cmd_purge().
List all known keys in all attached HSMs
After the function has run, the value at count contains the number of keys found.
The resulting key list can be freed with hsm_key_list_free() Alternatively, each individual key structure in the list could be freed with hsm_key_free()
context | HSM context |
count | location to store the number of keys found |
Definition at line 2262 of file libhsm.c.
References hsm_list_keys_session(), hsm_ctx_t::session, and hsm_ctx_t::session_count.
Referenced by cmd_list(), and main().
hsm_key_t** hsm_list_keys_repository | ( | hsm_ctx_t * | context, |
size_t * | count, | ||
const char * | repository | ||
) |
List all known keys in a HSM
After the function has run, the value at count contains the number of keys found.
The resulting key list can be freed with hsm_key_list_free() Alternatively, each individual key structure in the list could be freed with hsm_key_free()
context | HSM context |
count | location to store the number of keys found |
repository | repository to list the keys in |
Definition at line 2294 of file libhsm.c.
References hsm_list_keys_session().
Referenced by cmd_list(), and cmd_purge().
hsm_key_t** hsm_list_keys_session | ( | hsm_ctx_t * | ctx, |
const hsm_session_t * | session, | ||
size_t * | count | ||
) |
Definition at line 1246 of file libhsm.c.
Referenced by hsm_list_keys(), and hsm_list_keys_repository().
ldns_rdf* hsm_nsec3_hash_name | ( | hsm_ctx_t * | ctx, |
ldns_rdf * | name, | ||
uint8_t | algorithm, | ||
uint16_t | iterations, | ||
uint8_t | salt_length, | ||
uint8_t * | salt | ||
) |
Generate a base32 encoded hashed NSEC3 name
ctx | HSM context |
name | Domain name to hash |
algorithm | NSEC3 algorithm (must be 1 atm) |
iteration | number of hash iterations |
salt_length | the length of the salt |
salt | the salt |
Definition at line 2921 of file libhsm.c.
References _hsm_ctx, CKM_SHA_1, hsm_ctx_set_error(), ck_mechanism::mechanism, hsm_ctx_t::session, and hsm_ctx_t::session_count.
int hsm_open | ( | const char * | config, |
char * | pin_callback)(unsigned int, const char *, unsigned int | ||
) |
Open HSM library
config | path to OpenDNSSEC XML configuration file |
pin_callback | This function will be called for tokens that have no PIN configured. The default hsm_prompt_pin() can be used. If this value is NULL, these tokens will be skipped |
Attaches all configured HSMs, querying for PINs (using the given callback function) if not known. Also creates initial sessions (not part of any context; every API function that takes a context can be passed NULL, in which case the global context will be used) and log into each HSM.
Definition at line 1994 of file libhsm.c.
References _hsm_ctx_mutex, hsm_config_t::allow_extract, hsm_attach(), HSM_CONFIG_FILE_ERROR, hsm_ctx_set_error(), HSM_ERROR, HSM_NO_REPOSITORIES, HSM_OK, HSM_PIN_FIRST, HSM_PIN_INCORRECT, HSM_PIN_RETRY, HSM_PIN_SAVE, hsm_ctx_t::session_count, and hsm_config_t::use_pubkey.
Referenced by main().
void hsm_print_ctx | ( | hsm_ctx_t * | ctx | ) |
Definition at line 3268 of file libhsm.c.
References hsm_print_session(), hsm_ctx_t::session, and hsm_ctx_t::session_count.
Referenced by cmd_debug(), and main().
void hsm_print_error | ( | hsm_ctx_t * | gctx | ) |
Definition at line 3300 of file libhsm.c.
References hsm_get_error().
Referenced by cmd_generate(), cmd_list(), cmd_logout(), cmd_purge(), hsm_test(), and main().
Definition at line 3279 of file libhsm.c.
References hsm_key_info_t::algorithm_name, hsm_get_key_info(), hsm_key_info_free(), hsm_key_info_t::id, hsm_key_info_t::keysize, hsm_key_t::modulename, and hsm_key_t::private_key.
Referenced by cmd_generate(), and main().
void hsm_print_session | ( | hsm_session_t * | session | ) |
Definition at line 3258 of file libhsm.c.
References hsm_session_t::module, hsm_module_t::name, hsm_module_t::path, hsm_session_t::session, hsm_module_t::sym, and hsm_module_t::token_label.
Referenced by hsm_print_ctx().
void hsm_print_tokeninfo | ( | hsm_ctx_t * | ctx | ) |
Definition at line 3315 of file libhsm.c.
References hsm_get_slot_id(), HSM_OK, ck_token_info::label, ck_token_info::model, hsm_session_t::module, hsm_module_t::name, hsm_module_t::path, hsm_ctx_t::session, hsm_ctx_t::session_count, slot_id, hsm_module_t::sym, and hsm_module_t::token_label.
Referenced by cmd_info().
uint32_t hsm_random32 | ( | hsm_ctx_t * | ctx | ) |
Return unsigned 32-bit random number from any attached HSM
context | HSM context |
Definition at line 3106 of file libhsm.c.
References hsm_random_buffer().
Referenced by main().
uint64_t hsm_random64 | ( | hsm_ctx_t * | ctx | ) |
Return unsigned 64-bit random number from any attached HSM
context | HSM context |
Definition at line 3121 of file libhsm.c.
References hsm_random_buffer().
Referenced by main().
int hsm_random_buffer | ( | hsm_ctx_t * | ctx, |
unsigned char * | buffer, | ||
unsigned long | length | ||
) |
Fill a buffer with random data from any attached HSM
context | HSM context |
buffer | Buffer to fill with random data |
length | Size of random buffer |
Definition at line 3079 of file libhsm.c.
References CKR_OK, hsm_session_t::module, hsm_session_t::session, hsm_ctx_t::session, hsm_ctx_t::session_count, and hsm_module_t::sym.
Referenced by hsm_generate_dsa_key(), hsm_generate_gost_key(), hsm_generate_rsa_key(), hsm_random32(), and hsm_random64().
Remove a key pair from HSM
When a key is removed, the module pointer is set to NULL, and the public and private key handles are set to 0. The structure still needs to be freed.
context | HSM context |
key | Key pair to be removed |
Definition at line 2675 of file libhsm.c.
References hsm_module_t::config, hsm_session_t::module, hsm_key_t::private_key, hsm_key_t::public_key, hsm_session_t::session, hsm_module_t::sym, and hsm_config_t::use_pubkey.
Referenced by cmd_purge(), cmd_remove(), hsm_test(), and main().
void hsm_sign_params_free | ( | hsm_sign_params_t * | params | ) |
Free the signer parameters structure
If params->owner has been set, ldns_rdf_deep_free() will be called on it.
params | The signer parameters to free |
Definition at line 2253 of file libhsm.c.
References hsm_sign_params_t::owner.
Referenced by cmd_dnskey(), main(), and sign().
hsm_sign_params_t* hsm_sign_params_new | ( | ) |
Returns an allocated hsm_sign_params_t with some defaults
Definition at line 2236 of file libhsm.c.
References hsm_sign_params_t::algorithm, hsm_sign_params_t::expiration, hsm_sign_params_t::flags, hsm_sign_params_t::inception, hsm_sign_params_t::keytag, and hsm_sign_params_t::owner.
Referenced by cmd_dnskey(), main(), and sign().
ldns_rr* hsm_sign_rrset | ( | hsm_ctx_t * | ctx, |
const ldns_rr_list * | rrset, | ||
const hsm_key_t * | key, | ||
const hsm_sign_params_t * | sign_params | ||
) |
Sign RRset using key
The returned ldns_rr structure can be freed with ldns_rr_free()
context | HSM context |
rrset | RRset to sign |
key | Key pair used to sign |
Definition at line 2813 of file libhsm.c.
References hsm_sign_params_t::algorithm, hsm_session_t::module, hsm_session_t::session, and hsm_module_t::sym.
int hsm_supported_algorithm | ( | ldns_algorithm | algorithm | ) |
int hsm_token_attached | ( | hsm_ctx_t * | ctx, |
const char * | repository | ||
) |
Check whether a named token has been initialized in this context
ctx | HSM context |
token_name | The name of the token |
Definition at line 3187 of file libhsm.c.
References hsm_ctx_set_error(), HSM_REPOSITORY_NOT_FOUND, hsm_session_t::module, hsm_module_t::name, hsm_ctx_t::session, and hsm_ctx_t::session_count.
Referenced by cmd_generate(), cmd_list(), cmd_purge(), and hsm_test().
void keycache_create | ( | hsm_ctx_t * | ctx | ) |
Definition at line 3373 of file libhsm.c.
References hsm_ctx_t::keycache.
Referenced by hsm_get_slot_id().
void keycache_destroy | ( | hsm_ctx_t * | ctx | ) |
Definition at line 3379 of file libhsm.c.
References hsm_ctx_t::keycache.
Referenced by hsm_get_slot_id().
Definition at line 3386 of file libhsm.c.
References hsm_find_key_by_id(), and hsm_ctx_t::keycache.
hsm_ctx_t* _hsm_ctx |
Global (initial) context, with mutex to serialize access to it
Definition at line 55 of file libhsm.c.
Referenced by hsm_check_context(), hsm_count_keys(), hsm_count_keys_repository(), hsm_generate_dsa_key(), hsm_get_error(), and hsm_nsec3_hash_name().
pthread_mutex_t _hsm_ctx_mutex = PTHREAD_MUTEX_INITIALIZER |
Definition at line 56 of file libhsm.c.
Referenced by hsm_check_context(), hsm_close(), hsm_create_context(), and hsm_open().