2332 lines
99 KiB
Diff
2332 lines
99 KiB
Diff
From 1197829d87732e1cae18ee64eefe44f0a6cb391f Mon Sep 17 00:00:00 2001
|
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Date: Wed, 16 Feb 2022 10:09:10 +0100
|
|
Subject: [PATCH 12/34] EP11: Update EP11 host library header files
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
---
|
|
usr/lib/ep11_stdll/ep11.h | 1345 +++++++++++++++++++++++++-----------------
|
|
usr/lib/ep11_stdll/ep11adm.h | 305 +++-------
|
|
2 files changed, 911 insertions(+), 739 deletions(-)
|
|
|
|
diff --git a/usr/lib/ep11_stdll/ep11.h b/usr/lib/ep11_stdll/ep11.h
|
|
index cd4f11e5..c68dd045 100644
|
|
--- a/usr/lib/ep11_stdll/ep11.h
|
|
+++ b/usr/lib/ep11_stdll/ep11.h
|
|
@@ -16,7 +16,6 @@
|
|
|
|
#if !defined(XCP_H__)
|
|
#define XCP_H__
|
|
-
|
|
#if !defined(CKR_OK)
|
|
#include "pkcs11.h"
|
|
#endif
|
|
@@ -25,195 +24,10 @@
|
|
#error "We need 64-bit <stdint.h> types, please include before this file."
|
|
#endif
|
|
|
|
-// SHA224 etc. are additions to PKCS#11 2.20
|
|
-// remove these if host migrates beyond 2.20 as base minimum [unlikely]
|
|
-//
|
|
-#if !defined(CKM_SHA224)
|
|
-#define CKM_SHA224 0x00000255
|
|
-#define CKM_SHA224_HMAC 0x00000256
|
|
-#define CKM_SHA224_HMAC_GENERAL 0x00000257
|
|
-#define CKM_SHA224_RSA_PKCS 0x00000046
|
|
-#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
|
|
-#define CKM_SHA224_KEY_DERIVATION 0x00000396
|
|
-#define CKM_AES_CTR 0x00001086
|
|
-#define CKG_MGF1_SHA224 0x00000005
|
|
-#endif
|
|
-
|
|
-#if !defined(CKM_AES_CMAC)
|
|
-#define CKM_AES_CMAC 0x0000108a
|
|
-#endif
|
|
-
|
|
-#if !defined(CKM_DES3_CMAC)
|
|
-#define CKM_DES3_CMAC 0x00000138
|
|
-#endif
|
|
-
|
|
-
|
|
-
|
|
-// max value for target groups
|
|
-#define XCP_MAX_GRPIDX 1024u
|
|
-//
|
|
-// current version of XCP_Module structure; host code SHOULD interact with
|
|
-// future/past versions, MUST be set by caller before using m_add_module()
|
|
-// valid versions are all >0
|
|
-#define XCP_MOD_VERSION 2
|
|
//
|
|
// used for internal and external paths/addresses
|
|
#define MAX_FNAME_CHARS 256
|
|
|
|
-// macros for setting/checking and removing domains from (tgt.mgmt) domain mask
|
|
-#define XCPTGTMASK_SET_DOM(mask, domain) \
|
|
- mask[((domain)/8)] |= (1 << (7-(domain)%8))
|
|
-#define XCPTGTMASK_DOM_IS_SET(mask, domain) \
|
|
- (mask[((domain)/8)] & (1 << (7-(domain)%8)))
|
|
-#define XCPTGTMASK_CLR_DOM(mask, domain) \
|
|
- mask[((domain)/8)] &= ~(1 << (7-(domain)%8))
|
|
-//
|
|
-
|
|
-
|
|
-/* flags that can be set for the target tokens
|
|
- *
|
|
- * This flags are domain specific and are therefore called domain flags
|
|
- *
|
|
- * start of flags is >16 Bit. Max value for domains is 0xFF. Should be enough
|
|
- * room for extensions
|
|
- */
|
|
-#define XCP_TGTFL_WCAP 0x10000000 /* Capture wire request in output buffer
|
|
- * without sending it to the module
|
|
- */
|
|
-#define XCP_TGTFL_WCAP_SQ 0x20000000 /* Size query: Return size of request in
|
|
- * output buffer length field
|
|
- */
|
|
-#define XCP_TGTFL_SET_SCMD 0x40000000 /* Protected key special command: Set the
|
|
- * special command flag in the CPRB
|
|
- * header
|
|
- */
|
|
-#define XCP_TGTFL_API_CHKD 0x80000000 /* supported API version of modules in
|
|
- * target (group) has been checked
|
|
- */
|
|
-
|
|
-#define XCP_TGTFL_NO_LOCK 0x01000000 /* target token ignores sequential locks
|
|
- * for target probing
|
|
- */
|
|
-#define XCP_TGTFL_SET_ACMD 0x04000000 /* add CPRB admin flag to CPRB header */
|
|
-
|
|
-//--------------------------------------
|
|
-// socket use only
|
|
-#define XCP_MAXCONNECTIONS 64 /* max value for active connections */
|
|
-#define XCP_MAX_PORT 0xffff
|
|
-
|
|
-// hostname and port value fore one module
|
|
-typedef struct XCP_ModuleSocket {
|
|
- char host[ MAX_FNAME_CHARS +1 ];
|
|
- uint32_t port;
|
|
-} *XCP_ModuleSocket_t ;
|
|
-
|
|
-
|
|
-//--------------------------------------
|
|
-// diagnostics use only
|
|
-typedef struct XCP_DomainPerf {
|
|
- /* perf value of last request per domain
|
|
- *
|
|
- * At the moment unused
|
|
- * */
|
|
- unsigned int lastperf[ 256 ];
|
|
-} *XCP_DomainPerf_t;
|
|
-
|
|
-
|
|
-//--------------------------------------
|
|
-// subsequent communications with a module MAY skip infrastructure-specific
|
|
-// fields, such as a query not reporting device handles etc., even if they
|
|
-// have been supplied originally when the module has been registered.
|
|
-//
|
|
-typedef struct XCP_Module {
|
|
- uint32_t version; /* >0 for supported API versions */
|
|
-
|
|
- uint64_t flags; /* see XCP_Module_Flags */
|
|
-
|
|
- uint32_t domains; /* max# addressable under this module;
|
|
- * cached from OS
|
|
- *
|
|
- * when callers set domains to 0, the library
|
|
- * returns the module-claimed domain count.
|
|
- */
|
|
-
|
|
- unsigned char domainmask[ 256 /8 ];
|
|
- /* higher domain# through future flags (none
|
|
- * currently defined) which would add things
|
|
- * like 'FLAG_256_1023' etc. at the same time,
|
|
- * we would add domainmask2[] etc.
|
|
- * corresponding new fields.
|
|
- *
|
|
- * new fields would then store mask for
|
|
- * domains 256+ etc.
|
|
- *
|
|
- * domain #0 is bit x80 of 1st byte,
|
|
- * #255 is bit 0x01 of last byte.
|
|
- */
|
|
-
|
|
- // when a domainmask is supplied, with bits set beyond
|
|
- // what the module supports, the bitmask is trimmed to
|
|
- // the supported range, but this is NOT reported as an
|
|
- // error, unless XCP_MFL_STRICT is also supplied.
|
|
- //
|
|
- // without XCP_MFL_STRICT, callers are expected to check
|
|
- // at least the returned domain count.
|
|
-
|
|
- /* used only when flags includes XCP_MFL_SOCKET */
|
|
- struct XCP_ModuleSocket socket;
|
|
-
|
|
- /* used when system exposes modules through an
|
|
- * array of transparent pipes, or similar abstraction
|
|
- * (such as mainframe AP Queues, or other Linux
|
|
- * 'device-minor' numbers etc.). Interpretation
|
|
- * is platform-dependent.
|
|
- *
|
|
- * used only when flags includes XCP_MFL_MODULE
|
|
- */
|
|
- uint32_t module_nr;
|
|
-
|
|
- /* used by systems which associate devices with
|
|
- * device handles/structs/etc. persistent state.
|
|
- * opaque pointer, usually a const pointer to
|
|
- * such aux structs, MAY be stored here.
|
|
- *
|
|
- * interpretation is platform-dependent.
|
|
- * used only when flags includes XCP_MFL_MHANDLE
|
|
- */
|
|
- void *mhandle;
|
|
- /* diagnostics use only, when XCP_MFL_PERF is set */
|
|
- struct XCP_DomainPerf perf;
|
|
- //----- end of v1 fields -------------------------------------------
|
|
-
|
|
- uint32_t api; /* module api version*/
|
|
- //----- end of v2 fields -------------------------------------------
|
|
-} *XCP_Module_t ;
|
|
-
|
|
-typedef enum {
|
|
- XCP_MFL_SOCKET = 1, /* backend is socket-attached */
|
|
- XCP_MFL_MODULE = 2, /* backends identified in
|
|
- array-of-modules */
|
|
- XCP_MFL_MHANDLE = 4, /* backends uses 'module handle' field */
|
|
- XCP_MFL_PERF = 8, /* performance statistics collected
|
|
- * for this module, see .perf
|
|
- */
|
|
- XCP_MFL_VIRTUAL = 0x10, /* queried 'target' is a load-balancer,
|
|
- * other other group.
|
|
- */
|
|
- XCP_MFL_STRICT = 0x20, /* enable aggressive error checking,
|
|
- * see field descriptions for effect
|
|
- */
|
|
- XCP_MFL_PROBE = 0x40, /* send api query to module, to check if
|
|
- * target(s) can be used
|
|
- */
|
|
- XCP_MFL_ALW_TGT_ADD = 0x80, /* Allows it to use a target in any
|
|
- * functional and admin call without
|
|
- * adding it beforehand with
|
|
- * m_add_module()
|
|
- */
|
|
- XCP_MFL_MAX = 0xff
|
|
-} XCP_Module_Flags;
|
|
-
|
|
-
|
|
// Error Values for functions that do not return CK_RV
|
|
// general errors
|
|
#define XCP_OK 0 /* function successful
|
|
@@ -282,17 +96,15 @@ typedef enum {
|
|
* flag is not active
|
|
*/
|
|
|
|
-
|
|
/*--------------------------------------------------------------------------*/
|
|
#define XCP_COMMON_PUBLIC_H__
|
|
|
|
|
|
-#define XCP_API_VERSION 0x071d /* major[8] minor[8] */
|
|
+#define XCP_API_VERSION 0x0810 /* major[8] minor[8] */
|
|
#define XCP_API_ORDINAL 0x0004
|
|
/* increment this with every major/minor change */
|
|
|
|
-#define XCP_HOST_API_VER 0x030100 /* major[8] minor[8] fixpack[8] */
|
|
-#define XCP_RPM_VERSION XCP_HOST_API_VER /* deprecated */
|
|
+#define XCP_HOST_API_VER 0x040000 /* major[8] minor[8] fixpack[8] */
|
|
|
|
/* HSM connection information; not for PKCS11 user consumption */
|
|
#define XCP_HSM_AGENT_ID 0x5843 /* ASCII "XC" */
|
|
@@ -375,6 +187,8 @@ typedef enum {
|
|
#define CKR_IBM_TARGET_INVALID (CKR_VENDOR_DEFINED +0x10030)
|
|
|
|
|
|
+#define CKR_IBM_PQC_PARAMS_NOT_SUPPORTED (CKR_VENDOR_DEFINED +0x10031)
|
|
+
|
|
|
|
// Error returned if internal verification of crypto engines fail
|
|
#define CKR_IBM_ERROR_STATE (CKR_VENDOR_DEFINED +0x10101)
|
|
@@ -445,12 +259,18 @@ typedef enum {
|
|
#define CKM_IBM_ED448_SHA3 (CKM_VENDOR_DEFINED +0x1001f)
|
|
|
|
|
|
+// round counts are passed as mechanism parameters
|
|
+#define CKM_IBM_SIPHASH (CKM_VENDOR_DEFINED +0x10021)
|
|
+
|
|
+
|
|
// these need a strength definition
|
|
// XCP_U32_VALUE_BITS/CKA_VALUE_BITS would be sufficient; strength->K/L mapping
|
|
//
|
|
// umbrella mech for PQC/Crystals variants
|
|
#define CKM_IBM_DILITHIUM (CKM_VENDOR_DEFINED +0x10023)
|
|
// ^^^ sign/verify plus keygen only
|
|
+#define CKM_IBM_KYBER (CKM_VENDOR_DEFINED +0x10024)
|
|
+ // ^^^ en/decrypt, keygen, key transport, and (hybrid) key derivation
|
|
|
|
// SHA-3 HMAC variants
|
|
#define CKM_IBM_SHA3_224_HMAC (CKM_VENDOR_DEFINED +0x10025)
|
|
@@ -481,6 +301,10 @@ typedef enum {
|
|
ECSG_IBM_MAX = ECSG_IBM_ECSDSA_COMPR_MULTI,
|
|
} ECSG_Var_t;
|
|
|
|
+#define CK_IBM_ECSG_IBM_ECSDSA_S256 ECSG_IBM_ECSDSA_S256
|
|
+#define CK_IBM_ECSG_IBM_ECDSA_COMPR_MULTI_S256 ECSG_IBM_ECDSA_COMPR_MULTI_S256
|
|
+#define CK_IBM_ECSG_IBM_MAX ECSG_IBM_MAX
|
|
+
|
|
|
|
//--- transport additions --------------------------------------------------
|
|
#define CKM_IBM_CLEARKEY_TRANSPORT (CKM_VENDOR_DEFINED +0x20001)
|
|
@@ -565,6 +389,12 @@ typedef enum {
|
|
|
|
#define CKA_IBM_PQC_PARAMS (CKA_VENDOR_DEFINED +0x1000e)
|
|
|
|
+// query or modify login session an object is bound to
|
|
+#define CKA_IBM_LOGIN_SESSION (CKA_VENDOR_DEFINED +0x1000f)
|
|
+
|
|
+// query MAC'd spki from a private key
|
|
+#define CKA_IBM_MACED_PUBLIC_KEY_INFO (CKA_VENDOR_DEFINED +0x20002)
|
|
+
|
|
// direct access to attributes' wire form
|
|
// parameters of this attribute, if it's the only one present,
|
|
// inserted verbatim into request package
|
|
@@ -574,6 +404,9 @@ typedef enum {
|
|
// matches the key type constant for clear key Dilithium with ICSF
|
|
#define CKK_IBM_PQC_DILITHIUM (CKK_VENDOR_DEFINED +0x10023)
|
|
|
|
+#define CKK_IBM_PQC_KYBER (CKK_VENDOR_DEFINED +0x10024)
|
|
+
|
|
+
|
|
|
|
|
|
|
|
@@ -583,6 +416,7 @@ typedef enum {
|
|
#define XCP_MOD_ERROR_STATE_SYSTEST_CMD 0x00000003
|
|
#define XCP_MOD_ERROR_STATE_TRNG_HEALTH 0x00000004
|
|
|
|
+
|
|
/*----------------------------------------------------------------------------
|
|
* sizes related to blobs and host-visible entities
|
|
*
|
|
@@ -599,10 +433,10 @@ typedef enum {
|
|
#define XCP_BLOBCLRATTR_BYTES 8 /* clear blob attr's bytecount */
|
|
/* keep in sync with objattr_t */
|
|
#define XCP_BLOBCLRMODE_BYTES 8 /* clear blob modefield bytecount */
|
|
-#define MOD_WRAP_BLOCKSIZE ((size_t) (128 /8)) /* blob crypt block bytecount */
|
|
+#define XCP_WRAP_BLOCKSIZE ((size_t) (128 /8)) /* blob crypt block bytecount */
|
|
#define XCP_MACKEY_BYTES (256 /8) /* derived from controlling WK */
|
|
//
|
|
-#define XCP_PIN_SALT_BYTES MOD_WRAP_BLOCKSIZE
|
|
+#define XCP_PIN_SALT_BYTES XCP_WRAP_BLOCKSIZE
|
|
#define XCP_PINBLOB_BYTES \
|
|
(XCP_WK_BYTES +XCP_PIN_SALT_BYTES +XCP_HMAC_BYTES)
|
|
|
|
@@ -664,6 +498,18 @@ typedef enum {
|
|
|
|
#define XCP_BTC_VERSION 1
|
|
|
|
+#define XCP_KYBER_KEM_VERSION 0
|
|
+
|
|
+#define XCP_KYBER_KEM_MIN_WIRE_BYTES (4 + 4 + 4 + 4 + 4 + 4) /* version[32] ||
|
|
+ kdf[32] ||
|
|
+ mode[32] ||
|
|
+ cphr[32] ||
|
|
+ shrd[32] ||
|
|
+ blob [32] */
|
|
+
|
|
+#define XCP_KYBER_RAW_BYTES 32
|
|
+
|
|
+
|
|
#define XCP_ECDH1_DERIVE_MAX_PUBLIC_BYTES 1024 /* limit public data length to
|
|
reasonable number of bytes */
|
|
//
|
|
@@ -698,6 +544,8 @@ typedef enum {
|
|
// related to the protected-key capability
|
|
// see also CKA_IBM_PROTKEY_* description
|
|
|
|
+ CKF_IBM_HW_DUAL_OA = 0x1000, // module supports dual OA certs/signatures
|
|
+ // see CK_IBM_XCPXQ_OA_CAP for more details
|
|
} XCP_CK_EXTFLAGS_t;
|
|
|
|
// these numbers apply to current version, subject to change
|
|
@@ -720,7 +568,7 @@ typedef enum {
|
|
|
|
// ~arbitrary limit on acceptable admin. certificates
|
|
// additional limits, such as transport-bytecount, may restrict further
|
|
-#define XCP_CERT_MAX_BYTES ((size_t) 4096)
|
|
+#define XCP_CERT_MAX_BYTES ((size_t) 12288) /* fits dil certs (8k + meta) */
|
|
#define XCP_CERTHASH_BYTES (256/8)
|
|
/* hash or SKI of public key, or other hash-identified things; SHA-256 */
|
|
|
|
@@ -734,6 +582,9 @@ typedef enum {
|
|
/* ^^^ increase this when policy moves beyond shorter curves */
|
|
#define XCP_MAX_EC_CURVE_BITS 521
|
|
|
|
+#define XCP_MAX_DIL_SIGNATURE_BYTES 4668 /* max. length of dil. 8-7 sigs */
|
|
+#define XCP_MAX_SINFO_META_BYTES 100 /* signer info framework bytes */
|
|
+
|
|
/* bytecount of raw (generic) keys, not key schedules */
|
|
#define MOD_MAX_SYMMKEY_BYTES 256
|
|
|
|
@@ -754,8 +605,20 @@ typedef enum {
|
|
/* trailing big-endian bitcount field after UnwrapKey() checksum */
|
|
|
|
/* card(OA) signature bytecount: SKI-identified SignerInfo,
|
|
- 4096-bit RSA signature, with SHA-256 hash */
|
|
-#define XCP_RSPSIG_MAX_BYTES (75 +4096/8)
|
|
+ * Non quantum safe: Must contain space for either:
|
|
+ * - 4096-bit RSA signature, hash OID, encr. OID and SKI
|
|
+ * - EC-P521 signature, hash OID, encr. OID and SKI
|
|
+ */
|
|
+#define XCP_RSPSIG_RSA (4096 / 8)
|
|
+#define XCP_RSPSIG_MAX_BYTES (XCP_MAX_SINFO_META_BYTES + \
|
|
+ XCP_RSPSIG_RSA)
|
|
+
|
|
+/* card(OA) signature bytecount: SKI-identified SignerInfo,
|
|
+ * Quantum safe: Must contain space for:
|
|
+ * - DIL signature, hash OID, encr. OID and SKI
|
|
+ */
|
|
+#define XCP_RSPSIG_QS_MAX_BYTES (XCP_MAX_SINFO_META_BYTES + \
|
|
+ XCP_MAX_DIL_SIGNATURE_BYTES)
|
|
|
|
/* minimal padding for raw RSA enc/dec/sign/ver/wr/unwr
|
|
* Used for example in CKM_RSA_PKCS. See RFC 2313 chapter 8 for a complete
|
|
@@ -772,84 +635,85 @@ typedef enum {
|
|
/* indicates particular events, not generic event types/categories, */
|
|
/* if bits in this region are non-zero */
|
|
|
|
-typedef enum { /* functionality categories: keep within uint16_t range */
|
|
- XCP_LOGEV_QUERY = 0,
|
|
- XCP_LOGEV_FUNCTION = 1,
|
|
- XCP_LOGEV_ADMFUNCTION = 2,
|
|
- XCP_LOGEV_STARTUP = 3,
|
|
- XCP_LOGEV_SHUTDOWN = 4,
|
|
- XCP_LOGEV_SELFTEST = 5,
|
|
- XCP_LOGEV_DOM_IMPORT = 6, /* import sec-relevant data to domain */
|
|
- XCP_LOGEV_DOM_EXPORT = 7, /* export sec-relevant data from domain */
|
|
- XCP_LOGEV_FAILURE = 8,
|
|
- XCP_LOGEV_GENERATE = 9,
|
|
- XCP_LOGEV_REMOVE = 10,
|
|
- XCP_LOGEV_SPECIFIC = 11, /* obtain meaning elsewhere */
|
|
- XCP_LOGEV_STATE_IMPORT = 12, /* import to card/multiple domains */
|
|
- XCP_LOGEV_STATE_EXPORT = 13, /* export from card/multiple domains */
|
|
- /* [after successful export] */
|
|
- XCP_LOGEV_IMPORT = 14, /* key/state import (UnwrapKey) */
|
|
- /* fields provide more context */
|
|
- XCP_LOGEV_EXPORT = 15, /* key/state import (WrapKey) */
|
|
- /* fields provide more context */
|
|
-
|
|
- /*--- specific events (any including XCP_LOGEV_SPEC) ---------*/
|
|
-
|
|
- XCP_LOGSPEV_TRANSACT_ZEROIZE = XCP_LOGEV_SPEC +1,
|
|
- /* zeroize card by transaction */
|
|
-
|
|
- XCP_LOGSPEV_KAT_FAILED = XCP_LOGEV_SPEC +2,
|
|
- /* algorithm selftest failed */
|
|
-
|
|
- XCP_LOGSPEV_KAT_COMPLETED = XCP_LOGEV_SPEC +3,
|
|
- /* algorithm selftests completed */
|
|
- /* redundant; logged only to */
|
|
- /* provide specific event */
|
|
-
|
|
- XCP_LOGSPEV_EARLY_Q_START = XCP_LOGEV_SPEC +4,
|
|
- /* subsequent events were found */
|
|
- /* in the early-event queue. */
|
|
- /* their timestamps are only */
|
|
- /* approximate; order is correct */
|
|
-
|
|
- XCP_LOGSPEV_EARLY_Q_END = XCP_LOGEV_SPEC +5,
|
|
- /* early-even queue processing ends. */
|
|
- /* subsequent events are through */
|
|
- /* regular auditing, with valid */
|
|
- /* timestamps and ordering. */
|
|
-
|
|
- XCP_LOGSPEV_AUDIT_NEWCHAIN = XCP_LOGEV_SPEC +6,
|
|
- /* audit state is corrupted; removed. */
|
|
- /* generating new instance and start */
|
|
- /* new chain as a replacement */
|
|
-
|
|
- XCP_LOGSPEV_TIMECHG_BEFORE = XCP_LOGEV_SPEC +7,
|
|
- /* time change: original time */
|
|
-
|
|
- XCP_LOGSPEV_TIMECHG_AFTER = XCP_LOGEV_SPEC +8,
|
|
- /* time change: updated time */
|
|
-
|
|
- XCP_LOGSPEV_MODSTIMPORT_START = XCP_LOGEV_SPEC +9,
|
|
- /* accepted full-state import */
|
|
- /* data structure */
|
|
- /* starting update procedure */
|
|
-
|
|
- XCP_LOGSPEV_MODSTIMPORT_FAIL = XCP_LOGEV_SPEC +10,
|
|
- /* rejected import structure */
|
|
- /* issued after initial verify; */
|
|
- /* indicates some inconsistency */
|
|
- /* of import data structures */
|
|
-
|
|
- XCP_LOGSPEV_MODSTIMPORT_END = XCP_LOGEV_SPEC +11,
|
|
- /* completed full-state import */
|
|
-
|
|
- XCP_LOGSPEV_MODSTEXPORT_START = XCP_LOGEV_SPEC +12,
|
|
- /* started full-state export */
|
|
- /* see also: XCP_LOGEV_STATE_EXPORT */
|
|
-
|
|
- XCP_LOGSPEV_MODSTEXPORT_FAIL = XCP_LOGEV_SPEC +13
|
|
- /* full-state export did not complete */
|
|
-} XCP_LogEvent_t;
|
|
+ /* functionality categories: keep within uint16_t range */
|
|
+#define XCP_LOGEV_QUERY 0
|
|
+#define XCP_LOGEV_FUNCTION 1
|
|
+#define XCP_LOGEV_ADMFUNCTION 2
|
|
+#define XCP_LOGEV_STARTUP 3
|
|
+#define XCP_LOGEV_SHUTDOWN 4
|
|
+#define XCP_LOGEV_SELFTEST 5
|
|
+#define XCP_LOGEV_DOM_IMPORT 6 /* import sec-relevant data to */
|
|
+ /* domain */
|
|
+#define XCP_LOGEV_DOM_EXPORT 7 /* export sec-relevant data from */
|
|
+ /* domain */
|
|
+#define XCP_LOGEV_FAILURE 8
|
|
+#define XCP_LOGEV_GENERATE 9
|
|
+#define XCP_LOGEV_REMOVE 10
|
|
+#define XCP_LOGEV_SPECIFIC 11 /* obtain meaning elsewhere */
|
|
+#define XCP_LOGEV_STATE_IMPORT 12 /* import to card/multiple domains */
|
|
+#define XCP_LOGEV_STATE_EXPORT 13 /* export from card/multiple */
|
|
+ /* domains */
|
|
+ /* [after successful export] */
|
|
+#define XCP_LOGEV_IMPORT 14 /* key/state import (UnwrapKey) */
|
|
+ /* fields provide more context */
|
|
+#define XCP_LOGEV_EXPORT 15 /* key/state import (WrapKey) */
|
|
+ /* fields provide more context */
|
|
+
|
|
+ /*--- specific events (any including XCP_LOGEV_SPEC) ---------*/
|
|
+
|
|
+#define XCP_LOGSPEV_TRANSACT_ZEROIZE (XCP_LOGEV_SPEC +1)
|
|
+ /* zeroize card by transaction */
|
|
+
|
|
+#define XCP_LOGSPEV_KAT_FAILED (XCP_LOGEV_SPEC +2)
|
|
+ /* algorithm selftest failed */
|
|
+
|
|
+#define XCP_LOGSPEV_KAT_COMPLETED (XCP_LOGEV_SPEC +3)
|
|
+ /* algorithm selftests completed */
|
|
+ /* redundant; logged only to */
|
|
+ /* provide specific event */
|
|
+
|
|
+#define XCP_LOGSPEV_EARLY_Q_START (XCP_LOGEV_SPEC +4)
|
|
+ /* subsequent events were found */
|
|
+ /* in the early-event queue. */
|
|
+ /* their timestamps are only */
|
|
+ /* approximate; order is correct */
|
|
+
|
|
+#define XCP_LOGSPEV_EARLY_Q_END (XCP_LOGEV_SPEC +5)
|
|
+ /* early-even queue processing ends. */
|
|
+ /* subsequent events are through */
|
|
+ /* regular auditing, with valid */
|
|
+ /* timestamps and ordering. */
|
|
+
|
|
+#define XCP_LOGSPEV_AUDIT_NEWCHAIN (XCP_LOGEV_SPEC +6)
|
|
+ /* audit state is corrupted; removed. */
|
|
+ /* generating new instance and start */
|
|
+ /* new chain as a replacement */
|
|
+
|
|
+#define XCP_LOGSPEV_TIMECHG_BEFORE (XCP_LOGEV_SPEC +7)
|
|
+ /* time change: original time */
|
|
+
|
|
+#define XCP_LOGSPEV_TIMECHG_AFTER (XCP_LOGEV_SPEC +8)
|
|
+ /* time change: updated time */
|
|
+
|
|
+#define XCP_LOGSPEV_MODSTIMPORT_START (XCP_LOGEV_SPEC +9)
|
|
+ /* accepted full-state import */
|
|
+ /* data structure */
|
|
+ /* starting update procedure */
|
|
+
|
|
+#define XCP_LOGSPEV_MODSTIMPORT_FAIL (XCP_LOGEV_SPEC +10)
|
|
+ /* rejected import structure */
|
|
+ /* issued after initial verify; */
|
|
+ /* indicates some inconsistency */
|
|
+ /* of import data structures */
|
|
+
|
|
+#define XCP_LOGSPEV_MODSTIMPORT_END (XCP_LOGEV_SPEC +11)
|
|
+ /* completed full-state import */
|
|
+
|
|
+#define XCP_LOGSPEV_MODSTEXPORT_START (XCP_LOGEV_SPEC +12)
|
|
+ /* started full-state export */
|
|
+ /* see also: XCP_LOGEV_STATE_EXPORT */
|
|
+
|
|
+#define XCP_LOGSPEV_MODSTEXPORT_FAIL (XCP_LOGEV_SPEC +13)
|
|
|
|
|
|
typedef enum {
|
|
@@ -863,21 +727,19 @@ typedef enum {
|
|
} XCP_LogSystem_t;
|
|
|
|
/* bitmask of audit-event flags (mainly optional fields) */
|
|
-typedef enum {
|
|
- XCP_LOGFL_WK_PRESENT = 0x80000000,
|
|
- XCP_LOGFL_COMPLIANCE_PRESENT = 0x40000000, /* ...of hosting domain */
|
|
- XCP_LOGFL_FINALWK_PRESENT = 0x20000000,
|
|
- XCP_LOGFL_KEYREC0_PRESENT = 0x10000000,
|
|
- XCP_LOGFL_KEYREC0_COMPL = 0x08000000, /* key0 compliance */
|
|
- XCP_LOGFL_KEYREC1_PRESENT = 0x04000000,
|
|
- XCP_LOGFL_KEYREC2_PRESENT = 0x02000000,
|
|
- XCP_LOGFL_FINTIME_PRESENT = 0x01000000,
|
|
- XCP_LOGFL_SALT0_PRESENT = 0x00800000,
|
|
- XCP_LOGFL_SALT1_PRESENT = 0x00400000,
|
|
- XCP_LOGFL_SALT2_PRESENT = 0x00200000,
|
|
- XCP_LOGFL_REASON_PRESENT = 0x00100000,
|
|
- XCP_LOGFL_SEQPRF_PRESENT = 0x00080000
|
|
-} XCP_LogFlags_t;
|
|
+#define XCP_LOGFL_WK_PRESENT 0x80000000
|
|
+#define XCP_LOGFL_COMPLIANCE_PRESENT 0x40000000 /* ...of hosting domain */
|
|
+#define XCP_LOGFL_FINALWK_PRESENT 0x20000000
|
|
+#define XCP_LOGFL_KEYREC0_PRESENT 0x10000000
|
|
+#define XCP_LOGFL_KEYREC0_COMPL 0x08000000 /* key0 compliance */
|
|
+#define XCP_LOGFL_KEYREC1_PRESENT 0x04000000
|
|
+#define XCP_LOGFL_KEYREC2_PRESENT 0x02000000
|
|
+#define XCP_LOGFL_FINTIME_PRESENT 0x01000000
|
|
+#define XCP_LOGFL_SALT0_PRESENT 0x00800000
|
|
+#define XCP_LOGFL_SALT1_PRESENT 0x00400000
|
|
+#define XCP_LOGFL_SALT2_PRESENT 0x00200000
|
|
+#define XCP_LOGFL_REASON_PRESENT 0x00100000
|
|
+#define XCP_LOGFL_SEQPRF_PRESENT 0x00080000
|
|
|
|
|
|
|
|
@@ -885,16 +747,26 @@ typedef enum {
|
|
typedef enum {
|
|
XCP_IMPRKEY_RSA_2048 = 0,
|
|
XCP_IMPRKEY_RSA_4096 = 1,
|
|
- XCP_IMPRKEY_EC_P256 = 2, /* EC, NIST P-256 */
|
|
- XCP_IMPRKEY_EC_P521 = 3, /* EC, NIST P-521 */
|
|
- XCP_IMPRKEY_EC_BP256r = 4, /* EC, Brainpool BP-256r */
|
|
- XCP_IMPRKEY_EC_BP320r = 5, /* EC, Brainpool BP-320r */
|
|
- XCP_IMPRKEY_EC_BP512r = 6, /* EC, Brainpool BP-512r */
|
|
+ XCP_IMPRKEY_EC_P256 = 2, /* EC, NIST P-256 */
|
|
+ XCP_IMPRKEY_EC_P521 = 3, /* EC, NIST P-521 */
|
|
+ XCP_IMPRKEY_EC_BP256r = 4, /* EC, Brainpool BP-256r */
|
|
+ XCP_IMPRKEY_EC_BP320r = 5, /* EC, Brainpool BP-320r */
|
|
+ XCP_IMPRKEY_EC_BP512r = 6, /* EC, Brainpool BP-512r */
|
|
XCP_IMPRKEY_RSA_3072 = 7,
|
|
- XCP_IMPRKEY_MAX = XCP_IMPRKEY_RSA_3072
|
|
+ XCP_IMPRKEY_EC_P521_TKE = 8, /* EC, NIST P-521 (TKE propr. sign.) */
|
|
+ XCP_IMPRKEY_MAX = XCP_IMPRKEY_EC_P521_TKE
|
|
} XCP_IMPRKEY_t;
|
|
|
|
|
|
+//--- OA key types ----------------------------------------------------
|
|
+typedef enum {
|
|
+ XCP_OAKEY_RSA_4096 = 1, /* RSA 4096 bit */
|
|
+ XCP_OAKEY_ECC_P521 = 2, /* ECC NIST P-521 */
|
|
+ XCP_OAKEY_DIL_87R2 = 3, /* DIL 8-7 R2 */
|
|
+ XCP_OAKEY_MAX = XCP_OAKEY_DIL_87R2
|
|
+} XCP_OAKEY_t;
|
|
+
|
|
+
|
|
|
|
//--- retained key structures ---------------------------
|
|
// initial loading:
|
|
@@ -914,6 +786,7 @@ typedef struct CK_RETAINEDKEY_PARAMS {
|
|
|
|
|
|
|
|
+
|
|
//--- operation categories (perf. measurement) -----------------------------
|
|
typedef enum {
|
|
XCP_OPCAT_ASYMM_SLOW = 1,
|
|
@@ -951,7 +824,12 @@ typedef enum {
|
|
/* never be enabled due to */
|
|
/* policy-minimum restrictions. */
|
|
|
|
- CK_IBM_XCPQ_MAX = CK_IBM_XCPQ_CP_BLACKLIST
|
|
+ CK_IBM_XCPQ_PQC_STRENGTHS
|
|
+ = 14, /* supported quantum safe levels*/
|
|
+ /* of strength */
|
|
+ /* see: XCP_PQCStrength_t */
|
|
+
|
|
+ CK_IBM_XCPQ_MAX = CK_IBM_XCPQ_PQC_STRENGTHS
|
|
} CK_IBM_XCPQUERY_t;
|
|
|
|
//--- module sub-query sub-types --------------------------------------------
|
|
@@ -966,6 +844,9 @@ typedef enum {
|
|
/* attributes bitmask */
|
|
CK_IBM_XCPMSQ_ATTRS = 6, /* number of supported */
|
|
/* administrative attributes */
|
|
+ CK_IBM_XCPMSQ_MOD_V2 = 7, /* add version two fields to */
|
|
+ /* module query */
|
|
+ CK_IBM_XCPMSQ_MAX = CK_IBM_XCPMSQ_MOD_V2
|
|
} CK_IBM_XCPMSUBQUERY_t;
|
|
|
|
// byte sizes of queries which are not represented as structures
|
|
@@ -976,48 +857,34 @@ typedef enum {
|
|
|
|
#define CK_IBM_XCP_HOSTQ_IDX 0xff000000 /* host-only queries index, min. */
|
|
|
|
-typedef enum {
|
|
- CK_IBM_XCPHQ_COUNT = 0xff000000, /* number of host-query indexes */
|
|
- /* including this type itself */
|
|
- CK_IBM_XCPHQ_VERSION = 0xff000001, /* host-specific package version */
|
|
- /* such as packaging library ID */
|
|
- CK_IBM_XCPHQ_VERSION_HASH = 0xff000002,
|
|
- /* assumed-unique identifier of */
|
|
- /* host code, such as version- */
|
|
- /* identifying cryptographic hash */
|
|
- /* (library signature field...) */
|
|
- CK_IBM_XCPHQ_DIAGS = 0xff000003, /* host code diagnostic level */
|
|
- /* 0 if non-diagnostics host code */
|
|
- CK_IBM_XCPHQ_HVERSION = 0xff000004, /* human-readable host version */
|
|
- /* identification (recommended: */
|
|
- /* UTF-8 string) */
|
|
- CK_IBM_XCPHQ_TGT_MODE = 0xff000005, /* host targeting modes */
|
|
- /* returns supported target modes */
|
|
- /* as bitmask */
|
|
- /* if not available only compat */
|
|
- /* target mode is in use */
|
|
- /* See CK_IBM_XCPHQ_TGT_MODES_t */
|
|
- CK_IBM_XCPHQ_ECDH_DERPRM = 0xff000006,
|
|
- /* ECDH DeriveKey parameter usage */
|
|
- /* is being enforced with hostlib */
|
|
- /* version */
|
|
- /**/
|
|
- CK_IBM_XCPHQ_TOL_MODES = 0xff000007,/* check if toleration mode for */
|
|
- /* key attribute checking is */
|
|
- /* enabled */
|
|
- /* If it is, some attribute values*/
|
|
- /* are always set to correct */
|
|
- /* values automatically - */
|
|
- CK__IBM_XCPHQ_MAX = CK_IBM_XCPHQ_TGT_MODE
|
|
-} CK_IBM_XCPHQUERY_t;
|
|
-
|
|
-#define CK_IBM_XCPHQ_ATTR_TOL_ENABLED 0x00000001
|
|
- /* flag to indicate that toleration */
|
|
- /* mode for key attribute checking */
|
|
- /* is enabled i.e. all attributes */
|
|
- /* that may no longer be set CK_TRUE */
|
|
- /* using a CEX8S HSM will be reset */
|
|
- /* to CK_FALSE automatically */
|
|
+#define CK_IBM_XCPHQ_COUNT 0xff000000 /* number of host-query indexes */
|
|
+ /* including this type itself */
|
|
+#define CK_IBM_XCPHQ_VERSION 0xff000001 /* host-specific package version */
|
|
+ /* such as packaging library ID */
|
|
+#define CK_IBM_XCPHQ_VERSION_HASH 0xff000002
|
|
+ /* assumed-unique identifier of */
|
|
+ /* host code, such as version- */
|
|
+ /* identifying cryptographic hash*/
|
|
+ /* (library signature field...) */
|
|
+#define CK_IBM_XCPHQ_DIAGS 0xff000003 /* host code diagnostic level */
|
|
+ /* 0 if non-diagnostics host code*/
|
|
+#define CK_IBM_XCPHQ_HVERSION 0xff000004 /* human-readable host version */
|
|
+ /* identification (recommended: */
|
|
+ /* UTF-8 string) */
|
|
+#define CK_IBM_XCPHQ_TGT_MODE 0xff000005 /* host targeting modes */
|
|
+ /* returns supported target modes*/
|
|
+ /* as bitmask */
|
|
+ /* if not available only compat */
|
|
+ /* target mode is in use */
|
|
+ /* See CK_IBM_XCPHQ_TGT_MODES_t */
|
|
+#define CK_IBM_XCPHQ_ECDH_DERPRM 0xff000006
|
|
+ /* ECDH DeriveKey parameter usage*/
|
|
+ /* is being enforced with hostlib*/
|
|
+ /* version */
|
|
+ /**/
|
|
+
|
|
+#define CK__IBM_XCPHQ_MAX CK_IBM_XCPHQ_TGT_MODE
|
|
+
|
|
|
|
typedef enum {
|
|
CK_IBM_XCPHQ_TGT_MODES_TGTGRP = 1, /* target groups are supported */
|
|
@@ -1040,7 +907,6 @@ typedef enum {
|
|
CK_IBM_XCPXQ_IMPEXP_CAPS = 7, /* capability for WK and state */
|
|
/* export / import. See 8.7.1.1.1 */
|
|
/* for more info */
|
|
- CK_IBM_XCPXQ_DOMIMPORT_VER = 7, /* DEPRECATED */
|
|
CK_IBM_XCPXQ_CERT_MAXBYTES = 8, /* bytecount of largest accepted */
|
|
/* administrative certificate, if */
|
|
/* there is an upper limit. 0 if */
|
|
@@ -1058,20 +924,20 @@ typedef enum {
|
|
|
|
CK_IBM_XCPXQ_ECDSA_OTHER = 15, /* bitmask of supported, other EC
|
|
signing mechanisms */
|
|
+ CK_IBM_XCPXQ_OA_CAP = 16, /* bitmask of supported outbound
|
|
+ authority signing mechanisms */
|
|
|
|
- CK_IBM_XCPXQ_MAXIDX = CK_IBM_XCPXQ_ECDSA_OTHER,
|
|
+ CK_IBM_XCPXQ_MAXIDX = CK_IBM_XCPXQ_OA_CAP,
|
|
} CK_IBM_XCPEXTCAP_t;
|
|
|
|
|
|
-typedef enum {
|
|
- CK_IBM_DOM_ADMIND = 1, /* administrators present */
|
|
- CK_IBM_DOM_CURR_WK = 2, /* domain has current WK */
|
|
- CK_IBM_DOM_NEXT_WK = 4, /* domain has pending/next WK */
|
|
- CK_IBM_DOM_COMMITTED_NWK = 8, /* next WK is active(committed) */
|
|
- CK_IBM_DOM_IMPRINTED = 0x10, /* has left imprint mode */
|
|
- CK_IBM_DOM_IMPRINTS = 0x80000000, /* enforces imprint mode */
|
|
- CK_IBM_DOM_PROTKEY_ALLOW = 0x20 /* policies allow protected key */
|
|
-} CK_IBM_DOMAINQ_t;
|
|
+#define CK_IBM_DOM_ADMIND 1 /* administrators present */
|
|
+#define CK_IBM_DOM_CURR_WK 2 /* domain has current WK */
|
|
+#define CK_IBM_DOM_NEXT_WK 4 /* domain has pending/next WK */
|
|
+#define CK_IBM_DOM_COMMITTED_NWK 8 /* next WK is active(committed) */
|
|
+#define CK_IBM_DOM_IMPRINTED 0x10 /* has left imprint mode */
|
|
+#define CK_IBM_DOM_IMPRINTS 0x80000000 /* enforces imprint mode */
|
|
+#define CK_IBM_DOM_PROTKEY_ALLOW 0x20 /* policies allow protected key */
|
|
//
|
|
// note: CK_IBM_DOM_IMPRINTS will go away
|
|
|
|
@@ -1142,34 +1008,54 @@ typedef CK_IBM_XCPAPI_INFO CK_PTR CK_IBM_XCPAPI_INFO_PTR;
|
|
CK_BYTE infra_count; \
|
|
CK_BYTE comp_count;
|
|
|
|
+#define CK_IBM_XCP_ADMATTRLIST_MEMBER_V2 \
|
|
+ CK_BYTE perm_ext01_modes[ 8 ];
|
|
+
|
|
+#define CK_IBM_XCP_ADMATTRCOUNT_MEMBER_V2 \
|
|
+ CK_BYTE perm_ext01_count;
|
|
+
|
|
// see chapter 5.1.1. in the wire spec
|
|
typedef struct CK_IBM_XCP_INFO {
|
|
- CK_IBM_XCP_INFO_MEMBERS_V0;
|
|
+ CK_IBM_XCP_INFO_MEMBERS_V0
|
|
} CK_IBM_XCP_INFO;
|
|
//
|
|
// see chapter 5.1.1. in the wire spec
|
|
typedef struct CK_IBM_XCP_INFO_V1 {
|
|
- CK_IBM_XCP_INFO_MEMBERS_V0;
|
|
- CK_IBM_XCP_DESCINFO_MEMBER;
|
|
+ CK_IBM_XCP_INFO_MEMBERS_V0
|
|
+ CK_IBM_XCP_DESCINFO_MEMBER
|
|
CK_BYTE fnid_mask[ 16 ];
|
|
CK_BYTE fnid_count;
|
|
- CK_IBM_XCP_ADMATTRLIST_MEMBER;
|
|
- CK_IBM_XCP_ADMATTRCOUNT_MEMBER;
|
|
+ CK_IBM_XCP_ADMATTRLIST_MEMBER
|
|
+ CK_IBM_XCP_ADMATTRCOUNT_MEMBER
|
|
} CK_IBM_XCP_INFO_V1;
|
|
//
|
|
+// see chapter 5.1.1. in the wire spec
|
|
+typedef struct CK_IBM_XCP_INFO_V2 {
|
|
+ CK_IBM_XCP_INFO_MEMBERS_V0
|
|
+ CK_IBM_XCP_DESCINFO_MEMBER
|
|
+ CK_BYTE fnid_mask[ 16 ];
|
|
+ CK_BYTE fnid_count;
|
|
+ CK_IBM_XCP_ADMATTRLIST_MEMBER
|
|
+ CK_IBM_XCP_ADMATTRCOUNT_MEMBER
|
|
+ CK_IBM_XCP_ADMATTRLIST_MEMBER_V2
|
|
+ CK_IBM_XCP_ADMATTRCOUNT_MEMBER_V2
|
|
+} CK_IBM_XCP_INFO_V2;
|
|
+//
|
|
// see chapter 5.1.1.1. in the wire spec
|
|
typedef struct CK_IBM_XCP_DESCINFO {
|
|
- CK_IBM_XCP_DESCINFO_MEMBER;
|
|
+ CK_IBM_XCP_DESCINFO_MEMBER
|
|
} CK_IBM_XCP_DESCINFO;
|
|
//
|
|
// see chapter 5.1.1.3. in the wire spec
|
|
typedef struct CK_IBM_XCP_ATTRLIST {
|
|
CK_IBM_XCP_ADMATTRLIST_MEMBER
|
|
+ CK_IBM_XCP_ADMATTRLIST_MEMBER_V2
|
|
} CK_IBM_XCP_ATTRLIST;
|
|
//
|
|
// see chapter 5.1.1.3. in the wire spec
|
|
typedef struct CK_IBM_XCP_ATTRCOUNT {
|
|
CK_IBM_XCP_ADMATTRCOUNT_MEMBER
|
|
+ CK_IBM_XCP_ADMATTRCOUNT_MEMBER_V2
|
|
} CK_IBM_XCP_ATTRCOUNT;
|
|
|
|
/**/
|
|
@@ -1177,14 +1063,18 @@ typedef struct CK_IBM_XCP_ATTRCOUNT {
|
|
{ 0,0, {0,0,},{0,0,}, {0,},{0,},{0,}, {0,},{0,}, \
|
|
0,0, 0,0, 0,0,0,0,0,0,0, 0,0,0, }
|
|
|
|
-typedef CK_IBM_XCP_INFO CK_PTR CK_IBM_XCP_INFO_PTR;
|
|
-typedef CK_IBM_XCP_INFO_V1 CK_PTR CK_IBM_XCP_INFO_V1_PTR;
|
|
-typedef CK_IBM_XCP_DESCINFO CK_PTR CK_IBM_XCP_DESCINFO_PTR;
|
|
-typedef CK_IBM_XCP_ATTRLIST CK_PTR CK_IBM_XCP_ATTRLIST_PTR;
|
|
-typedef CK_IBM_XCP_ATTRCOUNT CK_PTR CK_IBM_XCP_ATTRCOUNT_PTR;
|
|
+#define CK_IBM_XCP_INFO_V2_INIT0 \
|
|
+ { 0,0, {0,0,},{0,0,}, {0,},{0,},{0,}, {0,},{0,}, \
|
|
+ 0,0, 0,0, 0,0,0,0,0,0,0, 0,0,0, \
|
|
+ {0}, {0}, {0}, 0, {0}, {0}, {0}, 0, 0, 0, \
|
|
+ {0}, 0}
|
|
|
|
-// DEPRECATED - use CK_IBM_XCP_INFO
|
|
-typedef CK_IBM_XCP_INFO CK_IBM_EP11_INFO;
|
|
+typedef CK_IBM_XCP_INFO CK_PTR CK_IBM_XCP_INFO_PTR;
|
|
+typedef CK_IBM_XCP_INFO_V1 CK_PTR CK_IBM_XCP_INFO_V1_PTR;
|
|
+typedef CK_IBM_XCP_INFO_V2 CK_PTR CK_IBM_XCP_INFO_V2_PTR;
|
|
+typedef CK_IBM_XCP_DESCINFO CK_PTR CK_IBM_XCP_DESCINFO_PTR;
|
|
+typedef CK_IBM_XCP_ATTRLIST CK_PTR CK_IBM_XCP_ATTRLIST_PTR;
|
|
+typedef CK_IBM_XCP_ATTRCOUNT CK_PTR CK_IBM_XCP_ATTRCOUNT_PTR;
|
|
|
|
typedef struct CK_IBM_DOMAIN_INFO {
|
|
CK_ULONG domain;
|
|
@@ -1227,9 +1117,31 @@ typedef enum {
|
|
} CK_IBM_BTC_t;
|
|
|
|
|
|
+typedef enum {
|
|
+ XCP_KEM_ENCAPSULATE = 1,
|
|
+ XCP_KEM_DECAPSULATE = 2,
|
|
+} XCP_KEM_t;
|
|
+
|
|
+typedef CK_ULONG CK_IBM_KEM_MODE;
|
|
+
|
|
+#define CK_IBM_KEM_ENCAPSULATE XCP_KEM_ENCAPSULATE
|
|
+#define CK_IBM_KEM_DECAPSULATE XCP_KEM_DECAPSULATE
|
|
+
|
|
+typedef struct XCP_KYBER_KEM_PARAMS {
|
|
+ CK_ULONG version;
|
|
+ CK_IBM_KEM_MODE mode;
|
|
+ CK_ULONG kdf;
|
|
+ CK_BBOOL prepend;
|
|
+ CK_BYTE *pCipher;
|
|
+ CK_ULONG ulCipherLen;
|
|
+ CK_BYTE *pSharedData;
|
|
+ CK_ULONG ulSharedDataLen;
|
|
+ CK_BYTE *pBlob;
|
|
+ CK_ULONG ulBlobLen;
|
|
+} XCP_KYBER_KEM_PARAMS_t;
|
|
+
|
|
+
|
|
//--- attribute constants --------------------------------------------------
|
|
-// keep in sync with unprivileged object (XCP_BLOB_NO_RIGHTS)
|
|
-// table is parsed by automated tools; please do not change layout
|
|
//
|
|
typedef enum {
|
|
XCP_BLOB_EXTRACTABLE = 1,
|
|
@@ -1309,8 +1221,8 @@ typedef enum {
|
|
/* CP sets get padded to multiple */
|
|
|
|
typedef enum {
|
|
- XCP_CPB_ADD_CPBS = 0, // allow addition (activation) of CP bits
|
|
- XCP_CPB_DELETE_CPBS = 1, // disable activating further control points
|
|
+ XCP_CPB_ADD_CPBS = 0, // allow activation of CP bits
|
|
+ XCP_CPB_DELETE_CPBS = 1, // allow deactivation of CP bits
|
|
// (remove both ADD_CPBs and DELETE_CPBs
|
|
// to make unit read-only)
|
|
|
|
@@ -1424,8 +1336,12 @@ typedef enum {
|
|
|
|
XCP_CPB_COMPAT_LEGACY_SHA3 = 70, // allow fall-back to non-standard
|
|
// SHA3 defaults
|
|
-
|
|
- XCP_CPBITS_MAX = XCP_CPB_COMPAT_LEGACY_SHA3 // marks last used CPB
|
|
+ XCP_CPB_DSA_PARAMETER_GEN = 71, // allow DSA/PQG parameter generation
|
|
+ XCP_CPB_DERIVE_NON_AB_KEYS = 72, // allow the derivation of a non-AB or raw
|
|
+ // from an AB key. Only relevant if
|
|
+ // XCP_CPB_NON_ATTRBOUND
|
|
+ XCP_CPBITS_MAX = XCP_CPB_DERIVE_NON_AB_KEYS
|
|
+ // marks last used CPB
|
|
} XCP_CPbit_t;
|
|
|
|
|
|
@@ -1623,7 +1539,7 @@ typedef enum {
|
|
// blob/SPKI
|
|
XCP_ADM_DOMAINS_ZEROIZE = 36, // multi-domain zeroize
|
|
// XCP_ADM_EXPORT_NEXT_WK = 38, // placeholder, find real entry above
|
|
- XCP_ADM_SESSIONS_DROP = 39, // drop all open sessions
|
|
+ XCP_ADM_SESSION_REMOVE = 39, // remove all or selected sessions
|
|
|
|
XCP_ADMQ_ADMIN = 1 | XCP_ADM_QUERY, // admin SKI/cert
|
|
XCP_ADMQ_DOMADMIN = 2 | XCP_ADM_QUERY, // domain adm. SKI/cert
|
|
@@ -1648,10 +1564,11 @@ typedef enum {
|
|
// current migration importer
|
|
XCP_ADMQ_AUDIT_STATE = 16 | XCP_ADM_QUERY,
|
|
// audit state entry or event count
|
|
- XCP_ADMQ_LASTCMD_DOM_MASK = 17 | XCP_ADM_QUERY
|
|
+ XCP_ADMQ_LASTCMD_DOM_MASK = 17 | XCP_ADM_QUERY,
|
|
// domain-bitmask affected by last
|
|
// state-related administrative
|
|
// command (export, import)
|
|
+ XCP_ADMQ_SVCADMIN = 18 | XCP_ADM_QUERY, // svc admin SKI/cert
|
|
} XCP_Admcmd_t;
|
|
|
|
typedef enum {
|
|
@@ -1660,7 +1577,8 @@ typedef enum {
|
|
XCP_ADMINT_PERMS = 3, // permissions
|
|
XCP_ADMINT_MODE = 4, // operating mode
|
|
XCP_ADMINT_STD = 5, // standards' compliance
|
|
- XCP_ADMINT_IDX_MAX = XCP_ADMINT_STD
|
|
+ XCP_ADMINT_PERMS_EXT01 = 6, // permissions (extension #1)
|
|
+ XCP_ADMINT_IDX_MAX = XCP_ADMINT_PERMS_EXT01
|
|
} XCP_AdmAttr_t;
|
|
|
|
#define XCP_ADMIN_ATTRIBUTE_COUNT XCP_ADMINT_IDX_MAX
|
|
@@ -1719,6 +1637,29 @@ typedef enum {
|
|
#define XCP_ADMP_CHG_DO_NOT_DISTURB \
|
|
0x80000000 // allow changing the corresponding
|
|
// Do Not Disturb bit
|
|
+
|
|
+//
|
|
+// permissions (extension 01)
|
|
+//
|
|
+#define XCP_ADMP_NQS_OA_SIGNATURES 1 // enable non-quantum-safe OA signat.
|
|
+#define XCP_ADMP_QS_OA_SIGNATURES 2 // enable quantum-safe OA signatures
|
|
+#define XCP_ADMP_NQS_ADM_SIGNATURES 4 // enable non-quantum-safe adm signat.
|
|
+#define XCP_ADMP_QS_ADM_SIGNATURES 8 // enable quantum-safe adm signatures
|
|
+
|
|
+#define XCP_ADMP_CHG_NQS_OA_SIGNATURES \
|
|
+ 0x10000 // allow changing the corresponding
|
|
+ // non-quantum-safe OA signature bit
|
|
+#define XCP_ADMP_CHG_QS_OA_SIGNATURES \
|
|
+ 0x20000 // allow changing the corresponding
|
|
+ // quantum-safe OA signature bit
|
|
+#define XCP_ADMP_CHG_NQS_ADM_SIGNATURES \
|
|
+ 0x40000 // allow changing the corresponding
|
|
+ // non-quantum-safe adm signature bit
|
|
+#define XCP_ADMP_CHG_QS_ADM_SIGNATURES \
|
|
+ 0x80000 // allow changing the corresponding
|
|
+ // quantum-safe adm signature bit
|
|
+
|
|
+
|
|
//
|
|
// if adding other change-control bits, also update:
|
|
// prevented_perm_changes()
|
|
@@ -1754,15 +1695,49 @@ typedef enum {
|
|
XCP_ADMP_STATE_1PART | \
|
|
XCP_ADMP_DO_NOT_DISTURB)
|
|
//
|
|
+// CHGBITS / PERMS (extension 01)
|
|
+#define XCP_ADMP__CHGBITS_EXT01 \
|
|
+ (XCP_ADMP_CHG_NQS_OA_SIGNATURES | \
|
|
+ XCP_ADMP_CHG_QS_OA_SIGNATURES | \
|
|
+ XCP_ADMP_CHG_NQS_ADM_SIGNATURES | \
|
|
+ XCP_ADMP_CHG_QS_ADM_SIGNATURES)
|
|
+//
|
|
+#define XCP_ADMP__PERMS_EXT01 \
|
|
+ (XCP_ADMP_NQS_OA_SIGNATURES | \
|
|
+ XCP_ADMP_QS_OA_SIGNATURES | \
|
|
+ XCP_ADMP_NQS_ADM_SIGNATURES | \
|
|
+ XCP_ADMP_QS_ADM_SIGNATURES)
|
|
+//
|
|
+#define XCP__ADMP_SUP_EXT01 (XCP_ADMP__PERMS_EXT01 | \
|
|
+ XCP_ADMP__CHGBITS_EXT01)
|
|
+//
|
|
+//
|
|
#define XCP_ADMP__DEFAULT \
|
|
(XCP_ADMP_WK_IMPORT | \
|
|
XCP_ADMP_1SIGN | \
|
|
XCP_ADMP__CHGBITS)
|
|
//
|
|
+#define XCP_ADMP__DEFAULT_EXT01 \
|
|
+ (XCP_ADMP__CHGBITS_EXT01 | \
|
|
+ XCP_ADMP_NQS_OA_SIGNATURES | \
|
|
+ XCP_ADMP_QS_OA_SIGNATURES | \
|
|
+ XCP_ADMP_NQS_ADM_SIGNATURES | \
|
|
+ XCP_ADMP_QS_ADM_SIGNATURES)
|
|
+//
|
|
#define XCPM_ADMP__MODULE_DEFAULTS_MASK \
|
|
(XCP_ADMP_DO_NOT_DISTURB | \
|
|
XCP_ADMP_CHG_DO_NOT_DISTURB)
|
|
//
|
|
+#define XCPM_ADMP__MODULE_DEFAULTS_MASK_EXT01 \
|
|
+ (XCP_ADMP_NQS_OA_SIGNATURES | \
|
|
+ XCP_ADMP_CHG_NQS_OA_SIGNATURES | \
|
|
+ XCP_ADMP_QS_OA_SIGNATURES | \
|
|
+ XCP_ADMP_CHG_QS_OA_SIGNATURES | \
|
|
+ XCP_ADMP_NQS_ADM_SIGNATURES | \
|
|
+ XCP_ADMP_CHG_NQS_ADM_SIGNATURES | \
|
|
+ XCP_ADMP_QS_ADM_SIGNATURES | \
|
|
+ XCP_ADMP_CHG_QS_ADM_SIGNATURES)
|
|
+//
|
|
#define XCP_ADMP__CARD_MASK \
|
|
~(XCP_ADMP_WK_IMPORT | \
|
|
XCP_ADMP_WK_EXPORT | \
|
|
@@ -1775,6 +1750,9 @@ typedef enum {
|
|
XCP_ADMP_CHG_WK_RANDOM | \
|
|
XCP_ADMP_CHG_CP_1SIGN)
|
|
//
|
|
+#define XCP_ADMP__CARD_MASK_EXT01 \
|
|
+ ~(0U)
|
|
+//
|
|
#define XCP_ADMP__DOM_MASK \
|
|
~(XCP_ADMP_NO_DOMAIN_IMPRINT | \
|
|
XCP_ADMP_STATE_IMPORT | \
|
|
@@ -1784,6 +1762,12 @@ typedef enum {
|
|
XCP_ADMP_CHG_ST_EXPORT | \
|
|
XCP_ADMP_CHG_ST_1PART)
|
|
//
|
|
+#define XCP_ADMP__DOM_MASK_EXT01 \
|
|
+ ~(0U)
|
|
+//
|
|
+
|
|
+#define XCP__ADMP_SUP ((XCP_ADMP__PERMS | XCP_ADMP__CHGBITS) &\
|
|
+ ~XCP_ADMP_NOT_SUP)
|
|
|
|
// card modes
|
|
#define XCP_ADMM_AUTHENTICATED 1U // no longer in imprint mode
|
|
@@ -1838,6 +1822,8 @@ typedef enum {
|
|
XCP_ADMM_STR_192BIT | \
|
|
XCP_ADMM_STR_256BIT)
|
|
|
|
+#define XCP__ADMM_SUP XCP_ADMM__MASK
|
|
+
|
|
// specific standards' compliance suites
|
|
#define XCP_ADMS_FIPS2009 1 // NIST, 80+ bits, -2011.01.01.
|
|
#define XCP_ADMS_BSI2009 2 // BSI , 80+ bits, -2011.01.01.
|
|
@@ -1850,18 +1836,74 @@ typedef enum {
|
|
//
|
|
#define XCP_ADMS_BSICC2017 0x40 // BSI, EP11 Common Criteria EAL4 2017
|
|
//
|
|
+#define XCP_ADMS_FIPS2021 0x80 // NIST SP800-131A REV.2, 2021.01.01
|
|
+#define XCP_ADMS_FIPS2024 0x100 // NIST SP800-131A REV.2, 2024.01.01
|
|
+#define XCP_ADMS_ADM_FIPS2021 0x200 // NIST SP800-131A REV.2, 2021.01.01
|
|
|
|
#define XCP_ADMS__ALL \
|
|
(XCP_ADMS_FIPS2009 | \
|
|
XCP_ADMS_BSI2009 | \
|
|
XCP_ADMS_FIPS2011 | \
|
|
XCP_ADMS_BSI2011 | \
|
|
+ XCP_ADMS_BSICC2017 | \
|
|
+ XCP_ADMS_FIPS2021 | \
|
|
+ XCP_ADMS_FIPS2024 | \
|
|
+ XCP_ADMS_ADM_FIPS2021)
|
|
+
|
|
+#define XCP_ADMS__SUPP (XCP_ADMS__ALL & \
|
|
+ ~(XCP_ADMS_FIPS2021 | \
|
|
+ XCP_ADMS_ADM_FIPS2021 | \
|
|
+ XCP_ADMS_FIPS2024))
|
|
+
|
|
+// The following 'legacy' defines are used as default 'supported bit masks'
|
|
+// for older devices that do not have native bit masks for that purpose.
|
|
+// Note: If supported bits are not present, the import of these bits are
|
|
+// skipped and the default values will be kept.
|
|
+#define XCP__ADMP_SUP_LEGACY \
|
|
+ (XCP_ADMP_WK_IMPORT | \
|
|
+ XCP_ADMP_WK_EXPORT | \
|
|
+ XCP_ADMP_WK_1PART | \
|
|
+ XCP_ADMP_WK_RANDOM | \
|
|
+ XCP_ADMP_1SIGN | \
|
|
+ XCP_ADMP_CP_1SIGN | \
|
|
+ XCP_ADMP_ZERO_1SIGN | \
|
|
+ XCP_ADMP_NO_DOMAIN_IMPRINT | \
|
|
+ XCP_ADMP_STATE_IMPORT | \
|
|
+ XCP_ADMP_STATE_EXPORT | \
|
|
+ XCP_ADMP_STATE_1PART | \
|
|
+ XCP_ADMP_CHG_WK_IMPORT | \
|
|
+ XCP_ADMP_CHG_WK_EXPORT | \
|
|
+ XCP_ADMP_CHG_WK_1PART | \
|
|
+ XCP_ADMP_CHG_WK_RANDOM | \
|
|
+ XCP_ADMP_CHG_SIGN_THR | \
|
|
+ XCP_ADMP_CHG_REVOKE_THR | \
|
|
+ XCP_ADMP_CHG_1SIGN | \
|
|
+ XCP_ADMP_CHG_CP_1SIGN | \
|
|
+ XCP_ADMP_CHG_ZERO_1SIGN | \
|
|
+ XCP_ADMP_CHG_ST_IMPORT | \
|
|
+ XCP_ADMP_CHG_ST_EXPORT | \
|
|
+ XCP_ADMP_CHG_ST_1PART)
|
|
+
|
|
+#define XCP__ADMM_SUP_LEGACY \
|
|
+ (XCP_ADMM_AUTHENTICATED | \
|
|
+ XCP_ADMM_EXTWNG | \
|
|
+ XCP_ADMM_WKCLEAN_EXTWNG | \
|
|
+ XCP_ADMM_BATT_LOW | \
|
|
+ XCP_ADMM_API_ACTIVE)
|
|
+
|
|
+#define XCP_ADMS__ALL_LEGACY \
|
|
+ (XCP_ADMS_FIPS2009 | \
|
|
+ XCP_ADMS_BSI2009 | \
|
|
+ XCP_ADMS_FIPS2011 | \
|
|
+ XCP_ADMS_BSI2011 | \
|
|
XCP_ADMS_BSICC2017)
|
|
|
|
+#define XCP__ADMP_SUP_EXT01_LEGACY (0)
|
|
+
|
|
// has compliance any BSI mode
|
|
-#define XCP_ADMS_IS_BSI(mode) (!!(mode & (XCP_ADMS_BSI2009 | \
|
|
- XCP_ADMS_BSI2011 | \
|
|
- XCP_ADMS_BSICC2017 )) )
|
|
+#define XCP_ADMS_IS_BSI(mode) (!!((mode) & (XCP_ADMS_BSI2009 | \
|
|
+ XCP_ADMS_BSI2011 | \
|
|
+ XCP_ADMS_BSICC2017 )) )
|
|
// mask of supported import keys
|
|
// 3k and 4k RSA are not supported
|
|
#define XCP_ADM_IMPEXP_KEYS__MASK \
|
|
@@ -1870,7 +1912,8 @@ typedef enum {
|
|
(1 << XCP_IMPRKEY_EC_P521) | \
|
|
(1 << XCP_IMPRKEY_EC_BP256r) | \
|
|
(1 << XCP_IMPRKEY_EC_BP320r) | \
|
|
- (1 << XCP_IMPRKEY_EC_BP512r))
|
|
+ (1 << XCP_IMPRKEY_EC_BP512r) | \
|
|
+ (1 << XCP_IMPRKEY_EC_P521_TKE))
|
|
|
|
|
|
/*--- audit chains -------------------------------------------------------*/
|
|
@@ -1922,50 +1965,55 @@ typedef enum {
|
|
|
|
/*--- state serialization ------------------------------------------------*/
|
|
typedef enum {
|
|
- XCP_STSTYPE_SECTIONCOUNT = 1, // section count +file hash
|
|
- XCP_STSTYPE_DOMAINIDX_MAX = 2, // largest index +total nr of domains
|
|
- XCP_STSTYPE_DOMAINS_MASK = 3, // bitmask of included domains
|
|
- XCP_STSTYPE_SERIALNR = 4,
|
|
- XCP_STSTYPE_CREATE_TIME = 5, // file date/time (UTC)
|
|
- XCP_STSTYPE_FCV = 6, // public parts of originating FCV
|
|
- XCP_STSTYPE_CARD_QUERY = 7, // card state structure (xcp_info)
|
|
- XCP_STSTYPE_CARD_ADM_SKIS = 8, // card admin SKIs, packed
|
|
- XCP_STSTYPE_CARD_ADM_CERTS = 9, // card admin certificates, packed
|
|
- XCP_STSTYPE_DOM_ADM_SKIS = 10, // domain admin SKIs, packed
|
|
- XCP_STSTYPE_DOM_ADM_CERTS = 11, // domain admin certificates, packed
|
|
- XCP_STSTYPE_DOM_QUERY = 12, // domain state structure (xcp_info)
|
|
- XCP_STSTYPE_KPH_SKIS = 13, // count and SKIs of targeted KPHs
|
|
- XCP_STSTYPE_CARD_ATTRS = 14, // card attributes
|
|
- XCP_STSTYPE_DOM_ATTRS = 15, // domain attributes
|
|
- XCP_STSTYPE_CARD_TRANSCTR = 16, // card transaction counter
|
|
- XCP_STSTYPE_DOM_TRANSCTR = 17, // domain transaction counter
|
|
- XCP_STSTYPE_WK_ENCR_ALG = 18,
|
|
- XCP_STSTYPE_WK_ENCR_DATA = 19,
|
|
- XCP_STSTYPE_SIG_CERT_COUNT = 20,
|
|
- XCP_STSTYPE_SIG_CERTS = 21,
|
|
- XCP_STSTYPE_FILE_SIG = 22,
|
|
- XCP_STSTYPE_DOM_CPS = 23, // full set of control points
|
|
- XCP_STSTYPE_STATE_SALT = 24,
|
|
- XCP_STSTYPE_KEYPART = 25, // encrypted keypart (RecipientInfo)
|
|
- XCP_STSTYPE_KEYPART_SIG = 26, // signature on encrypted keypart
|
|
- XCP_STSTYPE_KEYPART_COUNT = 27, // total number of keyparts
|
|
- XCP_STSTYPE_KEYPART_LIMIT = 28, // number of keyparts needed to
|
|
- // restore
|
|
- XCP_STSTYPE_KEYPART_CERT = 29, // certificate of keypart holder
|
|
- XCP_STSTYPE_CERT_AUTH = 30, // certificate authority issuing
|
|
- // some of the certificates. This
|
|
- // field contains host-supplied data
|
|
- // and it is ignored by EP11 itself.
|
|
- XCP_STSTYPE_STATE_SCOPE = 31, // restriction on contents of full
|
|
- // state structure
|
|
- XCP_STSTYPE_MULTIIMPORT_MASK
|
|
- = 32, // import only: designate import
|
|
- // request to be replicated into
|
|
- // multiple recipient domains
|
|
- XCP_STSTYPE_CPS_MASK = 33, // bitmask of all CPs supported
|
|
- // by the exporting module
|
|
-
|
|
- XCP_STSTYPE_MAX = XCP_STSTYPE_CPS_MASK
|
|
+ XCP_STSTYPE_SECTIONCOUNT = 1, // section count +file hash
|
|
+ XCP_STSTYPE_DOMAINIDX_MAX = 2, // largest index +total nr of doms
|
|
+ XCP_STSTYPE_DOMAINS_MASK = 3, // bitmask of included domains
|
|
+ XCP_STSTYPE_SERIALNR = 4,
|
|
+ XCP_STSTYPE_CREATE_TIME = 5, // file date/time (UTC)
|
|
+ XCP_STSTYPE_FCV = 6, // public parts of originating FCV
|
|
+ XCP_STSTYPE_CARD_QUERY = 7, // V0 card state struct (xcp_info)
|
|
+ XCP_STSTYPE_CARD_ADM_SKIS = 8, // card admin SKIs, packed
|
|
+ XCP_STSTYPE_CARD_ADM_CERTS = 9, // card admin certificates, packed
|
|
+ XCP_STSTYPE_DOM_ADM_SKIS = 10, // domain admin SKIs, packed
|
|
+ XCP_STSTYPE_DOM_ADM_CERTS = 11, // domain admin certs, packed
|
|
+ XCP_STSTYPE_DOM_QUERY = 12, // domain state struct (xcp_info)
|
|
+ XCP_STSTYPE_KPH_SKIS = 13, // count and SKIs of targeted KPHs
|
|
+ XCP_STSTYPE_CARD_ATTRS = 14, // card attributes
|
|
+ XCP_STSTYPE_DOM_ATTRS = 15, // domain attributes
|
|
+ XCP_STSTYPE_CARD_TRANSCTR = 16, // card transaction counter
|
|
+ XCP_STSTYPE_DOM_TRANSCTR = 17, // domain transaction counter
|
|
+ XCP_STSTYPE_WK_ENCR_ALG = 18,
|
|
+ XCP_STSTYPE_WK_ENCR_DATA = 19,
|
|
+ XCP_STSTYPE_SIG_CERT_COUNT = 20,
|
|
+ XCP_STSTYPE_SIG_CERTS = 21,
|
|
+ XCP_STSTYPE_FILE_SIG = 22,
|
|
+ XCP_STSTYPE_DOM_CPS = 23, // full set of control points
|
|
+ XCP_STSTYPE_STATE_SALT = 24,
|
|
+ XCP_STSTYPE_KEYPART = 25, // encrypted keypart (RecipientInfo)
|
|
+ XCP_STSTYPE_KEYPART_SIG = 26, // signature on encrypted keypart
|
|
+ XCP_STSTYPE_KEYPART_COUNT = 27, // total number of keyparts
|
|
+ XCP_STSTYPE_KEYPART_LIMIT = 28, // number of keyparts needed to
|
|
+ // restore
|
|
+ XCP_STSTYPE_KEYPART_CERT = 29, // certificate of keypart holder
|
|
+ XCP_STSTYPE_CERT_AUTH = 30, // certificate authority issuing
|
|
+ // some of the certificates. This
|
|
+ // field contains host-supplied data
|
|
+ // and it is ignored by EP11 itself.
|
|
+ XCP_STSTYPE_STATE_SCOPE = 31, // restriction on contents of full
|
|
+ // state structure
|
|
+ XCP_STSTYPE_MULTIIMPORT_MASK = 32, // import only: designate import
|
|
+ // request to be replicated into
|
|
+ // multiple recipient domains
|
|
+ XCP_STSTYPE_CPS_MASK = 33, // bitmask of all CPs supported
|
|
+ // by the exporting module
|
|
+ XCP_STSTYPE_CARD_QUERY_V1 = 34, // V1 card state struct (xcp_info)
|
|
+ XCP_STSTYPE_CARD_QUERY_V2 = 35, // V2 card state struct (xcp_info)
|
|
+ XCP_STSTYPE_CARD_EXTADM_SKIS = 36, // ext. card admin SKIs, packed
|
|
+ XCP_STSTYPE_CARD_EXTADM_CERTS = 37, // ext. card admin certs, packed
|
|
+ XCP_STSTYPE_DOM_EXTADM_SKIS = 38, // ext. dom admin SKIs, packed
|
|
+ XCP_STSTYPE_DOM_EXTADM_CERTS = 39, // ext. dom admin certs, packed
|
|
+
|
|
+ XCP_STSTYPE_MAX = XCP_STSTYPE_DOM_EXTADM_CERTS
|
|
} XCP_StateSection_t;
|
|
|
|
typedef enum {
|
|
@@ -1991,7 +2039,11 @@ typedef enum {
|
|
// not return KPH certificates
|
|
XCP_STWK_KP_NO_OA_CHAIN = 8, // keypart section restricted to
|
|
// not return OA certificate chain
|
|
- XCP_STDATA_MAX = ((XCP_STWK_KP_NO_OA_CHAIN *2) -1)
|
|
+ XCP_STDATA_NQS = 0x20,// allow use of non-quantum-safe
|
|
+ // algorithms in KP export/signature
|
|
+ XCP_STDATA_QS = 0x40,// allow use of quantum-safe
|
|
+ // algorithms in KP export/signature
|
|
+ XCP_STDATA_MAX = ((XCP_STDATA_QS *2) -1)
|
|
} XCP_StateType_t;
|
|
|
|
// type || identifier prefixes
|
|
@@ -2124,10 +2176,6 @@ typedef enum {
|
|
#define XCP_EC_MAX_ID_BYTES 11 /* fits all EC names/OIDs */
|
|
|
|
|
|
-// Dilithium related OIDs
|
|
-#define XCP_PQC_DILITHIUM_65_NAME "\x6\xB\x2B\x6\x1\x4\x1\x2\x82\xB\x1\x6\x5"
|
|
-#define XCP_PQC_DILITHIUM_65_NAME_BYTES 13
|
|
-
|
|
/*------------------------------------*/
|
|
typedef enum {
|
|
XCP_EC_C_NIST_P192 = 1, /* NIST, FP curves */
|
|
@@ -2158,6 +2206,7 @@ typedef enum {
|
|
XCP_EC_C_ED25519 = 26, /* ed25519, EDDSA */
|
|
|
|
|
|
+ XCP_EC_C_MAX = 27 /* last possible value */
|
|
|
|
} XCP_ECcurve_t;
|
|
|
|
@@ -2175,6 +2224,56 @@ typedef enum {
|
|
} XCP_ECCurveGrp_t;
|
|
|
|
|
|
+/*--- PQC algorithms ------------------------------------------------------*/
|
|
+
|
|
+// Dilithium related OIDs
|
|
+// Round 2 Dilithium-3 (5-4)
|
|
+#define XCP_PQC_DILITHIUM_R2_54 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x1\x5\x4"
|
|
+#define XCP_PQC_DILITHIUM_R2_54_BYTES 13
|
|
+// Round 2 Dilithium-4 (6-5)
|
|
+#define XCP_PQC_DILITHIUM_R2_65 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x1\x6\x5"
|
|
+#define XCP_PQC_DILITHIUM_R2_65_BYTES 13
|
|
+// Round 2 Dilithium-5 (8-7)
|
|
+#define XCP_PQC_DILITHIUM_R2_87 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x1\x8\x7"
|
|
+#define XCP_PQC_DILITHIUM_R2_87_BYTES 13
|
|
+// Round 3 Dilithium-2 (4-4)
|
|
+#define XCP_PQC_DILITHIUM_R3_44 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x7\x4\x4"
|
|
+#define XCP_PQC_DILITHIUM_R3_44_BYTES 13
|
|
+// Round 3 Dilithium-3 (6-5)
|
|
+#define XCP_PQC_DILITHIUM_R3_65 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x7\x6\x5"
|
|
+#define XCP_PQC_DILITHIUM_R3_65_BYTES 13
|
|
+// Round 3 Dilithium-5 (8-7)
|
|
+#define XCP_PQC_DILITHIUM_R3_87 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x7\x8\x7"
|
|
+#define XCP_PQC_DILITHIUM_R3_87_BYTES 13
|
|
+
|
|
+// Round 2 Kyber 512
|
|
+#define XCP_PQC_KYBER_R2_512 "\x6\x9\x2B\x6\x1\x4\x1\x2\x82\xB\x5"
|
|
+#define XCP_PQC_KYBER_R2_512_BYTES 11
|
|
+
|
|
+// Round 2 Kyber 768
|
|
+#define XCP_PQC_KYBER_R2_768 "\x6\xB\x2B\x6\x1\x4\x1\x2\x82\xB\x5\x3\x3"
|
|
+#define XCP_PQC_KYBER_R2_768_BYTES 13
|
|
+
|
|
+// Round 2 Kyber 1024
|
|
+#define XCP_PQC_KYBER_R2_1024 "\x6\xB\x2B\x6\x1\x4\x1\x2\x82\xB\x5\x4\x4"
|
|
+#define XCP_PQC_KYBER_R2_1024_BYTES 13
|
|
+
|
|
+/*------------------------------------*/
|
|
+typedef enum {
|
|
+ XCP_PQC_S_DILITHIUM_R2_54 = 1, /* Round-2 Dilithium */
|
|
+ XCP_PQC_S_DILITHIUM_R2_65 = 2,
|
|
+ XCP_PQC_S_DILITHIUM_R2_87 = 3,
|
|
+ XCP_PQC_S_DILITHIUM_R3_44 = 4, /* Round-3 Dilithium */
|
|
+ XCP_PQC_S_DILITHIUM_R3_65 = 5,
|
|
+ XCP_PQC_S_DILITHIUM_R3_87 = 6,
|
|
+ XCP_PQC_S_KYBER_R2_512 = 7, /* Round-2 Kyber */
|
|
+ XCP_PQC_S_KYBER_R2_768 = 8,
|
|
+ XCP_PQC_S_KYBER_R2_1024 = 9,
|
|
+
|
|
+ XCP_PQC_MAX = XCP_PQC_S_KYBER_R2_1024,
|
|
+} XCP_PQCStrength_t;
|
|
+
|
|
+
|
|
// binary encoding of function/version query
|
|
// SEQUENCE { OCTET STRING (0) }
|
|
// module responds with API version and build ID
|
|
@@ -2343,12 +2442,15 @@ typedef enum {
|
|
XCP_DEV_FLIP_ERRORSTATE = 68, // explicitly flip the setting of the
|
|
// error state of the module
|
|
XCP_DEV_AESKW = 69,
|
|
- XCP_DEV_MAX_INDEX = XCP_DEV_AESKW
|
|
+ XCP_DEV_UNIT_TEST = 72, // run unit tests on module
|
|
+
|
|
+
|
|
+ XCP_DEV_MAX_INDEX = XCP_DEV_UNIT_TEST
|
|
} XCP_DEVcmd_t;
|
|
//
|
|
// upper limit on additional data bytes, for SYS-TEST commands with aux. data
|
|
// (arbitrary limit, commands may restict further)
|
|
-#define XCP_DEV_MAX_DATABYTES ((size_t) 4096)
|
|
+#define XCP_DEV_MAX_DATABYTES ((size_t) 64000)
|
|
//
|
|
// iteration-count limit applies to any iterative call
|
|
// driver[timeout] may interfere; dev-only feature is not otherwise restricted
|
|
@@ -2412,23 +2514,207 @@ typedef enum {
|
|
#define CKG_IBM_MGF1_SHA3_384 (CKG_VENDOR_DEFINED +3)
|
|
#define CKG_IBM_MGF1_SHA3_512 (CKG_VENDOR_DEFINED +4)
|
|
|
|
+#if !defined(CKD_VENDOR_DEFINED)
|
|
+#define CKD_VENDOR_DEFINED 0x80000000UL
|
|
+#endif
|
|
|
|
+#define CKD_IBM_HYBRID_NULL (CKD_VENDOR_DEFINED + 0x00000001UL)
|
|
+#define CKD_IBM_HYBRID_SHA1_KDF (CKD_VENDOR_DEFINED + 0x00000002UL)
|
|
+#define CKD_IBM_HYBRID_SHA224_KDF (CKD_VENDOR_DEFINED + 0x00000003UL)
|
|
+#define CKD_IBM_HYBRID_SHA256_KDF (CKD_VENDOR_DEFINED + 0x00000004UL)
|
|
+#define CKD_IBM_HYBRID_SHA384_KDF (CKD_VENDOR_DEFINED + 0x00000005UL)
|
|
+#define CKD_IBM_HYBRID_SHA512_KDF (CKD_VENDOR_DEFINED + 0x00000006UL)
|
|
|
|
-typedef uint64_t target_t;
|
|
-
|
|
-#define XCP_TGT_INIT ~0UL
|
|
+#define XCP_MODEL_CEX4P 4
|
|
+#define XCP_MODEL_CEX5P 5
|
|
+#define XCP_MODEL_CEX6P 6
|
|
+#define XCP_MODEL_CEX7P 7
|
|
+#define XCP_MODEL_CEX8P 8
|
|
|
|
-#define XCP_TGT_FMT "x%016" PRIx64
|
|
+/*--------------------------------------------------------------------------*/
|
|
+// max value for target groups
|
|
+#define XCP_MAX_GRPIDX 1024u
|
|
|
|
-// initializes the library
|
|
-int m_init(void);
|
|
-// shutting down the library
|
|
-int m_shutdown(void);
|
|
+//
|
|
+// macros for setting/checking and removing domains from (tgt.mgmt) domain mask
|
|
+#define XCPTGTMASK_SET_DOM(mask, domain) \
|
|
+ ((mask)[((domain)/8)] |= (1 << (7-(domain)%8)))
|
|
+#define XCPTGTMASK_DOM_IS_SET(mask, domain) \
|
|
+ ((mask)[((domain)/8)] & (1 << (7-(domain)%8)))
|
|
+#define XCPTGTMASK_CLR_DOM(mask, domain) \
|
|
+ ((mask)[((domain)/8)] &= ~(1 << (7-(domain)%8)))
|
|
+
|
|
+
|
|
+/* flags that can be set for the target tokens
|
|
+ *
|
|
+ * This flags are domain specific and are therefore called domain flags
|
|
+ *
|
|
+ * start of flags is >16 Bit. Max value for domains is 0xFF. Should be enough
|
|
+ * room for extensions
|
|
+ */
|
|
+#define XCP_TGTFL_WCAP 0x10000000 /* Capture wire request in output buffer
|
|
+ * without sending it to the module
|
|
+ */
|
|
+#define XCP_TGTFL_WCAP_SQ 0x20000000 /* Size query: Return size of request in
|
|
+ * output buffer length field
|
|
+ */
|
|
+#define XCP_TGTFL_SET_SCMD 0x40000000 /* Protected key special command: Set the
|
|
+ * special command flag in the CPRB
|
|
+ * header
|
|
+ */
|
|
+#define XCP_TGTFL_API_CHKD 0x80000000 /* supported API version of modules in
|
|
+ * target (group) has been checked
|
|
+ */
|
|
+
|
|
+#define XCP_TGTFL_NO_LOCK 0x01000000 /* target token ignores sequential locks
|
|
+ * for target probing
|
|
+ */
|
|
+#define XCP_TGTFL_CHK_ATTR 0x02000000 /* reject unknown attribute in attribute
|
|
+ * templates with
|
|
+ * CKR_TEMPLATE_INCONSISTENT. Default is
|
|
+ * to ignore unknown attributes.
|
|
+ */
|
|
+#define XCP_TGTFL_SET_ACMD 0x04000000 /* add CPRB admin flag to CPRB header */
|
|
+
|
|
+#define XCP_TGTFL_NO_SPLIT 0x08000000 /* enforce single-shot requests */
|
|
+
|
|
+//--------------------------------------
|
|
+// socket use only
|
|
+#define XCP_MAXCONNECTIONS 64 /* max value for active connections */
|
|
+#define XCP_MAX_PORT 0xffff
|
|
+
|
|
+// hostname and port value fore one module
|
|
+typedef struct XCP_ModuleSocket {
|
|
+ char host[ MAX_FNAME_CHARS +1 ];
|
|
+ uint32_t port;
|
|
+} *XCP_ModuleSocket_t ;
|
|
+
|
|
+
|
|
+//--------------------------------------
|
|
+// diagnostics use only
|
|
+typedef struct XCP_DomainPerf {
|
|
+ /* perf value of last request per domain
|
|
+ *
|
|
+ * At the moment unused
|
|
+ * */
|
|
+ unsigned int lastperf[ 256 ];
|
|
+} *XCP_DomainPerf_t;
|
|
+
|
|
+
|
|
+// current version of XCP_Module structure; host code SHOULD interact with
|
|
+// future/past versions, MUST be set by caller before using m_add_module()
|
|
+// valid versions are all >0
|
|
+#define XCP_MOD_VERSION 2
|
|
+//--------------------------------------
|
|
+// subsequent communications with a module MAY skip infrastructure-specific
|
|
+// fields, such as a query not reporting device handles etc., even if they
|
|
+// have been supplied originally when the module has been registered.
|
|
+//
|
|
+typedef struct XCP_Module {
|
|
+ uint32_t version; /* >0 for supported API versions */
|
|
+
|
|
+ uint64_t flags; /* see XCP_Module_Flags */
|
|
+
|
|
+ uint32_t domains; /* max# addressable under this module;
|
|
+ * cached from OS
|
|
+ *
|
|
+ * when callers set domains to 0, the library
|
|
+ * returns the module-claimed domain count.
|
|
+ */
|
|
+
|
|
+ unsigned char domainmask[ 256 /8 ];
|
|
+ /* higher domain# through future flags (none
|
|
+ * currently defined) which would add things
|
|
+ * like 'FLAG_256_1023' etc. at the same time,
|
|
+ * we would add domainmask2[] etc.
|
|
+ * corresponding new fields.
|
|
+ *
|
|
+ * new fields would then store mask for
|
|
+ * domains 256+ etc.
|
|
+ *
|
|
+ * domain #0 is bit x80 of 1st byte,
|
|
+ * #255 is bit 0x01 of last byte.
|
|
+ */
|
|
+
|
|
+ // when a domainmask is supplied, with bits set beyond
|
|
+ // what the module supports, the bitmask is trimmed to
|
|
+ // the supported range, but this is NOT reported as an
|
|
+ // error, unless XCP_MFL_STRICT is also supplied.
|
|
+ //
|
|
+ // without XCP_MFL_STRICT, callers are expected to check
|
|
+ // at least the returned domain count.
|
|
+
|
|
+ /* used only when flags includes XCP_MFL_SOCKET */
|
|
+ struct XCP_ModuleSocket socket;
|
|
+
|
|
+ /* used when system exposes modules through an
|
|
+ * array of transparent pipes, or similar abstraction
|
|
+ * (such as mainframe AP Queues, or other Linux
|
|
+ * 'device-minor' numbers etc.). Interpretation
|
|
+ * is platform-dependent.
|
|
+ *
|
|
+ * used only when flags includes XCP_MFL_MODULE
|
|
+ */
|
|
+ uint32_t module_nr;
|
|
+
|
|
+ /* used by systems which associate devices with
|
|
+ * device handles/structs/etc. persistent state.
|
|
+ * opaque pointer, usually a const pointer to
|
|
+ * such aux structs, MAY be stored here.
|
|
+ *
|
|
+ * interpretation is platform-dependent.
|
|
+ * used only when flags includes XCP_MFL_MHANDLE
|
|
+ */
|
|
+ void *mhandle;
|
|
+ /* diagnostics use only, when XCP_MFL_PERF is set */
|
|
+ struct XCP_DomainPerf perf;
|
|
+ //----- end of v1 fields -------------------------------------------
|
|
+
|
|
+ uint32_t api; /* module api version*/
|
|
+ //----- end of v2 fields -------------------------------------------
|
|
+} *XCP_Module_t ;
|
|
+
|
|
+typedef enum {
|
|
+ XCP_MFL_SOCKET = 1, /* backend is socket-attached */
|
|
+ XCP_MFL_MODULE = 2, /* backends identified in
|
|
+ array-of-modules */
|
|
+ XCP_MFL_MHANDLE = 4, /* backends uses 'module handle' field */
|
|
+ XCP_MFL_PERF = 8, /* performance statistics collected
|
|
+ * for this module, see .perf
|
|
+ */
|
|
+ XCP_MFL_VIRTUAL = 0x10, /* queried 'target' is a load-balancer,
|
|
+ * other other group.
|
|
+ */
|
|
+ XCP_MFL_STRICT = 0x20, /* enable aggressive error checking,
|
|
+ * see field descriptions for effect
|
|
+ */
|
|
+ XCP_MFL_PROBE = 0x40, /* send api query to module, to check if
|
|
+ * target(s) can be used
|
|
+ */
|
|
+ XCP_MFL_ALW_TGT_ADD = 0x80, /* Allows it to use a target in any
|
|
+ * functional and admin call without
|
|
+ * adding it beforehand with
|
|
+ * m_add_module()
|
|
+ */
|
|
+ XCP_MFL_MAX = 0xff
|
|
+} XCP_Module_Flags;
|
|
+
|
|
+typedef uint64_t target_t;
|
|
+
|
|
+#define XCP_TGT_INIT ~0UL
|
|
+
|
|
+#define XCP_TGT_FMT "x%016" PRIx64
|
|
|
|
int m_add_module(XCP_Module_t module, target_t *target) ;
|
|
|
|
int m_rm_module(XCP_Module_t module, target_t target) ;
|
|
|
|
+CK_RV m_admin (unsigned char *response1, size_t *r1len,
|
|
+ unsigned char *response2, size_t *r2len,
|
|
+ const unsigned char *cmd, size_t clen,
|
|
+ const unsigned char *sigs, size_t slen,
|
|
+ target_t target) ;
|
|
+
|
|
/*----------------------------------------------------------------------
|
|
* CK_... type arguments correspond to the original PKCS#11 call's
|
|
* arguments. Standard types mean PKCS#11 objects (session, token etc.)
|
|
@@ -2442,11 +2728,31 @@ int m_rm_module(XCP_Module_t module, target_t target) ;
|
|
* For certain operations, such as _GenerateKey, there are no real
|
|
* PKCS#11 type parameters at this level.
|
|
*/
|
|
+
|
|
+
|
|
+CK_RV m_Login ( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen,
|
|
+ const unsigned char *nonce, size_t nlen,
|
|
+ unsigned char *pinblob, size_t *pinbloblen,
|
|
+ target_t target) ;
|
|
+CK_RV m_Logout ( const unsigned char *pin, size_t len, target_t target) ;
|
|
+
|
|
+CK_RV m_LoginExtended( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen,
|
|
+ const unsigned char *nonce, size_t nlen,
|
|
+ const unsigned char *xstruct, size_t xslen,
|
|
+ unsigned char *pinblob, size_t *pinbloblen,
|
|
+ target_t target) ;
|
|
+
|
|
+CK_RV m_LogoutExtended( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen,
|
|
+ const unsigned char *nonce, size_t nlen,
|
|
+ const unsigned char *xstruct, size_t xslen,
|
|
+ target_t target) ;
|
|
+
|
|
CK_RV m_GenerateRandom (CK_BYTE_PTR rnd, CK_ULONG len, target_t target) ;
|
|
/**/
|
|
/* note: external seeding not supported */
|
|
CK_RV m_SeedRandom (CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen,
|
|
target_t target) ;
|
|
+
|
|
CK_RV m_DigestInit (unsigned char *state, size_t *len,
|
|
const CK_MECHANISM_PTR pmech,
|
|
target_t target) ;
|
|
@@ -2469,6 +2775,73 @@ CK_RV m_DigestSingle (CK_MECHANISM_PTR pmech,
|
|
CK_BYTE_PTR digest, CK_ULONG_PTR dlen,
|
|
target_t target) ;
|
|
|
|
+CK_RV m_GenerateKey (CK_MECHANISM_PTR pmech,
|
|
+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount,
|
|
+ const unsigned char *pin, size_t pinlen,
|
|
+ unsigned char *key, size_t *klen,
|
|
+ unsigned char *csum, size_t *clen,
|
|
+ target_t target) ;
|
|
+/**/
|
|
+CK_RV m_GenerateKeyPair (CK_MECHANISM_PTR pmech,
|
|
+ CK_ATTRIBUTE_PTR ppublic, CK_ULONG pubattrs,
|
|
+ CK_ATTRIBUTE_PTR pprivate, CK_ULONG prvattrs,
|
|
+ const unsigned char *pin, size_t pinlen,
|
|
+ unsigned char *key, size_t *klen,
|
|
+ unsigned char *pubkey, size_t *pklen,
|
|
+ target_t target) ;
|
|
+
|
|
+/* mackey is NULL for PKCS#11 formats, not for authenticated ones */
|
|
+CK_RV m_WrapKey (const unsigned char *key, size_t keylen,
|
|
+ const unsigned char *kek, size_t keklen,
|
|
+ const unsigned char *mackey, size_t mklen,
|
|
+ const CK_MECHANISM_PTR pmech,
|
|
+ CK_BYTE_PTR wrapped, CK_ULONG_PTR wlen,
|
|
+ target_t target) ;
|
|
+/**/
|
|
+/* mackey is NULL for PKCS#11 formats, not for authenticated ones */
|
|
+CK_RV m_UnwrapKey (const CK_BYTE_PTR wrapped, CK_ULONG wlen,
|
|
+ const unsigned char *kek, size_t keklen,
|
|
+ const unsigned char *mackey, size_t mklen,
|
|
+ const unsigned char *pin, size_t pinlen,
|
|
+ const CK_MECHANISM_PTR uwmech,
|
|
+ const CK_ATTRIBUTE_PTR ptempl, CK_ULONG pcount,
|
|
+ unsigned char *unwrapped, size_t *uwlen,
|
|
+ CK_BYTE_PTR csum, CK_ULONG *cslen,
|
|
+ target_t target) ;
|
|
+
|
|
+CK_RV m_DeriveKey ( CK_MECHANISM_PTR pderivemech,
|
|
+ CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount,
|
|
+ const unsigned char *basekey, size_t bklen,
|
|
+ const unsigned char *data, size_t dlen,
|
|
+ const unsigned char *pin, size_t pinlen,
|
|
+ unsigned char *newkey, size_t *nklen,
|
|
+ unsigned char *csum, size_t *cslen,
|
|
+ target_t target) ;
|
|
+
|
|
+CK_RV m_GetAttributeValue (const unsigned char *obj, size_t olen,
|
|
+ CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
|
+ target_t target) ;
|
|
+CK_RV m_SetAttributeValue (unsigned char *obj, size_t olen,
|
|
+ CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
|
+ target_t target) ;
|
|
+
|
|
+/**/
|
|
+CK_RV m_GetMechanismList (CK_SLOT_ID slot,
|
|
+ CK_MECHANISM_TYPE_PTR mechs,
|
|
+ CK_ULONG_PTR count,
|
|
+ target_t target) ;
|
|
+CK_RV m_GetMechanismInfo (CK_SLOT_ID slot,
|
|
+ CK_MECHANISM_TYPE mech,
|
|
+ CK_MECHANISM_INFO_PTR pmechinfo,
|
|
+ target_t target) ;
|
|
+
|
|
+CK_RV m_get_xcp_info (CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes,
|
|
+ unsigned int query,
|
|
+ unsigned int subquery,
|
|
+ target_t target) ;
|
|
+
|
|
+// see also: CK_IBM_XCPQUERY_t
|
|
+
|
|
CK_RV m_EncryptInit (unsigned char *state, size_t *slen,
|
|
CK_MECHANISM_PTR pmech,
|
|
const unsigned char *key, size_t klen,
|
|
@@ -2516,21 +2889,6 @@ CK_RV m_DecryptSingle (const unsigned char *key, size_t klen,
|
|
CK_BYTE_PTR plain, CK_ULONG_PTR plen,
|
|
target_t target) ;
|
|
|
|
-CK_RV m_GenerateKey (CK_MECHANISM_PTR pmech,
|
|
- CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount,
|
|
- const unsigned char *pin, size_t pinlen,
|
|
- unsigned char *key, size_t *klen,
|
|
- unsigned char *csum, size_t *clen,
|
|
- target_t target) ;
|
|
-/**/
|
|
-CK_RV m_GenerateKeyPair (CK_MECHANISM_PTR pmech,
|
|
- CK_ATTRIBUTE_PTR ppublic, CK_ULONG pubattrs,
|
|
- CK_ATTRIBUTE_PTR pprivate, CK_ULONG prvattrs,
|
|
- const unsigned char *pin, size_t pinlen,
|
|
- unsigned char *key, size_t *klen,
|
|
- unsigned char *pubkey, size_t *pklen,
|
|
- target_t target) ;
|
|
-
|
|
CK_RV m_SignInit (unsigned char *state, size_t *slen,
|
|
CK_MECHANISM_PTR alg,
|
|
const unsigned char *key, size_t klen,
|
|
@@ -2574,72 +2932,6 @@ CK_RV m_VerifySingle (const unsigned char *key, size_t klen,
|
|
CK_BYTE_PTR sig, CK_ULONG slen,
|
|
target_t target) ;
|
|
|
|
-/* mackey is NULL for PKCS#11 formats, not for authenticated ones */
|
|
-CK_RV m_WrapKey (const unsigned char *key, size_t keylen,
|
|
- const unsigned char *kek, size_t keklen,
|
|
- const unsigned char *mackey, size_t mklen,
|
|
- const CK_MECHANISM_PTR pmech,
|
|
- CK_BYTE_PTR wrapped, CK_ULONG_PTR wlen,
|
|
- target_t target) ;
|
|
-/**/
|
|
-/* mackey is NULL for PKCS#11 formats, not for authenticated ones */
|
|
-CK_RV m_UnwrapKey (const CK_BYTE_PTR wrapped, CK_ULONG wlen,
|
|
- const unsigned char *kek, size_t keklen,
|
|
- const unsigned char *mackey, size_t mklen,
|
|
- const unsigned char *pin, size_t pinlen,
|
|
- const CK_MECHANISM_PTR uwmech,
|
|
- const CK_ATTRIBUTE_PTR ptempl, CK_ULONG pcount,
|
|
- unsigned char *unwrapped, size_t *uwlen,
|
|
- CK_BYTE_PTR csum, CK_ULONG *cslen,
|
|
- target_t target) ;
|
|
-
|
|
-CK_RV m_DeriveKey ( CK_MECHANISM_PTR pderivemech,
|
|
- CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount,
|
|
- const unsigned char *basekey, size_t bklen,
|
|
- const unsigned char *data, size_t dlen,
|
|
- const unsigned char *pin, size_t pinlen,
|
|
- unsigned char *newkey, size_t *nklen,
|
|
- unsigned char *csum, size_t *cslen,
|
|
- target_t target) ;
|
|
-
|
|
-/**/
|
|
-CK_RV m_GetMechanismList (CK_SLOT_ID slot,
|
|
- CK_MECHANISM_TYPE_PTR mechs,
|
|
- CK_ULONG_PTR count,
|
|
- target_t target) ;
|
|
-CK_RV m_GetMechanismInfo (CK_SLOT_ID slot,
|
|
- CK_MECHANISM_TYPE mech,
|
|
- CK_MECHANISM_INFO_PTR pmechinfo,
|
|
- target_t target) ;
|
|
-
|
|
-CK_RV m_GetAttributeValue (const unsigned char *obj, size_t olen,
|
|
- CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
|
- target_t target) ;
|
|
-CK_RV m_SetAttributeValue (unsigned char *obj, size_t olen,
|
|
- CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
|
|
- target_t target) ;
|
|
-
|
|
-
|
|
-CK_RV m_Login ( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen,
|
|
- const unsigned char *nonce, size_t nlen,
|
|
- unsigned char *pinblob, size_t *pinbloblen,
|
|
- target_t target) ;
|
|
-CK_RV m_Logout ( const unsigned char *pin, size_t len, target_t target) ;
|
|
-
|
|
-CK_RV m_admin (unsigned char *response1, size_t *r1len,
|
|
- unsigned char *response2, size_t *r2len,
|
|
- const unsigned char *cmd, size_t clen,
|
|
- const unsigned char *sigs, size_t slen,
|
|
- target_t target) ;
|
|
-
|
|
-CK_RV m_get_xcp_info (CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes,
|
|
- unsigned int query,
|
|
- unsigned int subquery,
|
|
- target_t target) ;
|
|
-
|
|
-// see also: CK_IBM_XCPQUERY_t
|
|
-
|
|
-
|
|
// m_wire() by default removes transport headers of responses (CPRB header etc.)
|
|
// setting to prevent stripping:
|
|
//
|
|
@@ -2661,17 +2953,20 @@ CK_RV m_wire (unsigned char *rsp, size_t *rsplen, CK_RV *irv,
|
|
#define XCP_W_NO_SEND_CPRB 1 /* data already includes request header */
|
|
#define XCP_W_NO_RECV_CPRB 2 /* leave transport header in response */
|
|
|
|
+// initializes the library
|
|
+int m_init(void);
|
|
+// shutting down the library
|
|
+int m_shutdown(void);
|
|
|
|
-/*-- build identification ------------------------------------------------*/
|
|
|
|
-#define XCP_BUILD_ID 0x9c14a5e6
|
|
-#define XCP_BUILD_DATE 0x20220610 /* UTC */
|
|
-#define XCP_BUILD_TIME 0x123354 /* UTC */
|
|
|
|
-/*--------------------------------------------------------------------------*/
|
|
-/*--------------------------------------------------------------------------*/
|
|
+/*-- build identification ------------------------------------------------*/
|
|
|
|
+#define XCP_BUILD_ID 0xf1d34cc2
|
|
+#define XCP_BUILD_DATE 0x20221214 /* UTC */
|
|
+#define XCP_BUILD_TIME 0x094523 /* UTC */
|
|
|
|
+/*--------------------------------------------------------------------------*/
|
|
#define __XCP_REASONCODES_H__ 1
|
|
|
|
|
|
@@ -2823,14 +3118,10 @@ typedef enum {
|
|
} XCP_ReasonCode_t ;
|
|
|
|
|
|
-
|
|
-
|
|
-#if ! defined(__transport_fns_h__)
|
|
-#define __transport_fns_h__
|
|
-
|
|
/* function identifiers must be consecutive, between: */
|
|
#define __MIN_MOD_FNID 1
|
|
-#define __MAX_MOD_FNID 43
|
|
+#define __MAX_MOD_FNID 42
|
|
+/* selectively disabled functions within that range reported separately */
|
|
|
|
#define __FNID_Login 1
|
|
#define __FNID_Logout 2
|
|
@@ -2938,8 +3229,6 @@ typedef enum {
|
|
#define __HOST2MOD_DATAPRM 9
|
|
#define __MOD2HOST_DATAPRM 2
|
|
|
|
-#endif /* n defined(__transport_fns_h__) */
|
|
-
|
|
|
|
#endif /* n defined(XCP_H__) */
|
|
|
|
diff --git a/usr/lib/ep11_stdll/ep11adm.h b/usr/lib/ep11_stdll/ep11adm.h
|
|
index ecb524d5..0cd50a65 100644
|
|
--- a/usr/lib/ep11_stdll/ep11adm.h
|
|
+++ b/usr/lib/ep11_stdll/ep11adm.h
|
|
@@ -25,34 +25,6 @@
|
|
#error "We need <ep11.h> types, please include before this file."
|
|
#endif
|
|
|
|
-// these numbers apply to current version, subject to change
|
|
-// Please note that this defines are DEPRECATED. Please use their XCP_*
|
|
-// counterpart in ep11.h
|
|
-//
|
|
-#if !defined(EP11_SERIALNR_CHARS)
|
|
-#define EP11_SERIALNR_CHARS XCP_SERIALNR_CHARS
|
|
-#endif
|
|
-
|
|
-#if !defined(EP11_KEYCSUM_BYTES)
|
|
-/* full size of verific. pattern */
|
|
-#define EP11_KEYCSUM_BYTES XCP_KEYCSUM_BYTES
|
|
-#endif
|
|
-
|
|
-#if !defined(EP11_ADMCTR_BYTES)
|
|
-/* admin transaction ctrs */
|
|
-#define EP11_ADMCTR_BYTES XCP_ADMCTR_BYTES
|
|
-#endif
|
|
-
|
|
-#if !defined(EP11_ADM_REENCRYPT)
|
|
-/* transform blobs to next WK */
|
|
-#define EP11_ADM_REENCRYPT XCP_ADM_REENCRYPT
|
|
-#endif
|
|
-
|
|
-#if !defined(CK_IBM_EP11Q_DOMAIN)
|
|
-/* list domain's WK hashes */
|
|
-#define CK_IBM_EP11Q_DOMAIN CK_IBM_XCPQ_DOMAIN
|
|
-#endif
|
|
-// end of DEPRECATED defines
|
|
|
|
//-------------------------------------
|
|
// flags common to all functions that have a flag parameter
|
|
@@ -100,13 +72,22 @@
|
|
|
|
#define DOMAIN_MASK_LENGTH XCP_DOMAINS/8 // space for 256 domains
|
|
|
|
-
|
|
+//-------------------------------------
|
|
+// Key-Part-Holder template
|
|
+// contain credentials of a key-part holder. Those credentials
|
|
+// can be file based and/or smart card based references.
|
|
struct KPH {
|
|
- const unsigned char *cert;
|
|
- size_t clen;
|
|
- const char *id;
|
|
- const char *pw;
|
|
- const char *kpfname;
|
|
+ const unsigned char *cert; // certificate
|
|
+ size_t clen; // certificate length
|
|
+ const char *id; // private key
|
|
+ const char *pw; // private key passphrase
|
|
+ const char *kpfname; // filename of the key-part
|
|
+ char scard; // indicates a smart card user
|
|
+ char ski_id; // subject key identifier ID
|
|
+ int rdr_id; // smart card reader number
|
|
+ char kp_id; // key-part ID
|
|
+ uint64_t sigmech; // signature mechenism
|
|
+ const char *padmode; // padding mode
|
|
} ;
|
|
|
|
|
|
@@ -159,30 +140,6 @@ typedef struct XCPadmresp {
|
|
#define XCP_ADMRESP_INIT0 { 0,0,0, {0},{0},{0}, {0}, CKR_OK, 0, NULL,0, }
|
|
|
|
|
|
-// ep11_admresp_t is DEPRECATED. Please use XCPadmresp_t directly
|
|
-typedef struct ep11_admresp {
|
|
- uint32_t fn;
|
|
- uint32_t domain;
|
|
- uint32_t domainInst;
|
|
-
|
|
- /* module ID || module instance */
|
|
- unsigned char module[ EP11_SERIALNR_CHARS + EP11_SERIALNR_CHARS ];
|
|
- unsigned char modNr[ EP11_SERIALNR_CHARS ];
|
|
- unsigned char modInst[ EP11_SERIALNR_CHARS ];
|
|
-
|
|
- unsigned char tctr[ EP11_ADMCTR_BYTES ]; /* transaction counter */
|
|
-
|
|
- CK_RV rv;
|
|
- uint32_t reason;
|
|
-
|
|
- // points to original response; NULL if no payload
|
|
- // make sure it's copied if used after releasing response block
|
|
- //
|
|
- const unsigned char *payload;
|
|
- size_t pllen;
|
|
-} *ep11_admresp_t;
|
|
-
|
|
-
|
|
//-------------------------------------
|
|
// listing of CP modes with their respective sets of control points that are
|
|
// either required or prohibited
|
|
@@ -249,9 +206,39 @@ static const struct {
|
|
XCP_CPB_ALG_NBSI2011, XCP_CPB_ALG_DH,
|
|
XCP_CPB_DERIVE },
|
|
},
|
|
+ { XCP_ADMS_FIPS2021, "fips2021",
|
|
+ 15,
|
|
+ { XCP_CPB_ALG_NFIPS2011, XCP_CPB_KEYSZ_80BIT,
|
|
+ XCP_CPB_KEYSZ_RSA65536,
|
|
+ XCP_CPB_ALG_NFIPS2021, XCP_CPB_ALG_EC_25519,
|
|
+ XCP_CPB_ALG_PQC, XCP_CPB_BTC,
|
|
+ XCP_CPB_ECDSA_OTHER, XCP_CPB_ALLOW_NONSESSION,
|
|
+ XCP_CPB_ALG_EC_SECGCRV, XCP_CPB_ALG_EC_BPOOLCRV,
|
|
+ XCP_CPB_COMPAT_LEGACY_SHA3, XCP_CPB_DSA_PARAMETER_GEN,
|
|
+ XCP_CPB_WRAP_ASYMM, XCP_CPB_UNWRAP_ASYMM
|
|
+ },
|
|
+ 0,
|
|
+ { },
|
|
+ },
|
|
+ { XCP_ADMS_FIPS2024, "fips2024",
|
|
+ 16,
|
|
+ { XCP_CPB_ALG_NFIPS2011, XCP_CPB_KEYSZ_80BIT,
|
|
+ XCP_CPB_KEYSZ_RSA65536,
|
|
+ XCP_CPB_ALG_NFIPS2021, XCP_CPB_ALG_EC_25519,
|
|
+ XCP_CPB_ALG_PQC, XCP_CPB_BTC,
|
|
+ XCP_CPB_ECDSA_OTHER, XCP_CPB_ALLOW_NONSESSION,
|
|
+ XCP_CPB_ALG_EC_SECGCRV, XCP_CPB_ALG_EC_BPOOLCRV,
|
|
+ XCP_CPB_ALG_NFIPS2024, XCP_CPB_COMPAT_LEGACY_SHA3,
|
|
+ XCP_CPB_DSA_PARAMETER_GEN, XCP_CPB_WRAP_ASYMM,
|
|
+ XCP_CPB_UNWRAP_ASYMM
|
|
+ },
|
|
+ 0,
|
|
+ { },
|
|
+ // XCP_ADMS_ADM_FIPS2021 is not reported here as it is not set with
|
|
+ // control points
|
|
+ }
|
|
} ;
|
|
|
|
-
|
|
//-------------------------------------
|
|
// Structure to collect all relevant data for state export/import
|
|
//
|
|
@@ -351,21 +338,12 @@ long xcpa_certreplace(unsigned char *blk, size_t blen,
|
|
|
|
|
|
//-------------------------------------
|
|
-// xcpa_query_wk queries the hash of the current/next WK for the given target
|
|
-// xcpa_query_wk without the feature define EP11ADM_V2 can only query the hash
|
|
-// of the current WK. Latter version is deprecated and will be removed with the
|
|
-// next major release
|
|
+// Queries the current/next WK for the given target
|
|
//
|
|
-// Parameter description:
|
|
-// wk pointer to the output buffer, contains current/next WK hash after
|
|
-// call
|
|
-// wlen needs to be set to the size of the output buffer
|
|
-// type CK_IBM_DOM_CURR_WK or CK_IBM_DOM_NEXT_WK (only available with
|
|
-// EP11ADM_V2 defined)
|
|
-// target a single target set up with m_add_module
|
|
+// WK Hash is returned in (*wk, wlen) on success if wk is not NULL
|
|
//
|
|
// returns >0 (bytecount) if present
|
|
-// 0 if valid but no current/next WK
|
|
+// 0 if valid but no current WK
|
|
// <0 if anything failed
|
|
//
|
|
// Possible error return codes:
|
|
@@ -375,14 +353,7 @@ long xcpa_certreplace(unsigned char *blk, size_t blen,
|
|
//
|
|
// Uses xcpa_queryblock() - See function header for possible return codes
|
|
//
|
|
-#if defined(EP11ADM_V2)
|
|
-__asm__(".symver xcpa_query_wk, xcpa_query_wk@EP11ADM_V2");
|
|
-long xcpa_query_wk(unsigned char *wk, size_t wlen, int type,
|
|
- target_t target) ;
|
|
-#else
|
|
-long xcpa_query_wk(unsigned char *wk, size_t wlen, target_t target)
|
|
- __attribute__ ((deprecated));
|
|
-#endif
|
|
+long xcpa_query_wk(unsigned char *wk, size_t wlen, int type, target_t target) ;
|
|
|
|
|
|
//-------------------------------------
|
|
@@ -681,12 +652,13 @@ long xcpa_set_cps(target_t target,
|
|
//-------------------------------------
|
|
// get compliance mode from CP set (see ep11_cpt_modes[] for possible compliance
|
|
// modes)
|
|
+// can not check for administrative compliance modes
|
|
//
|
|
// cps CP set of XCP_CP_BYTES length, see xcpa_query_cps
|
|
//
|
|
// returns >0 compliance mode (see XCP_ADMS_...)
|
|
//
|
|
-// does not verify CP set!
|
|
+// does not verify CP set
|
|
//
|
|
uint32_t xcpa_cps2compliance(const unsigned char *cps /* XCP_CP_BYTES */) ;
|
|
|
|
@@ -823,7 +795,10 @@ typedef struct Encrdkey {
|
|
// EC only: RSA recipients must keep these lengths 0
|
|
//
|
|
// largest supported curve: P-521
|
|
-
|
|
+ unsigned char srcprivate[ 66 ]; /* private key (PKCS#8) */
|
|
+ size_t sprivlen; /* priv. key byte count */
|
|
+ unsigned char *oid; /* EC curve OID */
|
|
+ size_t olen; /* EC curve OID length */
|
|
unsigned char srcpublic[ 1+66+66 ]; /* originator public point */
|
|
size_t splen; /* pub. point bytecount */
|
|
|
|
@@ -840,18 +815,10 @@ typedef struct Encrdkey {
|
|
int ktype; /* one of the wire-specified types */
|
|
|
|
CK_MECHANISM *alg; /* currently, ignored */
|
|
+ unsigned char wrap_alg[25]; /* AES Key Wrap algorithm OID */
|
|
// largest supported importer type: 4096-bit RSA
|
|
unsigned char raw[ 4096/8 ]; /* actual encrypted bytes */
|
|
size_t rlen;
|
|
-
|
|
-#if defined(EP11ADM_V2)
|
|
- unsigned char srcprivate[ 66 ]; /* private key (PKCS#8) */
|
|
- size_t sprivlen; /* priv. key byte count */
|
|
- unsigned char *oid; /* EC curve OID */
|
|
- size_t olen; /* EC curve OID length */
|
|
-
|
|
- unsigned char wrap_alg[25]; /* AES Key Wrap algorithm OID */
|
|
-#endif
|
|
} *Encrdkey_t;
|
|
|
|
|
|
@@ -893,9 +860,6 @@ long xcp_rcptinfo_sharedinfo(unsigned char *sinfo, size_t slen,
|
|
// creates RecipientInfo ASN.1 sequence (asn) from encr structure following RFC
|
|
// 3852 for RSA and RFC 5753 for EC
|
|
//
|
|
-// uses encr->wrap_alg if EP11ADM_V2 defined. Otherwise assumes aes256-wrap is
|
|
-// used for EC
|
|
-//
|
|
// verifies if a known importer key is used and if the SPKI does match
|
|
// the importer key type
|
|
//
|
|
@@ -907,9 +871,10 @@ long xcp_rcptinfo_sharedinfo(unsigned char *sinfo, size_t slen,
|
|
// XCP_ADMERR_RI_IMPR_INVALID: if the importer type or the key import structure
|
|
// encr is not supported / invalid
|
|
//
|
|
-long xcp_rcptinfo(unsigned char *asn, size_t alen,
|
|
- const struct Encrdkey *encr,
|
|
- const CK_MECHANISM *encrmech) ;
|
|
+long xcp_rcptinfo (unsigned char *asn, size_t alen,
|
|
+ const struct Encrdkey *encr,
|
|
+ const CK_MECHANISM *encrmech) ;
|
|
+
|
|
|
|
//-------------------------------------
|
|
// reads ASN.1 formatted RecipientInfo (asn) and turns it into rinfo structure
|
|
@@ -990,12 +955,8 @@ long xcpa_import_keypart (unsigned char *out, size_t olen,
|
|
// XCP_ADMERR_RI_IMPR_INVALID: importer key type invalid / unsupported or does
|
|
// not match SPKI
|
|
//
|
|
-// uses xcp_rcptinfo and xcpa_cmdblock() - see function header for more return
|
|
-// codes and EP11AMD_V2 specific changes
|
|
+// uses xcpa_cmdblock() - see function header for more return codes
|
|
//
|
|
-#if defined(EP11ADM_V2)
|
|
-__asm__(".symver xcpa_import_cmdblock, xcpa_import_cmdblock@EP11ADM_V2");
|
|
-#endif
|
|
long xcpa_import_cmdblock (unsigned char *out, size_t olen,
|
|
const struct Encrdkey *key,
|
|
const struct XCPadmresp *minf,
|
|
@@ -1164,19 +1125,10 @@ long xcpa_fill_export_req(unsigned char *asn, size_t alen,
|
|
// Constructs key part file with ASN.1 envelope
|
|
// writes output to (*reqprep, reqpreplen)
|
|
//
|
|
-// default version:
|
|
-// statesave contains the target domain mask
|
|
-// kphs keypart holder certificates
|
|
-// ekps contains re-encrypted keyparts
|
|
-// kcnt number of kphs
|
|
-// reqprep output buffer
|
|
-// reqpreplen output length
|
|
-//
|
|
-// with EP11ADM_V2 feature define active:
|
|
// domainmask target domain mask
|
|
// kphs keypart holder certificates
|
|
-// ekps contains re-encrypted keyparts
|
|
// kcnt number of kphs
|
|
+// ekps contains re-encrypted keyparts
|
|
// reqprep output buffer
|
|
// reqpreplen output length
|
|
// headerinfo set to 0 if no header info requested
|
|
@@ -1184,9 +1136,6 @@ long xcpa_fill_export_req(unsigned char *asn, size_t alen,
|
|
//
|
|
// returns 0 if successful
|
|
// <0 if something fails
|
|
-#if defined(EP11ADM_V2)
|
|
-__asm__(".symver xcpa_construct_keypart_file, "
|
|
- "xcpa_construct_keypart_file@EP11ADM_V2");
|
|
long xcpa_construct_keypart_file(unsigned char *domainmask,
|
|
const struct KPH *kphs,
|
|
const struct Encrdkey *ekps,
|
|
@@ -1194,15 +1143,7 @@ long xcpa_construct_keypart_file(unsigned char *domainmask,
|
|
unsigned char *reqprep,
|
|
size_t *reqpreplen,
|
|
unsigned int headerinfo);
|
|
-#else
|
|
-long xcpa_construct_keypart_file(struct STATESAVE *statesave,
|
|
- const struct KPH *kphs,
|
|
- const struct Encrdkey *ekps,
|
|
- unsigned int kcnt,
|
|
- unsigned char *reqprep,
|
|
- size_t *reqpreplen)
|
|
- __attribute__((deprecated));
|
|
-#endif
|
|
+
|
|
|
|
//-------------------------------------
|
|
// Enable export WK permission
|
|
@@ -1254,17 +1195,6 @@ long xcpa_enable_import_state(target_t target,
|
|
// Export the domain WK of the given target
|
|
// writes output to (*resp, resplen)
|
|
//
|
|
-// default version:
|
|
-// target addresses target module/domain
|
|
-// keyparts pointer to the encrypted keyparts
|
|
-// keypartlen length of encrypted keyparts
|
|
-// request pointer to the export request data
|
|
-// requestlen length of request data
|
|
-// sign_cb provide the callback for generating signatures
|
|
-// may be NULL if no signatures required
|
|
-// signopts number of signatures requested
|
|
-//
|
|
-// with EP11ADM_V2 feature define active:
|
|
// target addresses target module/domain
|
|
// wktype indicates either current or next WK
|
|
// keyparts pointer to the encrypted keyparts
|
|
@@ -1274,20 +1204,11 @@ long xcpa_enable_import_state(target_t target,
|
|
// sign_cb provide the callback for generating signatures
|
|
// may be NULL if no signatures required
|
|
// signopts number of signatures requested
|
|
-//
|
|
-#if defined(EP11ADM_V2)
|
|
-__asm__(".symver xcpa_export_wk, xcpa_export_wk@EP11ADM_V2");
|
|
long xcpa_export_wk(target_t target, int wktype,
|
|
unsigned char *keyparts, size_t *keypartlen,
|
|
const unsigned char *request, size_t requestlen,
|
|
xcpa_admin_signs_cb_t sign_cb, const void *signopts);
|
|
-#else
|
|
-long xcpa_export_wk(target_t target,
|
|
- unsigned char *keyparts, size_t *keypartlen,
|
|
- const unsigned char *request, size_t requestlen,
|
|
- xcpa_admin_signs_cb_t sign_cb, const void *signopts)
|
|
- __attribute__((deprecated));
|
|
-#endif
|
|
+
|
|
|
|
//-------------------------------------
|
|
// Export the state of the given target
|
|
@@ -1337,11 +1258,6 @@ long xcpa_import_wk_rcptinfo(target_t target,
|
|
// sign_cb provide the callback for generating signatures
|
|
// may be NULL if no signatures required
|
|
// signopts number of signatures requested
|
|
-//
|
|
-// uses xcp_rcptinfo and is therefore dependent on EP11ADM_V2
|
|
-#if defined(EP11ADM_V2)
|
|
-__asm__(".symver xcpa_import_wk, xcpa_import_wk@EP11ADM_V2");
|
|
-#endif
|
|
long xcpa_import_wk(target_t target, const struct Encrdkey *ekps,
|
|
unsigned int kcnt, const unsigned char *wkvp,
|
|
xcpa_admin_signs_cb_t sign_cb, const void *signopts);
|
|
@@ -1436,11 +1352,11 @@ long xcpa_gen_random_wk(target_t target, unsigned char *wkvp,
|
|
// XCP_ADMERR_SI_OID_MECH_MISMATCH: mismatch between signature and hash
|
|
// mechanism
|
|
//
|
|
-long xcp_signerinfo(unsigned char *asn, size_t alen,
|
|
- const unsigned char *ski, size_t skilen, /* signer */
|
|
- const unsigned char *sig, size_t siglen,
|
|
- const CK_MECHANISM *sigmech,
|
|
- const CK_MECHANISM *hashmech) ;
|
|
+long xcp_signerinfo (unsigned char *asn, size_t alen,
|
|
+ const unsigned char *ski, size_t skilen, /* signer */
|
|
+ const unsigned char *sig, size_t siglen,
|
|
+ const CK_MECHANISM *sigmech,
|
|
+ const CK_MECHANISM *hashmech) ;
|
|
|
|
|
|
//-------------------------------------
|
|
@@ -1461,13 +1377,13 @@ long xcp_signerinfo(unsigned char *asn, size_t alen,
|
|
//
|
|
// no length checks on signature or SKI, other than checking both for non-empty
|
|
//
|
|
-long xcp_signerinfo_read(const unsigned char *sinfo, size_t silen,
|
|
- const unsigned char **ski, size_t *skilen,
|
|
- const unsigned char **sig, size_t *siglen,
|
|
- const unsigned char **hoid, size_t *hoidlen,
|
|
- const unsigned char **soid, size_t *soidlen,
|
|
- CK_MECHANISM *signmech,
|
|
- CK_MECHANISM *hashmech) ;
|
|
+long xcp_signerinfo_read (const unsigned char *sinfo, size_t silen,
|
|
+ const unsigned char **ski, size_t *skilen,
|
|
+ const unsigned char **sig, size_t *siglen,
|
|
+ const unsigned char **hoid, size_t *hoidlen,
|
|
+ const unsigned char **soid, size_t *soidlen,
|
|
+ CK_MECHANISM *signmech,
|
|
+ CK_MECHANISM *hashmech) ;
|
|
|
|
|
|
//-------------------------------------
|
|
@@ -1488,57 +1404,10 @@ long xcp_signerinfo_read(const unsigned char *sinfo, size_t silen,
|
|
//
|
|
// note: we do not verify other details of SPKI; caller must do so
|
|
//
|
|
-long xcp_spki2pubkey(const unsigned char **bitstr,
|
|
- const unsigned char *spki, size_t slen) ;
|
|
-
|
|
-
|
|
-
|
|
-//----------------------------------------------------------------------
|
|
-// The following functions are DEPRECTATED!
|
|
-// for return values see their xcpa_* counterpart
|
|
+long xcp_spki2pubkey (const unsigned char **bitstr,
|
|
+ const unsigned char *spki, size_t slen) ;
|
|
|
|
|
|
-/*----------------------------------------------------------------------
|
|
- * build a command block to (blk,blen), querying 'fn'
|
|
- * (payload,plen) copied to query block if non-NULL
|
|
- *
|
|
- * returns written bytecount; size query if blk is NULL
|
|
- * *minf used for module ID and transaction counter
|
|
- * ignored for commands where those fields are ignored
|
|
- */
|
|
-long ep11a_cmdblock(unsigned char *blk, size_t blen,
|
|
- unsigned int fn,
|
|
- const struct ep11_admresp *minf,
|
|
- const unsigned char *tctr, /* EP11_ADMCTR_BYTES */
|
|
- const unsigned char *payload, size_t plen)
|
|
- __attribute__ ((deprecated)) ;
|
|
-
|
|
-
|
|
-/*----------------------------------------------------------------------
|
|
- * returns <0 if response is malformed, or contents invalid
|
|
- *
|
|
- * parse embedded return value from response, writes to *rv if non-NULL
|
|
- * (outside envelope always reports CKR_OK, unless infrastructure
|
|
- * failed)
|
|
- */
|
|
-long ep11a_internal_rv(const unsigned char *rsp, size_t rlen,
|
|
- struct ep11_admresp *rspblk, CK_RV *rv)
|
|
- __attribute__ ((deprecated)) ;
|
|
-
|
|
-
|
|
-/*----------------------------------------------------------------------
|
|
- * in: [0] query type
|
|
- * out: [0] packed info structure
|
|
- *
|
|
- * outputs are fixed size, except CK_IBM_XCPQ_DOMAINS, which returns a
|
|
- * list therefore, infbytes is ignored by other types (we still check
|
|
- * if present)
|
|
- */
|
|
-CK_RV m_get_ep11_info(CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes,
|
|
- unsigned int query,
|
|
- unsigned int subquery,
|
|
- target_t target)
|
|
- __attribute__ ((deprecated)) ;
|
|
|
|
|
|
/*
|
|
@@ -1548,7 +1417,7 @@ CK_RV m_get_ep11_info(CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes,
|
|
* mask pointer to an 32 byte array that represents our domain mask
|
|
* masksize bit-length of the mask
|
|
*/
|
|
-int xcp_args2mask(char *args, unsigned char *mask, int masksize) ;
|
|
+int xcp_args2mask(char *args, unsigned char *mask, int masksize);
|
|
|
|
|
|
/*
|
|
@@ -1602,6 +1471,10 @@ long xcpa_write_full_file(target_t target,
|
|
unsigned int fileid, unsigned int block);
|
|
|
|
|
|
+long xcpa_remove_file(target_t target, unsigned int fileid,
|
|
+ xcpa_admin_signs_cb_t sign_cb, const void *signopts);
|
|
+
|
|
+
|
|
/* brute-force section parser: enumerate all encrypted-KP sections
|
|
*
|
|
* returns >0 offset of full OCTET STRING T+L+V section
|
|
@@ -1627,5 +1500,15 @@ long xcpa_kps_retrieve_rcptinfo(struct Recipient_info *rcpti,
|
|
const unsigned char *kpexport,
|
|
size_t kplen);
|
|
|
|
+
|
|
+/*
|
|
+ * report domain compliance
|
|
+ *
|
|
+ * returns compliance bitmask if successful and 0 if anything failed
|
|
+ * (as zero is invalid as we always have a default compliance active)
|
|
+ *
|
|
+ */
|
|
+uint64_t get_dom_compl(target_t target);
|
|
+
|
|
#endif /* !defined(__xcpadm_h__) */
|
|
|
|
--
|
|
2.16.2.windows.1
|
|
|