From 1197829d87732e1cae18ee64eefe44f0a6cb391f Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Wed, 16 Feb 2022 10:09:10 +0100 Subject: [PATCH 12/34] EP11: Update EP11 host library header files Signed-off-by: Ingo Franzki --- usr/lib/ep11_stdll/ep11.h | 1345 +++++++++++++++++++++++++----------------- usr/lib/ep11_stdll/ep11adm.h | 305 +++------- 2 files changed, 911 insertions(+), 739 deletions(-) diff --git a/usr/lib/ep11_stdll/ep11.h b/usr/lib/ep11_stdll/ep11.h index cd4f11e5..c68dd045 100644 --- a/usr/lib/ep11_stdll/ep11.h +++ b/usr/lib/ep11_stdll/ep11.h @@ -16,7 +16,6 @@ #if !defined(XCP_H__) #define XCP_H__ - #if !defined(CKR_OK) #include "pkcs11.h" #endif @@ -25,195 +24,10 @@ #error "We need 64-bit types, please include before this file." #endif -// SHA224 etc. are additions to PKCS#11 2.20 -// remove these if host migrates beyond 2.20 as base minimum [unlikely] -// -#if !defined(CKM_SHA224) -#define CKM_SHA224 0x00000255 -#define CKM_SHA224_HMAC 0x00000256 -#define CKM_SHA224_HMAC_GENERAL 0x00000257 -#define CKM_SHA224_RSA_PKCS 0x00000046 -#define CKM_SHA224_RSA_PKCS_PSS 0x00000047 -#define CKM_SHA224_KEY_DERIVATION 0x00000396 -#define CKM_AES_CTR 0x00001086 -#define CKG_MGF1_SHA224 0x00000005 -#endif - -#if !defined(CKM_AES_CMAC) -#define CKM_AES_CMAC 0x0000108a -#endif - -#if !defined(CKM_DES3_CMAC) -#define CKM_DES3_CMAC 0x00000138 -#endif - - - -// max value for target groups -#define XCP_MAX_GRPIDX 1024u -// -// current version of XCP_Module structure; host code SHOULD interact with -// future/past versions, MUST be set by caller before using m_add_module() -// valid versions are all >0 -#define XCP_MOD_VERSION 2 // // used for internal and external paths/addresses #define MAX_FNAME_CHARS 256 -// macros for setting/checking and removing domains from (tgt.mgmt) domain mask -#define XCPTGTMASK_SET_DOM(mask, domain) \ - mask[((domain)/8)] |= (1 << (7-(domain)%8)) -#define XCPTGTMASK_DOM_IS_SET(mask, domain) \ - (mask[((domain)/8)] & (1 << (7-(domain)%8))) -#define XCPTGTMASK_CLR_DOM(mask, domain) \ - mask[((domain)/8)] &= ~(1 << (7-(domain)%8)) -// - - -/* flags that can be set for the target tokens - * - * This flags are domain specific and are therefore called domain flags - * - * start of flags is >16 Bit. Max value for domains is 0xFF. Should be enough - * room for extensions - */ -#define XCP_TGTFL_WCAP 0x10000000 /* Capture wire request in output buffer - * without sending it to the module - */ -#define XCP_TGTFL_WCAP_SQ 0x20000000 /* Size query: Return size of request in - * output buffer length field - */ -#define XCP_TGTFL_SET_SCMD 0x40000000 /* Protected key special command: Set the - * special command flag in the CPRB - * header - */ -#define XCP_TGTFL_API_CHKD 0x80000000 /* supported API version of modules in - * target (group) has been checked - */ - -#define XCP_TGTFL_NO_LOCK 0x01000000 /* target token ignores sequential locks - * for target probing - */ -#define XCP_TGTFL_SET_ACMD 0x04000000 /* add CPRB admin flag to CPRB header */ - -//-------------------------------------- -// socket use only -#define XCP_MAXCONNECTIONS 64 /* max value for active connections */ -#define XCP_MAX_PORT 0xffff - -// hostname and port value fore one module -typedef struct XCP_ModuleSocket { - char host[ MAX_FNAME_CHARS +1 ]; - uint32_t port; -} *XCP_ModuleSocket_t ; - - -//-------------------------------------- -// diagnostics use only -typedef struct XCP_DomainPerf { - /* perf value of last request per domain - * - * At the moment unused - * */ - unsigned int lastperf[ 256 ]; -} *XCP_DomainPerf_t; - - -//-------------------------------------- -// subsequent communications with a module MAY skip infrastructure-specific -// fields, such as a query not reporting device handles etc., even if they -// have been supplied originally when the module has been registered. -// -typedef struct XCP_Module { - uint32_t version; /* >0 for supported API versions */ - - uint64_t flags; /* see XCP_Module_Flags */ - - uint32_t domains; /* max# addressable under this module; - * cached from OS - * - * when callers set domains to 0, the library - * returns the module-claimed domain count. - */ - - unsigned char domainmask[ 256 /8 ]; - /* higher domain# through future flags (none - * currently defined) which would add things - * like 'FLAG_256_1023' etc. at the same time, - * we would add domainmask2[] etc. - * corresponding new fields. - * - * new fields would then store mask for - * domains 256+ etc. - * - * domain #0 is bit x80 of 1st byte, - * #255 is bit 0x01 of last byte. - */ - - // when a domainmask is supplied, with bits set beyond - // what the module supports, the bitmask is trimmed to - // the supported range, but this is NOT reported as an - // error, unless XCP_MFL_STRICT is also supplied. - // - // without XCP_MFL_STRICT, callers are expected to check - // at least the returned domain count. - - /* used only when flags includes XCP_MFL_SOCKET */ - struct XCP_ModuleSocket socket; - - /* used when system exposes modules through an - * array of transparent pipes, or similar abstraction - * (such as mainframe AP Queues, or other Linux - * 'device-minor' numbers etc.). Interpretation - * is platform-dependent. - * - * used only when flags includes XCP_MFL_MODULE - */ - uint32_t module_nr; - - /* used by systems which associate devices with - * device handles/structs/etc. persistent state. - * opaque pointer, usually a const pointer to - * such aux structs, MAY be stored here. - * - * interpretation is platform-dependent. - * used only when flags includes XCP_MFL_MHANDLE - */ - void *mhandle; - /* diagnostics use only, when XCP_MFL_PERF is set */ - struct XCP_DomainPerf perf; - //----- end of v1 fields ------------------------------------------- - - uint32_t api; /* module api version*/ - //----- end of v2 fields ------------------------------------------- -} *XCP_Module_t ; - -typedef enum { - XCP_MFL_SOCKET = 1, /* backend is socket-attached */ - XCP_MFL_MODULE = 2, /* backends identified in - array-of-modules */ - XCP_MFL_MHANDLE = 4, /* backends uses 'module handle' field */ - XCP_MFL_PERF = 8, /* performance statistics collected - * for this module, see .perf - */ - XCP_MFL_VIRTUAL = 0x10, /* queried 'target' is a load-balancer, - * other other group. - */ - XCP_MFL_STRICT = 0x20, /* enable aggressive error checking, - * see field descriptions for effect - */ - XCP_MFL_PROBE = 0x40, /* send api query to module, to check if - * target(s) can be used - */ - XCP_MFL_ALW_TGT_ADD = 0x80, /* Allows it to use a target in any - * functional and admin call without - * adding it beforehand with - * m_add_module() - */ - XCP_MFL_MAX = 0xff -} XCP_Module_Flags; - - // Error Values for functions that do not return CK_RV // general errors #define XCP_OK 0 /* function successful @@ -282,17 +96,15 @@ typedef enum { * flag is not active */ - /*--------------------------------------------------------------------------*/ #define XCP_COMMON_PUBLIC_H__ -#define XCP_API_VERSION 0x071d /* major[8] minor[8] */ +#define XCP_API_VERSION 0x0810 /* major[8] minor[8] */ #define XCP_API_ORDINAL 0x0004 /* increment this with every major/minor change */ -#define XCP_HOST_API_VER 0x030100 /* major[8] minor[8] fixpack[8] */ -#define XCP_RPM_VERSION XCP_HOST_API_VER /* deprecated */ +#define XCP_HOST_API_VER 0x040000 /* major[8] minor[8] fixpack[8] */ /* HSM connection information; not for PKCS11 user consumption */ #define XCP_HSM_AGENT_ID 0x5843 /* ASCII "XC" */ @@ -375,6 +187,8 @@ typedef enum { #define CKR_IBM_TARGET_INVALID (CKR_VENDOR_DEFINED +0x10030) +#define CKR_IBM_PQC_PARAMS_NOT_SUPPORTED (CKR_VENDOR_DEFINED +0x10031) + // Error returned if internal verification of crypto engines fail #define CKR_IBM_ERROR_STATE (CKR_VENDOR_DEFINED +0x10101) @@ -445,12 +259,18 @@ typedef enum { #define CKM_IBM_ED448_SHA3 (CKM_VENDOR_DEFINED +0x1001f) +// round counts are passed as mechanism parameters +#define CKM_IBM_SIPHASH (CKM_VENDOR_DEFINED +0x10021) + + // these need a strength definition // XCP_U32_VALUE_BITS/CKA_VALUE_BITS would be sufficient; strength->K/L mapping // // umbrella mech for PQC/Crystals variants #define CKM_IBM_DILITHIUM (CKM_VENDOR_DEFINED +0x10023) // ^^^ sign/verify plus keygen only +#define CKM_IBM_KYBER (CKM_VENDOR_DEFINED +0x10024) + // ^^^ en/decrypt, keygen, key transport, and (hybrid) key derivation // SHA-3 HMAC variants #define CKM_IBM_SHA3_224_HMAC (CKM_VENDOR_DEFINED +0x10025) @@ -481,6 +301,10 @@ typedef enum { ECSG_IBM_MAX = ECSG_IBM_ECSDSA_COMPR_MULTI, } ECSG_Var_t; +#define CK_IBM_ECSG_IBM_ECSDSA_S256 ECSG_IBM_ECSDSA_S256 +#define CK_IBM_ECSG_IBM_ECDSA_COMPR_MULTI_S256 ECSG_IBM_ECDSA_COMPR_MULTI_S256 +#define CK_IBM_ECSG_IBM_MAX ECSG_IBM_MAX + //--- transport additions -------------------------------------------------- #define CKM_IBM_CLEARKEY_TRANSPORT (CKM_VENDOR_DEFINED +0x20001) @@ -565,6 +389,12 @@ typedef enum { #define CKA_IBM_PQC_PARAMS (CKA_VENDOR_DEFINED +0x1000e) +// query or modify login session an object is bound to +#define CKA_IBM_LOGIN_SESSION (CKA_VENDOR_DEFINED +0x1000f) + +// query MAC'd spki from a private key +#define CKA_IBM_MACED_PUBLIC_KEY_INFO (CKA_VENDOR_DEFINED +0x20002) + // direct access to attributes' wire form // parameters of this attribute, if it's the only one present, // inserted verbatim into request package @@ -574,6 +404,9 @@ typedef enum { // matches the key type constant for clear key Dilithium with ICSF #define CKK_IBM_PQC_DILITHIUM (CKK_VENDOR_DEFINED +0x10023) +#define CKK_IBM_PQC_KYBER (CKK_VENDOR_DEFINED +0x10024) + + @@ -583,6 +416,7 @@ typedef enum { #define XCP_MOD_ERROR_STATE_SYSTEST_CMD 0x00000003 #define XCP_MOD_ERROR_STATE_TRNG_HEALTH 0x00000004 + /*---------------------------------------------------------------------------- * sizes related to blobs and host-visible entities * @@ -599,10 +433,10 @@ typedef enum { #define XCP_BLOBCLRATTR_BYTES 8 /* clear blob attr's bytecount */ /* keep in sync with objattr_t */ #define XCP_BLOBCLRMODE_BYTES 8 /* clear blob modefield bytecount */ -#define MOD_WRAP_BLOCKSIZE ((size_t) (128 /8)) /* blob crypt block bytecount */ +#define XCP_WRAP_BLOCKSIZE ((size_t) (128 /8)) /* blob crypt block bytecount */ #define XCP_MACKEY_BYTES (256 /8) /* derived from controlling WK */ // -#define XCP_PIN_SALT_BYTES MOD_WRAP_BLOCKSIZE +#define XCP_PIN_SALT_BYTES XCP_WRAP_BLOCKSIZE #define XCP_PINBLOB_BYTES \ (XCP_WK_BYTES +XCP_PIN_SALT_BYTES +XCP_HMAC_BYTES) @@ -664,6 +498,18 @@ typedef enum { #define XCP_BTC_VERSION 1 +#define XCP_KYBER_KEM_VERSION 0 + +#define XCP_KYBER_KEM_MIN_WIRE_BYTES (4 + 4 + 4 + 4 + 4 + 4) /* version[32] || + kdf[32] || + mode[32] || + cphr[32] || + shrd[32] || + blob [32] */ + +#define XCP_KYBER_RAW_BYTES 32 + + #define XCP_ECDH1_DERIVE_MAX_PUBLIC_BYTES 1024 /* limit public data length to reasonable number of bytes */ // @@ -698,6 +544,8 @@ typedef enum { // related to the protected-key capability // see also CKA_IBM_PROTKEY_* description + CKF_IBM_HW_DUAL_OA = 0x1000, // module supports dual OA certs/signatures + // see CK_IBM_XCPXQ_OA_CAP for more details } XCP_CK_EXTFLAGS_t; // these numbers apply to current version, subject to change @@ -720,7 +568,7 @@ typedef enum { // ~arbitrary limit on acceptable admin. certificates // additional limits, such as transport-bytecount, may restrict further -#define XCP_CERT_MAX_BYTES ((size_t) 4096) +#define XCP_CERT_MAX_BYTES ((size_t) 12288) /* fits dil certs (8k + meta) */ #define XCP_CERTHASH_BYTES (256/8) /* hash or SKI of public key, or other hash-identified things; SHA-256 */ @@ -734,6 +582,9 @@ typedef enum { /* ^^^ increase this when policy moves beyond shorter curves */ #define XCP_MAX_EC_CURVE_BITS 521 +#define XCP_MAX_DIL_SIGNATURE_BYTES 4668 /* max. length of dil. 8-7 sigs */ +#define XCP_MAX_SINFO_META_BYTES 100 /* signer info framework bytes */ + /* bytecount of raw (generic) keys, not key schedules */ #define MOD_MAX_SYMMKEY_BYTES 256 @@ -754,8 +605,20 @@ typedef enum { /* trailing big-endian bitcount field after UnwrapKey() checksum */ /* card(OA) signature bytecount: SKI-identified SignerInfo, - 4096-bit RSA signature, with SHA-256 hash */ -#define XCP_RSPSIG_MAX_BYTES (75 +4096/8) + * Non quantum safe: Must contain space for either: + * - 4096-bit RSA signature, hash OID, encr. OID and SKI + * - EC-P521 signature, hash OID, encr. OID and SKI + */ +#define XCP_RSPSIG_RSA (4096 / 8) +#define XCP_RSPSIG_MAX_BYTES (XCP_MAX_SINFO_META_BYTES + \ + XCP_RSPSIG_RSA) + +/* card(OA) signature bytecount: SKI-identified SignerInfo, + * Quantum safe: Must contain space for: + * - DIL signature, hash OID, encr. OID and SKI + */ +#define XCP_RSPSIG_QS_MAX_BYTES (XCP_MAX_SINFO_META_BYTES + \ + XCP_MAX_DIL_SIGNATURE_BYTES) /* minimal padding for raw RSA enc/dec/sign/ver/wr/unwr * Used for example in CKM_RSA_PKCS. See RFC 2313 chapter 8 for a complete @@ -772,84 +635,85 @@ typedef enum { /* indicates particular events, not generic event types/categories, */ /* if bits in this region are non-zero */ -typedef enum { /* functionality categories: keep within uint16_t range */ - XCP_LOGEV_QUERY = 0, - XCP_LOGEV_FUNCTION = 1, - XCP_LOGEV_ADMFUNCTION = 2, - XCP_LOGEV_STARTUP = 3, - XCP_LOGEV_SHUTDOWN = 4, - XCP_LOGEV_SELFTEST = 5, - XCP_LOGEV_DOM_IMPORT = 6, /* import sec-relevant data to domain */ - XCP_LOGEV_DOM_EXPORT = 7, /* export sec-relevant data from domain */ - XCP_LOGEV_FAILURE = 8, - XCP_LOGEV_GENERATE = 9, - XCP_LOGEV_REMOVE = 10, - XCP_LOGEV_SPECIFIC = 11, /* obtain meaning elsewhere */ - XCP_LOGEV_STATE_IMPORT = 12, /* import to card/multiple domains */ - XCP_LOGEV_STATE_EXPORT = 13, /* export from card/multiple domains */ - /* [after successful export] */ - XCP_LOGEV_IMPORT = 14, /* key/state import (UnwrapKey) */ - /* fields provide more context */ - XCP_LOGEV_EXPORT = 15, /* key/state import (WrapKey) */ - /* fields provide more context */ - - /*--- specific events (any including XCP_LOGEV_SPEC) ---------*/ - - XCP_LOGSPEV_TRANSACT_ZEROIZE = XCP_LOGEV_SPEC +1, - /* zeroize card by transaction */ - - XCP_LOGSPEV_KAT_FAILED = XCP_LOGEV_SPEC +2, - /* algorithm selftest failed */ - - XCP_LOGSPEV_KAT_COMPLETED = XCP_LOGEV_SPEC +3, - /* algorithm selftests completed */ - /* redundant; logged only to */ - /* provide specific event */ - - XCP_LOGSPEV_EARLY_Q_START = XCP_LOGEV_SPEC +4, - /* subsequent events were found */ - /* in the early-event queue. */ - /* their timestamps are only */ - /* approximate; order is correct */ - - XCP_LOGSPEV_EARLY_Q_END = XCP_LOGEV_SPEC +5, - /* early-even queue processing ends. */ - /* subsequent events are through */ - /* regular auditing, with valid */ - /* timestamps and ordering. */ - - XCP_LOGSPEV_AUDIT_NEWCHAIN = XCP_LOGEV_SPEC +6, - /* audit state is corrupted; removed. */ - /* generating new instance and start */ - /* new chain as a replacement */ - - XCP_LOGSPEV_TIMECHG_BEFORE = XCP_LOGEV_SPEC +7, - /* time change: original time */ - - XCP_LOGSPEV_TIMECHG_AFTER = XCP_LOGEV_SPEC +8, - /* time change: updated time */ - - XCP_LOGSPEV_MODSTIMPORT_START = XCP_LOGEV_SPEC +9, - /* accepted full-state import */ - /* data structure */ - /* starting update procedure */ - - XCP_LOGSPEV_MODSTIMPORT_FAIL = XCP_LOGEV_SPEC +10, - /* rejected import structure */ - /* issued after initial verify; */ - /* indicates some inconsistency */ - /* of import data structures */ - - XCP_LOGSPEV_MODSTIMPORT_END = XCP_LOGEV_SPEC +11, - /* completed full-state import */ - - XCP_LOGSPEV_MODSTEXPORT_START = XCP_LOGEV_SPEC +12, - /* started full-state export */ - /* see also: XCP_LOGEV_STATE_EXPORT */ - - XCP_LOGSPEV_MODSTEXPORT_FAIL = XCP_LOGEV_SPEC +13 - /* full-state export did not complete */ -} XCP_LogEvent_t; + /* functionality categories: keep within uint16_t range */ +#define XCP_LOGEV_QUERY 0 +#define XCP_LOGEV_FUNCTION 1 +#define XCP_LOGEV_ADMFUNCTION 2 +#define XCP_LOGEV_STARTUP 3 +#define XCP_LOGEV_SHUTDOWN 4 +#define XCP_LOGEV_SELFTEST 5 +#define XCP_LOGEV_DOM_IMPORT 6 /* import sec-relevant data to */ + /* domain */ +#define XCP_LOGEV_DOM_EXPORT 7 /* export sec-relevant data from */ + /* domain */ +#define XCP_LOGEV_FAILURE 8 +#define XCP_LOGEV_GENERATE 9 +#define XCP_LOGEV_REMOVE 10 +#define XCP_LOGEV_SPECIFIC 11 /* obtain meaning elsewhere */ +#define XCP_LOGEV_STATE_IMPORT 12 /* import to card/multiple domains */ +#define XCP_LOGEV_STATE_EXPORT 13 /* export from card/multiple */ + /* domains */ + /* [after successful export] */ +#define XCP_LOGEV_IMPORT 14 /* key/state import (UnwrapKey) */ + /* fields provide more context */ +#define XCP_LOGEV_EXPORT 15 /* key/state import (WrapKey) */ + /* fields provide more context */ + + /*--- specific events (any including XCP_LOGEV_SPEC) ---------*/ + +#define XCP_LOGSPEV_TRANSACT_ZEROIZE (XCP_LOGEV_SPEC +1) + /* zeroize card by transaction */ + +#define XCP_LOGSPEV_KAT_FAILED (XCP_LOGEV_SPEC +2) + /* algorithm selftest failed */ + +#define XCP_LOGSPEV_KAT_COMPLETED (XCP_LOGEV_SPEC +3) + /* algorithm selftests completed */ + /* redundant; logged only to */ + /* provide specific event */ + +#define XCP_LOGSPEV_EARLY_Q_START (XCP_LOGEV_SPEC +4) + /* subsequent events were found */ + /* in the early-event queue. */ + /* their timestamps are only */ + /* approximate; order is correct */ + +#define XCP_LOGSPEV_EARLY_Q_END (XCP_LOGEV_SPEC +5) + /* early-even queue processing ends. */ + /* subsequent events are through */ + /* regular auditing, with valid */ + /* timestamps and ordering. */ + +#define XCP_LOGSPEV_AUDIT_NEWCHAIN (XCP_LOGEV_SPEC +6) + /* audit state is corrupted; removed. */ + /* generating new instance and start */ + /* new chain as a replacement */ + +#define XCP_LOGSPEV_TIMECHG_BEFORE (XCP_LOGEV_SPEC +7) + /* time change: original time */ + +#define XCP_LOGSPEV_TIMECHG_AFTER (XCP_LOGEV_SPEC +8) + /* time change: updated time */ + +#define XCP_LOGSPEV_MODSTIMPORT_START (XCP_LOGEV_SPEC +9) + /* accepted full-state import */ + /* data structure */ + /* starting update procedure */ + +#define XCP_LOGSPEV_MODSTIMPORT_FAIL (XCP_LOGEV_SPEC +10) + /* rejected import structure */ + /* issued after initial verify; */ + /* indicates some inconsistency */ + /* of import data structures */ + +#define XCP_LOGSPEV_MODSTIMPORT_END (XCP_LOGEV_SPEC +11) + /* completed full-state import */ + +#define XCP_LOGSPEV_MODSTEXPORT_START (XCP_LOGEV_SPEC +12) + /* started full-state export */ + /* see also: XCP_LOGEV_STATE_EXPORT */ + +#define XCP_LOGSPEV_MODSTEXPORT_FAIL (XCP_LOGEV_SPEC +13) typedef enum { @@ -863,21 +727,19 @@ typedef enum { } XCP_LogSystem_t; /* bitmask of audit-event flags (mainly optional fields) */ -typedef enum { - XCP_LOGFL_WK_PRESENT = 0x80000000, - XCP_LOGFL_COMPLIANCE_PRESENT = 0x40000000, /* ...of hosting domain */ - XCP_LOGFL_FINALWK_PRESENT = 0x20000000, - XCP_LOGFL_KEYREC0_PRESENT = 0x10000000, - XCP_LOGFL_KEYREC0_COMPL = 0x08000000, /* key0 compliance */ - XCP_LOGFL_KEYREC1_PRESENT = 0x04000000, - XCP_LOGFL_KEYREC2_PRESENT = 0x02000000, - XCP_LOGFL_FINTIME_PRESENT = 0x01000000, - XCP_LOGFL_SALT0_PRESENT = 0x00800000, - XCP_LOGFL_SALT1_PRESENT = 0x00400000, - XCP_LOGFL_SALT2_PRESENT = 0x00200000, - XCP_LOGFL_REASON_PRESENT = 0x00100000, - XCP_LOGFL_SEQPRF_PRESENT = 0x00080000 -} XCP_LogFlags_t; +#define XCP_LOGFL_WK_PRESENT 0x80000000 +#define XCP_LOGFL_COMPLIANCE_PRESENT 0x40000000 /* ...of hosting domain */ +#define XCP_LOGFL_FINALWK_PRESENT 0x20000000 +#define XCP_LOGFL_KEYREC0_PRESENT 0x10000000 +#define XCP_LOGFL_KEYREC0_COMPL 0x08000000 /* key0 compliance */ +#define XCP_LOGFL_KEYREC1_PRESENT 0x04000000 +#define XCP_LOGFL_KEYREC2_PRESENT 0x02000000 +#define XCP_LOGFL_FINTIME_PRESENT 0x01000000 +#define XCP_LOGFL_SALT0_PRESENT 0x00800000 +#define XCP_LOGFL_SALT1_PRESENT 0x00400000 +#define XCP_LOGFL_SALT2_PRESENT 0x00200000 +#define XCP_LOGFL_REASON_PRESENT 0x00100000 +#define XCP_LOGFL_SEQPRF_PRESENT 0x00080000 @@ -885,16 +747,26 @@ typedef enum { typedef enum { XCP_IMPRKEY_RSA_2048 = 0, XCP_IMPRKEY_RSA_4096 = 1, - XCP_IMPRKEY_EC_P256 = 2, /* EC, NIST P-256 */ - XCP_IMPRKEY_EC_P521 = 3, /* EC, NIST P-521 */ - XCP_IMPRKEY_EC_BP256r = 4, /* EC, Brainpool BP-256r */ - XCP_IMPRKEY_EC_BP320r = 5, /* EC, Brainpool BP-320r */ - XCP_IMPRKEY_EC_BP512r = 6, /* EC, Brainpool BP-512r */ + XCP_IMPRKEY_EC_P256 = 2, /* EC, NIST P-256 */ + XCP_IMPRKEY_EC_P521 = 3, /* EC, NIST P-521 */ + XCP_IMPRKEY_EC_BP256r = 4, /* EC, Brainpool BP-256r */ + XCP_IMPRKEY_EC_BP320r = 5, /* EC, Brainpool BP-320r */ + XCP_IMPRKEY_EC_BP512r = 6, /* EC, Brainpool BP-512r */ XCP_IMPRKEY_RSA_3072 = 7, - XCP_IMPRKEY_MAX = XCP_IMPRKEY_RSA_3072 + XCP_IMPRKEY_EC_P521_TKE = 8, /* EC, NIST P-521 (TKE propr. sign.) */ + XCP_IMPRKEY_MAX = XCP_IMPRKEY_EC_P521_TKE } XCP_IMPRKEY_t; +//--- OA key types ---------------------------------------------------- +typedef enum { + XCP_OAKEY_RSA_4096 = 1, /* RSA 4096 bit */ + XCP_OAKEY_ECC_P521 = 2, /* ECC NIST P-521 */ + XCP_OAKEY_DIL_87R2 = 3, /* DIL 8-7 R2 */ + XCP_OAKEY_MAX = XCP_OAKEY_DIL_87R2 +} XCP_OAKEY_t; + + //--- retained key structures --------------------------- // initial loading: @@ -914,6 +786,7 @@ typedef struct CK_RETAINEDKEY_PARAMS { + //--- operation categories (perf. measurement) ----------------------------- typedef enum { XCP_OPCAT_ASYMM_SLOW = 1, @@ -951,7 +824,12 @@ typedef enum { /* never be enabled due to */ /* policy-minimum restrictions. */ - CK_IBM_XCPQ_MAX = CK_IBM_XCPQ_CP_BLACKLIST + CK_IBM_XCPQ_PQC_STRENGTHS + = 14, /* supported quantum safe levels*/ + /* of strength */ + /* see: XCP_PQCStrength_t */ + + CK_IBM_XCPQ_MAX = CK_IBM_XCPQ_PQC_STRENGTHS } CK_IBM_XCPQUERY_t; //--- module sub-query sub-types -------------------------------------------- @@ -966,6 +844,9 @@ typedef enum { /* attributes bitmask */ CK_IBM_XCPMSQ_ATTRS = 6, /* number of supported */ /* administrative attributes */ + CK_IBM_XCPMSQ_MOD_V2 = 7, /* add version two fields to */ + /* module query */ + CK_IBM_XCPMSQ_MAX = CK_IBM_XCPMSQ_MOD_V2 } CK_IBM_XCPMSUBQUERY_t; // byte sizes of queries which are not represented as structures @@ -976,48 +857,34 @@ typedef enum { #define CK_IBM_XCP_HOSTQ_IDX 0xff000000 /* host-only queries index, min. */ -typedef enum { - CK_IBM_XCPHQ_COUNT = 0xff000000, /* number of host-query indexes */ - /* including this type itself */ - CK_IBM_XCPHQ_VERSION = 0xff000001, /* host-specific package version */ - /* such as packaging library ID */ - CK_IBM_XCPHQ_VERSION_HASH = 0xff000002, - /* assumed-unique identifier of */ - /* host code, such as version- */ - /* identifying cryptographic hash */ - /* (library signature field...) */ - CK_IBM_XCPHQ_DIAGS = 0xff000003, /* host code diagnostic level */ - /* 0 if non-diagnostics host code */ - CK_IBM_XCPHQ_HVERSION = 0xff000004, /* human-readable host version */ - /* identification (recommended: */ - /* UTF-8 string) */ - CK_IBM_XCPHQ_TGT_MODE = 0xff000005, /* host targeting modes */ - /* returns supported target modes */ - /* as bitmask */ - /* if not available only compat */ - /* target mode is in use */ - /* See CK_IBM_XCPHQ_TGT_MODES_t */ - CK_IBM_XCPHQ_ECDH_DERPRM = 0xff000006, - /* ECDH DeriveKey parameter usage */ - /* is being enforced with hostlib */ - /* version */ - /**/ - CK_IBM_XCPHQ_TOL_MODES = 0xff000007,/* check if toleration mode for */ - /* key attribute checking is */ - /* enabled */ - /* If it is, some attribute values*/ - /* are always set to correct */ - /* values automatically - */ - CK__IBM_XCPHQ_MAX = CK_IBM_XCPHQ_TGT_MODE -} CK_IBM_XCPHQUERY_t; - -#define CK_IBM_XCPHQ_ATTR_TOL_ENABLED 0x00000001 - /* flag to indicate that toleration */ - /* mode for key attribute checking */ - /* is enabled i.e. all attributes */ - /* that may no longer be set CK_TRUE */ - /* using a CEX8S HSM will be reset */ - /* to CK_FALSE automatically */ +#define CK_IBM_XCPHQ_COUNT 0xff000000 /* number of host-query indexes */ + /* including this type itself */ +#define CK_IBM_XCPHQ_VERSION 0xff000001 /* host-specific package version */ + /* such as packaging library ID */ +#define CK_IBM_XCPHQ_VERSION_HASH 0xff000002 + /* assumed-unique identifier of */ + /* host code, such as version- */ + /* identifying cryptographic hash*/ + /* (library signature field...) */ +#define CK_IBM_XCPHQ_DIAGS 0xff000003 /* host code diagnostic level */ + /* 0 if non-diagnostics host code*/ +#define CK_IBM_XCPHQ_HVERSION 0xff000004 /* human-readable host version */ + /* identification (recommended: */ + /* UTF-8 string) */ +#define CK_IBM_XCPHQ_TGT_MODE 0xff000005 /* host targeting modes */ + /* returns supported target modes*/ + /* as bitmask */ + /* if not available only compat */ + /* target mode is in use */ + /* See CK_IBM_XCPHQ_TGT_MODES_t */ +#define CK_IBM_XCPHQ_ECDH_DERPRM 0xff000006 + /* ECDH DeriveKey parameter usage*/ + /* is being enforced with hostlib*/ + /* version */ + /**/ + +#define CK__IBM_XCPHQ_MAX CK_IBM_XCPHQ_TGT_MODE + typedef enum { CK_IBM_XCPHQ_TGT_MODES_TGTGRP = 1, /* target groups are supported */ @@ -1040,7 +907,6 @@ typedef enum { CK_IBM_XCPXQ_IMPEXP_CAPS = 7, /* capability for WK and state */ /* export / import. See 8.7.1.1.1 */ /* for more info */ - CK_IBM_XCPXQ_DOMIMPORT_VER = 7, /* DEPRECATED */ CK_IBM_XCPXQ_CERT_MAXBYTES = 8, /* bytecount of largest accepted */ /* administrative certificate, if */ /* there is an upper limit. 0 if */ @@ -1058,20 +924,20 @@ typedef enum { CK_IBM_XCPXQ_ECDSA_OTHER = 15, /* bitmask of supported, other EC signing mechanisms */ + CK_IBM_XCPXQ_OA_CAP = 16, /* bitmask of supported outbound + authority signing mechanisms */ - CK_IBM_XCPXQ_MAXIDX = CK_IBM_XCPXQ_ECDSA_OTHER, + CK_IBM_XCPXQ_MAXIDX = CK_IBM_XCPXQ_OA_CAP, } CK_IBM_XCPEXTCAP_t; -typedef enum { - CK_IBM_DOM_ADMIND = 1, /* administrators present */ - CK_IBM_DOM_CURR_WK = 2, /* domain has current WK */ - CK_IBM_DOM_NEXT_WK = 4, /* domain has pending/next WK */ - CK_IBM_DOM_COMMITTED_NWK = 8, /* next WK is active(committed) */ - CK_IBM_DOM_IMPRINTED = 0x10, /* has left imprint mode */ - CK_IBM_DOM_IMPRINTS = 0x80000000, /* enforces imprint mode */ - CK_IBM_DOM_PROTKEY_ALLOW = 0x20 /* policies allow protected key */ -} CK_IBM_DOMAINQ_t; +#define CK_IBM_DOM_ADMIND 1 /* administrators present */ +#define CK_IBM_DOM_CURR_WK 2 /* domain has current WK */ +#define CK_IBM_DOM_NEXT_WK 4 /* domain has pending/next WK */ +#define CK_IBM_DOM_COMMITTED_NWK 8 /* next WK is active(committed) */ +#define CK_IBM_DOM_IMPRINTED 0x10 /* has left imprint mode */ +#define CK_IBM_DOM_IMPRINTS 0x80000000 /* enforces imprint mode */ +#define CK_IBM_DOM_PROTKEY_ALLOW 0x20 /* policies allow protected key */ // // note: CK_IBM_DOM_IMPRINTS will go away @@ -1142,34 +1008,54 @@ typedef CK_IBM_XCPAPI_INFO CK_PTR CK_IBM_XCPAPI_INFO_PTR; CK_BYTE infra_count; \ CK_BYTE comp_count; +#define CK_IBM_XCP_ADMATTRLIST_MEMBER_V2 \ + CK_BYTE perm_ext01_modes[ 8 ]; + +#define CK_IBM_XCP_ADMATTRCOUNT_MEMBER_V2 \ + CK_BYTE perm_ext01_count; + // see chapter 5.1.1. in the wire spec typedef struct CK_IBM_XCP_INFO { - CK_IBM_XCP_INFO_MEMBERS_V0; + CK_IBM_XCP_INFO_MEMBERS_V0 } CK_IBM_XCP_INFO; // // see chapter 5.1.1. in the wire spec typedef struct CK_IBM_XCP_INFO_V1 { - CK_IBM_XCP_INFO_MEMBERS_V0; - CK_IBM_XCP_DESCINFO_MEMBER; + CK_IBM_XCP_INFO_MEMBERS_V0 + CK_IBM_XCP_DESCINFO_MEMBER CK_BYTE fnid_mask[ 16 ]; CK_BYTE fnid_count; - CK_IBM_XCP_ADMATTRLIST_MEMBER; - CK_IBM_XCP_ADMATTRCOUNT_MEMBER; + CK_IBM_XCP_ADMATTRLIST_MEMBER + CK_IBM_XCP_ADMATTRCOUNT_MEMBER } CK_IBM_XCP_INFO_V1; // +// see chapter 5.1.1. in the wire spec +typedef struct CK_IBM_XCP_INFO_V2 { + CK_IBM_XCP_INFO_MEMBERS_V0 + CK_IBM_XCP_DESCINFO_MEMBER + CK_BYTE fnid_mask[ 16 ]; + CK_BYTE fnid_count; + CK_IBM_XCP_ADMATTRLIST_MEMBER + CK_IBM_XCP_ADMATTRCOUNT_MEMBER + CK_IBM_XCP_ADMATTRLIST_MEMBER_V2 + CK_IBM_XCP_ADMATTRCOUNT_MEMBER_V2 +} CK_IBM_XCP_INFO_V2; +// // see chapter 5.1.1.1. in the wire spec typedef struct CK_IBM_XCP_DESCINFO { - CK_IBM_XCP_DESCINFO_MEMBER; + CK_IBM_XCP_DESCINFO_MEMBER } CK_IBM_XCP_DESCINFO; // // see chapter 5.1.1.3. in the wire spec typedef struct CK_IBM_XCP_ATTRLIST { CK_IBM_XCP_ADMATTRLIST_MEMBER + CK_IBM_XCP_ADMATTRLIST_MEMBER_V2 } CK_IBM_XCP_ATTRLIST; // // see chapter 5.1.1.3. in the wire spec typedef struct CK_IBM_XCP_ATTRCOUNT { CK_IBM_XCP_ADMATTRCOUNT_MEMBER + CK_IBM_XCP_ADMATTRCOUNT_MEMBER_V2 } CK_IBM_XCP_ATTRCOUNT; /**/ @@ -1177,14 +1063,18 @@ typedef struct CK_IBM_XCP_ATTRCOUNT { { 0,0, {0,0,},{0,0,}, {0,},{0,},{0,}, {0,},{0,}, \ 0,0, 0,0, 0,0,0,0,0,0,0, 0,0,0, } -typedef CK_IBM_XCP_INFO CK_PTR CK_IBM_XCP_INFO_PTR; -typedef CK_IBM_XCP_INFO_V1 CK_PTR CK_IBM_XCP_INFO_V1_PTR; -typedef CK_IBM_XCP_DESCINFO CK_PTR CK_IBM_XCP_DESCINFO_PTR; -typedef CK_IBM_XCP_ATTRLIST CK_PTR CK_IBM_XCP_ATTRLIST_PTR; -typedef CK_IBM_XCP_ATTRCOUNT CK_PTR CK_IBM_XCP_ATTRCOUNT_PTR; +#define CK_IBM_XCP_INFO_V2_INIT0 \ + { 0,0, {0,0,},{0,0,}, {0,},{0,},{0,}, {0,},{0,}, \ + 0,0, 0,0, 0,0,0,0,0,0,0, 0,0,0, \ + {0}, {0}, {0}, 0, {0}, {0}, {0}, 0, 0, 0, \ + {0}, 0} -// DEPRECATED - use CK_IBM_XCP_INFO -typedef CK_IBM_XCP_INFO CK_IBM_EP11_INFO; +typedef CK_IBM_XCP_INFO CK_PTR CK_IBM_XCP_INFO_PTR; +typedef CK_IBM_XCP_INFO_V1 CK_PTR CK_IBM_XCP_INFO_V1_PTR; +typedef CK_IBM_XCP_INFO_V2 CK_PTR CK_IBM_XCP_INFO_V2_PTR; +typedef CK_IBM_XCP_DESCINFO CK_PTR CK_IBM_XCP_DESCINFO_PTR; +typedef CK_IBM_XCP_ATTRLIST CK_PTR CK_IBM_XCP_ATTRLIST_PTR; +typedef CK_IBM_XCP_ATTRCOUNT CK_PTR CK_IBM_XCP_ATTRCOUNT_PTR; typedef struct CK_IBM_DOMAIN_INFO { CK_ULONG domain; @@ -1227,9 +1117,31 @@ typedef enum { } CK_IBM_BTC_t; +typedef enum { + XCP_KEM_ENCAPSULATE = 1, + XCP_KEM_DECAPSULATE = 2, +} XCP_KEM_t; + +typedef CK_ULONG CK_IBM_KEM_MODE; + +#define CK_IBM_KEM_ENCAPSULATE XCP_KEM_ENCAPSULATE +#define CK_IBM_KEM_DECAPSULATE XCP_KEM_DECAPSULATE + +typedef struct XCP_KYBER_KEM_PARAMS { + CK_ULONG version; + CK_IBM_KEM_MODE mode; + CK_ULONG kdf; + CK_BBOOL prepend; + CK_BYTE *pCipher; + CK_ULONG ulCipherLen; + CK_BYTE *pSharedData; + CK_ULONG ulSharedDataLen; + CK_BYTE *pBlob; + CK_ULONG ulBlobLen; +} XCP_KYBER_KEM_PARAMS_t; + + //--- attribute constants -------------------------------------------------- -// keep in sync with unprivileged object (XCP_BLOB_NO_RIGHTS) -// table is parsed by automated tools; please do not change layout // typedef enum { XCP_BLOB_EXTRACTABLE = 1, @@ -1309,8 +1221,8 @@ typedef enum { /* CP sets get padded to multiple */ typedef enum { - XCP_CPB_ADD_CPBS = 0, // allow addition (activation) of CP bits - XCP_CPB_DELETE_CPBS = 1, // disable activating further control points + XCP_CPB_ADD_CPBS = 0, // allow activation of CP bits + XCP_CPB_DELETE_CPBS = 1, // allow deactivation of CP bits // (remove both ADD_CPBs and DELETE_CPBs // to make unit read-only) @@ -1424,8 +1336,12 @@ typedef enum { XCP_CPB_COMPAT_LEGACY_SHA3 = 70, // allow fall-back to non-standard // SHA3 defaults - - XCP_CPBITS_MAX = XCP_CPB_COMPAT_LEGACY_SHA3 // marks last used CPB + XCP_CPB_DSA_PARAMETER_GEN = 71, // allow DSA/PQG parameter generation + XCP_CPB_DERIVE_NON_AB_KEYS = 72, // allow the derivation of a non-AB or raw + // from an AB key. Only relevant if + // XCP_CPB_NON_ATTRBOUND + XCP_CPBITS_MAX = XCP_CPB_DERIVE_NON_AB_KEYS + // marks last used CPB } XCP_CPbit_t; @@ -1623,7 +1539,7 @@ typedef enum { // blob/SPKI XCP_ADM_DOMAINS_ZEROIZE = 36, // multi-domain zeroize // XCP_ADM_EXPORT_NEXT_WK = 38, // placeholder, find real entry above - XCP_ADM_SESSIONS_DROP = 39, // drop all open sessions + XCP_ADM_SESSION_REMOVE = 39, // remove all or selected sessions XCP_ADMQ_ADMIN = 1 | XCP_ADM_QUERY, // admin SKI/cert XCP_ADMQ_DOMADMIN = 2 | XCP_ADM_QUERY, // domain adm. SKI/cert @@ -1648,10 +1564,11 @@ typedef enum { // current migration importer XCP_ADMQ_AUDIT_STATE = 16 | XCP_ADM_QUERY, // audit state entry or event count - XCP_ADMQ_LASTCMD_DOM_MASK = 17 | XCP_ADM_QUERY + XCP_ADMQ_LASTCMD_DOM_MASK = 17 | XCP_ADM_QUERY, // domain-bitmask affected by last // state-related administrative // command (export, import) + XCP_ADMQ_SVCADMIN = 18 | XCP_ADM_QUERY, // svc admin SKI/cert } XCP_Admcmd_t; typedef enum { @@ -1660,7 +1577,8 @@ typedef enum { XCP_ADMINT_PERMS = 3, // permissions XCP_ADMINT_MODE = 4, // operating mode XCP_ADMINT_STD = 5, // standards' compliance - XCP_ADMINT_IDX_MAX = XCP_ADMINT_STD + XCP_ADMINT_PERMS_EXT01 = 6, // permissions (extension #1) + XCP_ADMINT_IDX_MAX = XCP_ADMINT_PERMS_EXT01 } XCP_AdmAttr_t; #define XCP_ADMIN_ATTRIBUTE_COUNT XCP_ADMINT_IDX_MAX @@ -1719,6 +1637,29 @@ typedef enum { #define XCP_ADMP_CHG_DO_NOT_DISTURB \ 0x80000000 // allow changing the corresponding // Do Not Disturb bit + +// +// permissions (extension 01) +// +#define XCP_ADMP_NQS_OA_SIGNATURES 1 // enable non-quantum-safe OA signat. +#define XCP_ADMP_QS_OA_SIGNATURES 2 // enable quantum-safe OA signatures +#define XCP_ADMP_NQS_ADM_SIGNATURES 4 // enable non-quantum-safe adm signat. +#define XCP_ADMP_QS_ADM_SIGNATURES 8 // enable quantum-safe adm signatures + +#define XCP_ADMP_CHG_NQS_OA_SIGNATURES \ + 0x10000 // allow changing the corresponding + // non-quantum-safe OA signature bit +#define XCP_ADMP_CHG_QS_OA_SIGNATURES \ + 0x20000 // allow changing the corresponding + // quantum-safe OA signature bit +#define XCP_ADMP_CHG_NQS_ADM_SIGNATURES \ + 0x40000 // allow changing the corresponding + // non-quantum-safe adm signature bit +#define XCP_ADMP_CHG_QS_ADM_SIGNATURES \ + 0x80000 // allow changing the corresponding + // quantum-safe adm signature bit + + // // if adding other change-control bits, also update: // prevented_perm_changes() @@ -1754,15 +1695,49 @@ typedef enum { XCP_ADMP_STATE_1PART | \ XCP_ADMP_DO_NOT_DISTURB) // +// CHGBITS / PERMS (extension 01) +#define XCP_ADMP__CHGBITS_EXT01 \ + (XCP_ADMP_CHG_NQS_OA_SIGNATURES | \ + XCP_ADMP_CHG_QS_OA_SIGNATURES | \ + XCP_ADMP_CHG_NQS_ADM_SIGNATURES | \ + XCP_ADMP_CHG_QS_ADM_SIGNATURES) +// +#define XCP_ADMP__PERMS_EXT01 \ + (XCP_ADMP_NQS_OA_SIGNATURES | \ + XCP_ADMP_QS_OA_SIGNATURES | \ + XCP_ADMP_NQS_ADM_SIGNATURES | \ + XCP_ADMP_QS_ADM_SIGNATURES) +// +#define XCP__ADMP_SUP_EXT01 (XCP_ADMP__PERMS_EXT01 | \ + XCP_ADMP__CHGBITS_EXT01) +// +// #define XCP_ADMP__DEFAULT \ (XCP_ADMP_WK_IMPORT | \ XCP_ADMP_1SIGN | \ XCP_ADMP__CHGBITS) // +#define XCP_ADMP__DEFAULT_EXT01 \ + (XCP_ADMP__CHGBITS_EXT01 | \ + XCP_ADMP_NQS_OA_SIGNATURES | \ + XCP_ADMP_QS_OA_SIGNATURES | \ + XCP_ADMP_NQS_ADM_SIGNATURES | \ + XCP_ADMP_QS_ADM_SIGNATURES) +// #define XCPM_ADMP__MODULE_DEFAULTS_MASK \ (XCP_ADMP_DO_NOT_DISTURB | \ XCP_ADMP_CHG_DO_NOT_DISTURB) // +#define XCPM_ADMP__MODULE_DEFAULTS_MASK_EXT01 \ + (XCP_ADMP_NQS_OA_SIGNATURES | \ + XCP_ADMP_CHG_NQS_OA_SIGNATURES | \ + XCP_ADMP_QS_OA_SIGNATURES | \ + XCP_ADMP_CHG_QS_OA_SIGNATURES | \ + XCP_ADMP_NQS_ADM_SIGNATURES | \ + XCP_ADMP_CHG_NQS_ADM_SIGNATURES | \ + XCP_ADMP_QS_ADM_SIGNATURES | \ + XCP_ADMP_CHG_QS_ADM_SIGNATURES) +// #define XCP_ADMP__CARD_MASK \ ~(XCP_ADMP_WK_IMPORT | \ XCP_ADMP_WK_EXPORT | \ @@ -1775,6 +1750,9 @@ typedef enum { XCP_ADMP_CHG_WK_RANDOM | \ XCP_ADMP_CHG_CP_1SIGN) // +#define XCP_ADMP__CARD_MASK_EXT01 \ + ~(0U) +// #define XCP_ADMP__DOM_MASK \ ~(XCP_ADMP_NO_DOMAIN_IMPRINT | \ XCP_ADMP_STATE_IMPORT | \ @@ -1784,6 +1762,12 @@ typedef enum { XCP_ADMP_CHG_ST_EXPORT | \ XCP_ADMP_CHG_ST_1PART) // +#define XCP_ADMP__DOM_MASK_EXT01 \ + ~(0U) +// + +#define XCP__ADMP_SUP ((XCP_ADMP__PERMS | XCP_ADMP__CHGBITS) &\ + ~XCP_ADMP_NOT_SUP) // card modes #define XCP_ADMM_AUTHENTICATED 1U // no longer in imprint mode @@ -1838,6 +1822,8 @@ typedef enum { XCP_ADMM_STR_192BIT | \ XCP_ADMM_STR_256BIT) +#define XCP__ADMM_SUP XCP_ADMM__MASK + // specific standards' compliance suites #define XCP_ADMS_FIPS2009 1 // NIST, 80+ bits, -2011.01.01. #define XCP_ADMS_BSI2009 2 // BSI , 80+ bits, -2011.01.01. @@ -1850,18 +1836,74 @@ typedef enum { // #define XCP_ADMS_BSICC2017 0x40 // BSI, EP11 Common Criteria EAL4 2017 // +#define XCP_ADMS_FIPS2021 0x80 // NIST SP800-131A REV.2, 2021.01.01 +#define XCP_ADMS_FIPS2024 0x100 // NIST SP800-131A REV.2, 2024.01.01 +#define XCP_ADMS_ADM_FIPS2021 0x200 // NIST SP800-131A REV.2, 2021.01.01 #define XCP_ADMS__ALL \ (XCP_ADMS_FIPS2009 | \ XCP_ADMS_BSI2009 | \ XCP_ADMS_FIPS2011 | \ XCP_ADMS_BSI2011 | \ + XCP_ADMS_BSICC2017 | \ + XCP_ADMS_FIPS2021 | \ + XCP_ADMS_FIPS2024 | \ + XCP_ADMS_ADM_FIPS2021) + +#define XCP_ADMS__SUPP (XCP_ADMS__ALL & \ + ~(XCP_ADMS_FIPS2021 | \ + XCP_ADMS_ADM_FIPS2021 | \ + XCP_ADMS_FIPS2024)) + +// The following 'legacy' defines are used as default 'supported bit masks' +// for older devices that do not have native bit masks for that purpose. +// Note: If supported bits are not present, the import of these bits are +// skipped and the default values will be kept. +#define XCP__ADMP_SUP_LEGACY \ + (XCP_ADMP_WK_IMPORT | \ + XCP_ADMP_WK_EXPORT | \ + XCP_ADMP_WK_1PART | \ + XCP_ADMP_WK_RANDOM | \ + XCP_ADMP_1SIGN | \ + XCP_ADMP_CP_1SIGN | \ + XCP_ADMP_ZERO_1SIGN | \ + XCP_ADMP_NO_DOMAIN_IMPRINT | \ + XCP_ADMP_STATE_IMPORT | \ + XCP_ADMP_STATE_EXPORT | \ + XCP_ADMP_STATE_1PART | \ + XCP_ADMP_CHG_WK_IMPORT | \ + XCP_ADMP_CHG_WK_EXPORT | \ + XCP_ADMP_CHG_WK_1PART | \ + XCP_ADMP_CHG_WK_RANDOM | \ + XCP_ADMP_CHG_SIGN_THR | \ + XCP_ADMP_CHG_REVOKE_THR | \ + XCP_ADMP_CHG_1SIGN | \ + XCP_ADMP_CHG_CP_1SIGN | \ + XCP_ADMP_CHG_ZERO_1SIGN | \ + XCP_ADMP_CHG_ST_IMPORT | \ + XCP_ADMP_CHG_ST_EXPORT | \ + XCP_ADMP_CHG_ST_1PART) + +#define XCP__ADMM_SUP_LEGACY \ + (XCP_ADMM_AUTHENTICATED | \ + XCP_ADMM_EXTWNG | \ + XCP_ADMM_WKCLEAN_EXTWNG | \ + XCP_ADMM_BATT_LOW | \ + XCP_ADMM_API_ACTIVE) + +#define XCP_ADMS__ALL_LEGACY \ + (XCP_ADMS_FIPS2009 | \ + XCP_ADMS_BSI2009 | \ + XCP_ADMS_FIPS2011 | \ + XCP_ADMS_BSI2011 | \ XCP_ADMS_BSICC2017) +#define XCP__ADMP_SUP_EXT01_LEGACY (0) + // has compliance any BSI mode -#define XCP_ADMS_IS_BSI(mode) (!!(mode & (XCP_ADMS_BSI2009 | \ - XCP_ADMS_BSI2011 | \ - XCP_ADMS_BSICC2017 )) ) +#define XCP_ADMS_IS_BSI(mode) (!!((mode) & (XCP_ADMS_BSI2009 | \ + XCP_ADMS_BSI2011 | \ + XCP_ADMS_BSICC2017 )) ) // mask of supported import keys // 3k and 4k RSA are not supported #define XCP_ADM_IMPEXP_KEYS__MASK \ @@ -1870,7 +1912,8 @@ typedef enum { (1 << XCP_IMPRKEY_EC_P521) | \ (1 << XCP_IMPRKEY_EC_BP256r) | \ (1 << XCP_IMPRKEY_EC_BP320r) | \ - (1 << XCP_IMPRKEY_EC_BP512r)) + (1 << XCP_IMPRKEY_EC_BP512r) | \ + (1 << XCP_IMPRKEY_EC_P521_TKE)) /*--- audit chains -------------------------------------------------------*/ @@ -1922,50 +1965,55 @@ typedef enum { /*--- state serialization ------------------------------------------------*/ typedef enum { - XCP_STSTYPE_SECTIONCOUNT = 1, // section count +file hash - XCP_STSTYPE_DOMAINIDX_MAX = 2, // largest index +total nr of domains - XCP_STSTYPE_DOMAINS_MASK = 3, // bitmask of included domains - XCP_STSTYPE_SERIALNR = 4, - XCP_STSTYPE_CREATE_TIME = 5, // file date/time (UTC) - XCP_STSTYPE_FCV = 6, // public parts of originating FCV - XCP_STSTYPE_CARD_QUERY = 7, // card state structure (xcp_info) - XCP_STSTYPE_CARD_ADM_SKIS = 8, // card admin SKIs, packed - XCP_STSTYPE_CARD_ADM_CERTS = 9, // card admin certificates, packed - XCP_STSTYPE_DOM_ADM_SKIS = 10, // domain admin SKIs, packed - XCP_STSTYPE_DOM_ADM_CERTS = 11, // domain admin certificates, packed - XCP_STSTYPE_DOM_QUERY = 12, // domain state structure (xcp_info) - XCP_STSTYPE_KPH_SKIS = 13, // count and SKIs of targeted KPHs - XCP_STSTYPE_CARD_ATTRS = 14, // card attributes - XCP_STSTYPE_DOM_ATTRS = 15, // domain attributes - XCP_STSTYPE_CARD_TRANSCTR = 16, // card transaction counter - XCP_STSTYPE_DOM_TRANSCTR = 17, // domain transaction counter - XCP_STSTYPE_WK_ENCR_ALG = 18, - XCP_STSTYPE_WK_ENCR_DATA = 19, - XCP_STSTYPE_SIG_CERT_COUNT = 20, - XCP_STSTYPE_SIG_CERTS = 21, - XCP_STSTYPE_FILE_SIG = 22, - XCP_STSTYPE_DOM_CPS = 23, // full set of control points - XCP_STSTYPE_STATE_SALT = 24, - XCP_STSTYPE_KEYPART = 25, // encrypted keypart (RecipientInfo) - XCP_STSTYPE_KEYPART_SIG = 26, // signature on encrypted keypart - XCP_STSTYPE_KEYPART_COUNT = 27, // total number of keyparts - XCP_STSTYPE_KEYPART_LIMIT = 28, // number of keyparts needed to - // restore - XCP_STSTYPE_KEYPART_CERT = 29, // certificate of keypart holder - XCP_STSTYPE_CERT_AUTH = 30, // certificate authority issuing - // some of the certificates. This - // field contains host-supplied data - // and it is ignored by EP11 itself. - XCP_STSTYPE_STATE_SCOPE = 31, // restriction on contents of full - // state structure - XCP_STSTYPE_MULTIIMPORT_MASK - = 32, // import only: designate import - // request to be replicated into - // multiple recipient domains - XCP_STSTYPE_CPS_MASK = 33, // bitmask of all CPs supported - // by the exporting module - - XCP_STSTYPE_MAX = XCP_STSTYPE_CPS_MASK + XCP_STSTYPE_SECTIONCOUNT = 1, // section count +file hash + XCP_STSTYPE_DOMAINIDX_MAX = 2, // largest index +total nr of doms + XCP_STSTYPE_DOMAINS_MASK = 3, // bitmask of included domains + XCP_STSTYPE_SERIALNR = 4, + XCP_STSTYPE_CREATE_TIME = 5, // file date/time (UTC) + XCP_STSTYPE_FCV = 6, // public parts of originating FCV + XCP_STSTYPE_CARD_QUERY = 7, // V0 card state struct (xcp_info) + XCP_STSTYPE_CARD_ADM_SKIS = 8, // card admin SKIs, packed + XCP_STSTYPE_CARD_ADM_CERTS = 9, // card admin certificates, packed + XCP_STSTYPE_DOM_ADM_SKIS = 10, // domain admin SKIs, packed + XCP_STSTYPE_DOM_ADM_CERTS = 11, // domain admin certs, packed + XCP_STSTYPE_DOM_QUERY = 12, // domain state struct (xcp_info) + XCP_STSTYPE_KPH_SKIS = 13, // count and SKIs of targeted KPHs + XCP_STSTYPE_CARD_ATTRS = 14, // card attributes + XCP_STSTYPE_DOM_ATTRS = 15, // domain attributes + XCP_STSTYPE_CARD_TRANSCTR = 16, // card transaction counter + XCP_STSTYPE_DOM_TRANSCTR = 17, // domain transaction counter + XCP_STSTYPE_WK_ENCR_ALG = 18, + XCP_STSTYPE_WK_ENCR_DATA = 19, + XCP_STSTYPE_SIG_CERT_COUNT = 20, + XCP_STSTYPE_SIG_CERTS = 21, + XCP_STSTYPE_FILE_SIG = 22, + XCP_STSTYPE_DOM_CPS = 23, // full set of control points + XCP_STSTYPE_STATE_SALT = 24, + XCP_STSTYPE_KEYPART = 25, // encrypted keypart (RecipientInfo) + XCP_STSTYPE_KEYPART_SIG = 26, // signature on encrypted keypart + XCP_STSTYPE_KEYPART_COUNT = 27, // total number of keyparts + XCP_STSTYPE_KEYPART_LIMIT = 28, // number of keyparts needed to + // restore + XCP_STSTYPE_KEYPART_CERT = 29, // certificate of keypart holder + XCP_STSTYPE_CERT_AUTH = 30, // certificate authority issuing + // some of the certificates. This + // field contains host-supplied data + // and it is ignored by EP11 itself. + XCP_STSTYPE_STATE_SCOPE = 31, // restriction on contents of full + // state structure + XCP_STSTYPE_MULTIIMPORT_MASK = 32, // import only: designate import + // request to be replicated into + // multiple recipient domains + XCP_STSTYPE_CPS_MASK = 33, // bitmask of all CPs supported + // by the exporting module + XCP_STSTYPE_CARD_QUERY_V1 = 34, // V1 card state struct (xcp_info) + XCP_STSTYPE_CARD_QUERY_V2 = 35, // V2 card state struct (xcp_info) + XCP_STSTYPE_CARD_EXTADM_SKIS = 36, // ext. card admin SKIs, packed + XCP_STSTYPE_CARD_EXTADM_CERTS = 37, // ext. card admin certs, packed + XCP_STSTYPE_DOM_EXTADM_SKIS = 38, // ext. dom admin SKIs, packed + XCP_STSTYPE_DOM_EXTADM_CERTS = 39, // ext. dom admin certs, packed + + XCP_STSTYPE_MAX = XCP_STSTYPE_DOM_EXTADM_CERTS } XCP_StateSection_t; typedef enum { @@ -1991,7 +2039,11 @@ typedef enum { // not return KPH certificates XCP_STWK_KP_NO_OA_CHAIN = 8, // keypart section restricted to // not return OA certificate chain - XCP_STDATA_MAX = ((XCP_STWK_KP_NO_OA_CHAIN *2) -1) + XCP_STDATA_NQS = 0x20,// allow use of non-quantum-safe + // algorithms in KP export/signature + XCP_STDATA_QS = 0x40,// allow use of quantum-safe + // algorithms in KP export/signature + XCP_STDATA_MAX = ((XCP_STDATA_QS *2) -1) } XCP_StateType_t; // type || identifier prefixes @@ -2124,10 +2176,6 @@ typedef enum { #define XCP_EC_MAX_ID_BYTES 11 /* fits all EC names/OIDs */ -// Dilithium related OIDs -#define XCP_PQC_DILITHIUM_65_NAME "\x6\xB\x2B\x6\x1\x4\x1\x2\x82\xB\x1\x6\x5" -#define XCP_PQC_DILITHIUM_65_NAME_BYTES 13 - /*------------------------------------*/ typedef enum { XCP_EC_C_NIST_P192 = 1, /* NIST, FP curves */ @@ -2158,6 +2206,7 @@ typedef enum { XCP_EC_C_ED25519 = 26, /* ed25519, EDDSA */ + XCP_EC_C_MAX = 27 /* last possible value */ } XCP_ECcurve_t; @@ -2175,6 +2224,56 @@ typedef enum { } XCP_ECCurveGrp_t; +/*--- PQC algorithms ------------------------------------------------------*/ + +// Dilithium related OIDs +// Round 2 Dilithium-3 (5-4) +#define XCP_PQC_DILITHIUM_R2_54 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x1\x5\x4" +#define XCP_PQC_DILITHIUM_R2_54_BYTES 13 +// Round 2 Dilithium-4 (6-5) +#define XCP_PQC_DILITHIUM_R2_65 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x1\x6\x5" +#define XCP_PQC_DILITHIUM_R2_65_BYTES 13 +// Round 2 Dilithium-5 (8-7) +#define XCP_PQC_DILITHIUM_R2_87 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x1\x8\x7" +#define XCP_PQC_DILITHIUM_R2_87_BYTES 13 +// Round 3 Dilithium-2 (4-4) +#define XCP_PQC_DILITHIUM_R3_44 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x7\x4\x4" +#define XCP_PQC_DILITHIUM_R3_44_BYTES 13 +// Round 3 Dilithium-3 (6-5) +#define XCP_PQC_DILITHIUM_R3_65 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x7\x6\x5" +#define XCP_PQC_DILITHIUM_R3_65_BYTES 13 +// Round 3 Dilithium-5 (8-7) +#define XCP_PQC_DILITHIUM_R3_87 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x7\x8\x7" +#define XCP_PQC_DILITHIUM_R3_87_BYTES 13 + +// Round 2 Kyber 512 +#define XCP_PQC_KYBER_R2_512 "\x6\x9\x2B\x6\x1\x4\x1\x2\x82\xB\x5" +#define XCP_PQC_KYBER_R2_512_BYTES 11 + +// Round 2 Kyber 768 +#define XCP_PQC_KYBER_R2_768 "\x6\xB\x2B\x6\x1\x4\x1\x2\x82\xB\x5\x3\x3" +#define XCP_PQC_KYBER_R2_768_BYTES 13 + +// Round 2 Kyber 1024 +#define XCP_PQC_KYBER_R2_1024 "\x6\xB\x2B\x6\x1\x4\x1\x2\x82\xB\x5\x4\x4" +#define XCP_PQC_KYBER_R2_1024_BYTES 13 + +/*------------------------------------*/ +typedef enum { + XCP_PQC_S_DILITHIUM_R2_54 = 1, /* Round-2 Dilithium */ + XCP_PQC_S_DILITHIUM_R2_65 = 2, + XCP_PQC_S_DILITHIUM_R2_87 = 3, + XCP_PQC_S_DILITHIUM_R3_44 = 4, /* Round-3 Dilithium */ + XCP_PQC_S_DILITHIUM_R3_65 = 5, + XCP_PQC_S_DILITHIUM_R3_87 = 6, + XCP_PQC_S_KYBER_R2_512 = 7, /* Round-2 Kyber */ + XCP_PQC_S_KYBER_R2_768 = 8, + XCP_PQC_S_KYBER_R2_1024 = 9, + + XCP_PQC_MAX = XCP_PQC_S_KYBER_R2_1024, +} XCP_PQCStrength_t; + + // binary encoding of function/version query // SEQUENCE { OCTET STRING (0) } // module responds with API version and build ID @@ -2343,12 +2442,15 @@ typedef enum { XCP_DEV_FLIP_ERRORSTATE = 68, // explicitly flip the setting of the // error state of the module XCP_DEV_AESKW = 69, - XCP_DEV_MAX_INDEX = XCP_DEV_AESKW + XCP_DEV_UNIT_TEST = 72, // run unit tests on module + + + XCP_DEV_MAX_INDEX = XCP_DEV_UNIT_TEST } XCP_DEVcmd_t; // // upper limit on additional data bytes, for SYS-TEST commands with aux. data // (arbitrary limit, commands may restict further) -#define XCP_DEV_MAX_DATABYTES ((size_t) 4096) +#define XCP_DEV_MAX_DATABYTES ((size_t) 64000) // // iteration-count limit applies to any iterative call // driver[timeout] may interfere; dev-only feature is not otherwise restricted @@ -2412,23 +2514,207 @@ typedef enum { #define CKG_IBM_MGF1_SHA3_384 (CKG_VENDOR_DEFINED +3) #define CKG_IBM_MGF1_SHA3_512 (CKG_VENDOR_DEFINED +4) +#if !defined(CKD_VENDOR_DEFINED) +#define CKD_VENDOR_DEFINED 0x80000000UL +#endif +#define CKD_IBM_HYBRID_NULL (CKD_VENDOR_DEFINED + 0x00000001UL) +#define CKD_IBM_HYBRID_SHA1_KDF (CKD_VENDOR_DEFINED + 0x00000002UL) +#define CKD_IBM_HYBRID_SHA224_KDF (CKD_VENDOR_DEFINED + 0x00000003UL) +#define CKD_IBM_HYBRID_SHA256_KDF (CKD_VENDOR_DEFINED + 0x00000004UL) +#define CKD_IBM_HYBRID_SHA384_KDF (CKD_VENDOR_DEFINED + 0x00000005UL) +#define CKD_IBM_HYBRID_SHA512_KDF (CKD_VENDOR_DEFINED + 0x00000006UL) -typedef uint64_t target_t; - -#define XCP_TGT_INIT ~0UL +#define XCP_MODEL_CEX4P 4 +#define XCP_MODEL_CEX5P 5 +#define XCP_MODEL_CEX6P 6 +#define XCP_MODEL_CEX7P 7 +#define XCP_MODEL_CEX8P 8 -#define XCP_TGT_FMT "x%016" PRIx64 +/*--------------------------------------------------------------------------*/ +// max value for target groups +#define XCP_MAX_GRPIDX 1024u -// initializes the library -int m_init(void); -// shutting down the library -int m_shutdown(void); +// +// macros for setting/checking and removing domains from (tgt.mgmt) domain mask +#define XCPTGTMASK_SET_DOM(mask, domain) \ + ((mask)[((domain)/8)] |= (1 << (7-(domain)%8))) +#define XCPTGTMASK_DOM_IS_SET(mask, domain) \ + ((mask)[((domain)/8)] & (1 << (7-(domain)%8))) +#define XCPTGTMASK_CLR_DOM(mask, domain) \ + ((mask)[((domain)/8)] &= ~(1 << (7-(domain)%8))) + + +/* flags that can be set for the target tokens + * + * This flags are domain specific and are therefore called domain flags + * + * start of flags is >16 Bit. Max value for domains is 0xFF. Should be enough + * room for extensions + */ +#define XCP_TGTFL_WCAP 0x10000000 /* Capture wire request in output buffer + * without sending it to the module + */ +#define XCP_TGTFL_WCAP_SQ 0x20000000 /* Size query: Return size of request in + * output buffer length field + */ +#define XCP_TGTFL_SET_SCMD 0x40000000 /* Protected key special command: Set the + * special command flag in the CPRB + * header + */ +#define XCP_TGTFL_API_CHKD 0x80000000 /* supported API version of modules in + * target (group) has been checked + */ + +#define XCP_TGTFL_NO_LOCK 0x01000000 /* target token ignores sequential locks + * for target probing + */ +#define XCP_TGTFL_CHK_ATTR 0x02000000 /* reject unknown attribute in attribute + * templates with + * CKR_TEMPLATE_INCONSISTENT. Default is + * to ignore unknown attributes. + */ +#define XCP_TGTFL_SET_ACMD 0x04000000 /* add CPRB admin flag to CPRB header */ + +#define XCP_TGTFL_NO_SPLIT 0x08000000 /* enforce single-shot requests */ + +//-------------------------------------- +// socket use only +#define XCP_MAXCONNECTIONS 64 /* max value for active connections */ +#define XCP_MAX_PORT 0xffff + +// hostname and port value fore one module +typedef struct XCP_ModuleSocket { + char host[ MAX_FNAME_CHARS +1 ]; + uint32_t port; +} *XCP_ModuleSocket_t ; + + +//-------------------------------------- +// diagnostics use only +typedef struct XCP_DomainPerf { + /* perf value of last request per domain + * + * At the moment unused + * */ + unsigned int lastperf[ 256 ]; +} *XCP_DomainPerf_t; + + +// current version of XCP_Module structure; host code SHOULD interact with +// future/past versions, MUST be set by caller before using m_add_module() +// valid versions are all >0 +#define XCP_MOD_VERSION 2 +//-------------------------------------- +// subsequent communications with a module MAY skip infrastructure-specific +// fields, such as a query not reporting device handles etc., even if they +// have been supplied originally when the module has been registered. +// +typedef struct XCP_Module { + uint32_t version; /* >0 for supported API versions */ + + uint64_t flags; /* see XCP_Module_Flags */ + + uint32_t domains; /* max# addressable under this module; + * cached from OS + * + * when callers set domains to 0, the library + * returns the module-claimed domain count. + */ + + unsigned char domainmask[ 256 /8 ]; + /* higher domain# through future flags (none + * currently defined) which would add things + * like 'FLAG_256_1023' etc. at the same time, + * we would add domainmask2[] etc. + * corresponding new fields. + * + * new fields would then store mask for + * domains 256+ etc. + * + * domain #0 is bit x80 of 1st byte, + * #255 is bit 0x01 of last byte. + */ + + // when a domainmask is supplied, with bits set beyond + // what the module supports, the bitmask is trimmed to + // the supported range, but this is NOT reported as an + // error, unless XCP_MFL_STRICT is also supplied. + // + // without XCP_MFL_STRICT, callers are expected to check + // at least the returned domain count. + + /* used only when flags includes XCP_MFL_SOCKET */ + struct XCP_ModuleSocket socket; + + /* used when system exposes modules through an + * array of transparent pipes, or similar abstraction + * (such as mainframe AP Queues, or other Linux + * 'device-minor' numbers etc.). Interpretation + * is platform-dependent. + * + * used only when flags includes XCP_MFL_MODULE + */ + uint32_t module_nr; + + /* used by systems which associate devices with + * device handles/structs/etc. persistent state. + * opaque pointer, usually a const pointer to + * such aux structs, MAY be stored here. + * + * interpretation is platform-dependent. + * used only when flags includes XCP_MFL_MHANDLE + */ + void *mhandle; + /* diagnostics use only, when XCP_MFL_PERF is set */ + struct XCP_DomainPerf perf; + //----- end of v1 fields ------------------------------------------- + + uint32_t api; /* module api version*/ + //----- end of v2 fields ------------------------------------------- +} *XCP_Module_t ; + +typedef enum { + XCP_MFL_SOCKET = 1, /* backend is socket-attached */ + XCP_MFL_MODULE = 2, /* backends identified in + array-of-modules */ + XCP_MFL_MHANDLE = 4, /* backends uses 'module handle' field */ + XCP_MFL_PERF = 8, /* performance statistics collected + * for this module, see .perf + */ + XCP_MFL_VIRTUAL = 0x10, /* queried 'target' is a load-balancer, + * other other group. + */ + XCP_MFL_STRICT = 0x20, /* enable aggressive error checking, + * see field descriptions for effect + */ + XCP_MFL_PROBE = 0x40, /* send api query to module, to check if + * target(s) can be used + */ + XCP_MFL_ALW_TGT_ADD = 0x80, /* Allows it to use a target in any + * functional and admin call without + * adding it beforehand with + * m_add_module() + */ + XCP_MFL_MAX = 0xff +} XCP_Module_Flags; + +typedef uint64_t target_t; + +#define XCP_TGT_INIT ~0UL + +#define XCP_TGT_FMT "x%016" PRIx64 int m_add_module(XCP_Module_t module, target_t *target) ; int m_rm_module(XCP_Module_t module, target_t target) ; +CK_RV m_admin (unsigned char *response1, size_t *r1len, + unsigned char *response2, size_t *r2len, + const unsigned char *cmd, size_t clen, + const unsigned char *sigs, size_t slen, + target_t target) ; + /*---------------------------------------------------------------------- * CK_... type arguments correspond to the original PKCS#11 call's * arguments. Standard types mean PKCS#11 objects (session, token etc.) @@ -2442,11 +2728,31 @@ int m_rm_module(XCP_Module_t module, target_t target) ; * For certain operations, such as _GenerateKey, there are no real * PKCS#11 type parameters at this level. */ + + +CK_RV m_Login ( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen, + const unsigned char *nonce, size_t nlen, + unsigned char *pinblob, size_t *pinbloblen, + target_t target) ; +CK_RV m_Logout ( const unsigned char *pin, size_t len, target_t target) ; + +CK_RV m_LoginExtended( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen, + const unsigned char *nonce, size_t nlen, + const unsigned char *xstruct, size_t xslen, + unsigned char *pinblob, size_t *pinbloblen, + target_t target) ; + +CK_RV m_LogoutExtended( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen, + const unsigned char *nonce, size_t nlen, + const unsigned char *xstruct, size_t xslen, + target_t target) ; + CK_RV m_GenerateRandom (CK_BYTE_PTR rnd, CK_ULONG len, target_t target) ; /**/ /* note: external seeding not supported */ CK_RV m_SeedRandom (CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen, target_t target) ; + CK_RV m_DigestInit (unsigned char *state, size_t *len, const CK_MECHANISM_PTR pmech, target_t target) ; @@ -2469,6 +2775,73 @@ CK_RV m_DigestSingle (CK_MECHANISM_PTR pmech, CK_BYTE_PTR digest, CK_ULONG_PTR dlen, target_t target) ; +CK_RV m_GenerateKey (CK_MECHANISM_PTR pmech, + CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount, + const unsigned char *pin, size_t pinlen, + unsigned char *key, size_t *klen, + unsigned char *csum, size_t *clen, + target_t target) ; +/**/ +CK_RV m_GenerateKeyPair (CK_MECHANISM_PTR pmech, + CK_ATTRIBUTE_PTR ppublic, CK_ULONG pubattrs, + CK_ATTRIBUTE_PTR pprivate, CK_ULONG prvattrs, + const unsigned char *pin, size_t pinlen, + unsigned char *key, size_t *klen, + unsigned char *pubkey, size_t *pklen, + target_t target) ; + +/* mackey is NULL for PKCS#11 formats, not for authenticated ones */ +CK_RV m_WrapKey (const unsigned char *key, size_t keylen, + const unsigned char *kek, size_t keklen, + const unsigned char *mackey, size_t mklen, + const CK_MECHANISM_PTR pmech, + CK_BYTE_PTR wrapped, CK_ULONG_PTR wlen, + target_t target) ; +/**/ +/* mackey is NULL for PKCS#11 formats, not for authenticated ones */ +CK_RV m_UnwrapKey (const CK_BYTE_PTR wrapped, CK_ULONG wlen, + const unsigned char *kek, size_t keklen, + const unsigned char *mackey, size_t mklen, + const unsigned char *pin, size_t pinlen, + const CK_MECHANISM_PTR uwmech, + const CK_ATTRIBUTE_PTR ptempl, CK_ULONG pcount, + unsigned char *unwrapped, size_t *uwlen, + CK_BYTE_PTR csum, CK_ULONG *cslen, + target_t target) ; + +CK_RV m_DeriveKey ( CK_MECHANISM_PTR pderivemech, + CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount, + const unsigned char *basekey, size_t bklen, + const unsigned char *data, size_t dlen, + const unsigned char *pin, size_t pinlen, + unsigned char *newkey, size_t *nklen, + unsigned char *csum, size_t *cslen, + target_t target) ; + +CK_RV m_GetAttributeValue (const unsigned char *obj, size_t olen, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + target_t target) ; +CK_RV m_SetAttributeValue (unsigned char *obj, size_t olen, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + target_t target) ; + +/**/ +CK_RV m_GetMechanismList (CK_SLOT_ID slot, + CK_MECHANISM_TYPE_PTR mechs, + CK_ULONG_PTR count, + target_t target) ; +CK_RV m_GetMechanismInfo (CK_SLOT_ID slot, + CK_MECHANISM_TYPE mech, + CK_MECHANISM_INFO_PTR pmechinfo, + target_t target) ; + +CK_RV m_get_xcp_info (CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes, + unsigned int query, + unsigned int subquery, + target_t target) ; + +// see also: CK_IBM_XCPQUERY_t + CK_RV m_EncryptInit (unsigned char *state, size_t *slen, CK_MECHANISM_PTR pmech, const unsigned char *key, size_t klen, @@ -2516,21 +2889,6 @@ CK_RV m_DecryptSingle (const unsigned char *key, size_t klen, CK_BYTE_PTR plain, CK_ULONG_PTR plen, target_t target) ; -CK_RV m_GenerateKey (CK_MECHANISM_PTR pmech, - CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount, - const unsigned char *pin, size_t pinlen, - unsigned char *key, size_t *klen, - unsigned char *csum, size_t *clen, - target_t target) ; -/**/ -CK_RV m_GenerateKeyPair (CK_MECHANISM_PTR pmech, - CK_ATTRIBUTE_PTR ppublic, CK_ULONG pubattrs, - CK_ATTRIBUTE_PTR pprivate, CK_ULONG prvattrs, - const unsigned char *pin, size_t pinlen, - unsigned char *key, size_t *klen, - unsigned char *pubkey, size_t *pklen, - target_t target) ; - CK_RV m_SignInit (unsigned char *state, size_t *slen, CK_MECHANISM_PTR alg, const unsigned char *key, size_t klen, @@ -2574,72 +2932,6 @@ CK_RV m_VerifySingle (const unsigned char *key, size_t klen, CK_BYTE_PTR sig, CK_ULONG slen, target_t target) ; -/* mackey is NULL for PKCS#11 formats, not for authenticated ones */ -CK_RV m_WrapKey (const unsigned char *key, size_t keylen, - const unsigned char *kek, size_t keklen, - const unsigned char *mackey, size_t mklen, - const CK_MECHANISM_PTR pmech, - CK_BYTE_PTR wrapped, CK_ULONG_PTR wlen, - target_t target) ; -/**/ -/* mackey is NULL for PKCS#11 formats, not for authenticated ones */ -CK_RV m_UnwrapKey (const CK_BYTE_PTR wrapped, CK_ULONG wlen, - const unsigned char *kek, size_t keklen, - const unsigned char *mackey, size_t mklen, - const unsigned char *pin, size_t pinlen, - const CK_MECHANISM_PTR uwmech, - const CK_ATTRIBUTE_PTR ptempl, CK_ULONG pcount, - unsigned char *unwrapped, size_t *uwlen, - CK_BYTE_PTR csum, CK_ULONG *cslen, - target_t target) ; - -CK_RV m_DeriveKey ( CK_MECHANISM_PTR pderivemech, - CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount, - const unsigned char *basekey, size_t bklen, - const unsigned char *data, size_t dlen, - const unsigned char *pin, size_t pinlen, - unsigned char *newkey, size_t *nklen, - unsigned char *csum, size_t *cslen, - target_t target) ; - -/**/ -CK_RV m_GetMechanismList (CK_SLOT_ID slot, - CK_MECHANISM_TYPE_PTR mechs, - CK_ULONG_PTR count, - target_t target) ; -CK_RV m_GetMechanismInfo (CK_SLOT_ID slot, - CK_MECHANISM_TYPE mech, - CK_MECHANISM_INFO_PTR pmechinfo, - target_t target) ; - -CK_RV m_GetAttributeValue (const unsigned char *obj, size_t olen, - CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, - target_t target) ; -CK_RV m_SetAttributeValue (unsigned char *obj, size_t olen, - CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, - target_t target) ; - - -CK_RV m_Login ( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen, - const unsigned char *nonce, size_t nlen, - unsigned char *pinblob, size_t *pinbloblen, - target_t target) ; -CK_RV m_Logout ( const unsigned char *pin, size_t len, target_t target) ; - -CK_RV m_admin (unsigned char *response1, size_t *r1len, - unsigned char *response2, size_t *r2len, - const unsigned char *cmd, size_t clen, - const unsigned char *sigs, size_t slen, - target_t target) ; - -CK_RV m_get_xcp_info (CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes, - unsigned int query, - unsigned int subquery, - target_t target) ; - -// see also: CK_IBM_XCPQUERY_t - - // m_wire() by default removes transport headers of responses (CPRB header etc.) // setting to prevent stripping: // @@ -2661,17 +2953,20 @@ CK_RV m_wire (unsigned char *rsp, size_t *rsplen, CK_RV *irv, #define XCP_W_NO_SEND_CPRB 1 /* data already includes request header */ #define XCP_W_NO_RECV_CPRB 2 /* leave transport header in response */ +// initializes the library +int m_init(void); +// shutting down the library +int m_shutdown(void); -/*-- build identification ------------------------------------------------*/ -#define XCP_BUILD_ID 0x9c14a5e6 -#define XCP_BUILD_DATE 0x20220610 /* UTC */ -#define XCP_BUILD_TIME 0x123354 /* UTC */ -/*--------------------------------------------------------------------------*/ -/*--------------------------------------------------------------------------*/ +/*-- build identification ------------------------------------------------*/ +#define XCP_BUILD_ID 0xf1d34cc2 +#define XCP_BUILD_DATE 0x20221214 /* UTC */ +#define XCP_BUILD_TIME 0x094523 /* UTC */ +/*--------------------------------------------------------------------------*/ #define __XCP_REASONCODES_H__ 1 @@ -2823,14 +3118,10 @@ typedef enum { } XCP_ReasonCode_t ; - - -#if ! defined(__transport_fns_h__) -#define __transport_fns_h__ - /* function identifiers must be consecutive, between: */ #define __MIN_MOD_FNID 1 -#define __MAX_MOD_FNID 43 +#define __MAX_MOD_FNID 42 +/* selectively disabled functions within that range reported separately */ #define __FNID_Login 1 #define __FNID_Logout 2 @@ -2938,8 +3229,6 @@ typedef enum { #define __HOST2MOD_DATAPRM 9 #define __MOD2HOST_DATAPRM 2 -#endif /* n defined(__transport_fns_h__) */ - #endif /* n defined(XCP_H__) */ diff --git a/usr/lib/ep11_stdll/ep11adm.h b/usr/lib/ep11_stdll/ep11adm.h index ecb524d5..0cd50a65 100644 --- a/usr/lib/ep11_stdll/ep11adm.h +++ b/usr/lib/ep11_stdll/ep11adm.h @@ -25,34 +25,6 @@ #error "We need types, please include before this file." #endif -// these numbers apply to current version, subject to change -// Please note that this defines are DEPRECATED. Please use their XCP_* -// counterpart in ep11.h -// -#if !defined(EP11_SERIALNR_CHARS) -#define EP11_SERIALNR_CHARS XCP_SERIALNR_CHARS -#endif - -#if !defined(EP11_KEYCSUM_BYTES) -/* full size of verific. pattern */ -#define EP11_KEYCSUM_BYTES XCP_KEYCSUM_BYTES -#endif - -#if !defined(EP11_ADMCTR_BYTES) -/* admin transaction ctrs */ -#define EP11_ADMCTR_BYTES XCP_ADMCTR_BYTES -#endif - -#if !defined(EP11_ADM_REENCRYPT) -/* transform blobs to next WK */ -#define EP11_ADM_REENCRYPT XCP_ADM_REENCRYPT -#endif - -#if !defined(CK_IBM_EP11Q_DOMAIN) -/* list domain's WK hashes */ -#define CK_IBM_EP11Q_DOMAIN CK_IBM_XCPQ_DOMAIN -#endif -// end of DEPRECATED defines //------------------------------------- // flags common to all functions that have a flag parameter @@ -100,13 +72,22 @@ #define DOMAIN_MASK_LENGTH XCP_DOMAINS/8 // space for 256 domains - +//------------------------------------- +// Key-Part-Holder template +// contain credentials of a key-part holder. Those credentials +// can be file based and/or smart card based references. struct KPH { - const unsigned char *cert; - size_t clen; - const char *id; - const char *pw; - const char *kpfname; + const unsigned char *cert; // certificate + size_t clen; // certificate length + const char *id; // private key + const char *pw; // private key passphrase + const char *kpfname; // filename of the key-part + char scard; // indicates a smart card user + char ski_id; // subject key identifier ID + int rdr_id; // smart card reader number + char kp_id; // key-part ID + uint64_t sigmech; // signature mechenism + const char *padmode; // padding mode } ; @@ -159,30 +140,6 @@ typedef struct XCPadmresp { #define XCP_ADMRESP_INIT0 { 0,0,0, {0},{0},{0}, {0}, CKR_OK, 0, NULL,0, } -// ep11_admresp_t is DEPRECATED. Please use XCPadmresp_t directly -typedef struct ep11_admresp { - uint32_t fn; - uint32_t domain; - uint32_t domainInst; - - /* module ID || module instance */ - unsigned char module[ EP11_SERIALNR_CHARS + EP11_SERIALNR_CHARS ]; - unsigned char modNr[ EP11_SERIALNR_CHARS ]; - unsigned char modInst[ EP11_SERIALNR_CHARS ]; - - unsigned char tctr[ EP11_ADMCTR_BYTES ]; /* transaction counter */ - - CK_RV rv; - uint32_t reason; - - // points to original response; NULL if no payload - // make sure it's copied if used after releasing response block - // - const unsigned char *payload; - size_t pllen; -} *ep11_admresp_t; - - //------------------------------------- // listing of CP modes with their respective sets of control points that are // either required or prohibited @@ -249,9 +206,39 @@ static const struct { XCP_CPB_ALG_NBSI2011, XCP_CPB_ALG_DH, XCP_CPB_DERIVE }, }, + { XCP_ADMS_FIPS2021, "fips2021", + 15, + { XCP_CPB_ALG_NFIPS2011, XCP_CPB_KEYSZ_80BIT, + XCP_CPB_KEYSZ_RSA65536, + XCP_CPB_ALG_NFIPS2021, XCP_CPB_ALG_EC_25519, + XCP_CPB_ALG_PQC, XCP_CPB_BTC, + XCP_CPB_ECDSA_OTHER, XCP_CPB_ALLOW_NONSESSION, + XCP_CPB_ALG_EC_SECGCRV, XCP_CPB_ALG_EC_BPOOLCRV, + XCP_CPB_COMPAT_LEGACY_SHA3, XCP_CPB_DSA_PARAMETER_GEN, + XCP_CPB_WRAP_ASYMM, XCP_CPB_UNWRAP_ASYMM + }, + 0, + { }, + }, + { XCP_ADMS_FIPS2024, "fips2024", + 16, + { XCP_CPB_ALG_NFIPS2011, XCP_CPB_KEYSZ_80BIT, + XCP_CPB_KEYSZ_RSA65536, + XCP_CPB_ALG_NFIPS2021, XCP_CPB_ALG_EC_25519, + XCP_CPB_ALG_PQC, XCP_CPB_BTC, + XCP_CPB_ECDSA_OTHER, XCP_CPB_ALLOW_NONSESSION, + XCP_CPB_ALG_EC_SECGCRV, XCP_CPB_ALG_EC_BPOOLCRV, + XCP_CPB_ALG_NFIPS2024, XCP_CPB_COMPAT_LEGACY_SHA3, + XCP_CPB_DSA_PARAMETER_GEN, XCP_CPB_WRAP_ASYMM, + XCP_CPB_UNWRAP_ASYMM + }, + 0, + { }, + // XCP_ADMS_ADM_FIPS2021 is not reported here as it is not set with + // control points + } } ; - //------------------------------------- // Structure to collect all relevant data for state export/import // @@ -351,21 +338,12 @@ long xcpa_certreplace(unsigned char *blk, size_t blen, //------------------------------------- -// xcpa_query_wk queries the hash of the current/next WK for the given target -// xcpa_query_wk without the feature define EP11ADM_V2 can only query the hash -// of the current WK. Latter version is deprecated and will be removed with the -// next major release +// Queries the current/next WK for the given target // -// Parameter description: -// wk pointer to the output buffer, contains current/next WK hash after -// call -// wlen needs to be set to the size of the output buffer -// type CK_IBM_DOM_CURR_WK or CK_IBM_DOM_NEXT_WK (only available with -// EP11ADM_V2 defined) -// target a single target set up with m_add_module +// WK Hash is returned in (*wk, wlen) on success if wk is not NULL // // returns >0 (bytecount) if present -// 0 if valid but no current/next WK +// 0 if valid but no current WK // <0 if anything failed // // Possible error return codes: @@ -375,14 +353,7 @@ long xcpa_certreplace(unsigned char *blk, size_t blen, // // Uses xcpa_queryblock() - See function header for possible return codes // -#if defined(EP11ADM_V2) -__asm__(".symver xcpa_query_wk, xcpa_query_wk@EP11ADM_V2"); -long xcpa_query_wk(unsigned char *wk, size_t wlen, int type, - target_t target) ; -#else -long xcpa_query_wk(unsigned char *wk, size_t wlen, target_t target) - __attribute__ ((deprecated)); -#endif +long xcpa_query_wk(unsigned char *wk, size_t wlen, int type, target_t target) ; //------------------------------------- @@ -681,12 +652,13 @@ long xcpa_set_cps(target_t target, //------------------------------------- // get compliance mode from CP set (see ep11_cpt_modes[] for possible compliance // modes) +// can not check for administrative compliance modes // // cps CP set of XCP_CP_BYTES length, see xcpa_query_cps // // returns >0 compliance mode (see XCP_ADMS_...) // -// does not verify CP set! +// does not verify CP set // uint32_t xcpa_cps2compliance(const unsigned char *cps /* XCP_CP_BYTES */) ; @@ -823,7 +795,10 @@ typedef struct Encrdkey { // EC only: RSA recipients must keep these lengths 0 // // largest supported curve: P-521 - + unsigned char srcprivate[ 66 ]; /* private key (PKCS#8) */ + size_t sprivlen; /* priv. key byte count */ + unsigned char *oid; /* EC curve OID */ + size_t olen; /* EC curve OID length */ unsigned char srcpublic[ 1+66+66 ]; /* originator public point */ size_t splen; /* pub. point bytecount */ @@ -840,18 +815,10 @@ typedef struct Encrdkey { int ktype; /* one of the wire-specified types */ CK_MECHANISM *alg; /* currently, ignored */ + unsigned char wrap_alg[25]; /* AES Key Wrap algorithm OID */ // largest supported importer type: 4096-bit RSA unsigned char raw[ 4096/8 ]; /* actual encrypted bytes */ size_t rlen; - -#if defined(EP11ADM_V2) - unsigned char srcprivate[ 66 ]; /* private key (PKCS#8) */ - size_t sprivlen; /* priv. key byte count */ - unsigned char *oid; /* EC curve OID */ - size_t olen; /* EC curve OID length */ - - unsigned char wrap_alg[25]; /* AES Key Wrap algorithm OID */ -#endif } *Encrdkey_t; @@ -893,9 +860,6 @@ long xcp_rcptinfo_sharedinfo(unsigned char *sinfo, size_t slen, // creates RecipientInfo ASN.1 sequence (asn) from encr structure following RFC // 3852 for RSA and RFC 5753 for EC // -// uses encr->wrap_alg if EP11ADM_V2 defined. Otherwise assumes aes256-wrap is -// used for EC -// // verifies if a known importer key is used and if the SPKI does match // the importer key type // @@ -907,9 +871,10 @@ long xcp_rcptinfo_sharedinfo(unsigned char *sinfo, size_t slen, // XCP_ADMERR_RI_IMPR_INVALID: if the importer type or the key import structure // encr is not supported / invalid // -long xcp_rcptinfo(unsigned char *asn, size_t alen, - const struct Encrdkey *encr, - const CK_MECHANISM *encrmech) ; +long xcp_rcptinfo (unsigned char *asn, size_t alen, + const struct Encrdkey *encr, + const CK_MECHANISM *encrmech) ; + //------------------------------------- // reads ASN.1 formatted RecipientInfo (asn) and turns it into rinfo structure @@ -990,12 +955,8 @@ long xcpa_import_keypart (unsigned char *out, size_t olen, // XCP_ADMERR_RI_IMPR_INVALID: importer key type invalid / unsupported or does // not match SPKI // -// uses xcp_rcptinfo and xcpa_cmdblock() - see function header for more return -// codes and EP11AMD_V2 specific changes +// uses xcpa_cmdblock() - see function header for more return codes // -#if defined(EP11ADM_V2) -__asm__(".symver xcpa_import_cmdblock, xcpa_import_cmdblock@EP11ADM_V2"); -#endif long xcpa_import_cmdblock (unsigned char *out, size_t olen, const struct Encrdkey *key, const struct XCPadmresp *minf, @@ -1164,19 +1125,10 @@ long xcpa_fill_export_req(unsigned char *asn, size_t alen, // Constructs key part file with ASN.1 envelope // writes output to (*reqprep, reqpreplen) // -// default version: -// statesave contains the target domain mask -// kphs keypart holder certificates -// ekps contains re-encrypted keyparts -// kcnt number of kphs -// reqprep output buffer -// reqpreplen output length -// -// with EP11ADM_V2 feature define active: // domainmask target domain mask // kphs keypart holder certificates -// ekps contains re-encrypted keyparts // kcnt number of kphs +// ekps contains re-encrypted keyparts // reqprep output buffer // reqpreplen output length // headerinfo set to 0 if no header info requested @@ -1184,9 +1136,6 @@ long xcpa_fill_export_req(unsigned char *asn, size_t alen, // // returns 0 if successful // <0 if something fails -#if defined(EP11ADM_V2) -__asm__(".symver xcpa_construct_keypart_file, " - "xcpa_construct_keypart_file@EP11ADM_V2"); long xcpa_construct_keypart_file(unsigned char *domainmask, const struct KPH *kphs, const struct Encrdkey *ekps, @@ -1194,15 +1143,7 @@ long xcpa_construct_keypart_file(unsigned char *domainmask, unsigned char *reqprep, size_t *reqpreplen, unsigned int headerinfo); -#else -long xcpa_construct_keypart_file(struct STATESAVE *statesave, - const struct KPH *kphs, - const struct Encrdkey *ekps, - unsigned int kcnt, - unsigned char *reqprep, - size_t *reqpreplen) - __attribute__((deprecated)); -#endif + //------------------------------------- // Enable export WK permission @@ -1254,17 +1195,6 @@ long xcpa_enable_import_state(target_t target, // Export the domain WK of the given target // writes output to (*resp, resplen) // -// default version: -// target addresses target module/domain -// keyparts pointer to the encrypted keyparts -// keypartlen length of encrypted keyparts -// request pointer to the export request data -// requestlen length of request data -// sign_cb provide the callback for generating signatures -// may be NULL if no signatures required -// signopts number of signatures requested -// -// with EP11ADM_V2 feature define active: // target addresses target module/domain // wktype indicates either current or next WK // keyparts pointer to the encrypted keyparts @@ -1274,20 +1204,11 @@ long xcpa_enable_import_state(target_t target, // sign_cb provide the callback for generating signatures // may be NULL if no signatures required // signopts number of signatures requested -// -#if defined(EP11ADM_V2) -__asm__(".symver xcpa_export_wk, xcpa_export_wk@EP11ADM_V2"); long xcpa_export_wk(target_t target, int wktype, unsigned char *keyparts, size_t *keypartlen, const unsigned char *request, size_t requestlen, xcpa_admin_signs_cb_t sign_cb, const void *signopts); -#else -long xcpa_export_wk(target_t target, - unsigned char *keyparts, size_t *keypartlen, - const unsigned char *request, size_t requestlen, - xcpa_admin_signs_cb_t sign_cb, const void *signopts) - __attribute__((deprecated)); -#endif + //------------------------------------- // Export the state of the given target @@ -1337,11 +1258,6 @@ long xcpa_import_wk_rcptinfo(target_t target, // sign_cb provide the callback for generating signatures // may be NULL if no signatures required // signopts number of signatures requested -// -// uses xcp_rcptinfo and is therefore dependent on EP11ADM_V2 -#if defined(EP11ADM_V2) -__asm__(".symver xcpa_import_wk, xcpa_import_wk@EP11ADM_V2"); -#endif long xcpa_import_wk(target_t target, const struct Encrdkey *ekps, unsigned int kcnt, const unsigned char *wkvp, xcpa_admin_signs_cb_t sign_cb, const void *signopts); @@ -1436,11 +1352,11 @@ long xcpa_gen_random_wk(target_t target, unsigned char *wkvp, // XCP_ADMERR_SI_OID_MECH_MISMATCH: mismatch between signature and hash // mechanism // -long xcp_signerinfo(unsigned char *asn, size_t alen, - const unsigned char *ski, size_t skilen, /* signer */ - const unsigned char *sig, size_t siglen, - const CK_MECHANISM *sigmech, - const CK_MECHANISM *hashmech) ; +long xcp_signerinfo (unsigned char *asn, size_t alen, + const unsigned char *ski, size_t skilen, /* signer */ + const unsigned char *sig, size_t siglen, + const CK_MECHANISM *sigmech, + const CK_MECHANISM *hashmech) ; //------------------------------------- @@ -1461,13 +1377,13 @@ long xcp_signerinfo(unsigned char *asn, size_t alen, // // no length checks on signature or SKI, other than checking both for non-empty // -long xcp_signerinfo_read(const unsigned char *sinfo, size_t silen, - const unsigned char **ski, size_t *skilen, - const unsigned char **sig, size_t *siglen, - const unsigned char **hoid, size_t *hoidlen, - const unsigned char **soid, size_t *soidlen, - CK_MECHANISM *signmech, - CK_MECHANISM *hashmech) ; +long xcp_signerinfo_read (const unsigned char *sinfo, size_t silen, + const unsigned char **ski, size_t *skilen, + const unsigned char **sig, size_t *siglen, + const unsigned char **hoid, size_t *hoidlen, + const unsigned char **soid, size_t *soidlen, + CK_MECHANISM *signmech, + CK_MECHANISM *hashmech) ; //------------------------------------- @@ -1488,57 +1404,10 @@ long xcp_signerinfo_read(const unsigned char *sinfo, size_t silen, // // note: we do not verify other details of SPKI; caller must do so // -long xcp_spki2pubkey(const unsigned char **bitstr, - const unsigned char *spki, size_t slen) ; - - - -//---------------------------------------------------------------------- -// The following functions are DEPRECTATED! -// for return values see their xcpa_* counterpart +long xcp_spki2pubkey (const unsigned char **bitstr, + const unsigned char *spki, size_t slen) ; -/*---------------------------------------------------------------------- - * build a command block to (blk,blen), querying 'fn' - * (payload,plen) copied to query block if non-NULL - * - * returns written bytecount; size query if blk is NULL - * *minf used for module ID and transaction counter - * ignored for commands where those fields are ignored - */ -long ep11a_cmdblock(unsigned char *blk, size_t blen, - unsigned int fn, - const struct ep11_admresp *minf, - const unsigned char *tctr, /* EP11_ADMCTR_BYTES */ - const unsigned char *payload, size_t plen) - __attribute__ ((deprecated)) ; - - -/*---------------------------------------------------------------------- - * returns <0 if response is malformed, or contents invalid - * - * parse embedded return value from response, writes to *rv if non-NULL - * (outside envelope always reports CKR_OK, unless infrastructure - * failed) - */ -long ep11a_internal_rv(const unsigned char *rsp, size_t rlen, - struct ep11_admresp *rspblk, CK_RV *rv) - __attribute__ ((deprecated)) ; - - -/*---------------------------------------------------------------------- - * in: [0] query type - * out: [0] packed info structure - * - * outputs are fixed size, except CK_IBM_XCPQ_DOMAINS, which returns a - * list therefore, infbytes is ignored by other types (we still check - * if present) - */ -CK_RV m_get_ep11_info(CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes, - unsigned int query, - unsigned int subquery, - target_t target) - __attribute__ ((deprecated)) ; /* @@ -1548,7 +1417,7 @@ CK_RV m_get_ep11_info(CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes, * mask pointer to an 32 byte array that represents our domain mask * masksize bit-length of the mask */ -int xcp_args2mask(char *args, unsigned char *mask, int masksize) ; +int xcp_args2mask(char *args, unsigned char *mask, int masksize); /* @@ -1602,6 +1471,10 @@ long xcpa_write_full_file(target_t target, unsigned int fileid, unsigned int block); +long xcpa_remove_file(target_t target, unsigned int fileid, + xcpa_admin_signs_cb_t sign_cb, const void *signopts); + + /* brute-force section parser: enumerate all encrypted-KP sections * * returns >0 offset of full OCTET STRING T+L+V section @@ -1627,5 +1500,15 @@ long xcpa_kps_retrieve_rcptinfo(struct Recipient_info *rcpti, const unsigned char *kpexport, size_t kplen); + +/* + * report domain compliance + * + * returns compliance bitmask if successful and 0 if anything failed + * (as zero is invalid as we always have a default compliance active) + * + */ +uint64_t get_dom_compl(target_t target); + #endif /* !defined(__xcpadm_h__) */ -- 2.16.2.windows.1