libyubihsm
yubihsm.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2016 Yubico AB
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions are
7  * met:
8  *
9  * * Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  *
12  * * Redistributions in binary form must reproduce the above
13  * copyright notice, this list of conditions and the following
14  * disclaimer in the documentation and/or other materials provided
15  * with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
20  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
21  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  *
29  */
30 
93 #ifndef YUBIHSM_H
94 #define YUBIHSM_H
95 
96 #include <stdint.h>
97 #include <stdbool.h>
98 #include <stddef.h>
99 #include <stdio.h>
100 
102 #define YH_CONTEXT_LEN 16
103 #define YH_HOST_CHAL_LEN 8
105 #define YH_MSG_BUF_SIZE 2048
107 #define YH_KEY_LEN 16
109 #define YH_VID 0x1050
111 #define YH_PID 0x0030
113 #define YH_CMD_RESP_FLAG 0x80
115 #define YH_MAX_ITEMS_COUNT \
117  256 // TODO: should this really be defined in the API?
118 #define YH_MAX_SESSIONS 16 // TODO: same here, really part of the API?
120 #define YH_DEFAULT_ENC_KEY \
122  "\x09\x0b\x47\xdb\xed\x59\x56\x54\x90\x1d\xee\x1c\xc6\x55\xe4\x20"
123 #define YH_DEFAULT_MAC_KEY \
125  "\x59\x2f\xd4\x83\xf7\x59\xe2\x99\x09\xa0\x4c\x45\x05\xd2\xce\x0a"
126 #define YH_DEFAULT_PASSWORD "password"
128 #define YH_DEFAULT_SALT "Yubico"
130 #define YH_DEFAULT_ITERS 10000
132 #define YH_CAPABILITIES_LEN 8
134 #define YH_MAX_LOG_ENTRIES 64 // TODO: really part of the API?
136 #define YH_OBJ_LABEL_LEN 40
138 #define YH_MAX_DOMAINS 16
140 
141 // Debug levels
143 #define YH_VERB_QUIET 0x00
144 #define YH_VERB_INTERMEDIATE 0x01
146 #define YH_VERB_CRYPTO 0x02
148 #define YH_VERB_RAW 0x04
150 #define YH_VERB_INFO 0x08
152 #define YH_VERB_ERR 0x10
154 #define YH_VERB_ALL 0xff
156 
159 #define YH_CCM_WRAP_OVERHEAD (1 + 13 + 16)
160 
161 #ifdef __cplusplus
162 extern "C" {
163 #endif
164 
166 typedef struct yh_connector yh_connector;
167 
169 typedef struct yh_session yh_session;
170 
172 typedef struct {
174  uint8_t capabilities[YH_CAPABILITIES_LEN];
176 
180 typedef enum {
241 } yh_rc;
242 
244 #define ADD_COMMAND(c, v) c = v, c##_R = v | YH_CMD_RESP_FLAG
245 
249 typedef enum {
353  YHC_ERROR = 0x7f,
354 } yh_cmd;
355 
356 #undef ADD_COMMAND
357 
361 typedef enum {
363  YH_OPAQUE = 0x01,
365  YH_AUTHKEY = 0x02,
369  YH_WRAPKEY = 0x04,
371  YH_HMACKEY = 0x05,
373  YH_TEMPLATE = 0x06,
377  YH_PUBLIC = 0x83,
379 
381 #define YH_MAX_ALGORITHM_COUNT 0xff
382 
385 typedef enum {
386  YH_ALGO_RSA_PKCS1_SHA1 = 1,
387  YH_ALGO_RSA_PKCS1_SHA256 = 2,
388  YH_ALGO_RSA_PKCS1_SHA384 = 3,
389  YH_ALGO_RSA_PKCS1_SHA512 = 4,
390  YH_ALGO_RSA_PSS_SHA1 = 5,
391  YH_ALGO_RSA_PSS_SHA256 = 6,
392  YH_ALGO_RSA_PSS_SHA384 = 7,
393  YH_ALGO_RSA_PSS_SHA512 = 8,
394  YH_ALGO_RSA_2048 = 9,
395  YH_ALGO_RSA_3072 = 10,
396  YH_ALGO_RSA_4096 = 11,
397  YH_ALGO_EC_P256 = 12,
398  YH_ALGO_EC_P384 = 13,
399  YH_ALGO_EC_P521 = 14,
400  YH_ALGO_EC_K256 = 15,
401  YH_ALGO_EC_BP256 = 16,
402  YH_ALGO_EC_BP384 = 17,
403  YH_ALGO_EC_BP512 = 18,
404  YH_ALGO_HMAC_SHA1 = 19,
405  YH_ALGO_HMAC_SHA256 = 20,
406  YH_ALGO_HMAC_SHA384 = 21,
407  YH_ALGO_HMAC_SHA512 = 22,
408  YH_ALGO_EC_ECDSA_SHA1 = 23,
409  YH_ALGO_EC_ECDH = 24,
410  YH_ALGO_RSA_OAEP_SHA1 = 25,
411  YH_ALGO_RSA_OAEP_SHA256 = 26,
412  YH_ALGO_RSA_OAEP_SHA384 = 27,
413  YH_ALGO_RSA_OAEP_SHA512 = 28,
414  YH_ALGO_AES128_CCM_WRAP = 29,
415  YH_ALGO_OPAQUE_DATA = 30,
416  YH_ALGO_OPAQUE_X509_CERT = 31,
417  YH_ALGO_MGF1_SHA1 = 32,
418  YH_ALGO_MGF1_SHA256 = 33,
419  YH_ALGO_MGF1_SHA384 = 34,
420  YH_ALGO_MGF1_SHA512 = 35,
421  YH_ALGO_TEMPL_SSH = 36,
422  YH_ALGO_YUBICO_OTP_AES128 = 37,
423  YH_ALGO_YUBICO_AES_AUTH = 38,
424  YH_ALGO_YUBICO_OTP_AES192 = 39,
425  YH_ALGO_YUBICO_OTP_AES256 = 40,
426  YH_ALGO_AES192_CCM_WRAP = 41,
427  YH_ALGO_AES256_CCM_WRAP = 42,
428  YH_ALGO_EC_ECDSA_SHA256 = 43,
429  YH_ALGO_EC_ECDSA_SHA384 = 44,
430  YH_ALGO_EC_ECDSA_SHA512 = 45,
431  YH_ALGO_EC_ED25519 = 46,
432  YH_ALGO_EC_P224 = 47,
433 } yh_algorithm;
434 
438 typedef enum {
443 } yh_option;
444 
448 typedef enum {
456 
458 #define YH_LOG_DIGEST_SIZE 16
459 #pragma pack(push, 1)
460 
463 typedef struct {
465  uint16_t number;
467  uint8_t command;
469  uint16_t length;
471  uint16_t session_key;
473  uint16_t target_key;
475  uint16_t second_key;
477  uint8_t result;
479  uint32_t systick;
481  uint8_t digest[YH_LOG_DIGEST_SIZE];
482 } yh_log_entry;
483 
487 typedef struct {
491  uint16_t id;
493  uint16_t len;
495  uint16_t domains;
501  uint8_t sequence;
503  uint8_t origin;
505  char label[YH_OBJ_LABEL_LEN + 1];
509 #pragma pack(pop)
510 
511 static const struct {
512  const char *name;
513  int bit;
514 } yh_capability[] = {
515  {"get_opaque", 0x00},
516  {"put_opaque", 0x01},
517  {"put_authkey", 0x02},
518  {"put_asymmetric", 0x03},
519  {"asymmetric_gen", 0x04},
520  {"asymmetric_sign_pkcs", 0x05},
521  {"asymmetric_sign_pss", 0x06},
522  {"asymmetric_sign_ecdsa", 0x07},
523  {"asymmetric_sign_eddsa", 0x08},
524  {"asymmetric_decrypt_pkcs", 0x09},
525  {"asymmetric_decrypt_oaep", 0x0a},
526  {"asymmetric_decrypt_ecdh", 0x0b},
527  {"export_wrapped", 0x0c},
528  {"import_wrapped", 0x0d},
529  {"put_wrapkey", 0x0e},
530  {"generate_wrapkey", 0x0f},
531  {"export_under_wrap", 0x10},
532  {"put_option", 0x11},
533  {"get_option", 0x12},
534  {"get_randomness", 0x13},
535  {"put_hmackey", 0x14},
536  {"hmackey_generate", 0x15},
537  {"hmac_data", 0x16},
538  {"hmac_verify", 0x17},
539  {"audit", 0x18},
540  {"ssh_certify", 0x19},
541  {"get_template", 0x1a},
542  {"put_template", 0x1b},
543  {"reset", 0x1c},
544  {"otp_decrypt", 0x1d},
545  {"otp_aead_create", 0x1e},
546  {"otp_aead_random", 0x1f},
547  {"otp_aead_rewrap_from", 0x20},
548  {"otp_aead_rewrap_to", 0x21},
549  {"attest", 0x22},
550  {"put_otp_aead_key", 0x23},
551  {"generate_otp_aead_key", 0x24},
552  {"wrap_data", 0x25},
553  {"unwrap_data", 0x26},
554  {"delete_opaque", 0x27},
555  {"delete_authkey", 0x28},
556  {"delete_asymmetric", 0x29},
557  {"delete_wrapkey", 0x2a},
558  {"delete_hmackey", 0x2b},
559  {"delete_template", 0x2c},
560  {"delete_otp_aead_key", 0x2d},
561 };
562 
563 static const struct {
564  const char *name;
565  yh_algorithm algorithm;
566 } yh_algorithms[] = {
567  {"rsa-pkcs1-sha1", YH_ALGO_RSA_PKCS1_SHA1},
568  {"rsa-pkcs1-sha256", YH_ALGO_RSA_PKCS1_SHA256},
569  {"rsa-pkcs1-sha384", YH_ALGO_RSA_PKCS1_SHA384},
570  {"rsa-pkcs1-sha512", YH_ALGO_RSA_PKCS1_SHA512},
571  {"rsa-pss-sha1", YH_ALGO_RSA_PSS_SHA1},
572  {"rsa-pss-sha256", YH_ALGO_RSA_PSS_SHA256},
573  {"rsa-pss-sha384", YH_ALGO_RSA_PSS_SHA384},
574  {"rsa-pss-sha512", YH_ALGO_RSA_PSS_SHA512},
575  {"rsa2048", YH_ALGO_RSA_2048},
576  {"rsa3072", YH_ALGO_RSA_3072},
577  {"rsa4096", YH_ALGO_RSA_4096},
578  {"ecp224", YH_ALGO_EC_P224},
579  {"ecp256", YH_ALGO_EC_P256},
580  {"ecp384", YH_ALGO_EC_P384},
581  {"ecp521", YH_ALGO_EC_P521},
582  {"eck256", YH_ALGO_EC_K256},
583  {"ecbp256", YH_ALGO_EC_BP256},
584  {"ecbp384", YH_ALGO_EC_BP384},
585  {"ecbp512", YH_ALGO_EC_BP512},
586  {"hmac-sha1", YH_ALGO_HMAC_SHA1},
587  {"hmac-sha256", YH_ALGO_HMAC_SHA256},
588  {"hmac-sha384", YH_ALGO_HMAC_SHA384},
589  {"hmac-sha512", YH_ALGO_HMAC_SHA512},
590  {"ecdsa-sha1", YH_ALGO_EC_ECDSA_SHA1},
591  {"ecdh", YH_ALGO_EC_ECDH},
592  {"rsa-oaep-sha1", YH_ALGO_RSA_OAEP_SHA1},
593  {"rsa-oaep-sha256", YH_ALGO_RSA_OAEP_SHA256},
594  {"rsa-oaep-sha384", YH_ALGO_RSA_OAEP_SHA384},
595  {"rsa-oaep-sha512", YH_ALGO_RSA_OAEP_SHA512},
596  {"aes128-ccm-wrap", YH_ALGO_AES128_CCM_WRAP},
597  {"opaque", YH_ALGO_OPAQUE_DATA},
598  {"x509-cert", YH_ALGO_OPAQUE_X509_CERT},
599  {"mgf1-sha1", YH_ALGO_MGF1_SHA1},
600  {"mgf1-sha256", YH_ALGO_MGF1_SHA256},
601  {"mgf1-sha384", YH_ALGO_MGF1_SHA384},
602  {"mgf1-sha512", YH_ALGO_MGF1_SHA512},
603  {"template-ssh", YH_ALGO_TEMPL_SSH},
604  {"yubico-otp-aes128", YH_ALGO_YUBICO_OTP_AES128},
605  {"yubico-aes-auth", YH_ALGO_YUBICO_AES_AUTH},
606  {"yubico-otp-aes192", YH_ALGO_YUBICO_OTP_AES192},
607  {"yubico-otp-aes256", YH_ALGO_YUBICO_OTP_AES256},
608  {"aes192-ccm-wrap", YH_ALGO_AES192_CCM_WRAP},
609  {"aes256-ccm-wrap", YH_ALGO_AES256_CCM_WRAP},
610  {"ecdsa-sha256", YH_ALGO_EC_ECDSA_SHA256},
611  {"ecdsa-sha384", YH_ALGO_EC_ECDSA_SHA384},
612  {"ecdsa-sha512", YH_ALGO_EC_ECDSA_SHA512},
613  {"ed25519", YH_ALGO_EC_ED25519},
614 };
615 
616 static const struct {
617  const char *name;
618  yh_object_type type;
619 } yh_types[] = {
620  {"opaque", YH_OPAQUE}, {"authkey", YH_AUTHKEY},
621  {"asymmetric", YH_ASYMMETRIC}, {"wrapkey", YH_WRAPKEY},
622  {"hmackey", YH_HMACKEY}, {"template", YH_TEMPLATE},
623  {"otpaeadkey", YH_OTP_AEAD_KEY},
624 };
625 
626 static const struct {
627  const char *name;
628  yh_option option;
629 } yh_options[] = {
630  {"force_audit", YH_OPTION_FORCE_AUDIT},
631  {"command_audit", YH_OPTION_COMMAND_AUDIT},
632 };
633 
635 #define YH_ORIGIN_GENERATED 0x01
636 #define YH_ORIGIN_IMPORTED 0x02
638 #define YH_ORIGIN_IMPORTED_WRAPPED 0x10
641 
649 const char *yh_strerror(yh_rc err);
650 
659 yh_rc yh_set_verbosity(uint8_t verbosity);
660 
668 yh_rc yh_get_verbosity(uint8_t *verbosity);
669 
677 void yh_set_debug_output(FILE *output);
678 
684 yh_rc yh_init(void);
685 
691 yh_rc yh_exit(void);
692 
701 yh_rc yh_init_connector(const char *url, yh_connector **connector);
702 
713  const void *val);
714 
725 yh_rc yh_connect_all(yh_connector **connectors, size_t *n_connectors,
726  int timeout);
727 
737 yh_rc yh_connect_best(yh_connector **connectors, size_t n_connectors, int *idx);
738 
746 yh_rc yh_disconnect(yh_connector *connector);
747 
762  const uint8_t *data, size_t data_len,
763  yh_cmd *response_cmd, uint8_t *response,
764  size_t *response_len);
765 
779 yh_rc yh_send_secure_msg(yh_session *session, yh_cmd cmd, const uint8_t *data,
780  size_t data_len, yh_cmd *response_cmd,
781  uint8_t *response, size_t *response_len);
782 
799  uint16_t auth_keyset_id,
800  const uint8_t *password, size_t password_len,
801  bool recreate_session, uint8_t *context,
802  size_t context_len, yh_session **session);
803 
821 yh_rc yh_create_session(yh_connector *connector, uint16_t auth_keyset_id,
822  const uint8_t *key_enc, size_t key_enc_len,
823  const uint8_t *key_mac, size_t key_mac_len,
824  bool recreate_session, uint8_t *context,
825  size_t context_len, yh_session **session);
826 
841  uint16_t auth_keyset_id, uint8_t *context,
842  size_t context_len, uint8_t *card_cryptogram,
843  size_t card_cryptogram_len,
844  yh_session **session);
845 
865  const uint8_t *key_senc, size_t key_senc_len,
866  const uint8_t *key_smac, size_t key_smac_len,
867  const uint8_t *key_srmac,
868  size_t key_srmac_len, uint8_t *context,
869  size_t context_len, uint8_t *card_cryptogram,
870  size_t card_cryptogram_len);
871 
880 
890 yh_rc yh_authenticate_session(yh_session *session, uint8_t *context,
891  size_t context_len);
892 
893 // Utility and convenience functions below
894 
910 yh_rc yh_util_get_device_info(yh_connector *connector, uint8_t *major,
911  uint8_t *minor, uint8_t *patch, uint32_t *serial,
912  uint8_t *log_total, uint8_t *log_used,
913  yh_algorithm *algorithms, size_t *n_algorithms);
914 
932 yh_rc yh_util_list_objects(yh_session *session, uint16_t id,
933  yh_object_type type, uint16_t domains,
934  const yh_capabilities *capabilities,
935  yh_algorithm algorithm, const char *label,
936  yh_object_descriptor *objects, size_t *n_objects);
937 
948 yh_rc yh_util_get_object_info(yh_session *session, uint16_t id,
949  yh_object_type type,
950  yh_object_descriptor *object);
951 
963 yh_rc yh_util_get_pubkey(yh_session *session, uint16_t id, uint8_t *data,
964  size_t *datalen, yh_algorithm *algorithm);
965 
974 
988 yh_rc yh_util_sign_pkcs1v1_5(yh_session *session, uint16_t key_id, bool hashed,
989  const uint8_t *in, size_t in_len, uint8_t *out,
990  size_t *out_len);
991 
1006 yh_rc yh_util_sign_pss(yh_session *session, uint16_t key_id, const uint8_t *in,
1007  size_t in_len, uint8_t *out, size_t *out_len,
1008  size_t salt_len, yh_algorithm mgf1Algo);
1009 
1022 yh_rc yh_util_sign_ecdsa(yh_session *session, uint16_t key_id,
1023  const uint8_t *in, size_t in_len, uint8_t *out,
1024  size_t *out_len);
1025 
1038 yh_rc yh_util_sign_eddsa(yh_session *session, uint16_t key_id,
1039  const uint8_t *in, size_t in_len, uint8_t *out,
1040  size_t *out_len);
1041 
1054 yh_rc yh_util_hmac(yh_session *session, uint16_t key_id, const uint8_t *in,
1055  size_t in_len, uint8_t *out, size_t *out_len);
1056 
1067 yh_rc yh_util_get_random(yh_session *session, size_t len, uint8_t *out,
1068  size_t *out_len);
1069 
1084 yh_rc yh_util_import_key_rsa(yh_session *session, uint16_t *key_id,
1085  const char *label, uint16_t domains,
1086  const yh_capabilities *capabilities,
1087  yh_algorithm algorithm, const uint8_t *p,
1088  const uint8_t *q);
1089 
1103 yh_rc yh_util_import_key_ec(yh_session *session, uint16_t *key_id,
1104  const char *label, uint16_t domains,
1105  const yh_capabilities *capabilities,
1106  yh_algorithm algorithm, const uint8_t *s);
1107 
1121 yh_rc yh_util_import_key_ed(yh_session *session, uint16_t *key_id,
1122  const char *label, uint16_t domains,
1123  const yh_capabilities *capabilities,
1124  yh_algorithm algorithm, const uint8_t *k);
1125 
1140 yh_rc yh_util_import_key_hmac(yh_session *session, uint16_t *key_id,
1141  const char *label, uint16_t domains,
1142  const yh_capabilities *capabilities,
1143  yh_algorithm algorithm, const uint8_t *key,
1144  size_t key_len);
1145 
1158 yh_rc yh_util_generate_key_rsa(yh_session *session, uint16_t *key_id,
1159  const char *label, uint16_t domains,
1160  const yh_capabilities *capabilities,
1161  yh_algorithm algorithm);
1162 
1175 yh_rc yh_util_generate_key_ec(yh_session *session, uint16_t *key_id,
1176  const char *label, uint16_t domains,
1177  const yh_capabilities *capabilities,
1178  yh_algorithm algorithm);
1179 
1192 yh_rc yh_util_generate_key_ed(yh_session *session, uint16_t *key_id,
1193  const char *label, uint16_t domains,
1194  const yh_capabilities *capabilities,
1195  yh_algorithm algorithm);
1196 
1210 yh_rc yh_util_hmac_verify(yh_session *session, uint16_t key_id,
1211  const uint8_t *signature, size_t signature_len,
1212  const uint8_t *data, size_t data_len, bool *verified);
1213 
1226 yh_rc yh_util_generate_key_hmac(yh_session *session, uint16_t *key_id,
1227  const char *label, uint16_t domains,
1228  const yh_capabilities *capabilities,
1229  yh_algorithm algorithm);
1230 
1243 yh_rc yh_util_decrypt_pkcs1v1_5(yh_session *session, uint16_t key_id,
1244  const uint8_t *in, size_t in_len, uint8_t *out,
1245  size_t *out_len);
1246 
1262 yh_rc yh_util_decrypt_oaep(yh_session *session, uint16_t key_id,
1263  const uint8_t *in, size_t in_len, uint8_t *out,
1264  size_t *out_len, const uint8_t *label,
1265  size_t label_len, yh_algorithm mgf1Algo);
1266 
1279 yh_rc yh_util_decrypt_ecdh(yh_session *session, uint16_t key_id,
1280  const uint8_t *in, size_t in_len, uint8_t *out,
1281  size_t *out_len);
1282 
1292 yh_rc yh_util_delete_object(yh_session *session, uint16_t id,
1293  yh_object_type type);
1294 
1307 yh_rc yh_util_export_wrapped(yh_session *session, uint16_t wrapping_key_id,
1308  yh_object_type target_type, uint16_t target_id,
1309  uint8_t *out, size_t *out_len);
1310 
1323 yh_rc yh_util_import_wrapped(yh_session *session, uint16_t wrapping_key_id,
1324  const uint8_t *in, size_t in_len,
1325  yh_object_type *target_type, uint16_t *target_id);
1326 
1342 yh_rc yh_util_import_key_wrap(yh_session *session, uint16_t *key_id,
1343  const char *label, uint16_t domains,
1344  const yh_capabilities *capabilities,
1345  yh_algorithm algorithm,
1346  const yh_capabilities *delegated_capabilities,
1347  const uint8_t *in, size_t in_len);
1348 
1362 yh_rc yh_util_generate_key_wrap(yh_session *session, uint16_t *key_id,
1363  const char *label, uint16_t domains,
1364  const yh_capabilities *capabilities,
1365  yh_algorithm algorithm,
1366  const yh_capabilities *delegated_capabilities);
1367 
1379 yh_rc yh_util_get_logs(yh_session *session, uint16_t *unlogged_boot,
1380  uint16_t *unlogged_auth, yh_log_entry *out,
1381  size_t *n_items);
1382 
1391 yh_rc yh_util_set_log_index(yh_session *session, uint16_t index);
1392 
1403 yh_rc yh_util_get_opaque(yh_session *session, uint16_t object_id, uint8_t *out,
1404  size_t *out_len);
1405 
1420 yh_rc yh_util_import_opaque(yh_session *session, uint16_t *object_id,
1421  const char *label, uint16_t domains,
1422  const yh_capabilities *capabilities,
1423  yh_algorithm algorithm, const uint8_t *in,
1424  size_t in_len);
1425 
1440 yh_rc yh_util_ssh_certify(yh_session *session, uint16_t key_id,
1441  uint16_t template_id, yh_algorithm sig_algo,
1442  const uint8_t *in, size_t in_len, uint8_t *out,
1443  size_t *out_len);
1444 
1459 yh_rc yh_util_import_authkey(yh_session *session, uint16_t *key_id,
1460  const char *label, uint16_t domains,
1461  const yh_capabilities *capabilities,
1462  const yh_capabilities *delegated_capabilities,
1463  const uint8_t *password, size_t password_len);
1464 
1475 yh_rc yh_util_get_template(yh_session *session, uint16_t object_id,
1476  uint8_t *out, size_t *out_len);
1477 
1492 yh_rc yh_util_import_template(yh_session *session, uint16_t *object_id,
1493  const char *label, uint16_t domains,
1494  const yh_capabilities *capabilities,
1495  yh_algorithm algorithm, const uint8_t *in,
1496  size_t in_len);
1497 
1510 yh_rc yh_util_otp_aead_create(yh_session *session, uint16_t key_id,
1511  const uint8_t *key, const uint8_t *private_id,
1512  uint8_t *out, size_t *out_len);
1513 
1524 yh_rc yh_util_otp_aead_random(yh_session *session, uint16_t key_id,
1525  uint8_t *out, size_t *out_len);
1526 
1542 yh_rc yh_util_otp_decrypt(yh_session *session, uint16_t key_id,
1543  const uint8_t *aead, size_t aead_len,
1544  const uint8_t *otp, uint16_t *useCtr,
1545  uint8_t *sessionCtr, uint8_t *tstph, uint16_t *tstpl);
1546 
1561 yh_rc yh_util_put_otp_aead_key(yh_session *session, uint16_t *key_id,
1562  const char *label, uint16_t domains,
1563  const yh_capabilities *capabilities,
1564  uint32_t nonce_id, const uint8_t *in,
1565  size_t in_len);
1566 
1580 yh_rc yh_util_generate_otp_aead_key(yh_session *session, uint16_t *key_id,
1581  const char *label, uint16_t domains,
1582  const yh_capabilities *capabilities,
1583  yh_algorithm algorithm, uint32_t nonce_id);
1584 
1596 yh_rc yh_util_attest_asymmetric(yh_session *session, uint16_t key_id,
1597  uint16_t attest_id, uint8_t *out,
1598  size_t *out_len);
1599 
1610 yh_rc yh_util_put_option(yh_session *session, yh_option option, size_t len,
1611  uint8_t *val);
1612 
1623 yh_rc yh_util_get_option(yh_session *session, yh_option option, uint8_t *out,
1624  size_t *out_len);
1625 
1638 yh_rc yh_util_get_storage_stats(yh_session *session, uint16_t *total_records,
1639  uint16_t *free_records, uint16_t *total_pages,
1640  uint16_t *free_pages, uint16_t *page_size);
1641 
1654 yh_rc yh_util_wrap_data(yh_session *session, uint16_t key_id, const uint8_t *in,
1655  size_t in_len, uint8_t *out, size_t *out_len);
1656 
1669 yh_rc yh_util_unwrap_data(yh_session *session, uint16_t key_id,
1670  const uint8_t *in, size_t in_len, uint8_t *out,
1671  size_t *out_len);
1672 
1681 yh_rc yh_util_blink(yh_session *session, uint8_t seconds);
1682 
1690 yh_rc yh_util_reset(yh_session *session);
1691 
1700 yh_rc yh_get_session_id(yh_session *session, uint8_t *sid);
1701 
1709 bool yh_connector_has_device(yh_connector *connector);
1710 
1721 yh_rc yh_get_connector_version(yh_connector *connector, uint8_t *major,
1722  uint8_t *minor, uint8_t *patch);
1723 
1732 yh_rc yh_get_connector_address(yh_connector *connector, char **const address);
1733 
1742 yh_rc yh_capabilities_to_num(const char *capability, yh_capabilities *result);
1743 
1753 yh_rc yh_num_to_capabilities(const yh_capabilities *num, const char *result[],
1754  size_t *n_result);
1755 
1764 bool yh_check_capability(const yh_capabilities *capabilities,
1765  const char *capability);
1766 
1777  yh_capabilities *result);
1778 
1788 yh_rc yh_filter_capabilities(const yh_capabilities *capabilities,
1789  const yh_capabilities *filter,
1790  yh_capabilities *result);
1791 
1799 bool yh_is_rsa(yh_algorithm algorithm);
1800 
1808 bool yh_is_ec(yh_algorithm algorithm);
1809 
1817 bool yh_is_ed(yh_algorithm algorithm);
1818 
1826 bool yh_is_hmac(yh_algorithm algorithm);
1827 
1836 yh_rc yh_get_key_bitlength(yh_algorithm algorithm, size_t *result);
1837 
1846 yh_rc yh_algo_to_string(yh_algorithm algo, char const **result);
1847 
1856 yh_rc yh_string_to_algo(const char *string, yh_algorithm *algo);
1857 
1866 yh_rc yh_type_to_string(yh_object_type type, char const **result);
1867 
1876 yh_rc yh_string_to_type(const char *string, yh_object_type *type);
1877 
1886 yh_rc yh_string_to_option(const char *string, yh_option *option);
1887 
1898 bool yh_verify_logs(yh_log_entry *logs, size_t n_items,
1899  yh_log_entry *last_previous_log);
1900 
1909 yh_rc yh_parse_domains(const char *domains, uint16_t *result);
1910 
1920 yh_rc yh_domains_to_string(uint16_t domains, char *string, size_t max_len);
1921 #ifdef __cplusplus
1922 }
1923 #endif
1924 
1925 #endif
yh_rc yh_algo_to_string(yh_algorithm algo, char const **result)
Convert algorithm to string.
Verify HMAC data.
Definition: yubihsm.h:321
yh_rc yh_util_generate_otp_aead_key(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm, uint32_t nonce_id)
Generate OTP AEAD Key.
Generate HMAC key.
Definition: yubihsm.h:317
yh_rc yh_util_get_logs(yh_session *session, uint16_t *unlogged_boot, uint16_t *unlogged_auth, yh_log_entry *out, size_t *n_items)
Get logs.
yh_rc yh_util_get_storage_stats(yh_session *session, uint16_t *total_records, uint16_t *free_records, uint16_t *total_pages, uint16_t *free_pages, uint16_t *page_size)
Get storage statistics.
yh_rc yh_set_connector_option(yh_connector *connector, yh_connector_option opt, const void *val)
Set connector options.
Perform a ECDH exchange.
Definition: yubihsm.h:311
yh_rc yh_string_to_algo(const char *string, yh_algorithm *algo)
Convert string to algorithm.
uint8_t command
What command was executed.
Definition: yubihsm.h:467
Get pseudo random data.
Definition: yubihsm.h:299
yh_rc yh_util_put_option(yh_session *session, yh_option option, size_t len, uint8_t *val)
Put global option.
#define YH_LOG_DIGEST_SIZE
Size that the log digest is truncated to.
Definition: yubihsm.h:458
The command execution has not terminated.
Definition: yubihsm.h:234
Wrong permissions for operation.
Definition: yubihsm.h:222
Invalid command.
Definition: yubihsm.h:206
uint16_t length
Length of in-data.
Definition: yubihsm.h:469
yh_cmd
Command definitions.
Definition: yubihsm.h:249
Get object information.
Definition: yubihsm.h:293
yh_rc yh_begin_create_session_ext(yh_connector *connector, uint16_t auth_keyset_id, uint8_t *context, size_t context_len, uint8_t *card_cryptogram, size_t card_cryptogram_len, yh_session **session)
Begin create extenal session.
yh_rc yh_util_close_session(yh_session *session)
Close session.
Authenticate session error.
Definition: yubihsm.h:200
yh_rc yh_util_decrypt_pkcs1v1_5(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Decrypt PKCS1 v1.5 data.
Buffer too small.
Definition: yubihsm.h:196
#define YH_CAPABILITIES_LEN
Length of capabilities array.
Definition: yubihsm.h:133
Invalid parameters.
Definition: yubihsm.h:192
yh_rc yh_parse_domains(const char *domains, uint16_t *result)
Parse a string to a domains parameter.
Authenticate session.
Definition: yubihsm.h:255
Put asymmetric key.
Definition: yubihsm.h:275
yh_rc yh_num_to_capabilities(const yh_capabilities *num, const char *result[], size_t *n_result)
Convert capability byte array to strings.
yh_option
Global options.
Definition: yubihsm.h:438
void yh_set_debug_output(FILE *output)
Set file for debug output.
yh_rc yh_util_unwrap_data(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Unwrap data.
yh_rc yh_util_ssh_certify(yh_session *session, uint16_t key_id, uint16_t template_id, yh_algorithm sig_algo, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
SSH certify.
yh_rc yh_destroy_session(yh_session **session)
Free data associated with session.
yh_rc yh_util_decrypt_ecdh(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Perform ECDH key exchange.
yh_rc yh_util_sign_eddsa(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Sign data using EDDSA.
Forced audit mode.
Definition: yubihsm.h:440
yh_rc yh_util_sign_pss(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len, size_t salt_len, yh_algorithm mgf1Algo)
Sign data using RSS.
yh_rc yh_get_connector_version(yh_connector *connector, uint8_t *major, uint8_t *minor, uint8_t *patch)
Get the connector version.
yh_rc yh_util_otp_aead_create(yh_session *session, uint16_t key_id, const uint8_t *key, const uint8_t *private_id, uint8_t *out, size_t *out_len)
Create OTP AEAD.
yh_rc yh_set_verbosity(uint8_t verbosity)
Set verbosity This function may be called prior to global library initialization. ...
Attest an asymmetric key.
Definition: yubihsm.h:337
Echo.
Definition: yubihsm.h:251
Audit logging per command.
Definition: yubihsm.h:442
SSH Certify.
Definition: yubihsm.h:323
yh_rc yh_util_get_template(yh_session *session, uint16_t object_id, uint8_t *out, size_t *out_len)
Get template.
Delete an object.
Definition: yubihsm.h:313
Put opaque.
Definition: yubihsm.h:269
Get audit logs.
Definition: yubihsm.h:291
yh_rc yh_filter_capabilities(const yh_capabilities *capabilities, const yh_capabilities *filter, yh_capabilities *result)
Filter one set of capabilities with another.
yh_rc yh_util_generate_key_ec(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm)
Generate EC key.
yh_object_type type
Object type.
Definition: yubihsm.h:497
Create session.
Definition: yubihsm.h:253
yh_rc yh_util_import_key_ed(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm, const uint8_t *k)
Import ED key.
Logging struct as returned by device.
Definition: yubihsm.h:463
Get a global option.
Definition: yubihsm.h:297
yh_rc yh_util_import_template(yh_session *session, uint16_t *object_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm, const uint8_t *in, size_t in_len)
Import template.
Sign data with PSS.
Definition: yubihsm.h:307
uint8_t result
Command result.
Definition: yubihsm.h:477
Memory error.
Definition: yubihsm.h:184
uint8_t origin
Object origin.
Definition: yubihsm.h:503
yh_rc yh_create_session(yh_connector *connector, uint16_t auth_keyset_id, const uint8_t *key_enc, size_t key_enc_len, const uint8_t *key_mac, size_t key_mac_len, bool recreate_session, uint8_t *context, size_t context_len, yh_session **session)
Create a session.
Init error.
Definition: yubihsm.h:186
yh_rc yh_authenticate_session(yh_session *session, uint8_t *context, size_t context_len)
Authenticate session.
Opaque object.
Definition: yubihsm.h:363
bool yh_check_capability(const yh_capabilities *capabilities, const char *capability)
Check if capability is set.
Generate OTP AEAD key.
Definition: yubihsm.h:341
yh_rc yh_util_export_wrapped(yh_session *session, uint16_t wrapping_key_id, yh_object_type target_type, uint16_t target_id, uint8_t *out, size_t *out_len)
Export an object under wrap.
struct yh_session yh_session
Reference to a session.
Definition: yubihsm.h:169
yh_rc yh_get_key_bitlength(yh_algorithm algorithm, size_t *result)
Get algorithm bitlength.
#define ADD_COMMAND(c, v)
Macro to define command and response command.
Definition: yubihsm.h:244
Close session.
Definition: yubihsm.h:265
uint8_t sequence
Object sequence.
Definition: yubihsm.h:501
yh_rc yh_domains_to_string(uint16_t domains, char *string, size_t max_len)
Write out domains to a string.
Get opaque.
Definition: yubihsm.h:271
yh_capabilities delegated_capabilities
Object delegated capabilities.
Definition: yubihsm.h:507
Session creation failed.
Definition: yubihsm.h:216
yh_rc yh_disconnect(yh_connector *connector)
Disconnect from connector.
Get template.
Definition: yubihsm.h:327
Put a global option.
Definition: yubihsm.h:295
HMAC key.
Definition: yubihsm.h:371
Set log index.
Definition: yubihsm.h:343
yh_rc yh_util_get_option(yh_session *session, yh_option option, uint8_t *out, size_t *out_len)
Get global option.
yh_rc yh_util_attest_asymmetric(yh_session *session, uint16_t key_id, uint16_t attest_id, uint8_t *out, size_t *out_len)
Attest asymmetric key.
OTP submitted is invalid.
Definition: yubihsm.h:230
BSL.
Definition: yubihsm.h:261
Rewrap OTP AEAD.
Definition: yubihsm.h:335
Wrong length.
Definition: yubihsm.h:220
yh_rc yh_util_decrypt_oaep(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len, const uint8_t *label, size_t label_len, yh_algorithm mgf1Algo)
Decrypt OAEP data.
yh_rc yh_util_get_pubkey(yh_session *session, uint16_t id, uint8_t *data, size_t *datalen, yh_algorithm *algorithm)
Get Public key.
Put wrap key.
Definition: yubihsm.h:289
yh_rc yh_util_get_random(yh_session *session, size_t len, uint8_t *out, size_t *out_len)
Get pseudo random data.
Cryptogram error.
Definition: yubihsm.h:198
bool yh_is_rsa(yh_algorithm algorithm)
Check if algorithm is an RSA algorithm.
yh_rc yh_string_to_option(const char *string, yh_option *option)
Convert string to option.
yh_rc yh_get_session_id(yh_session *session, uint8_t *sid)
Get session ID.
yh_rc yh_string_to_type(const char *string, yh_object_type *type)
Convert string to type.
yh_rc yh_merge_capabilities(const yh_capabilities *a, const yh_capabilities *b, yh_capabilities *result)
Merge two sets of capabilities.
Storage statistics.
Definition: yubihsm.h:267
Success.
Definition: yubihsm.h:182
Template.
Definition: yubihsm.h:373
yh_algorithm algorithm
Object algorithm.
Definition: yubihsm.h:499
bool yh_is_hmac(yh_algorithm algorithm)
Check if algorithm is a HMAC algorithm.
HMAC data.
Definition: yubihsm.h:303
Message encryption / verification failed.
Definition: yubihsm.h:212
yh_rc yh_util_wrap_data(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Wrap data.
Sign data with PKCS1.
Definition: yubihsm.h:279
Authentication key.
Definition: yubihsm.h:365
uint16_t session_key
ID of authentication key used.
Definition: yubihsm.h:471
Decrypt data with OAEP.
Definition: yubihsm.h:315
yh_rc yh_util_delete_object(yh_session *session, uint16_t id, yh_object_type type)
Delete an object.
Object not found.
Definition: yubihsm.h:226
uint16_t domains
Object domains.
Definition: yubihsm.h:495
bool yh_is_ed(yh_algorithm algorithm)
Check if algorithm is an ED algorithm.
Session message.
Definition: yubihsm.h:257
yh_rc yh_init_connector(const char *url, yh_connector **connector)
Instantiate a new connector.
Generate asymmetric key.
Definition: yubihsm.h:277
yh_rc yh_util_import_wrapped(yh_session *session, uint16_t wrapping_key_id, const uint8_t *in, size_t in_len, yh_object_type *target_type, uint16_t *target_id)
Import a wrapped object.
yh_rc yh_util_generate_key_ed(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm)
Generate ED key.
Wrap key.
Definition: yubihsm.h:369
Id use is illegal.
Definition: yubihsm.h:228
yh_rc yh_util_generate_key_rsa(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm)
Generate RSA key.
yh_rc yh_send_secure_msg(yh_session *session, yh_cmd cmd, const uint8_t *data, size_t data_len, yh_cmd *response_cmd, uint8_t *response, size_t *response_len)
Send an encrypted message over a session.
yh_object_type
Object types.
Definition: yubihsm.h:361
Capabilitites representation.
Definition: yubihsm.h:172
yh_rc yh_send_plain_msg(yh_connector *connector, yh_cmd cmd, const uint8_t *data, size_t data_len, yh_cmd *response_cmd, uint8_t *response, size_t *response_len)
Send a plain message to a connector.
Put template.
Definition: yubihsm.h:325
yh_rc yh_util_get_device_info(yh_connector *connector, uint8_t *major, uint8_t *minor, uint8_t *patch, uint32_t *serial, uint8_t *log_total, uint8_t *log_used, yh_algorithm *algorithms, size_t *n_algorithms)
Get device info.
Export an object wrapped.
Definition: yubihsm.h:285
bool yh_is_ec(yh_algorithm algorithm)
Check if algorithm is an EC algorithm.
yh_rc yh_util_otp_aead_random(yh_session *session, uint16_t key_id, uint8_t *out, size_t *out_len)
Create OTP AEAD from random.
Decrypt data with PKCS1.
Definition: yubihsm.h:283
Malformed command / invalid data.
Definition: yubihsm.h:208
yh_rc yh_connect_all(yh_connector **connectors, size_t *n_connectors, int timeout)
Connect to all specified connectors.
yh_rc yh_util_import_key_hmac(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm, const uint8_t *key, size_t key_len)
Import HMAC key.
OTP AEAD key.
Definition: yubihsm.h:375
Wrong length.
Definition: yubihsm.h:194
yh_rc yh_create_session_derived(yh_connector *connector, uint16_t auth_keyset_id, const uint8_t *password, size_t password_len, bool recreate_session, uint8_t *context, size_t context_len, yh_session **session)
Create a session with keys derived frm password.
yh_rc yh_util_sign_pkcs1v1_5(yh_session *session, uint16_t key_id, bool hashed, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Sign data using PKCS1 v1.5.
yh_rc yh_util_import_opaque(yh_session *session, uint16_t *object_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm, const uint8_t *in, size_t in_len)
Import opaque object.
bool yh_connector_has_device(yh_connector *connector)
Check if the connector has a device connected.
yh_rc yh_util_hmac(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
HMAC data.
Put HMAC key.
Definition: yubihsm.h:301
Put authentication key.
Definition: yubihsm.h:273
yh_rc yh_util_put_otp_aead_key(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, uint32_t nonce_id, const uint8_t *in, size_t in_len)
Import OTP AEAD Key.
Reset.
Definition: yubihsm.h:263
yh_rc yh_type_to_string(yh_object_type type, char const **result)
Convert type to string.
yh_rc
Return codes.
Definition: yubihsm.h:180
yh_rc yh_get_verbosity(uint8_t *verbosity)
Get verbosity.
Wrap data.
Definition: yubihsm.h:345
Device success.
Definition: yubihsm.h:204
struct yh_connector yh_connector
Reference to a connector.
Definition: yubihsm.h:166
yh_rc yh_get_connector_address(yh_connector *connector, char **const address)
Get connector address.
yh_rc yh_util_get_opaque(yh_session *session, uint16_t object_id, uint8_t *out, size_t *out_len)
Get opaque object.
uint16_t len
Object length.
Definition: yubihsm.h:493
yh_algorithm
Algorithms.
Definition: yubihsm.h:385
uint16_t second_key
ID of second object used.
Definition: yubihsm.h:475
uint32_t systick
Systick at time of execution.
Definition: yubihsm.h:479
yh_rc yh_util_import_key_wrap(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm, const yh_capabilities *delegated_capabilities, const uint8_t *in, size_t in_len)
Import a wrap key.
Invalid session.
Definition: yubihsm.h:210
yh_rc yh_util_list_objects(yh_session *session, uint16_t id, yh_object_type type, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm, const char *label, yh_object_descriptor *objects, size_t *n_objects)
List objects.
Error.
Definition: yubihsm.h:353
Unwrap data.
Definition: yubihsm.h:347
yh_rc yh_util_generate_key_hmac(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm)
Generate HMAC key.
yh_rc yh_util_blink(yh_session *session, uint8_t seconds)
Blink the device.
Generate wrap key.
Definition: yubihsm.h:319
Object with that ID already exists.
Definition: yubihsm.h:238
uint16_t target_key
ID of first object used.
Definition: yubihsm.h:473
Put OTP AEAD key.
Definition: yubihsm.h:339
yh_rc yh_util_get_object_info(yh_session *session, uint16_t id, yh_object_type type, yh_object_descriptor *object)
Get object info.
yh_rc yh_init(void)
Global library initialization.
uint16_t number
Monotonically increasing index.
Definition: yubihsm.h:465
yh_rc yh_util_reset(yh_session *session)
Reset the device.
Connector operation failed.
Definition: yubihsm.h:240
yh_rc yh_finish_create_session_ext(yh_connector *connector, yh_session *session, const uint8_t *key_senc, size_t key_senc_len, const uint8_t *key_smac, size_t key_smac_len, const uint8_t *key_srmac, size_t key_srmac_len, uint8_t *context, size_t context_len, uint8_t *card_cryptogram, size_t card_cryptogram_len)
Finish creating external session.
Decrypt OTP.
Definition: yubihsm.h:329
yh_rc yh_util_otp_decrypt(yh_session *session, uint16_t key_id, const uint8_t *aead, size_t aead_len, const uint8_t *otp, uint16_t *useCtr, uint8_t *sessionCtr, uint8_t *tstph, uint16_t *tstpl)
Decrypt OTP.
uint16_t id
Object ID.
Definition: yubihsm.h:491
Sign data with EDDSA.
Definition: yubihsm.h:349
yh_rc yh_exit(void)
Global library cleanup.
Create OTP AEAD.
Definition: yubihsm.h:331
yh_rc yh_util_import_key_ec(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm, const uint8_t *s)
Import EC key.
File with CA certificate to validate the connector with (const char *) not implemented on windows...
Definition: yubihsm.h:451
#define YH_OBJ_LABEL_LEN
Length of object labels.
Definition: yubihsm.h:137
bool yh_verify_logs(yh_log_entry *logs, size_t n_items, yh_log_entry *last_previous_log)
Verify an array of log entries.
All sessions are allocated.
Definition: yubihsm.h:214
Asymmetric key.
Definition: yubihsm.h:367
yh_capabilities capabilities
Object capabilities.
Definition: yubihsm.h:489
yh_rc yh_connect_best(yh_connector **connectors, size_t n_connectors, int *idx)
Connect to one connector in array.
yh_rc yh_util_sign_ecdsa(yh_session *session, uint16_t key_id, const uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len)
Sign data using ECDSA.
Net error.
Definition: yubihsm.h:188
yh_rc yh_util_hmac_verify(yh_session *session, uint16_t key_id, const uint8_t *signature, size_t signature_len, const uint8_t *data, size_t data_len, bool *verified)
Verify HMAC data.
Object descriptor.
Definition: yubihsm.h:487
Proxy server to use for connecting to the connector (const char *) not implemented on windows...
Definition: yubihsm.h:454
yh_rc yh_capabilities_to_num(const char *capability, yh_capabilities *result)
Convert capability string to byte array.
yh_connector_option
Options for the connector, set with yh_set_connector_option()
Definition: yubihsm.h:448
Sign data with ECDSA.
Definition: yubihsm.h:309
yh_rc yh_util_import_key_rsa(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm, const uint8_t *p, const uint8_t *q)
Import RSA key.
yh_rc yh_util_generate_key_wrap(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm, const yh_capabilities *delegated_capabilities)
Generate a wrap key.
yh_rc yh_util_import_authkey(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, const yh_capabilities *delegated_capabilities, const uint8_t *password, size_t password_len)
Import authentication key.
Storage failure.
Definition: yubihsm.h:218
Device is in demo mode and has to be power cycled.
Definition: yubihsm.h:232
Import a wrapped object.
Definition: yubihsm.h:287
Unknown error.
Definition: yubihsm.h:236
Get device info.
Definition: yubihsm.h:259
Get a public key.
Definition: yubihsm.h:305
Log buffer is full and forced audit is set.
Definition: yubihsm.h:224
const char * yh_strerror(yh_rc err)
Return a string describing an error condition.
Create OTP AEAD from random.
Definition: yubihsm.h:333
Blink the device.
Definition: yubihsm.h:351
List objects.
Definition: yubihsm.h:281
MAC not matching.
Definition: yubihsm.h:202
yh_rc yh_util_set_log_index(yh_session *session, uint16_t index)
Set the log index.
Public key (virtual..)
Definition: yubihsm.h:377
Connector not found.
Definition: yubihsm.h:190