Software APIs
acorn.h
Go to the documentation of this file.
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 /**
6  * acorn.h: dynamic library interface for acorn.
7  * @file
8  * Copyright 2015-2024 Entrust, Inc.
9  * Licensed under the Apache License, Version 2.0 (the "License");
10  * you may not use this file except in compliance with the License.
11  * You may obtain a copy of the License at
12 
13  * http://www.apache.org/licenses/LICENSE-2.0
14 
15  * Unless required by applicable law or agreed to in writing, software
16  * distributed under the License is distributed on an "AS IS" BASIS,
17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18  * See the License for the specific language governing permissions and
19  * limitations under the License.
20 
21  * Generated by interface.js -- DO NOT EDIT */
22 #ifndef ACORN_H
23 #define ACORN_H
24 
25 #ifdef __cplusplus
26 extern "C" {
27 #endif
28 
29 #ifdef _WIN32
30 # define EXPORT __declspec(dllexport) __cdecl
31 #else
32 # define EXPORT
33 #endif
34 
35 #include <stdio.h>
36 
37 /**
38  * Automatically called by dynamic library initialization. */
39 int EXPORT
40 acorn_init(void);
41 
42 /**
43  * Automatically called by dynamic library cleanup. */
44 void EXPORT
45 acorn_cleanup(void);
46 
47 void EXPORT
48 acorn_errstream(FILE *out);
49 
50 /** A byte array with length included */
51 struct acorn_buffer {
52  /** Number of bytes referenced by ptr */
53  unsigned len;
54  /** Pointer to an array of bytes */
55  unsigned char *ptr;
56 };
57 
58 enum acorn_enum_generateFlags {
59  acorn_enum_generateFlags_overwrite = 0,
60  acorn_enum_generateFlags_exportPrivate = 1,
61  acorn_enum_generateFlags__LIMIT = 2
62 };
63 
64 /**
65  * Describes a key pair */
66 struct acorn_object_keyEntry {
67  /**
68  * User defined name for key pair */
69  char *alias;
70  /**
71  * Cryptographic algorithm with which this key pair can be used.
72  * For example, this might be `dilitium2` */
73  char *algorithm;
74  };
75 
76 /**
77  * Input parameters for acorn_command_getVersion.
78  * @see acorn_command_getVersion
79  * @see acorn_response_getVersion */
80 struct acorn_request_getVersion {
81  /** Some C compilers reject empty structs */
82  int unused;
83 };
84 
85 /**
86  * Output parameters for acorn_command_getVersion.
87  * @see acorn_command_getVersion
88  * @see acorn_request_getVersion */
89 struct acorn_response_getVersion {
90  /**
91  * Semantic version number for host software. For example,
92  * "0.1.2" All versions with the same initial number should be
93  * compatible at runtime. */
94  char *version;
95 };
96 
97 typedef int (*acorn_commandfn_getVersion)
98 (const struct acorn_request_getVersion *request,
99  struct acorn_response_getVersion *response,
100  char **errstring);
101 
102 /**
103  * Returns information about the host software.
104  *
105  * @param request input data to process
106  * @param response output data to populate
107  * @param errstr (Optional) when not NULL, error message is allocated
108  * and assogned to this instead of being printed.
109  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
110 int EXPORT
111 acorn_command_getVersion
112 (const struct acorn_request_getVersion *request,
113  struct acorn_response_getVersion *response,
114  char **errstring);
115 
116 typedef int (*acorn_cmdfn_getVersion)
117 ( struct acorn_response_getVersion *response,
118  char **errstring);
119 
120 /**
121  * Returns information about the host software.
122  *
123  * @param response output data to populate
124  * @param errstr (Optional) when not NULL, error message is allocated
125  * and assogned to this instead of being printed.
126  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
127 int EXPORT
128 acorn_cmd_getVersion
129 (struct acorn_response_getVersion *response,
130  char **errstring);
131 
132 /**
133  * Reclaim resources used by corresponding command
134  *
135  * @see acorn_command_getVersion
136  * @param request (Optional) request data to free
137  * @param response (Optional) response data to free */
138 typedef
139 void EXPORT
140 acorn_free_getVersion
141 (struct acorn_request_getVersion *request,
142  struct acorn_response_getVersion *response);
143 
144 /**
145  * Input parameters for acorn_command_list.
146  * @see acorn_command_list
147  * @see acorn_response_list */
148 struct acorn_request_list {
149  /** Some C compilers reject empty structs */
150  int unused;
151 };
152 
153 /**
154  * Output parameters for acorn_command_list.
155  * @see acorn_command_list
156  * @see acorn_request_list */
157 struct acorn_response_list {
158  /** Number of entries in entries */
159 unsigned n_entries;
160  /**
161  * Description of each key saved in the system */
162  struct acorn_object_keyEntry *entries;
163 };
164 
165 typedef int (*acorn_commandfn_list)
166 (const struct acorn_request_list *request,
167  struct acorn_response_list *response,
168  char **errstring);
169 
170 /**
171  * Returns a list of available key aliases with algorithm names.
172  *
173  * @param request input data to process
174  * @param response output data to populate
175  * @param errstr (Optional) when not NULL, error message is allocated
176  * and assogned to this instead of being printed.
177  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
178 int EXPORT
179 acorn_command_list
180 (const struct acorn_request_list *request,
181  struct acorn_response_list *response,
182  char **errstring);
183 
184 typedef int (*acorn_cmdfn_list)
185 ( struct acorn_response_list *response,
186  char **errstring);
187 
188 /**
189  * Returns a list of available key aliases with algorithm names.
190  *
191  * @param response output data to populate
192  * @param errstr (Optional) when not NULL, error message is allocated
193  * and assogned to this instead of being printed.
194  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
195 int EXPORT
196 acorn_cmd_list
197 (struct acorn_response_list *response,
198  char **errstring);
199 
200 /**
201  * Reclaim resources used by corresponding command
202  *
203  * @see acorn_command_list
204  * @param request (Optional) request data to free
205  * @param response (Optional) response data to free */
206 typedef
207 void EXPORT
208 acorn_free_list
209 (struct acorn_request_list *request,
210  struct acorn_response_list *response);
211 
212 /**
213  * Input parameters for acorn_command_getPublic.
214  * @see acorn_command_getPublic
215  * @see acorn_response_getPublic */
216 struct acorn_request_getPublic {
217  /**
218  * Specifies which saved key pair for which to fetch the public
219  * component */
220  char *alias;
221  };
222 
223 /**
224  * Output parameters for acorn_command_getPublic.
225  * @see acorn_command_getPublic
226  * @see acorn_request_getPublic */
227 struct acorn_response_getPublic {
228  /**
229  * Public key material */
230  struct acorn_buffer publicKey;
231 };
232 
233 typedef int (*acorn_commandfn_getPublic)
234 (const struct acorn_request_getPublic *request,
235  struct acorn_response_getPublic *response,
236  char **errstring);
237 
238 /**
239  * Returns the public key associated with a given alias
240  *
241  * @param request input data to process
242  * @param response output data to populate
243  * @param errstr (Optional) when not NULL, error message is allocated
244  * and assogned to this instead of being printed.
245  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
246 int EXPORT
247 acorn_command_getPublic
248 (const struct acorn_request_getPublic *request,
249  struct acorn_response_getPublic *response,
250  char **errstring);
251 
252 typedef int (*acorn_cmdfn_getPublic)
253 (const char *alias,
254  struct acorn_response_getPublic *response,
255  char **errstring);
256 
257 /**
258  * Returns the public key associated with a given alias
259  *
260  * @param alias Specifies which saved key pair for which to fetch the
261  * public component
262  * @param response output data to populate
263  * @param errstr (Optional) when not NULL, error message is allocated
264  * and assogned to this instead of being printed.
265  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
266 int EXPORT
267 acorn_cmd_getPublic
268 (const char *alias,
269  struct acorn_response_getPublic *response,
270  char **errstring);
271 
272 /**
273  * Reclaim resources used by corresponding command
274  *
275  * @see acorn_command_getPublic
276  * @param request (Optional) request data to free
277  * @param response (Optional) response data to free */
278 typedef
279 void EXPORT
280 acorn_free_getPublic
281 (struct acorn_request_getPublic *request,
282  struct acorn_response_getPublic *response);
283 
284 /**
285  * Input parameters for acorn_command_getPublicHash.
286  * @see acorn_command_getPublicHash
287  * @see acorn_response_getPublicHash */
288 struct acorn_request_getPublicHash {
289  /**
290  * Public key material */
291  struct acorn_buffer publicKey;
292  };
293 
294 /**
295  * Output parameters for acorn_command_getPublicHash.
296  * @see acorn_command_getPublicHash
297  * @see acorn_request_getPublicHash */
298 struct acorn_response_getPublicHash {
299  /**
300  * Uniquely idenfies a public key */
301  char *hash;
302 };
303 
304 typedef int (*acorn_commandfn_getPublicHash)
305 (const struct acorn_request_getPublicHash *request,
306  struct acorn_response_getPublicHash *response,
307  char **errstring);
308 
309 /**
310  * Returns a hash value for a given public key.
311  *
312  * @param request input data to process
313  * @param response output data to populate
314  * @param errstr (Optional) when not NULL, error message is allocated
315  * and assogned to this instead of being printed.
316  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
317 int EXPORT
318 acorn_command_getPublicHash
319 (const struct acorn_request_getPublicHash *request,
320  struct acorn_response_getPublicHash *response,
321  char **errstring);
322 
323 typedef int (*acorn_cmdfn_getPublicHash)
324 (const struct acorn_buffer publicKey,
325  struct acorn_response_getPublicHash *response,
326  char **errstring);
327 
328 /**
329  * Returns a hash value for a given public key.
330  *
331  * @param publicKey Public key material
332  * @param response output data to populate
333  * @param errstr (Optional) when not NULL, error message is allocated
334  * and assogned to this instead of being printed.
335  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
336 int EXPORT
337 acorn_cmd_getPublicHash
338 (const struct acorn_buffer publicKey,
339  struct acorn_response_getPublicHash *response,
340  char **errstring);
341 
342 /**
343  * Reclaim resources used by corresponding command
344  *
345  * @see acorn_command_getPublicHash
346  * @param request (Optional) request data to free
347  * @param response (Optional) response data to free */
348 typedef
349 void EXPORT
350 acorn_free_getPublicHash
351 (struct acorn_request_getPublicHash *request,
352  struct acorn_response_getPublicHash *response);
353 
354 /**
355  * Input parameters for acorn_command_getKeyInfo.
356  * @see acorn_command_getKeyInfo
357  * @see acorn_response_getKeyInfo */
358 struct acorn_request_getKeyInfo {
359  /**
360  * Specifies which key pair to describe */
361  char *alias;
362  };
363 
364 /**
365  * Output parameters for acorn_command_getKeyInfo.
366  * @see acorn_command_getKeyInfo
367  * @see acorn_request_getKeyInfo */
368 struct acorn_response_getKeyInfo {
369  /**
370  * Uniquely idenfies a public key */
371  char *hash;
372  /**
373  * Cryptographic algorithm with which this key pair can be used */
374  char *algorithm;
375  /**
376  * Public key material */
377  struct acorn_buffer publicKey;
378  /**
379  * Opaque and encrypted private key */
380  struct acorn_buffer privateBlob;
381 };
382 
383 typedef int (*acorn_commandfn_getKeyInfo)
384 (const struct acorn_request_getKeyInfo *request,
385  struct acorn_response_getKeyInfo *response,
386  char **errstring);
387 
388 /**
389  * Returns the hash, algorithm and public key associated with a given
390  * alias.
391  *
392  * @param request input data to process
393  * @param response output data to populate
394  * @param errstr (Optional) when not NULL, error message is allocated
395  * and assogned to this instead of being printed.
396  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
397 int EXPORT
398 acorn_command_getKeyInfo
399 (const struct acorn_request_getKeyInfo *request,
400  struct acorn_response_getKeyInfo *response,
401  char **errstring);
402 
403 typedef int (*acorn_cmdfn_getKeyInfo)
404 (const char *alias,
405  struct acorn_response_getKeyInfo *response,
406  char **errstring);
407 
408 /**
409  * Returns the hash, algorithm and public key associated with a given
410  * alias.
411  *
412  * @param alias Specifies which key pair to describe
413  * @param response output data to populate
414  * @param errstr (Optional) when not NULL, error message is allocated
415  * and assogned to this instead of being printed.
416  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
417 int EXPORT
418 acorn_cmd_getKeyInfo
419 (const char *alias,
420  struct acorn_response_getKeyInfo *response,
421  char **errstring);
422 
423 /**
424  * Reclaim resources used by corresponding command
425  *
426  * @see acorn_command_getKeyInfo
427  * @param request (Optional) request data to free
428  * @param response (Optional) response data to free */
429 typedef
430 void EXPORT
431 acorn_free_getKeyInfo
432 (struct acorn_request_getKeyInfo *request,
433  struct acorn_response_getKeyInfo *response);
434 
435 /**
436  * Input parameters for acorn_command_generate.
437  * @see acorn_command_generate
438  * @see acorn_response_generate */
439 struct acorn_request_generate {
440  /**
441  * Name for new key pair (optional) */
442  char *alias;
443  /**
444  * Cryptographic algorithm to use */
445  char *algorithm;
446  /**
447  * Specifies the operator card set or softoken to use. Use the
448  * preload command to avoid console prompts */
449  char *token;
450  /**
451  * Set bit one to overwrite existing alias key pair if one
452  * exists.
453  *
454  * Set bit two to provide private key without encryption in the
455  * response privateKey field (DANGEROUS). Setting this
456  * undermines the ability of the HSM to protect the key
457  * material, though the key still benefits from hardware random
458  * number generation. */
459  unsigned flags;
460  };
461 
462 /**
463  * Output parameters for acorn_command_generate.
464  * @see acorn_command_generate
465  * @see acorn_request_generate */
466 struct acorn_response_generate {
467  /**
468  * Name of new key pair */
469  char *alias;
470  /**
471  * Unique identifier for key pair */
472  char *hash;
473  /**
474  * Opaque representation of encrypted private key material. */
475  struct acorn_buffer privateBlob;
476  /**
477  * Exposed private key material (present only when exportPrivate
478  * flag is set). */
479  struct acorn_buffer privateKey;
480 };
481 
482 typedef int (*acorn_commandfn_generate)
483 (const struct acorn_request_generate *request,
484  struct acorn_response_generate *response,
485  char **errstring);
486 
487 /**
488  * Generates a key pair and saves it under the specified alias. The key
489  * pair can be used for subsequent commands and will be saved between
490  * instances of the application.
491  *
492  * @param request input data to process
493  * @param response output data to populate
494  * @param errstr (Optional) when not NULL, error message is allocated
495  * and assogned to this instead of being printed.
496  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
497 int EXPORT
498 acorn_command_generate
499 (const struct acorn_request_generate *request,
500  struct acorn_response_generate *response,
501  char **errstring);
502 
503 typedef int (*acorn_cmdfn_generate)
504 (const char *alias,
505  const char *algorithm,
506  const char *token,
507  unsigned flags,
508  struct acorn_response_generate *response,
509  char **errstring);
510 
511 /**
512  * Generates a key pair and saves it under the specified alias. The key
513  * pair can be used for subsequent commands and will be saved between
514  * instances of the application.
515  *
516  * @param alias Name for new key pair (optional)
517  * @param algorithm Cryptographic algorithm to use
518  * @param token Specifies the operator card set or softoken to use. Use
519  * the preload command to avoid console prompts
520  * @param flags Set bit one to overwrite existing alias key pair if one
521  * exists.
522  *
523  * @param flags Set bit two to provide private key without encryption in
524  * the response privateKey field (DANGEROUS). Setting this undermines
525  * the ability of the HSM to protect the key material, though the key
526  * still benefits from hardware random number generation.
527  * @param response output data to populate
528  * @param errstr (Optional) when not NULL, error message is allocated
529  * and assogned to this instead of being printed.
530  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
531 int EXPORT
532 acorn_cmd_generate
533 (const char *alias,
534  const char *algorithm,
535  const char *token,
536  unsigned flags,
537  struct acorn_response_generate *response,
538  char **errstring);
539 
540 /**
541  * Reclaim resources used by corresponding command
542  *
543  * @see acorn_command_generate
544  * @param request (Optional) request data to free
545  * @param response (Optional) response data to free */
546 typedef
547 void EXPORT
548 acorn_free_generate
549 (struct acorn_request_generate *request,
550  struct acorn_response_generate *response);
551 
552 /**
553  * Input parameters for acorn_command_importKeypair.
554  * @see acorn_command_importKeypair
555  * @see acorn_response_importKeypair */
556 struct acorn_request_importKeypair {
557  /**
558  * Name for new key pair (optional) */
559  char *alias;
560  /**
561  * Cryptographic algorithm to use */
562  char *algorithm;
563  /**
564  * Public portion of key pair */
565  struct acorn_buffer publicKey;
566  /**
567  * Private portion of key pair */
568  struct acorn_buffer privateKey;
569  /**
570  * Specifies the operator card set or softoken to use. Use the
571  * preload command to avoid console prompts */
572  char *token;
573  /**
574  * Delete existing alias key pair if one exists */
575  unsigned overwrite;
576  };
577 
578 /**
579  * Output parameters for acorn_command_importKeypair.
580  * @see acorn_command_importKeypair
581  * @see acorn_request_importKeypair */
582 struct acorn_response_importKeypair {
583  /**
584  * Name of new key pair */
585  char *alias;
586  /**
587  * Unique identifier for key pair */
588  char *hash;
589  /**
590  * Opaque representation of encrypted private key material. */
591  struct acorn_buffer privateBlob;
592 };
593 
594 typedef int (*acorn_commandfn_importKeypair)
595 (const struct acorn_request_importKeypair *request,
596  struct acorn_response_importKeypair *response,
597  char **errstring);
598 
599 /**
600  * Imports a signature key pair and saves it under the specified alias.
601  * The key pair can be used for subsequent commands and will be saved
602  * between instances of the application.
603  *
604  * @param request input data to process
605  * @param response output data to populate
606  * @param errstr (Optional) when not NULL, error message is allocated
607  * and assogned to this instead of being printed.
608  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
609 int EXPORT
610 acorn_command_importKeypair
611 (const struct acorn_request_importKeypair *request,
612  struct acorn_response_importKeypair *response,
613  char **errstring);
614 
615 typedef int (*acorn_cmdfn_importKeypair)
616 (const char *alias,
617  const char *algorithm,
618  const struct acorn_buffer publicKey,
619  const struct acorn_buffer privateKey,
620  const char *token,
621  unsigned overwrite,
622  struct acorn_response_importKeypair *response,
623  char **errstring);
624 
625 /**
626  * Imports a signature key pair and saves it under the specified alias.
627  * The key pair can be used for subsequent commands and will be saved
628  * between instances of the application.
629  *
630  * @param alias Name for new key pair (optional)
631  * @param algorithm Cryptographic algorithm to use
632  * @param publicKey Public portion of key pair
633  * @param privateKey Private portion of key pair
634  * @param token Specifies the operator card set or softoken to use. Use
635  * the preload command to avoid console prompts
636  * @param overwrite Delete existing alias key pair if one exists
637  * @param response output data to populate
638  * @param errstr (Optional) when not NULL, error message is allocated
639  * and assogned to this instead of being printed.
640  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
641 int EXPORT
642 acorn_cmd_importKeypair
643 (const char *alias,
644  const char *algorithm,
645  const struct acorn_buffer publicKey,
646  const struct acorn_buffer privateKey,
647  const char *token,
648  unsigned overwrite,
649  struct acorn_response_importKeypair *response,
650  char **errstring);
651 
652 /**
653  * Reclaim resources used by corresponding command
654  *
655  * @see acorn_command_importKeypair
656  * @param request (Optional) request data to free
657  * @param response (Optional) response data to free */
658 typedef
659 void EXPORT
660 acorn_free_importKeypair
661 (struct acorn_request_importKeypair *request,
662  struct acorn_response_importKeypair *response);
663 
664 /**
665  * Input parameters for acorn_command_sign.
666  * @see acorn_command_sign
667  * @see acorn_response_sign */
668 struct acorn_request_sign {
669  /**
670  * Specifies key pair to sign with */
671  char *alias;
672  /**
673  * Ignored unless alias is missing */
674  char *keyhash;
675  /**
676  * Data to be signed */
677  struct acorn_buffer message;
678  };
679 
680 /**
681  * Output parameters for acorn_command_sign.
682  * @see acorn_command_sign
683  * @see acorn_request_sign */
684 struct acorn_response_sign {
685  /**
686  * Cryptographic signature of message */
687  struct acorn_buffer signature;
688 };
689 
690 typedef int (*acorn_commandfn_sign)
691 (const struct acorn_request_sign *request,
692  struct acorn_response_sign *response,
693  char **errstring);
694 
695 /**
696  * Creates a digital signature of the specified message. The keyhash
697  * argument is ignored unless the alias is missing.
698  *
699  * @param request input data to process
700  * @param response output data to populate
701  * @param errstr (Optional) when not NULL, error message is allocated
702  * and assogned to this instead of being printed.
703  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
704 int EXPORT
705 acorn_command_sign
706 (const struct acorn_request_sign *request,
707  struct acorn_response_sign *response,
708  char **errstring);
709 
710 typedef int (*acorn_cmdfn_sign)
711 (const char *alias,
712  const char *keyhash,
713  const struct acorn_buffer message,
714  struct acorn_response_sign *response,
715  char **errstring);
716 
717 /**
718  * Creates a digital signature of the specified message. The keyhash
719  * argument is ignored unless the alias is missing.
720  *
721  * @param alias Specifies key pair to sign with
722  * @param keyhash Ignored unless alias is missing
723  * @param message Data to be signed
724  * @param response output data to populate
725  * @param errstr (Optional) when not NULL, error message is allocated
726  * and assogned to this instead of being printed.
727  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
728 int EXPORT
729 acorn_cmd_sign
730 (const char *alias,
731  const char *keyhash,
732  const struct acorn_buffer message,
733  struct acorn_response_sign *response,
734  char **errstring);
735 
736 /**
737  * Reclaim resources used by corresponding command
738  *
739  * @see acorn_command_sign
740  * @param request (Optional) request data to free
741  * @param response (Optional) response data to free */
742 typedef
743 void EXPORT
744 acorn_free_sign
745 (struct acorn_request_sign *request,
746  struct acorn_response_sign *response);
747 
748 /**
749  * Input parameters for acorn_command_verify.
750  * @see acorn_command_verify
751  * @see acorn_response_verify */
752 struct acorn_request_verify {
753  /**
754  * Specifies key pair used for signature */
755  char *alias;
756  /**
757  * Ignored unless alias is missing */
758  char *keyhash;
759  /**
760  * Data that has been signed */
761  struct acorn_buffer message;
762  /**
763  * Cryptographic signature of message */
764  struct acorn_buffer signature;
765  };
766 
767 /**
768  * Output parameters for acorn_command_verify.
769  * @see acorn_command_verify
770  * @see acorn_request_verify */
771 struct acorn_response_verify {
772  /**
773  * True if and only if signature is cryptographically valid for
774  * given message */
775  unsigned verified;
776 };
777 
778 typedef int (*acorn_commandfn_verify)
779 (const struct acorn_request_verify *request,
780  struct acorn_response_verify *response,
781  char **errstring);
782 
783 /**
784  * Determines whether a given signature is valid for a message and key
785  * pair. The keyhash argument is ignored unless the alias is missing.
786  *
787  * @param request input data to process
788  * @param response output data to populate
789  * @param errstr (Optional) when not NULL, error message is allocated
790  * and assogned to this instead of being printed.
791  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
792 int EXPORT
793 acorn_command_verify
794 (const struct acorn_request_verify *request,
795  struct acorn_response_verify *response,
796  char **errstring);
797 
798 typedef int (*acorn_cmdfn_verify)
799 (const char *alias,
800  const char *keyhash,
801  const struct acorn_buffer message,
802  const struct acorn_buffer signature,
803  struct acorn_response_verify *response,
804  char **errstring);
805 
806 /**
807  * Determines whether a given signature is valid for a message and key
808  * pair. The keyhash argument is ignored unless the alias is missing.
809  *
810  * @param alias Specifies key pair used for signature
811  * @param keyhash Ignored unless alias is missing
812  * @param message Data that has been signed
813  * @param signature Cryptographic signature of message
814  * @param response output data to populate
815  * @param errstr (Optional) when not NULL, error message is allocated
816  * and assogned to this instead of being printed.
817  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
818 int EXPORT
819 acorn_cmd_verify
820 (const char *alias,
821  const char *keyhash,
822  const struct acorn_buffer message,
823  const struct acorn_buffer signature,
824  struct acorn_response_verify *response,
825  char **errstring);
826 
827 /**
828  * Reclaim resources used by corresponding command
829  *
830  * @see acorn_command_verify
831  * @param request (Optional) request data to free
832  * @param response (Optional) response data to free */
833 typedef
834 void EXPORT
835 acorn_free_verify
836 (struct acorn_request_verify *request,
837  struct acorn_response_verify *response);
838 
839 /**
840  * Input parameters for acorn_command_signImmediate.
841  * @see acorn_command_signImmediate
842  * @see acorn_response_signImmediate */
843 struct acorn_request_signImmediate {
844  /**
845  * Opaque representation of encrypted private key material */
846  struct acorn_buffer privateBlob;
847  /**
848  * Specifies the operator card set or softoken to use. Use the
849  * preload command to avoid console prompts */
850  char *token;
851  /**
852  * Data to be signed */
853  struct acorn_buffer message;
854  };
855 
856 /**
857  * Output parameters for acorn_command_signImmediate.
858  * @see acorn_command_signImmediate
859  * @see acorn_request_signImmediate */
860 struct acorn_response_signImmediate {
861  /**
862  * Cryptographic signature of message */
863  struct acorn_buffer signature;
864 };
865 
866 typedef int (*acorn_commandfn_signImmediate)
867 (const struct acorn_request_signImmediate *request,
868  struct acorn_response_signImmediate *response,
869  char **errstring);
870 
871 /**
872  * Creates a digital signature of the specified message. The keyhash
873  * argument is ignored unless the alias is missing.
874  *
875  * @param request input data to process
876  * @param response output data to populate
877  * @param errstr (Optional) when not NULL, error message is allocated
878  * and assogned to this instead of being printed.
879  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
880 int EXPORT
881 acorn_command_signImmediate
882 (const struct acorn_request_signImmediate *request,
883  struct acorn_response_signImmediate *response,
884  char **errstring);
885 
886 typedef int (*acorn_cmdfn_signImmediate)
887 (const struct acorn_buffer privateBlob,
888  const char *token,
889  const struct acorn_buffer message,
890  struct acorn_response_signImmediate *response,
891  char **errstring);
892 
893 /**
894  * Creates a digital signature of the specified message. The keyhash
895  * argument is ignored unless the alias is missing.
896  *
897  * @param privateBlob Opaque representation of encrypted private key
898  * material
899  * @param token Specifies the operator card set or softoken to use. Use
900  * the preload command to avoid console prompts
901  * @param message Data to be signed
902  * @param response output data to populate
903  * @param errstr (Optional) when not NULL, error message is allocated
904  * and assogned to this instead of being printed.
905  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
906 int EXPORT
907 acorn_cmd_signImmediate
908 (const struct acorn_buffer privateBlob,
909  const char *token,
910  const struct acorn_buffer message,
911  struct acorn_response_signImmediate *response,
912  char **errstring);
913 
914 /**
915  * Reclaim resources used by corresponding command
916  *
917  * @see acorn_command_signImmediate
918  * @param request (Optional) request data to free
919  * @param response (Optional) response data to free */
920 typedef
921 void EXPORT
922 acorn_free_signImmediate
923 (struct acorn_request_signImmediate *request,
924  struct acorn_response_signImmediate *response);
925 
926 /**
927  * Input parameters for acorn_command_verifyImmediate.
928  * @see acorn_command_verifyImmediate
929  * @see acorn_response_verifyImmediate */
930 struct acorn_request_verifyImmediate {
931  /**
932  * Public key of pair used to sign */
933  struct acorn_buffer publicKey;
934  /**
935  * Cryptographic algorithm used to sign */
936  char *algorithm;
937  /**
938  * Data that has been signed */
939  struct acorn_buffer message;
940  /**
941  * Cryptographic signature of message */
942  struct acorn_buffer signature;
943  };
944 
945 /**
946  * Output parameters for acorn_command_verifyImmediate.
947  * @see acorn_command_verifyImmediate
948  * @see acorn_request_verifyImmediate */
949 struct acorn_response_verifyImmediate {
950  /**
951  * True if and only if signature is cryptographically valid for
952  * given message */
953  unsigned verified;
954 };
955 
956 typedef int (*acorn_commandfn_verifyImmediate)
957 (const struct acorn_request_verifyImmediate *request,
958  struct acorn_response_verifyImmediate *response,
959  char **errstring);
960 
961 /**
962  * Determines whether a given signature is valid for a message and
963  * public key
964  *
965  * @param request input data to process
966  * @param response output data to populate
967  * @param errstr (Optional) when not NULL, error message is allocated
968  * and assogned to this instead of being printed.
969  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
970 int EXPORT
971 acorn_command_verifyImmediate
972 (const struct acorn_request_verifyImmediate *request,
973  struct acorn_response_verifyImmediate *response,
974  char **errstring);
975 
976 typedef int (*acorn_cmdfn_verifyImmediate)
977 (const struct acorn_buffer publicKey,
978  const char *algorithm,
979  const struct acorn_buffer message,
980  const struct acorn_buffer signature,
981  struct acorn_response_verifyImmediate *response,
982  char **errstring);
983 
984 /**
985  * Determines whether a given signature is valid for a message and
986  * public key
987  *
988  * @param publicKey Public key of pair used to sign
989  * @param algorithm Cryptographic algorithm used to sign
990  * @param message Data that has been signed
991  * @param signature Cryptographic signature of message
992  * @param response output data to populate
993  * @param errstr (Optional) when not NULL, error message is allocated
994  * and assogned to this instead of being printed.
995  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
996 int EXPORT
997 acorn_cmd_verifyImmediate
998 (const struct acorn_buffer publicKey,
999  const char *algorithm,
1000  const struct acorn_buffer message,
1001  const struct acorn_buffer signature,
1002  struct acorn_response_verifyImmediate *response,
1003  char **errstring);
1004 
1005 /**
1006  * Reclaim resources used by corresponding command
1007  *
1008  * @see acorn_command_verifyImmediate
1009  * @param request (Optional) request data to free
1010  * @param response (Optional) response data to free */
1011 typedef
1012 void EXPORT
1013 acorn_free_verifyImmediate
1014 (struct acorn_request_verifyImmediate *request,
1015  struct acorn_response_verifyImmediate *response);
1016 
1017 /**
1018  * Input parameters for acorn_command_see_getVersion.
1019  * @see acorn_command_see_getVersion
1020  * @see acorn_response_see_getVersion */
1021 struct acorn_request_see_getVersion {
1022  /** Some C compilers reject empty structs */
1023  int unused;
1024 };
1025 
1026 /**
1027  * Output parameters for acorn_command_see_getVersion.
1028  * @see acorn_command_see_getVersion
1029  * @see acorn_request_see_getVersion */
1030 struct acorn_response_see_getVersion {
1031  /**
1032  * Sementic version number of SEE machine */
1033  char *version;
1034 };
1035 
1036 typedef int (*acorn_commandfn_see_getVersion)
1037 (const struct acorn_request_see_getVersion *request,
1038  struct acorn_response_see_getVersion *response,
1039  char **errstring);
1040 
1041 int EXPORT
1042 acorn_command_see_getVersion
1043 (const struct acorn_request_see_getVersion *request,
1044  struct acorn_response_see_getVersion *response,
1045  char **errstring);
1046 
1047 typedef int (*acorn_cmdfn_see_getVersion)
1048 ( struct acorn_response_see_getVersion *response,
1049  char **errstring);
1050 
1051 int EXPORT
1052 acorn_cmd_see_getVersion
1053 (struct acorn_response_see_getVersion *response,
1054  char **errstring);
1055 
1056 /**
1057  * Reclaim resources used by corresponding command
1058  *
1059  * @see acorn_command_see_getVersion
1060  * @param request (Optional) request data to free
1061  * @param response (Optional) response data to free */
1062 typedef
1063 void EXPORT
1064 acorn_free_see_getVersion
1065 (struct acorn_request_see_getVersion *request,
1066  struct acorn_response_see_getVersion *response);
1067 
1068 struct acorn_commandlist {
1069  acorn_commandfn_getVersion getVersion;
1070  acorn_commandfn_list list;
1071  acorn_commandfn_getPublic getPublic;
1072  acorn_commandfn_getPublicHash getPublicHash;
1073  acorn_commandfn_getKeyInfo getKeyInfo;
1074  acorn_commandfn_generate generate;
1075  acorn_commandfn_importKeypair importKeypair;
1076  acorn_commandfn_sign sign;
1077  acorn_commandfn_verify verify;
1078  acorn_commandfn_signImmediate signImmediate;
1079  acorn_commandfn_verifyImmediate verifyImmediate;
1080  acorn_commandfn_see_getVersion see_getVersion;
1081 };
1082 
1083 struct acorn_cmdlist {
1084  acorn_cmdfn_getVersion getVersion;
1085  acorn_cmdfn_list list;
1086  acorn_cmdfn_getPublic getPublic;
1087  acorn_cmdfn_getPublicHash getPublicHash;
1088  acorn_cmdfn_getKeyInfo getKeyInfo;
1089  acorn_cmdfn_generate generate;
1090  acorn_cmdfn_importKeypair importKeypair;
1091  acorn_cmdfn_sign sign;
1092  acorn_cmdfn_verify verify;
1093  acorn_cmdfn_signImmediate signImmediate;
1094  acorn_cmdfn_verifyImmediate verifyImmediate;
1095  acorn_commandfn_see_getVersion see_getVersion;
1096 };
1097 
1098 /**
1099  * Populates a structure containing each command
1100  * in request structure form.
1101  *
1102  * @param list function pointer list to be populated
1103  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
1104 typedef
1105 int EXPORT
1106 acorn_getcommandlist
1107 (struct acorn_commandlist *list,
1108  char **errstring);
1109 
1110 /**
1111  * Populates a structure containing each command
1112  * in request inline form.
1113  *
1114  * @param list function pointer list to be populated
1115  * @returns EXIT_SUCCESS (0) or a non-zero failure code */
1116 typedef
1117 int EXPORT
1118 acorn_getcmdlist
1119 (struct acorn_cmdlist *list,
1120  char **errstring);
1121 
1122 #ifdef __cplusplus
1123 }
1124 #endif
1125 #endif /* ACORN_H */
Return to OpenTitan Documentation