aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2015-06-24 16:53:01 -0400
committerRob Austein <sra@hactrn.net>2015-06-24 16:53:01 -0400
commit10dfb62866134658e1ad97914b3d1c3a7b0d7f50 (patch)
tree5c1ea7a542631172bb4678bf2c3334f1bbc5e1e9
parenta3b7050c53a27d4cfeb350fb86e738f623e99e0c (diff)
Rework API for loading keys from components. Relax key size
constraints to allow any key size within our supported range, since hsmbully seems to want to twist this knob to every possible setting.
-rw-r--r--hal.h29
-rw-r--r--rsa.c71
-rw-r--r--tests/test-rsa.c20
3 files changed, 86 insertions, 34 deletions
diff --git a/hal.h b/hal.h
index 1c5286c..8b731d4 100644
--- a/hal.h
+++ b/hal.h
@@ -618,17 +618,24 @@ extern void hal_rsa_set_debug(const int onoff);
extern void hal_rsa_set_blinding(const int onoff);
-extern hal_error_t hal_rsa_key_load(const hal_rsa_key_type_t type,
- hal_rsa_key_t *key,
- void *keybuf, const size_t keybuf_len,
- const uint8_t * const n, const size_t n_len,
- const uint8_t * const e, const size_t e_len,
- const uint8_t * const d, const size_t d_len,
- const uint8_t * const p, const size_t p_len,
- const uint8_t * const q, const size_t q_len,
- const uint8_t * const u, const size_t u_len,
- const uint8_t * const dP, const size_t dP_len,
- const uint8_t * const dQ, const size_t dQ_len);
+extern hal_error_t hal_rsa_key_load_private(hal_rsa_key_t *key,
+ void *keybuf, const size_t keybuf_len,
+ const uint8_t * const n, const size_t n_len,
+ const uint8_t * const e, const size_t e_len,
+ const uint8_t * const d, const size_t d_len,
+ const uint8_t * const p, const size_t p_len,
+ const uint8_t * const q, const size_t q_len,
+ const uint8_t * const u, const size_t u_len,
+ const uint8_t * const dP, const size_t dP_len,
+ const uint8_t * const dQ, const size_t dQ_len);
+
+extern hal_error_t hal_rsa_key_load_public(hal_rsa_key_t *key,
+ void *keybuf, const size_t keybuf_len,
+ const uint8_t * const n, const size_t n_len,
+ const uint8_t * const e, const size_t e_len);
+
+extern hal_error_t hal_rsa_key_get_type(hal_rsa_key_t key,
+ hal_rsa_key_type_t *key_type);
extern hal_error_t hal_rsa_key_get_modulus(hal_rsa_key_t key,
uint8_t *modulus,
diff --git a/rsa.c b/rsa.c
index 58b565f..704ee54 100644
--- a/rsa.c
+++ b/rsa.c
@@ -416,17 +416,17 @@ void hal_rsa_key_clear(hal_rsa_key_t key)
* calculate everything else from them.
*/
-hal_error_t hal_rsa_key_load(const hal_rsa_key_type_t type,
- hal_rsa_key_t *key_,
- void *keybuf, const size_t keybuf_len,
- const uint8_t * const n, const size_t n_len,
- const uint8_t * const e, const size_t e_len,
- const uint8_t * const d, const size_t d_len,
- const uint8_t * const p, const size_t p_len,
- const uint8_t * const q, const size_t q_len,
- const uint8_t * const u, const size_t u_len,
- const uint8_t * const dP, const size_t dP_len,
- const uint8_t * const dQ, const size_t dQ_len)
+static hal_error_t load_key(const hal_rsa_key_type_t type,
+ hal_rsa_key_t *key_,
+ void *keybuf, const size_t keybuf_len,
+ const uint8_t * const n, const size_t n_len,
+ const uint8_t * const e, const size_t e_len,
+ const uint8_t * const d, const size_t d_len,
+ const uint8_t * const p, const size_t p_len,
+ const uint8_t * const q, const size_t q_len,
+ const uint8_t * const u, const size_t u_len,
+ const uint8_t * const dP, const size_t dP_len,
+ const uint8_t * const dQ, const size_t dQ_len)
{
if (key_ == NULL || keybuf == NULL || keybuf_len < sizeof(struct rsa_key))
return HAL_ERROR_BAD_ARGUMENTS;
@@ -454,6 +454,52 @@ hal_error_t hal_rsa_key_load(const hal_rsa_key_type_t type,
}
/*
+ * Public API to load_key().
+ */
+
+hal_error_t hal_rsa_key_load_private(hal_rsa_key_t *key_,
+ void *keybuf, const size_t keybuf_len,
+ const uint8_t * const n, const size_t n_len,
+ const uint8_t * const e, const size_t e_len,
+ const uint8_t * const d, const size_t d_len,
+ const uint8_t * const p, const size_t p_len,
+ const uint8_t * const q, const size_t q_len,
+ const uint8_t * const u, const size_t u_len,
+ const uint8_t * const dP, const size_t dP_len,
+ const uint8_t * const dQ, const size_t dQ_len)
+{
+ return load_key(HAL_RSA_PRIVATE, key_, keybuf, keybuf_len,
+ n, n_len, e, e_len,
+ d, d_len, p, p_len, q, q_len, u, u_len, dP, dP_len, dQ, dQ_len);
+}
+
+hal_error_t hal_rsa_key_load_public(hal_rsa_key_t *key_,
+ void *keybuf, const size_t keybuf_len,
+ const uint8_t * const n, const size_t n_len,
+ const uint8_t * const e, const size_t e_len)
+{
+ return load_key(HAL_RSA_PUBLIC, key_, keybuf, keybuf_len,
+ n, n_len, e, e_len,
+ NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0);
+}
+
+/*
+ * Extract the key type.
+ */
+
+hal_error_t hal_rsa_key_get_type(hal_rsa_key_t key_,
+ hal_rsa_key_type_t *key_type)
+{
+ struct rsa_key *key = key_.key;
+
+ if (key == NULL || key_type == NULL)
+ return HAL_ERROR_BAD_ARGUMENTS;
+
+ *key_type = key->type;
+ return HAL_OK;
+}
+
+/*
* Extract public key components.
*/
@@ -543,8 +589,7 @@ hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key_,
key->type = HAL_RSA_PRIVATE;
fp_read_unsigned_bin(&key->e, (uint8_t *) public_exponent, public_exponent_len);
- if (key_length != bitsToBytes(1024) && key_length != bitsToBytes(2048) &&
- key_length != bitsToBytes(4096) && key_length != bitsToBytes(8192))
+ if (key_length < bitsToBytes(1024) || key_length > bitsToBytes(8192))
return HAL_ERROR_UNSUPPORTED_KEY;
if (fp_cmp_d(&key->e, 0x010001) != FP_EQ)
diff --git a/tests/test-rsa.c b/tests/test-rsa.c
index fb53f69..594687c 100644
--- a/tests/test-rsa.c
+++ b/tests/test-rsa.c
@@ -91,16 +91,16 @@ static int test_decrypt(const char * const kind, const rsa_tc_t * const tc)
hal_rsa_key_t key = { NULL };
hal_error_t err = HAL_OK;
- if ((err = hal_rsa_key_load(HAL_RSA_PRIVATE, &key,
- keybuf, sizeof(keybuf),
- tc->n.val, tc->n.len,
- tc->e.val, tc->e.len,
- tc->d.val, tc->d.len,
- tc->p.val, tc->p.len,
- tc->q.val, tc->q.len,
- tc->u.val, tc->u.len,
- tc->dP.val, tc->dP.len,
- tc->dQ.val, tc->dQ.len)) != HAL_OK) {
+ if ((err = hal_rsa_key_load_private(&key,
+ keybuf, sizeof(keybuf),
+ tc->n.val, tc->n.len,
+ tc->e.val, tc->e.len,
+ tc->d.val, tc->d.len,
+ tc->p.val, tc->p.len,
+ tc->q.val, tc->q.len,
+ tc->u.val, tc->u.len,
+ tc->dP.val, tc->dP.len,
+ tc->dQ.val, tc->dQ.len)) != HAL_OK) {
printf("RSA CRT key load failed: %s\n", hal_error_string(err));
return 0;
}