diff options
| author | Rob Austein <sra@hactrn.net> | 2015-06-24 16:53:01 -0400 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2015-06-24 16:53:01 -0400 |
| commit | 10dfb62866134658e1ad97914b3d1c3a7b0d7f50 (patch) | |
| tree | 5c1ea7a542631172bb4678bf2c3334f1bbc5e1e9 | |
| parent | a3b7050c53a27d4cfeb350fb86e738f623e99e0c (diff) | |
Rework API for loading keys from components. Relax key size
constraints to allow any key size within our supported range, since
hsmbully seems to want to twist this knob to every possible setting.
| -rw-r--r-- | hal.h | 29 | ||||
| -rw-r--r-- | rsa.c | 71 | ||||
| -rw-r--r-- | tests/test-rsa.c | 20 |
3 files changed, 86 insertions, 34 deletions
@@ -618,17 +618,24 @@ extern void hal_rsa_set_debug(const int onoff); extern void hal_rsa_set_blinding(const int onoff); -extern hal_error_t hal_rsa_key_load(const hal_rsa_key_type_t type, - hal_rsa_key_t *key, - void *keybuf, const size_t keybuf_len, - const uint8_t * const n, const size_t n_len, - const uint8_t * const e, const size_t e_len, - const uint8_t * const d, const size_t d_len, - const uint8_t * const p, const size_t p_len, - const uint8_t * const q, const size_t q_len, - const uint8_t * const u, const size_t u_len, - const uint8_t * const dP, const size_t dP_len, - const uint8_t * const dQ, const size_t dQ_len); +extern hal_error_t hal_rsa_key_load_private(hal_rsa_key_t *key, + void *keybuf, const size_t keybuf_len, + const uint8_t * const n, const size_t n_len, + const uint8_t * const e, const size_t e_len, + const uint8_t * const d, const size_t d_len, + const uint8_t * const p, const size_t p_len, + const uint8_t * const q, const size_t q_len, + const uint8_t * const u, const size_t u_len, + const uint8_t * const dP, const size_t dP_len, + const uint8_t * const dQ, const size_t dQ_len); + +extern hal_error_t hal_rsa_key_load_public(hal_rsa_key_t *key, + void *keybuf, const size_t keybuf_len, + const uint8_t * const n, const size_t n_len, + const uint8_t * const e, const size_t e_len); + +extern hal_error_t hal_rsa_key_get_type(hal_rsa_key_t key, + hal_rsa_key_type_t *key_type); extern hal_error_t hal_rsa_key_get_modulus(hal_rsa_key_t key, uint8_t *modulus, @@ -416,17 +416,17 @@ void hal_rsa_key_clear(hal_rsa_key_t key) * calculate everything else from them. */ -hal_error_t hal_rsa_key_load(const hal_rsa_key_type_t type, - hal_rsa_key_t *key_, - void *keybuf, const size_t keybuf_len, - const uint8_t * const n, const size_t n_len, - const uint8_t * const e, const size_t e_len, - const uint8_t * const d, const size_t d_len, - const uint8_t * const p, const size_t p_len, - const uint8_t * const q, const size_t q_len, - const uint8_t * const u, const size_t u_len, - const uint8_t * const dP, const size_t dP_len, - const uint8_t * const dQ, const size_t dQ_len) +static hal_error_t load_key(const hal_rsa_key_type_t type, + hal_rsa_key_t *key_, + void *keybuf, const size_t keybuf_len, + const uint8_t * const n, const size_t n_len, + const uint8_t * const e, const size_t e_len, + const uint8_t * const d, const size_t d_len, + const uint8_t * const p, const size_t p_len, + const uint8_t * const q, const size_t q_len, + const uint8_t * const u, const size_t u_len, + const uint8_t * const dP, const size_t dP_len, + const uint8_t * const dQ, const size_t dQ_len) { if (key_ == NULL || keybuf == NULL || keybuf_len < sizeof(struct rsa_key)) return HAL_ERROR_BAD_ARGUMENTS; @@ -454,6 +454,52 @@ hal_error_t hal_rsa_key_load(const hal_rsa_key_type_t type, } /* + * Public API to load_key(). + */ + +hal_error_t hal_rsa_key_load_private(hal_rsa_key_t *key_, + void *keybuf, const size_t keybuf_len, + const uint8_t * const n, const size_t n_len, + const uint8_t * const e, const size_t e_len, + const uint8_t * const d, const size_t d_len, + const uint8_t * const p, const size_t p_len, + const uint8_t * const q, const size_t q_len, + const uint8_t * const u, const size_t u_len, + const uint8_t * const dP, const size_t dP_len, + const uint8_t * const dQ, const size_t dQ_len) +{ + return load_key(HAL_RSA_PRIVATE, key_, keybuf, keybuf_len, + n, n_len, e, e_len, + d, d_len, p, p_len, q, q_len, u, u_len, dP, dP_len, dQ, dQ_len); +} + +hal_error_t hal_rsa_key_load_public(hal_rsa_key_t *key_, + void *keybuf, const size_t keybuf_len, + const uint8_t * const n, const size_t n_len, + const uint8_t * const e, const size_t e_len) +{ + return load_key(HAL_RSA_PUBLIC, key_, keybuf, keybuf_len, + n, n_len, e, e_len, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0); +} + +/* + * Extract the key type. + */ + +hal_error_t hal_rsa_key_get_type(hal_rsa_key_t key_, + hal_rsa_key_type_t *key_type) +{ + struct rsa_key *key = key_.key; + + if (key == NULL || key_type == NULL) + return HAL_ERROR_BAD_ARGUMENTS; + + *key_type = key->type; + return HAL_OK; +} + +/* * Extract public key components. */ @@ -543,8 +589,7 @@ hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key_, key->type = HAL_RSA_PRIVATE; fp_read_unsigned_bin(&key->e, (uint8_t *) public_exponent, public_exponent_len); - if (key_length != bitsToBytes(1024) && key_length != bitsToBytes(2048) && - key_length != bitsToBytes(4096) && key_length != bitsToBytes(8192)) + if (key_length < bitsToBytes(1024) || key_length > bitsToBytes(8192)) return HAL_ERROR_UNSUPPORTED_KEY; if (fp_cmp_d(&key->e, 0x010001) != FP_EQ) diff --git a/tests/test-rsa.c b/tests/test-rsa.c index fb53f69..594687c 100644 --- a/tests/test-rsa.c +++ b/tests/test-rsa.c @@ -91,16 +91,16 @@ static int test_decrypt(const char * const kind, const rsa_tc_t * const tc) hal_rsa_key_t key = { NULL }; hal_error_t err = HAL_OK; - if ((err = hal_rsa_key_load(HAL_RSA_PRIVATE, &key, - keybuf, sizeof(keybuf), - tc->n.val, tc->n.len, - tc->e.val, tc->e.len, - tc->d.val, tc->d.len, - tc->p.val, tc->p.len, - tc->q.val, tc->q.len, - tc->u.val, tc->u.len, - tc->dP.val, tc->dP.len, - tc->dQ.val, tc->dQ.len)) != HAL_OK) { + if ((err = hal_rsa_key_load_private(&key, + keybuf, sizeof(keybuf), + tc->n.val, tc->n.len, + tc->e.val, tc->e.len, + tc->d.val, tc->d.len, + tc->p.val, tc->p.len, + tc->q.val, tc->q.len, + tc->u.val, tc->u.len, + tc->dP.val, tc->dP.len, + tc->dQ.val, tc->dQ.len)) != HAL_OK) { printf("RSA CRT key load failed: %s\n", hal_error_string(err)); return 0; } |