diff options
| author | Rob Austein <sra@hactrn.net> | 2017-09-13 11:28:13 -0400 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2017-09-13 11:28:13 -0400 |
| commit | 5522df4f68bfa66b9b4446fdfb92783694586f70 (patch) | |
| tree | fa89fbd09f8ad3633b81de89ad8e2f973b6978f0 /hal_internal.h | |
| parent | ae2985215d2329ac9663bbbedd925ec1b61cfaa1 (diff) | |
Sort-of-working, large (4096-bit) RSA keys broken.
Snapshot of mostly but not entirely working code to include the extra
ModExpA7 key components in the keystore. Need to investigate whether
a more compact representation is practical for these components, as
the current one bloats the key object so much that a bare 4096-bit key
won't fit in a single hash block, and there may not be enough room for
PKCS #11 attributes even for smaller keys.
If more compact representation not possible or insufficient, the other
option is to double the size of a keystore object, making it two flash
subsectors for a total of 8192 octets. Which would of course halve
the number of keys we can store and require a bunch of little tweaks
all through the ks code (particularly flash erase), so definitely
worth trying for a more compact representation first.
Diffstat (limited to 'hal_internal.h')
| -rw-r--r-- | hal_internal.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/hal_internal.h b/hal_internal.h index 7ab300d..a60d0b5 100644 --- a/hal_internal.h +++ b/hal_internal.h @@ -405,7 +405,19 @@ static inline hal_crc32_t hal_crc32_finalize(hal_crc32_t crc) * moment we take the easy way out and cap this at 4096-bit RSA. */ +#if 0 #define HAL_KS_WRAPPED_KEYSIZE ((2373 + 15) & ~7) +#else +#warning Temporary test hack to HAL_KS_WRAPPED_KEYSIZE, clean this up +// +// See how much of the problem we're having with pkey support for the +// new modexpa7 components is just this buffer size being too small. +// +#define HAL_KS_WRAPPED_KEYSIZE ((2373 + 6 * 4096 / 8 + 6 * 4 + 15) & ~7) +#if HAL_KS_WRAPPED_KEYSIZE + 8 > 4096 +#warning HAL_KS_WRAPPED_KEYSIZE is too big for a single 4096-octet block +#endif +#endif /* * PINs. @@ -566,6 +578,10 @@ extern hal_error_t hal_ks_get_attributes(hal_ks_t *ks, extern hal_error_t hal_ks_logout(hal_ks_t *ks, const hal_client_handle_t client); +extern hal_error_t hal_ks_rewrite_der(hal_ks_t *ks, + hal_pkey_slot_t *slot, + const uint8_t * const der, const size_t der_len); + /* * RPC lowest-level send and receive routines. These are blocking, and * transport-specific (sockets, USB). |