diff options
author | Rob Austein <sra@hactrn.net> | 2016-08-10 12:19:10 -0400 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2016-08-10 12:19:10 -0400 |
commit | 36dfaf0adbddbb9f1f7852911228b3ab24ba01aa (patch) | |
tree | 1426696e087293ab9e92135c96565d90fc032496 /rpc_pkey.c | |
parent | 20d94fd816ad1755086501547aaffdda7916235a (diff) |
Mixed-mode pkey sign and verify must construct DigestInfo for PKCS #1.5.
PKCS #11 expects a DigestInfo rather than a raw digest when passing a
pre-computed digest for PKCS #1.5 signature or verification, so the
rpc_pkey signature and verification calls do too. This requires
special case handling of RSA when the user passes a digest handle in
mixed mode. Annoying, but PKCS #1.5 is weird enoug that there's no
way to avoid some kind of special case handling, this approach has the
advantage of not requiring us to parse and reconstruct the ASN.1, and
is probably what PKCS #11 has trained software to expect in any case.
Diffstat (limited to 'rpc_pkey.c')
-rw-r--r-- | rpc_pkey.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -142,8 +142,8 @@ static inline pkey_slot_t *find_handle(const hal_pkey_handle_t handle) * basic) ASN.1 encoding, which we perform inline. */ -static hal_error_t pkcs1_construct_digestinfo(const hal_hash_handle_t handle, - uint8_t *digest_info, size_t *digest_info_len, const size_t digest_info_max) +hal_error_t hal_rpc_pkey_pkcs1_construct_digestinfo(const hal_hash_handle_t handle, + uint8_t *digest_info, size_t *digest_info_len, const size_t digest_info_max) { assert(digest_info != NULL && digest_info_len != NULL); @@ -623,7 +623,7 @@ static hal_error_t pkey_local_sign_rsa(uint8_t *keybuf, const size_t keybuf_len, return HAL_ERROR_RESULT_TOO_LONG; if (input == NULL) { - if ((err = pkcs1_construct_digestinfo(hash, signature, &input_len, *signature_len)) != HAL_OK) + if ((err = hal_rpc_pkey_pkcs1_construct_digestinfo(hash, signature, &input_len, *signature_len)) != HAL_OK) return err; input = signature; } @@ -751,7 +751,7 @@ static hal_error_t pkey_local_verify_rsa(uint8_t *keybuf, const size_t keybuf_le return err; if (input == NULL) { - if ((err = pkcs1_construct_digestinfo(hash, expected, &input_len, sizeof(expected))) != HAL_OK) + if ((err = hal_rpc_pkey_pkcs1_construct_digestinfo(hash, expected, &input_len, sizeof(expected))) != HAL_OK) return err; input = expected; } |