aboutsummaryrefslogtreecommitdiff
path: root/rsa.c
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2017-04-03 01:41:35 -0400
committerRob Austein <sra@hactrn.net>2017-04-03 01:41:35 -0400
commit33694de72d8a1c5714bea76ed70c755b5bb64a3e (patch)
tree0861e495196b7eff194eabd8c4b4c5401fdcc274 /rsa.c
parente36bfa86709e0823c2b1635afbac0bf68cb6c1cd (diff)
PKCS #8 code for RSA and ECDSA.
Compiles, not yet tested. Existing tests need conversion to PKCS #8 before we can do anything useful with this. Once everything uses PKCS #8 instead of algorithm-specific formats, we can revisit API issues like whether hal_rpc_pkey_load() should still be taking `type` and `curve` arguments.
Diffstat (limited to 'rsa.c')
-rw-r--r--rsa.c54
1 files changed, 33 insertions, 21 deletions
diff --git a/rsa.c b/rsa.c
index e24b5eb..3cea42c 100644
--- a/rsa.c
+++ b/rsa.c
@@ -673,7 +673,7 @@ hal_error_t hal_rsa_key_gen(const hal_core_t *core,
/*
* Just enough ASN.1 to read and write PKCS #1.5 RSAPrivateKey syntax
- * (RFC 2313 section 7.2).
+ * (RFC 2313 section 7.2) wrapped in a PKCS #8 PrivateKeyInfo (RFC 5208).
*
* RSAPrivateKey fields in the required order.
*/
@@ -709,15 +709,12 @@ hal_error_t hal_rsa_private_key_to_der(const hal_rsa_key_t * const key,
RSAPrivateKey_fields;
#undef _
- /*
- * Encode header.
- */
-
- if ((err = hal_asn1_encode_header(ASN1_SEQUENCE, vlen, der, &hlen, der_max)) != HAL_OK)
+ if ((err = hal_asn1_encode_header(ASN1_SEQUENCE, vlen, NULL, &hlen, 0)) != HAL_OK)
return err;
- if (der_len != NULL)
- *der_len = hlen + vlen;
+ if ((err = hal_asn1_encode_pkcs8_privatekeyinfo(hal_asn1_oid_rsaEncryption, hal_asn1_oid_rsaEncryption_len,
+ NULL, 0, NULL, hlen + vlen, NULL, der_len, der_max)) != HAL_OK)
+ return err;
if (der == NULL)
return HAL_OK;
@@ -726,13 +723,18 @@ hal_error_t hal_rsa_private_key_to_der(const hal_rsa_key_t * const key,
* Encode data.
*/
- der += hlen;
+ if ((err = hal_asn1_encode_header(ASN1_SEQUENCE, vlen, der, &hlen, der_max)) != HAL_OK)
+ return err;
-#define _(x) { size_t n; if ((err = hal_asn1_encode_integer(x, der, &n, vlen)) != HAL_OK) return err; der += n; vlen -= n; }
+ uint8_t *d = der + hlen;
+ memset(d, 0, vlen);
+
+#define _(x) { size_t n; if ((err = hal_asn1_encode_integer(x, d, &n, vlen)) != HAL_OK) return err; d += n; vlen -= n; }
RSAPrivateKey_fields;
#undef _
- return HAL_OK;
+ return hal_asn1_encode_pkcs8_privatekeyinfo(hal_asn1_oid_rsaEncryption, hal_asn1_oid_rsaEncryption_len,
+ NULL, 0, der, d - der, der, der_len, der_max);
}
size_t hal_rsa_private_key_to_der_len(const hal_rsa_key_t * const key)
@@ -754,21 +756,33 @@ hal_error_t hal_rsa_private_key_from_der(hal_rsa_key_t **key_,
key->type = HAL_KEY_TYPE_RSA_PRIVATE;
- hal_error_t err = HAL_OK;
- size_t hlen, vlen;
+ size_t hlen, vlen, alg_oid_len, curve_oid_len, privkey_len;
+ const uint8_t *alg_oid, *curve_oid, *privkey;
+ hal_error_t err;
- if ((err = hal_asn1_decode_header(ASN1_SEQUENCE, der, der_len, &hlen, &vlen)) != HAL_OK)
+ if ((err = hal_asn1_decode_pkcs8_privatekeyinfo(&alg_oid, &alg_oid_len,
+ &curve_oid, &curve_oid_len,
+ &privkey, &privkey_len,
+ der, der_len)) != HAL_OK)
return err;
- der += hlen;
+ if (alg_oid_len != hal_asn1_oid_rsaEncryption_len ||
+ memcmp(alg_oid, hal_asn1_oid_rsaEncryption, alg_oid_len) != 0 ||
+ curve_oid_len != 0)
+ return HAL_ERROR_ASN1_PARSE_FAILED;
+
+ if ((err = hal_asn1_decode_header(ASN1_SEQUENCE, privkey, privkey_len, &hlen, &vlen)) != HAL_OK)
+ return err;
+
+ const uint8_t *d = privkey + hlen;
fp_int version[1] = INIT_FP_INT;
-#define _(x) { size_t i; if ((err = hal_asn1_decode_integer(x, der, &i, vlen)) != HAL_OK) return err; der += i; vlen -= i; }
+#define _(x) { size_t n; if ((err = hal_asn1_decode_integer(x, d, &n, vlen)) != HAL_OK) return err; d += n; vlen -= n; }
RSAPrivateKey_fields;
#undef _
- if (fp_cmp_d(version, 0) != FP_EQ)
+ if (d != privkey + privkey_len || !fp_iszero(version))
return HAL_ERROR_ASN1_PARSE_FAILED;
*key_ = key;
@@ -780,8 +794,6 @@ hal_error_t hal_rsa_private_key_from_der(hal_rsa_key_t **key_,
* ASN.1 public keys in SubjectPublicKeyInfo form, see RFCs 2313, 4055, and 5280.
*/
-static const uint8_t oid_rsaEncryption[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01 };
-
hal_error_t hal_rsa_public_key_to_der(const hal_rsa_key_t * const key,
uint8_t *der, size_t *der_len, const size_t der_max)
{
@@ -810,7 +822,7 @@ hal_error_t hal_rsa_public_key_to_der(const hal_rsa_key_t * const key,
return err;
}
- return hal_asn1_encode_spki(oid_rsaEncryption, sizeof(oid_rsaEncryption),
+ return hal_asn1_encode_spki(hal_asn1_oid_rsaEncryption, hal_asn1_oid_rsaEncryption_len,
NULL, 0, der, hlen + vlen,
der, der_len, der_max);
@@ -843,7 +855,7 @@ hal_error_t hal_rsa_public_key_from_der(hal_rsa_key_t **key_,
return err;
if (null != NULL || null_len != 0 || alg_oid == NULL ||
- alg_oid_len != sizeof(oid_rsaEncryption) || memcmp(alg_oid, oid_rsaEncryption, alg_oid_len) != 0)
+ alg_oid_len != hal_asn1_oid_rsaEncryption_len || memcmp(alg_oid, hal_asn1_oid_rsaEncryption, alg_oid_len) != 0)
return HAL_ERROR_ASN1_PARSE_FAILED;
size_t len, hlen, vlen;