aboutsummaryrefslogtreecommitdiff
path: root/rsa.c
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2015-06-19 20:03:03 -0400
committerRob Austein <sra@hactrn.net>2015-06-19 20:03:03 -0400
commitf23b4c6fd3ebee70ff7f8df5f088cfe27ff48a29 (patch)
tree60627660052d21d27a50ff42ea50f16317c28461 /rsa.c
parentaaec57f3fc6775bdbf50965ae34e8a797542b7ee (diff)
Add methods to extract public components from an RSA key. Other minor
cleanup and commenting within RSA module.
Diffstat (limited to 'rsa.c')
-rw-r--r--rsa.c105
1 files changed, 72 insertions, 33 deletions
diff --git a/rsa.c b/rsa.c
index 85ac8ee..ef334b6 100644
--- a/rsa.c
+++ b/rsa.c
@@ -43,6 +43,7 @@
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
+#include <stddef.h>
#include <string.h>
#include <assert.h>
@@ -99,7 +100,7 @@ void hal_rsa_set_blinding(const int onoff)
* RSA key implementation. This structure type is private to this
* module, anything else that needs to touch one of these just gets a
* typed opaque pointer. We do, however, export the size, so that we
- * can make memory allocation the caller's problem (well, maybe).
+ * can make memory allocation the caller's problem.
*/
struct rsa_key {
@@ -117,14 +118,7 @@ struct rsa_key {
const size_t hal_rsa_key_t_size = sizeof(struct rsa_key);
/*
- * In the long run we want a full RSA implementation, or enough of one
- * to cover what we need in PKCS #11. For the moment, though, the
- * most urgent thing is to see whether this approach to performing the
- * CRT calculation works (and is any faster), followed by whether we
- * can use this approach for key generation.
- *
- * So don't worry about whether the following functions are what we
- * want in the long run, they'll probably evolve as we go.
+ * Error handling.
*/
#define lose(_code_) \
@@ -166,7 +160,7 @@ static hal_error_t unpack_fp(fp_int *bn, uint8_t *buffer, const size_t length)
#if HAL_RSA_USE_MODEXP
/*
- * Unwrap bignums into byte arrays, feeds them into hal_modexp(), and
+ * Unwrap bignums into byte arrays, feed them into hal_modexp(), and
* wrap result back up as a bignum.
*/
@@ -204,7 +198,7 @@ static hal_error_t modexp(fp_int *msg, fp_int *exp, fp_int *mod, fp_int *res)
/*
* Wrapper to let us export our modexp function as a replacement for
- * TFM's, to avoid dragging all of the TFM montgomery code in when we
+ * TFM's, to avoid dragging in all of the TFM montgomery code when we
* use TFM's Miller-Rabin test code.
*
* This code is here rather than in a separate module because of the
@@ -335,6 +329,9 @@ static hal_error_t rsa_crt(struct rsa_key *key, fp_int *msg, fp_int *sig)
/*
* Public API for raw RSA encryption and decryption.
+ *
+ * NB: This does not handle PKCS #1.5 padding, at the moment that's up
+ * to the caller.
*/
hal_error_t hal_rsa_encrypt(hal_rsa_key_t key_,
@@ -456,6 +453,51 @@ hal_error_t hal_rsa_key_load(const hal_rsa_key_type_t type,
return HAL_ERROR_BAD_ARGUMENTS;
}
+/*
+ * Extract public key components.
+ */
+
+static hal_error_t extract_component(hal_rsa_key_t key_, const size_t offset,
+ uint8_t *res, size_t *res_len, const size_t res_max)
+{
+ if (key_.key == NULL)
+ return HAL_ERROR_BAD_ARGUMENTS;
+
+ fp_int *bn = (fp_int *) (((uint8_t *) key_.key) + offset);
+
+ const size_t len = fp_unsigned_bin_size(bn);
+
+ if (res_len != NULL)
+ *res_len = len;
+
+ if (len > res_max)
+ return HAL_ERROR_RESULT_TOO_LONG;
+
+ memset(res, 0, res_max);
+ fp_to_unsigned_bin(bn, res);
+ return HAL_OK;
+}
+
+hal_error_t hal_rsa_key_get_modulus(hal_rsa_key_t key_,
+ uint8_t *res, size_t *res_len, const size_t res_max)
+{
+ return extract_component(key_, offsetof(struct rsa_key, n), res, res_len, res_max);
+}
+
+hal_error_t hal_rsa_key_get_public_exponent(hal_rsa_key_t key_,
+ uint8_t *res, size_t *res_len, const size_t res_max)
+{
+ return extract_component(key_, offsetof(struct rsa_key, e), res, res_len, res_max);
+}
+
+/*
+ * Generate a prime factor for an RSA keypair.
+ *
+ * Get random bytes, munge a few bits, and stuff into a bignum. Keep
+ * doing this until we find a result that's (probably) prime and for
+ * which result - 1 is relatively prime with respect to e.
+ */
+
static hal_error_t find_prime(unsigned prime_length, fp_int *e, fp_int *result)
{
uint8_t buffer[prime_length];
@@ -464,12 +506,6 @@ static hal_error_t find_prime(unsigned prime_length, fp_int *e, fp_int *result)
fp_init(&t);
- /*
- * Get random bytes, munge a few bits, and stuff into a bignum.
- * Keep doing this until we find a result that's (probably) prime
- * and for which result - 1 is relatively prime with respect to e.
- */
-
do {
if ((err = hal_get_random(buffer, sizeof(buffer))) != HAL_OK)
return err;
@@ -484,6 +520,10 @@ static hal_error_t find_prime(unsigned prime_length, fp_int *e, fp_int *result)
return HAL_OK;
}
+/*
+ * Generate a new RSA keypair.
+ */
+
hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key_,
void *keybuf, const size_t keybuf_len,
const unsigned key_length,
@@ -553,6 +593,21 @@ hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key_,
#define ASN1_INTEGER 0x02
#define ASN1_SEQUENCE 0x30
+/*
+ * RSAPrivateKey fields in the required order.
+ */
+
+#define RSAPrivateKey_fields \
+ _(&version); \
+ _(&key->n); \
+ _(&key->e); \
+ _(&key->d); \
+ _(&key->p); \
+ _(&key->q); \
+ _(&key->dP); \
+ _(&key->dQ); \
+ _(&key->u);
+
static size_t count_length(size_t length)
{
size_t result = 1;
@@ -682,22 +737,6 @@ static hal_error_t decode_integer(fp_int *bn,
return HAL_OK;
}
-/*
- * RSAPrivateKey fields in the required order.
- */
-
-#define RSAPrivateKey_fields \
- _(&version); \
- _(&key->n); \
- _(&key->e); \
- _(&key->d); \
- _(&key->p); \
- _(&key->q); \
- _(&key->dP); \
- _(&key->dQ); \
- _(&key->u);
-
-
hal_error_t hal_rsa_key_to_der(hal_rsa_key_t key_,
uint8_t *der, size_t *der_len, const size_t der_max)
{