diff options
-rw-r--r-- | cryptech.h | 4 | ||||
-rw-r--r-- | hash.c | 28 | ||||
-rw-r--r-- | rsa.c | 9 |
3 files changed, 41 insertions, 0 deletions
@@ -514,6 +514,8 @@ typedef struct { size_t digest_length; size_t hash_state_length; size_t hmac_state_length; + const uint8_t * const digest_algorithm_id; + size_t digest_algorithm_id_length; const void *driver; } hal_hash_descriptor_t; @@ -656,6 +658,8 @@ extern hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key, extern hal_error_t hal_rsa_key_to_der(hal_rsa_key_t key, uint8_t *der, size_t *der_len, const size_t der_max); +extern size_t hal_rsa_key_to_der_len(hal_rsa_key_t key); + extern hal_error_t hal_rsa_key_from_der(hal_rsa_key_t *key, void *keybuf, const size_t keybuf_len, const uint8_t * const der, const size_t der_len); @@ -153,6 +153,28 @@ static const driver_t sha512_driver = { }; /* + * Digest algorithm identifiers: DER encoded full TLV of an + * DigestAlgorithmIdentifier SEQUENCE including OID for the algorithm in + * question and a NULL parameters value. + * + * See RFC 2313 and the NIST algorithm registry: + * http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html + * + * The DER encoding is too complex to generate in the C preprocessor, + * and we want these as compile-time constants, so we just supply the + * raw hex encoding here. If this gets seriously out of control we'll + * write a script to generate a header file we can include. + */ + +static const uint8_t + dalgid_sha1[] = { 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00 }, + dalgid_sha256[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00 }, + dalgid_sha384[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00 }, + dalgid_sha512[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00 }, + dalgid_sha512_224[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x05, 0x05, 0x00 }, + dalgid_sha512_256[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x06, 0x05, 0x00 }; + +/* * Descriptors. Yes, the {hash,hmac}_state_length fields are a bit * repetitive given that they (currently) have the same value * regardless of algorithm, but we don't want to wire in that @@ -162,36 +184,42 @@ static const driver_t sha512_driver = { const hal_hash_descriptor_t hal_hash_sha1[1] = {{ SHA1_BLOCK_LEN, SHA1_DIGEST_LEN, sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t), + dalgid_sha1, sizeof(dalgid_sha1), &sha1_driver }}; const hal_hash_descriptor_t hal_hash_sha256[1] = {{ SHA256_BLOCK_LEN, SHA256_DIGEST_LEN, sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t), + dalgid_sha256, sizeof(dalgid_sha256), &sha256_driver }}; const hal_hash_descriptor_t hal_hash_sha512_224[1] = {{ SHA512_BLOCK_LEN, SHA512_224_DIGEST_LEN, sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t), + dalgid_sha512_224, sizeof(dalgid_sha512_224), &sha512_224_driver }}; const hal_hash_descriptor_t hal_hash_sha512_256[1] = {{ SHA512_BLOCK_LEN, SHA512_256_DIGEST_LEN, sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t), + dalgid_sha512_256, sizeof(dalgid_sha512_256), &sha512_256_driver }}; const hal_hash_descriptor_t hal_hash_sha384[1] = {{ SHA512_BLOCK_LEN, SHA384_DIGEST_LEN, sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t), + dalgid_sha384, sizeof(dalgid_sha384), &sha384_driver }}; const hal_hash_descriptor_t hal_hash_sha512[1] = {{ SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t), + dalgid_sha512, sizeof(dalgid_sha512), &sha512_driver }}; @@ -470,6 +470,9 @@ static hal_error_t extract_component(hal_rsa_key_t key_, const size_t offset, if (res_len != NULL) *res_len = len; + if (res == NULL) + return HAL_OK; + if (len > res_max) return HAL_ERROR_RESULT_TOO_LONG; @@ -786,6 +789,12 @@ hal_error_t hal_rsa_key_to_der(hal_rsa_key_t key_, return HAL_OK; } +size_t hal_rsa_key_to_der_len(hal_rsa_key_t key_) +{ + size_t len = 0; + return hal_rsa_key_to_der(key_, NULL, &len, 0) == HAL_OK ? len : 0; +} + hal_error_t hal_rsa_key_from_der(hal_rsa_key_t *key_, void *keybuf, const size_t keybuf_len, const uint8_t *der, const size_t der_len) |