aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cryptech.h4
-rw-r--r--hash.c28
-rw-r--r--rsa.c9
3 files changed, 41 insertions, 0 deletions
diff --git a/cryptech.h b/cryptech.h
index b0a7c35..dba9f31 100644
--- a/cryptech.h
+++ b/cryptech.h
@@ -514,6 +514,8 @@ typedef struct {
size_t digest_length;
size_t hash_state_length;
size_t hmac_state_length;
+ const uint8_t * const digest_algorithm_id;
+ size_t digest_algorithm_id_length;
const void *driver;
} hal_hash_descriptor_t;
@@ -656,6 +658,8 @@ extern hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key,
extern hal_error_t hal_rsa_key_to_der(hal_rsa_key_t key,
uint8_t *der, size_t *der_len, const size_t der_max);
+extern size_t hal_rsa_key_to_der_len(hal_rsa_key_t key);
+
extern hal_error_t hal_rsa_key_from_der(hal_rsa_key_t *key,
void *keybuf, const size_t keybuf_len,
const uint8_t * const der, const size_t der_len);
diff --git a/hash.c b/hash.c
index 637eb7e..4b92198 100644
--- a/hash.c
+++ b/hash.c
@@ -153,6 +153,28 @@ static const driver_t sha512_driver = {
};
/*
+ * Digest algorithm identifiers: DER encoded full TLV of an
+ * DigestAlgorithmIdentifier SEQUENCE including OID for the algorithm in
+ * question and a NULL parameters value.
+ *
+ * See RFC 2313 and the NIST algorithm registry:
+ * http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
+ *
+ * The DER encoding is too complex to generate in the C preprocessor,
+ * and we want these as compile-time constants, so we just supply the
+ * raw hex encoding here. If this gets seriously out of control we'll
+ * write a script to generate a header file we can include.
+ */
+
+static const uint8_t
+ dalgid_sha1[] = { 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00 },
+ dalgid_sha256[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00 },
+ dalgid_sha384[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00 },
+ dalgid_sha512[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00 },
+ dalgid_sha512_224[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x05, 0x05, 0x00 },
+ dalgid_sha512_256[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x06, 0x05, 0x00 };
+
+/*
* Descriptors. Yes, the {hash,hmac}_state_length fields are a bit
* repetitive given that they (currently) have the same value
* regardless of algorithm, but we don't want to wire in that
@@ -162,36 +184,42 @@ static const driver_t sha512_driver = {
const hal_hash_descriptor_t hal_hash_sha1[1] = {{
SHA1_BLOCK_LEN, SHA1_DIGEST_LEN,
sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t),
+ dalgid_sha1, sizeof(dalgid_sha1),
&sha1_driver
}};
const hal_hash_descriptor_t hal_hash_sha256[1] = {{
SHA256_BLOCK_LEN, SHA256_DIGEST_LEN,
sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t),
+ dalgid_sha256, sizeof(dalgid_sha256),
&sha256_driver
}};
const hal_hash_descriptor_t hal_hash_sha512_224[1] = {{
SHA512_BLOCK_LEN, SHA512_224_DIGEST_LEN,
sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t),
+ dalgid_sha512_224, sizeof(dalgid_sha512_224),
&sha512_224_driver
}};
const hal_hash_descriptor_t hal_hash_sha512_256[1] = {{
SHA512_BLOCK_LEN, SHA512_256_DIGEST_LEN,
sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t),
+ dalgid_sha512_256, sizeof(dalgid_sha512_256),
&sha512_256_driver
}};
const hal_hash_descriptor_t hal_hash_sha384[1] = {{
SHA512_BLOCK_LEN, SHA384_DIGEST_LEN,
sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t),
+ dalgid_sha384, sizeof(dalgid_sha384),
&sha384_driver
}};
const hal_hash_descriptor_t hal_hash_sha512[1] = {{
SHA512_BLOCK_LEN, SHA512_DIGEST_LEN,
sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t),
+ dalgid_sha512, sizeof(dalgid_sha512),
&sha512_driver
}};
diff --git a/rsa.c b/rsa.c
index ef334b6..320327a 100644
--- a/rsa.c
+++ b/rsa.c
@@ -470,6 +470,9 @@ static hal_error_t extract_component(hal_rsa_key_t key_, const size_t offset,
if (res_len != NULL)
*res_len = len;
+ if (res == NULL)
+ return HAL_OK;
+
if (len > res_max)
return HAL_ERROR_RESULT_TOO_LONG;
@@ -786,6 +789,12 @@ hal_error_t hal_rsa_key_to_der(hal_rsa_key_t key_,
return HAL_OK;
}
+size_t hal_rsa_key_to_der_len(hal_rsa_key_t key_)
+{
+ size_t len = 0;
+ return hal_rsa_key_to_der(key_, NULL, &len, 0) == HAL_OK ? len : 0;
+}
+
hal_error_t hal_rsa_key_from_der(hal_rsa_key_t *key_,
void *keybuf, const size_t keybuf_len,
const uint8_t *der, const size_t der_len)