aboutsummaryrefslogtreecommitdiff
path: root/rpc_pkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'rpc_pkey.c')
-rw-r--r--rpc_pkey.c68
1 files changed, 58 insertions, 10 deletions
diff --git a/rpc_pkey.c b/rpc_pkey.c
index b44eb54..630bf93 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -3,8 +3,10 @@
* ----------
* Remote procedure call server-side public key implementation.
*
- * Authors: Rob Austein
- * Copyright (c) 2015, NORDUnet A/S All rights reserved.
+ * Authors: Rob Austein, Paul Selkirk
+ * Copyright (c) 2015-2018, NORDUnet A/S All rights reserved.
+ * Copyright: 2019-2020, The Commons Conservancy Cryptech Project
+ * SPDX-License-Identifier: BSD-3-Clause
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -16,9 +18,9 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
- * - Neither the name of the NORDUnet nor the names of its contributors may
- * be used to endorse or promote products derived from this software
- * without specific prior written permission.
+ * - Neither the name of the copyright holder nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
@@ -47,6 +49,13 @@
static hal_pkey_slot_t pkey_slot[HAL_STATIC_PKEY_STATE_BLOCKS];
#endif
+#ifdef DO_TIMING
+#include "stm-dwt.h"
+#else
+#define DWT_start(x)
+#define DWT_stop(x)
+#endif
+
/*
* Handle allocation is simple: look for an unused (HAL_HANDLE_NONE)
* slot in the table, and, assuming we find one, construct a composite
@@ -445,6 +454,9 @@ static hal_error_t pkey_local_generate_rsa(const hal_client_handle_t client,
uint8_t der[hal_rsa_private_key_to_der_len(key)];
size_t der_len;
+#if 0
+ printf("pkey_local_generate_rsa: key_len = %u, der_len = %u\n", key_length, sizeof(der));
+#endif
if ((err = hal_rsa_private_key_to_der(key, der, &der_len, sizeof(der))) == HAL_OK)
err = hal_ks_store(ks_from_flags(flags), slot, der, der_len);
@@ -503,6 +515,9 @@ static hal_error_t pkey_local_generate_ec(const hal_client_handle_t client,
uint8_t der[hal_ecdsa_private_key_to_der_len(key)];
size_t der_len;
+#if 0
+ printf("pkey_local_generate_ec: curve = %u, der_len = %u\n", curve, sizeof(der));
+#endif
if ((err = hal_ecdsa_private_key_to_der(key, der, &der_len, sizeof(der))) == HAL_OK)
err = hal_ks_store(ks_from_flags(flags), slot, der, der_len);
@@ -562,6 +577,9 @@ static hal_error_t pkey_local_generate_hashsig(const hal_client_handle_t client,
uint8_t der[hal_hashsig_private_key_to_der_len(key)];
size_t der_len;
+#if 0
+ printf("pkey_local_generate_hashsig: hss = %u, lms = %u, lmots = %u, der_len = %u\n", hss_levels, lms_type, lmots_type, sizeof(der));
+#endif
if ((err = hal_hashsig_private_key_to_der(key, der, &der_len, sizeof(der))) == HAL_OK)
err = hal_ks_store(ks_from_flags(flags), slot, der, der_len);
@@ -798,7 +816,10 @@ static hal_error_t pkey_local_sign_rsa(hal_pkey_slot_t *slot,
hal_assert(signature != NULL && signature_len != NULL);
hal_assert((hash.handle == HAL_HANDLE_NONE) != (input == NULL || input_len == 0));
- if ((err = hal_rsa_private_key_from_der(&key, keybuf, keybuf_len, der, der_len)) != HAL_OK ||
+ DWT_start(DWT_hal_rsa_private_key_from_der);
+ err = hal_rsa_private_key_from_der(&key, keybuf, keybuf_len, der, der_len);
+ DWT_stop(DWT_hal_rsa_private_key_from_der);
+ if (err != HAL_OK ||
(err = hal_rsa_key_get_modulus(key, NULL, signature_len, 0)) != HAL_OK)
return err;
@@ -811,15 +832,30 @@ static hal_error_t pkey_local_sign_rsa(hal_pkey_slot_t *slot,
input = signature;
}
- if ((err = pkcs1_5_pad(input, input_len, signature, *signature_len, 0x01)) != HAL_OK ||
- (err = hal_rsa_decrypt(NULL, NULL, key, signature, *signature_len, signature, *signature_len)) != HAL_OK)
+ if ((err = pkcs1_5_pad(input, input_len, signature, *signature_len, 0x01)) != HAL_OK)
+ return err;
+ DWT_start(DWT_hal_rsa_decrypt);
+ err = hal_rsa_decrypt(NULL, NULL, key, signature, *signature_len, signature, *signature_len);
+ DWT_stop(DWT_hal_rsa_decrypt);
+ if (err != HAL_OK)
return err;
if (hal_rsa_key_needs_saving(key)) {
uint8_t pkcs8[hal_rsa_private_key_to_der_extra_len(key)];
size_t pkcs8_len = 0;
+#if 0
+ printf("pkey_local_sign_rsa: der_len = %u\n", sizeof(pkcs8));
+#endif
if ((err = hal_rsa_private_key_to_der_extra(key, pkcs8, &pkcs8_len, sizeof(pkcs8))) == HAL_OK)
err = hal_ks_rewrite_der(ks_from_flags(slot->flags), slot, pkcs8, pkcs8_len);
+#if 0
+ size_t i;
+ for (i = 0; i < sizeof(pkcs8); ++i) {
+ printf("%02x%c", pkcs8[i], (i & 0x0f) == 0x0f ? '\n' : ' ');
+ }
+ if (i & 0x0f)
+ printf("\n");
+#endif
memset(pkcs8, 0, sizeof(pkcs8));
if (err != HAL_OK)
return err;
@@ -951,9 +987,15 @@ static hal_error_t pkey_local_sign(const hal_pkey_handle_t pkey,
size_t der_len;
hal_error_t err;
- if ((err = ks_fetch_from_flags(slot, der, &der_len, sizeof(der))) == HAL_OK)
+ DWT_start(DWT_hal_ks_fetch);
+ err = ks_fetch_from_flags(slot, der, &der_len, sizeof(der));
+ DWT_stop(DWT_hal_ks_fetch);
+ if (err == HAL_OK) {
+ DWT_start(DWT_pkey_local_sign_rsa);
err = signer(slot, keybuf, sizeof(keybuf), der, der_len, hash, input, input_len,
signature, signature_len, signature_max);
+ DWT_stop(DWT_pkey_local_sign_rsa);
+ }
memset(keybuf, 0, sizeof(keybuf));
memset(der, 0, sizeof(der));
@@ -1225,6 +1267,7 @@ static hal_error_t pkey_local_match(const hal_client_handle_t client,
case MATCH_STATE_START:
prev = uuid_zero;
++*state;
+ /* fall through */
case MATCH_STATE_TOKEN:
if (((mask & HAL_KEY_FLAG_TOKEN) == 0 || (mask & flags & HAL_KEY_FLAG_TOKEN) != 0) &&
@@ -1236,6 +1279,7 @@ static hal_error_t pkey_local_match(const hal_client_handle_t client,
return HAL_OK;
prev = uuid_zero;
++*state;
+ /* fall through */
case MATCH_STATE_VOLATILE:
if (((mask & HAL_KEY_FLAG_TOKEN) == 0 || (mask & flags & HAL_KEY_FLAG_TOKEN) == 0) &&
@@ -1246,6 +1290,7 @@ static hal_error_t pkey_local_match(const hal_client_handle_t client,
if (*result_len == result_max)
return HAL_OK;
++*state;
+ /* fall through */
case MATCH_STATE_DONE:
return HAL_OK;
@@ -1431,7 +1476,10 @@ static hal_error_t pkey_local_import(const hal_client_handle_t client,
goto fail;
}
- if ((err = hal_rsa_decrypt(NULL, NULL, rsa, data, data_len, der, data_len)) != HAL_OK)
+ DWT_start(DWT_hal_rsa_decrypt);
+ err = hal_rsa_decrypt(NULL, NULL, rsa, data, data_len, der, data_len);
+ DWT_stop(DWT_hal_rsa_decrypt);
+ if (err != HAL_OK)
goto fail;
if ((err = hal_get_random(NULL, kek, sizeof(kek))) != HAL_OK)