diff options
Diffstat (limited to 'rpc_pkey.c')
-rw-r--r-- | rpc_pkey.c | 68 |
1 files changed, 58 insertions, 10 deletions
@@ -3,8 +3,10 @@ * ---------- * Remote procedure call server-side public key implementation. * - * Authors: Rob Austein - * Copyright (c) 2015, NORDUnet A/S All rights reserved. + * Authors: Rob Austein, Paul Selkirk + * Copyright (c) 2015-2018, NORDUnet A/S All rights reserved. + * Copyright: 2019-2020, The Commons Conservancy Cryptech Project + * SPDX-License-Identifier: BSD-3-Clause * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are @@ -16,9 +18,9 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * - Neither the name of the NORDUnet nor the names of its contributors may - * be used to endorse or promote products derived from this software - * without specific prior written permission. + * - Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED @@ -47,6 +49,13 @@ static hal_pkey_slot_t pkey_slot[HAL_STATIC_PKEY_STATE_BLOCKS]; #endif +#ifdef DO_TIMING +#include "stm-dwt.h" +#else +#define DWT_start(x) +#define DWT_stop(x) +#endif + /* * Handle allocation is simple: look for an unused (HAL_HANDLE_NONE) * slot in the table, and, assuming we find one, construct a composite @@ -445,6 +454,9 @@ static hal_error_t pkey_local_generate_rsa(const hal_client_handle_t client, uint8_t der[hal_rsa_private_key_to_der_len(key)]; size_t der_len; +#if 0 + printf("pkey_local_generate_rsa: key_len = %u, der_len = %u\n", key_length, sizeof(der)); +#endif if ((err = hal_rsa_private_key_to_der(key, der, &der_len, sizeof(der))) == HAL_OK) err = hal_ks_store(ks_from_flags(flags), slot, der, der_len); @@ -503,6 +515,9 @@ static hal_error_t pkey_local_generate_ec(const hal_client_handle_t client, uint8_t der[hal_ecdsa_private_key_to_der_len(key)]; size_t der_len; +#if 0 + printf("pkey_local_generate_ec: curve = %u, der_len = %u\n", curve, sizeof(der)); +#endif if ((err = hal_ecdsa_private_key_to_der(key, der, &der_len, sizeof(der))) == HAL_OK) err = hal_ks_store(ks_from_flags(flags), slot, der, der_len); @@ -562,6 +577,9 @@ static hal_error_t pkey_local_generate_hashsig(const hal_client_handle_t client, uint8_t der[hal_hashsig_private_key_to_der_len(key)]; size_t der_len; +#if 0 + printf("pkey_local_generate_hashsig: hss = %u, lms = %u, lmots = %u, der_len = %u\n", hss_levels, lms_type, lmots_type, sizeof(der)); +#endif if ((err = hal_hashsig_private_key_to_der(key, der, &der_len, sizeof(der))) == HAL_OK) err = hal_ks_store(ks_from_flags(flags), slot, der, der_len); @@ -798,7 +816,10 @@ static hal_error_t pkey_local_sign_rsa(hal_pkey_slot_t *slot, hal_assert(signature != NULL && signature_len != NULL); hal_assert((hash.handle == HAL_HANDLE_NONE) != (input == NULL || input_len == 0)); - if ((err = hal_rsa_private_key_from_der(&key, keybuf, keybuf_len, der, der_len)) != HAL_OK || + DWT_start(DWT_hal_rsa_private_key_from_der); + err = hal_rsa_private_key_from_der(&key, keybuf, keybuf_len, der, der_len); + DWT_stop(DWT_hal_rsa_private_key_from_der); + if (err != HAL_OK || (err = hal_rsa_key_get_modulus(key, NULL, signature_len, 0)) != HAL_OK) return err; @@ -811,15 +832,30 @@ static hal_error_t pkey_local_sign_rsa(hal_pkey_slot_t *slot, input = signature; } - if ((err = pkcs1_5_pad(input, input_len, signature, *signature_len, 0x01)) != HAL_OK || - (err = hal_rsa_decrypt(NULL, NULL, key, signature, *signature_len, signature, *signature_len)) != HAL_OK) + if ((err = pkcs1_5_pad(input, input_len, signature, *signature_len, 0x01)) != HAL_OK) + return err; + DWT_start(DWT_hal_rsa_decrypt); + err = hal_rsa_decrypt(NULL, NULL, key, signature, *signature_len, signature, *signature_len); + DWT_stop(DWT_hal_rsa_decrypt); + if (err != HAL_OK) return err; if (hal_rsa_key_needs_saving(key)) { uint8_t pkcs8[hal_rsa_private_key_to_der_extra_len(key)]; size_t pkcs8_len = 0; +#if 0 + printf("pkey_local_sign_rsa: der_len = %u\n", sizeof(pkcs8)); +#endif if ((err = hal_rsa_private_key_to_der_extra(key, pkcs8, &pkcs8_len, sizeof(pkcs8))) == HAL_OK) err = hal_ks_rewrite_der(ks_from_flags(slot->flags), slot, pkcs8, pkcs8_len); +#if 0 + size_t i; + for (i = 0; i < sizeof(pkcs8); ++i) { + printf("%02x%c", pkcs8[i], (i & 0x0f) == 0x0f ? '\n' : ' '); + } + if (i & 0x0f) + printf("\n"); +#endif memset(pkcs8, 0, sizeof(pkcs8)); if (err != HAL_OK) return err; @@ -951,9 +987,15 @@ static hal_error_t pkey_local_sign(const hal_pkey_handle_t pkey, size_t der_len; hal_error_t err; - if ((err = ks_fetch_from_flags(slot, der, &der_len, sizeof(der))) == HAL_OK) + DWT_start(DWT_hal_ks_fetch); + err = ks_fetch_from_flags(slot, der, &der_len, sizeof(der)); + DWT_stop(DWT_hal_ks_fetch); + if (err == HAL_OK) { + DWT_start(DWT_pkey_local_sign_rsa); err = signer(slot, keybuf, sizeof(keybuf), der, der_len, hash, input, input_len, signature, signature_len, signature_max); + DWT_stop(DWT_pkey_local_sign_rsa); + } memset(keybuf, 0, sizeof(keybuf)); memset(der, 0, sizeof(der)); @@ -1225,6 +1267,7 @@ static hal_error_t pkey_local_match(const hal_client_handle_t client, case MATCH_STATE_START: prev = uuid_zero; ++*state; + /* fall through */ case MATCH_STATE_TOKEN: if (((mask & HAL_KEY_FLAG_TOKEN) == 0 || (mask & flags & HAL_KEY_FLAG_TOKEN) != 0) && @@ -1236,6 +1279,7 @@ static hal_error_t pkey_local_match(const hal_client_handle_t client, return HAL_OK; prev = uuid_zero; ++*state; + /* fall through */ case MATCH_STATE_VOLATILE: if (((mask & HAL_KEY_FLAG_TOKEN) == 0 || (mask & flags & HAL_KEY_FLAG_TOKEN) == 0) && @@ -1246,6 +1290,7 @@ static hal_error_t pkey_local_match(const hal_client_handle_t client, if (*result_len == result_max) return HAL_OK; ++*state; + /* fall through */ case MATCH_STATE_DONE: return HAL_OK; @@ -1431,7 +1476,10 @@ static hal_error_t pkey_local_import(const hal_client_handle_t client, goto fail; } - if ((err = hal_rsa_decrypt(NULL, NULL, rsa, data, data_len, der, data_len)) != HAL_OK) + DWT_start(DWT_hal_rsa_decrypt); + err = hal_rsa_decrypt(NULL, NULL, rsa, data, data_len, der, data_len); + DWT_stop(DWT_hal_rsa_decrypt); + if (err != HAL_OK) goto fail; if ((err = hal_get_random(NULL, kek, sizeof(kek))) != HAL_OK) |