From bca97e11e8cd4e8236eef3cdabf659963ce9f0cc Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 21 Jun 2015 22:17:46 -0400 Subject: Add digest algorithm IDs. --- cryptech.h | 4 ++++ hash.c | 28 ++++++++++++++++++++++++++++ rsa.c | 9 +++++++++ 3 files changed, 41 insertions(+) diff --git a/cryptech.h b/cryptech.h index b0a7c35..dba9f31 100644 --- a/cryptech.h +++ b/cryptech.h @@ -514,6 +514,8 @@ typedef struct { size_t digest_length; size_t hash_state_length; size_t hmac_state_length; + const uint8_t * const digest_algorithm_id; + size_t digest_algorithm_id_length; const void *driver; } hal_hash_descriptor_t; @@ -656,6 +658,8 @@ extern hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key, extern hal_error_t hal_rsa_key_to_der(hal_rsa_key_t key, uint8_t *der, size_t *der_len, const size_t der_max); +extern size_t hal_rsa_key_to_der_len(hal_rsa_key_t key); + extern hal_error_t hal_rsa_key_from_der(hal_rsa_key_t *key, void *keybuf, const size_t keybuf_len, const uint8_t * const der, const size_t der_len); diff --git a/hash.c b/hash.c index 637eb7e..4b92198 100644 --- a/hash.c +++ b/hash.c @@ -152,6 +152,28 @@ static const driver_t sha512_driver = { MODE_SHA_512 }; +/* + * Digest algorithm identifiers: DER encoded full TLV of an + * DigestAlgorithmIdentifier SEQUENCE including OID for the algorithm in + * question and a NULL parameters value. + * + * See RFC 2313 and the NIST algorithm registry: + * http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html + * + * The DER encoding is too complex to generate in the C preprocessor, + * and we want these as compile-time constants, so we just supply the + * raw hex encoding here. If this gets seriously out of control we'll + * write a script to generate a header file we can include. + */ + +static const uint8_t + dalgid_sha1[] = { 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00 }, + dalgid_sha256[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00 }, + dalgid_sha384[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00 }, + dalgid_sha512[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00 }, + dalgid_sha512_224[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x05, 0x05, 0x00 }, + dalgid_sha512_256[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x06, 0x05, 0x00 }; + /* * Descriptors. Yes, the {hash,hmac}_state_length fields are a bit * repetitive given that they (currently) have the same value @@ -162,36 +184,42 @@ static const driver_t sha512_driver = { const hal_hash_descriptor_t hal_hash_sha1[1] = {{ SHA1_BLOCK_LEN, SHA1_DIGEST_LEN, sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t), + dalgid_sha1, sizeof(dalgid_sha1), &sha1_driver }}; const hal_hash_descriptor_t hal_hash_sha256[1] = {{ SHA256_BLOCK_LEN, SHA256_DIGEST_LEN, sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t), + dalgid_sha256, sizeof(dalgid_sha256), &sha256_driver }}; const hal_hash_descriptor_t hal_hash_sha512_224[1] = {{ SHA512_BLOCK_LEN, SHA512_224_DIGEST_LEN, sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t), + dalgid_sha512_224, sizeof(dalgid_sha512_224), &sha512_224_driver }}; const hal_hash_descriptor_t hal_hash_sha512_256[1] = {{ SHA512_BLOCK_LEN, SHA512_256_DIGEST_LEN, sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t), + dalgid_sha512_256, sizeof(dalgid_sha512_256), &sha512_256_driver }}; const hal_hash_descriptor_t hal_hash_sha384[1] = {{ SHA512_BLOCK_LEN, SHA384_DIGEST_LEN, sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t), + dalgid_sha384, sizeof(dalgid_sha384), &sha384_driver }}; const hal_hash_descriptor_t hal_hash_sha512[1] = {{ SHA512_BLOCK_LEN, SHA512_DIGEST_LEN, sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t), + dalgid_sha512, sizeof(dalgid_sha512), &sha512_driver }}; diff --git a/rsa.c b/rsa.c index ef334b6..320327a 100644 --- a/rsa.c +++ b/rsa.c @@ -470,6 +470,9 @@ static hal_error_t extract_component(hal_rsa_key_t key_, const size_t offset, if (res_len != NULL) *res_len = len; + if (res == NULL) + return HAL_OK; + if (len > res_max) return HAL_ERROR_RESULT_TOO_LONG; @@ -786,6 +789,12 @@ hal_error_t hal_rsa_key_to_der(hal_rsa_key_t key_, return HAL_OK; } +size_t hal_rsa_key_to_der_len(hal_rsa_key_t key_) +{ + size_t len = 0; + return hal_rsa_key_to_der(key_, NULL, &len, 0) == HAL_OK ? len : 0; +} + hal_error_t hal_rsa_key_from_der(hal_rsa_key_t *key_, void *keybuf, const size_t keybuf_len, const uint8_t *der, const size_t der_len) -- cgit v1.2.3