From 29e55d64972fa094b7b55d432767f7d26726d034 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 6 Apr 2017 19:29:26 -0400 Subject: Shake bugs out of hal_rpc_pkey_export(). Among other things, it turns out that this works better if one remembers to write the RPC server dispatch code as well as the client code, doh. --- rpc_pkey.c | 42 ++++++++++-------------------------------- 1 file changed, 10 insertions(+), 32 deletions(-) (limited to 'rpc_pkey.c') diff --git a/rpc_pkey.c b/rpc_pkey.c index 4867f97..ce67614 100644 --- a/rpc_pkey.c +++ b/rpc_pkey.c @@ -1062,33 +1062,6 @@ static hal_error_t pkey_local_get_attributes(const hal_pkey_handle_t pkey, return err; } -/* - * This is an RPC function, so the NULL pointer input convention for - * querying required buffer length isn't all that useful, but buffer - * lengths are predictable anyway: - * - * Size of the pkcs8 buffer is a constant, determined by - * oid_aes_aesKeyWrap_len, HAL_KS_WRAPPED_KEYSIZE, and some ASN.1 - * overhead; - * - * Size of the kek buffer is the same as the length of the - * modulus of the RSA public key indicated by wrap_handle. - * - * Except that we might want ASN.1 around the KEK, something like: - * - * SEQUENCE { - * keyEncryptionAlgorithm AlgorithmIdentifier { rsaEncryption }, - * encryptedKey OCTET STRING - * } - * - * which would still be constant-length, just a bit more verbose. - * - * Oddly enough, this is exactly the syntax of PKCS #8 - * EncryptedPrivateKeyInfo, which we already use for other purposes. - * Using it to wrap an AES key encrypted with an RSA key seems a bit - * odd, but it's a good fit and lets us reuse ASN.1 code. Cool. - */ - static hal_error_t pkey_local_export(const hal_pkey_handle_t pkey_handle, const hal_pkey_handle_t kekek_handle, uint8_t *pkcs8, size_t *pkcs8_len, const size_t pkcs8_max, @@ -1158,11 +1131,14 @@ static hal_error_t pkey_local_export(const hal_pkey_handle_t pkey_handle, if ((err = hal_get_random(NULL, kek, KEK_LENGTH)) != HAL_OK) goto fail; - if ((err = hal_aes_keywrap(NULL, kek, KEK_LENGTH, pkcs8, len, pkcs8, &len)) != HAL_OK) + *pkcs8_len = pkcs8_max; + if ((err = hal_aes_keywrap(NULL, kek, KEK_LENGTH, pkcs8, len, pkcs8, pkcs8_len)) != HAL_OK) goto fail; - if ((err = hal_asn1_encode_pkcs8_encryptedprivatekeyinfo(hal_asn1_oid_aesKeyWrap, hal_asn1_oid_aesKeyWrap_len, - pkcs8, len, pkcs8, pkcs8_len, pkcs8_max)) != HAL_OK) + if ((err = hal_asn1_encode_pkcs8_encryptedprivatekeyinfo(hal_asn1_oid_aesKeyWrap, + hal_asn1_oid_aesKeyWrap_len, + pkcs8, *pkcs8_len, + pkcs8, pkcs8_len, pkcs8_max)) != HAL_OK) goto fail; if ((err = pkcs1_5_pad(kek, KEK_LENGTH, kek, *kek_len, 0x02)) != HAL_OK) @@ -1171,8 +1147,10 @@ static hal_error_t pkey_local_export(const hal_pkey_handle_t pkey_handle, if ((err = hal_rsa_encrypt(NULL, rsa, kek, *kek_len, kek, *kek_len)) != HAL_OK) goto fail; - if ((err = hal_asn1_encode_pkcs8_encryptedprivatekeyinfo(hal_asn1_oid_rsaEncryption, hal_asn1_oid_rsaEncryption_len, - kek, *kek_len, kek, kek_len, kek_max)) != HAL_OK) + if ((err = hal_asn1_encode_pkcs8_encryptedprivatekeyinfo(hal_asn1_oid_rsaEncryption, + hal_asn1_oid_rsaEncryption_len, + kek, *kek_len, + kek, kek_len, kek_max)) != HAL_OK) goto fail; memset(rsabuf, 0, sizeof(rsabuf)); -- cgit v1.2.3