[Cryptech-Commits] [sw/libhal] 46/58: Add digest algorithm IDs.

git at cryptech.is git at cryptech.is
Tue Jul 7 18:25:30 UTC 2015


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/libhal.

commit bca97e11e8cd4e8236eef3cdabf659963ce9f0cc
Author: Rob Austein <sra at hactrn.net>
Date:   Sun Jun 21 22:17:46 2015 -0400

    Add digest algorithm IDs.
---
 cryptech.h |  4 ++++
 hash.c     | 28 ++++++++++++++++++++++++++++
 rsa.c      |  9 +++++++++
 3 files changed, 41 insertions(+)

diff --git a/cryptech.h b/cryptech.h
index b0a7c35..dba9f31 100644
--- a/cryptech.h
+++ b/cryptech.h
@@ -514,6 +514,8 @@ typedef struct {
   size_t digest_length;
   size_t hash_state_length;
   size_t hmac_state_length;
+  const uint8_t * const digest_algorithm_id;
+  size_t digest_algorithm_id_length;
   const void *driver;
 } hal_hash_descriptor_t;
 
@@ -656,6 +658,8 @@ extern hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key,
 extern hal_error_t hal_rsa_key_to_der(hal_rsa_key_t key,
                                       uint8_t *der, size_t *der_len, const size_t der_max);
 
+extern size_t hal_rsa_key_to_der_len(hal_rsa_key_t key);
+
 extern hal_error_t hal_rsa_key_from_der(hal_rsa_key_t *key,
                                         void *keybuf, const size_t keybuf_len,
                                         const uint8_t * const der, const size_t der_len);
diff --git a/hash.c b/hash.c
index 637eb7e..4b92198 100644
--- a/hash.c
+++ b/hash.c
@@ -153,6 +153,28 @@ static const driver_t sha512_driver = {
 };
 
 /*
+ * Digest algorithm identifiers: DER encoded full TLV of an
+ * DigestAlgorithmIdentifier SEQUENCE including OID for the algorithm in
+ * question and a NULL parameters value.
+ *
+ * See RFC 2313 and the NIST algorithm registry:
+ * http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html
+ *
+ * The DER encoding is too complex to generate in the C preprocessor,
+ * and we want these as compile-time constants, so we just supply the
+ * raw hex encoding here.  If this gets seriously out of control we'll
+ * write a script to generate a header file we can include.
+ */
+
+static const uint8_t
+  dalgid_sha1[]       = { 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00 },
+  dalgid_sha256[]     = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00 },
+  dalgid_sha384[]     = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00 },
+  dalgid_sha512[]     = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00 },
+  dalgid_sha512_224[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x05, 0x05, 0x00 },
+  dalgid_sha512_256[] = { 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x06, 0x05, 0x00 };
+
+/*
  * Descriptors.  Yes, the {hash,hmac}_state_length fields are a bit
  * repetitive given that they (currently) have the same value
  * regardless of algorithm, but we don't want to wire in that
@@ -162,36 +184,42 @@ static const driver_t sha512_driver = {
 const hal_hash_descriptor_t hal_hash_sha1[1] = {{
   SHA1_BLOCK_LEN, SHA1_DIGEST_LEN,
   sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t),
+  dalgid_sha1, sizeof(dalgid_sha1),
   &sha1_driver
 }};
 
 const hal_hash_descriptor_t hal_hash_sha256[1] = {{
   SHA256_BLOCK_LEN, SHA256_DIGEST_LEN,
   sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t),
+  dalgid_sha256, sizeof(dalgid_sha256),
   &sha256_driver
 }};
 
 const hal_hash_descriptor_t hal_hash_sha512_224[1] = {{
   SHA512_BLOCK_LEN, SHA512_224_DIGEST_LEN,
   sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t),
+  dalgid_sha512_224, sizeof(dalgid_sha512_224),
   &sha512_224_driver
 }};
 
 const hal_hash_descriptor_t hal_hash_sha512_256[1] = {{
   SHA512_BLOCK_LEN, SHA512_256_DIGEST_LEN,
   sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t),
+  dalgid_sha512_256, sizeof(dalgid_sha512_256),
   &sha512_256_driver
 }};
 
 const hal_hash_descriptor_t hal_hash_sha384[1] = {{
   SHA512_BLOCK_LEN, SHA384_DIGEST_LEN,
   sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t),
+  dalgid_sha384, sizeof(dalgid_sha384),
   &sha384_driver
 }};
 
 const hal_hash_descriptor_t hal_hash_sha512[1] = {{
   SHA512_BLOCK_LEN, SHA512_DIGEST_LEN,
   sizeof(internal_hash_state_t), sizeof(internal_hmac_state_t),
+  dalgid_sha512, sizeof(dalgid_sha512),
   &sha512_driver
 }};
 
diff --git a/rsa.c b/rsa.c
index ef334b6..320327a 100644
--- a/rsa.c
+++ b/rsa.c
@@ -470,6 +470,9 @@ static hal_error_t extract_component(hal_rsa_key_t key_, const size_t offset,
   if (res_len != NULL)
     *res_len = len;
 
+  if (res == NULL)
+    return HAL_OK;
+
   if (len > res_max)
     return HAL_ERROR_RESULT_TOO_LONG;
 
@@ -786,6 +789,12 @@ hal_error_t hal_rsa_key_to_der(hal_rsa_key_t key_,
   return HAL_OK;
 }
 
+size_t hal_rsa_key_to_der_len(hal_rsa_key_t key_)
+{
+  size_t len = 0;
+  return hal_rsa_key_to_der(key_, NULL, &len, 0) == HAL_OK ? len : 0;
+}
+
 hal_error_t hal_rsa_key_from_der(hal_rsa_key_t *key_,
                                  void *keybuf, const size_t keybuf_len,
                                  const uint8_t *der, const size_t der_len)



More information about the Commits mailing list