[Cryptech-Commits] [sw/libhal] 49/58: Rework API for loading keys from components. Relax key size constraints to allow any key size within our supported range, since hsmbully seems to want to twist this knob to every possible setting.
git at cryptech.is
git at cryptech.is
Tue Jul 7 18:25:33 UTC 2015
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch master
in repository sw/libhal.
commit 10dfb62866134658e1ad97914b3d1c3a7b0d7f50
Author: Rob Austein <sra at hactrn.net>
Date: Wed Jun 24 16:53:01 2015 -0400
Rework API for loading keys from components. Relax key size
constraints to allow any key size within our supported range, since
hsmbully seems to want to twist this knob to every possible setting.
---
hal.h | 29 ++++++++++++++---------
rsa.c | 71 +++++++++++++++++++++++++++++++++++++++++++++-----------
tests/test-rsa.c | 20 ++++++++--------
3 files changed, 86 insertions(+), 34 deletions(-)
diff --git a/hal.h b/hal.h
index 1c5286c..8b731d4 100644
--- a/hal.h
+++ b/hal.h
@@ -618,17 +618,24 @@ extern void hal_rsa_set_debug(const int onoff);
extern void hal_rsa_set_blinding(const int onoff);
-extern hal_error_t hal_rsa_key_load(const hal_rsa_key_type_t type,
- hal_rsa_key_t *key,
- void *keybuf, const size_t keybuf_len,
- const uint8_t * const n, const size_t n_len,
- const uint8_t * const e, const size_t e_len,
- const uint8_t * const d, const size_t d_len,
- const uint8_t * const p, const size_t p_len,
- const uint8_t * const q, const size_t q_len,
- const uint8_t * const u, const size_t u_len,
- const uint8_t * const dP, const size_t dP_len,
- const uint8_t * const dQ, const size_t dQ_len);
+extern hal_error_t hal_rsa_key_load_private(hal_rsa_key_t *key,
+ void *keybuf, const size_t keybuf_len,
+ const uint8_t * const n, const size_t n_len,
+ const uint8_t * const e, const size_t e_len,
+ const uint8_t * const d, const size_t d_len,
+ const uint8_t * const p, const size_t p_len,
+ const uint8_t * const q, const size_t q_len,
+ const uint8_t * const u, const size_t u_len,
+ const uint8_t * const dP, const size_t dP_len,
+ const uint8_t * const dQ, const size_t dQ_len);
+
+extern hal_error_t hal_rsa_key_load_public(hal_rsa_key_t *key,
+ void *keybuf, const size_t keybuf_len,
+ const uint8_t * const n, const size_t n_len,
+ const uint8_t * const e, const size_t e_len);
+
+extern hal_error_t hal_rsa_key_get_type(hal_rsa_key_t key,
+ hal_rsa_key_type_t *key_type);
extern hal_error_t hal_rsa_key_get_modulus(hal_rsa_key_t key,
uint8_t *modulus,
diff --git a/rsa.c b/rsa.c
index 58b565f..704ee54 100644
--- a/rsa.c
+++ b/rsa.c
@@ -416,17 +416,17 @@ void hal_rsa_key_clear(hal_rsa_key_t key)
* calculate everything else from them.
*/
-hal_error_t hal_rsa_key_load(const hal_rsa_key_type_t type,
- hal_rsa_key_t *key_,
- void *keybuf, const size_t keybuf_len,
- const uint8_t * const n, const size_t n_len,
- const uint8_t * const e, const size_t e_len,
- const uint8_t * const d, const size_t d_len,
- const uint8_t * const p, const size_t p_len,
- const uint8_t * const q, const size_t q_len,
- const uint8_t * const u, const size_t u_len,
- const uint8_t * const dP, const size_t dP_len,
- const uint8_t * const dQ, const size_t dQ_len)
+static hal_error_t load_key(const hal_rsa_key_type_t type,
+ hal_rsa_key_t *key_,
+ void *keybuf, const size_t keybuf_len,
+ const uint8_t * const n, const size_t n_len,
+ const uint8_t * const e, const size_t e_len,
+ const uint8_t * const d, const size_t d_len,
+ const uint8_t * const p, const size_t p_len,
+ const uint8_t * const q, const size_t q_len,
+ const uint8_t * const u, const size_t u_len,
+ const uint8_t * const dP, const size_t dP_len,
+ const uint8_t * const dQ, const size_t dQ_len)
{
if (key_ == NULL || keybuf == NULL || keybuf_len < sizeof(struct rsa_key))
return HAL_ERROR_BAD_ARGUMENTS;
@@ -454,6 +454,52 @@ hal_error_t hal_rsa_key_load(const hal_rsa_key_type_t type,
}
/*
+ * Public API to load_key().
+ */
+
+hal_error_t hal_rsa_key_load_private(hal_rsa_key_t *key_,
+ void *keybuf, const size_t keybuf_len,
+ const uint8_t * const n, const size_t n_len,
+ const uint8_t * const e, const size_t e_len,
+ const uint8_t * const d, const size_t d_len,
+ const uint8_t * const p, const size_t p_len,
+ const uint8_t * const q, const size_t q_len,
+ const uint8_t * const u, const size_t u_len,
+ const uint8_t * const dP, const size_t dP_len,
+ const uint8_t * const dQ, const size_t dQ_len)
+{
+ return load_key(HAL_RSA_PRIVATE, key_, keybuf, keybuf_len,
+ n, n_len, e, e_len,
+ d, d_len, p, p_len, q, q_len, u, u_len, dP, dP_len, dQ, dQ_len);
+}
+
+hal_error_t hal_rsa_key_load_public(hal_rsa_key_t *key_,
+ void *keybuf, const size_t keybuf_len,
+ const uint8_t * const n, const size_t n_len,
+ const uint8_t * const e, const size_t e_len)
+{
+ return load_key(HAL_RSA_PUBLIC, key_, keybuf, keybuf_len,
+ n, n_len, e, e_len,
+ NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0);
+}
+
+/*
+ * Extract the key type.
+ */
+
+hal_error_t hal_rsa_key_get_type(hal_rsa_key_t key_,
+ hal_rsa_key_type_t *key_type)
+{
+ struct rsa_key *key = key_.key;
+
+ if (key == NULL || key_type == NULL)
+ return HAL_ERROR_BAD_ARGUMENTS;
+
+ *key_type = key->type;
+ return HAL_OK;
+}
+
+/*
* Extract public key components.
*/
@@ -543,8 +589,7 @@ hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key_,
key->type = HAL_RSA_PRIVATE;
fp_read_unsigned_bin(&key->e, (uint8_t *) public_exponent, public_exponent_len);
- if (key_length != bitsToBytes(1024) && key_length != bitsToBytes(2048) &&
- key_length != bitsToBytes(4096) && key_length != bitsToBytes(8192))
+ if (key_length < bitsToBytes(1024) || key_length > bitsToBytes(8192))
return HAL_ERROR_UNSUPPORTED_KEY;
if (fp_cmp_d(&key->e, 0x010001) != FP_EQ)
diff --git a/tests/test-rsa.c b/tests/test-rsa.c
index fb53f69..594687c 100644
--- a/tests/test-rsa.c
+++ b/tests/test-rsa.c
@@ -91,16 +91,16 @@ static int test_decrypt(const char * const kind, const rsa_tc_t * const tc)
hal_rsa_key_t key = { NULL };
hal_error_t err = HAL_OK;
- if ((err = hal_rsa_key_load(HAL_RSA_PRIVATE, &key,
- keybuf, sizeof(keybuf),
- tc->n.val, tc->n.len,
- tc->e.val, tc->e.len,
- tc->d.val, tc->d.len,
- tc->p.val, tc->p.len,
- tc->q.val, tc->q.len,
- tc->u.val, tc->u.len,
- tc->dP.val, tc->dP.len,
- tc->dQ.val, tc->dQ.len)) != HAL_OK) {
+ if ((err = hal_rsa_key_load_private(&key,
+ keybuf, sizeof(keybuf),
+ tc->n.val, tc->n.len,
+ tc->e.val, tc->e.len,
+ tc->d.val, tc->d.len,
+ tc->p.val, tc->p.len,
+ tc->q.val, tc->q.len,
+ tc->u.val, tc->u.len,
+ tc->dP.val, tc->dP.len,
+ tc->dQ.val, tc->dQ.len)) != HAL_OK) {
printf("RSA CRT key load failed: %s\n", hal_error_string(err));
return 0;
}
More information about the Commits
mailing list