[Cryptech-Commits] [user/sra/libhal] 14/17: Supply public exponent as bigendian byte string rather than unsigned long, since that's the form we'll need for PKCS #11.
git at cryptech.is
git at cryptech.is
Fri Jun 19 17:56:43 UTC 2015
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch master
in repository user/sra/libhal.
commit a615b134c498f8d88e0dab047f40c7096a2f9e03
Author: Rob Austein <sra at hactrn.net>
Date: Thu Jun 18 18:44:40 2015 -0400
Supply public exponent as bigendian byte string rather than unsigned
long, since that's the form we'll need for PKCS #11.
---
cryptech.h | 3 +--
rsa.c | 32 +++++++++-----------------------
tests/test-rsa.c | 4 +++-
3 files changed, 13 insertions(+), 26 deletions(-)
diff --git a/cryptech.h b/cryptech.h
index 81f23f5..d8f1208 100644
--- a/cryptech.h
+++ b/cryptech.h
@@ -641,8 +641,7 @@ extern hal_error_t hal_rsa_decrypt(hal_rsa_key_t key,
extern hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key,
void *keybuf, const size_t keybuf_len,
const unsigned key_length,
- const unsigned long public_exponent);
-
+ const uint8_t * const public_exponent, const size_t public_exponent_len);
extern hal_error_t hal_rsa_key_to_der(hal_rsa_key_t key,
uint8_t *der, size_t *der_len, const size_t der_max);
diff --git a/rsa.c b/rsa.c
index 9fe2c47..28365ae 100644
--- a/rsa.c
+++ b/rsa.c
@@ -201,7 +201,7 @@ static hal_error_t create_blinding_factors(struct rsa_key *key, fp_int *bf, fp_i
{
assert(key != NULL && bf != NULL && ubf != NULL);
- uint8_t rnd[(fp_unsigned_bin_size(&key->n) + 7) & ~7];
+ uint8_t rnd[fp_unsigned_bin_size(&key->n)];
hal_error_t err = HAL_OK;
if ((err = hal_get_random(rnd, sizeof(rnd))) != HAL_OK)
@@ -443,7 +443,7 @@ static hal_error_t find_prime(unsigned prime_length, fp_int *e, fp_int *result)
hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key_,
void *keybuf, const size_t keybuf_len,
const unsigned key_length,
- const unsigned long public_exponent)
+ const uint8_t * const public_exponent, const size_t public_exponent_len)
{
struct rsa_key *key = keybuf;
hal_error_t err = HAL_OK;
@@ -452,30 +452,16 @@ hal_error_t hal_rsa_key_gen(hal_rsa_key_t *key_,
if (key_ == NULL || keybuf == NULL || keybuf_len < sizeof(struct rsa_key))
return HAL_ERROR_BAD_ARGUMENTS;
- switch (key_length) {
- case bitsToBytes(1024):
- case bitsToBytes(2048):
- case bitsToBytes(4096):
- case bitsToBytes(8192):
- break;
- default:
- return HAL_ERROR_UNSUPPORTED_KEY;
- }
+ memset(keybuf, 0, keybuf_len);
+ key->type = HAL_RSA_PRIVATE;
+ fp_read_unsigned_bin(&key->e, (uint8_t *) public_exponent, public_exponent_len);
- switch (public_exponent) {
- case 0x010001:
- break;
- default:
+ if (key_length != bitsToBytes(1024) && key_length != bitsToBytes(2048) &&
+ key_length != bitsToBytes(4096) && key_length != bitsToBytes(8192))
return HAL_ERROR_UNSUPPORTED_KEY;
- }
- /*
- * Initialize key
- */
-
- memset(keybuf, 0, keybuf_len);
- key->type = HAL_RSA_PRIVATE;
- fp_set(&key->e, public_exponent);
+ if (fp_cmp_d(&key->e, 0x010001) != FP_EQ)
+ return HAL_ERROR_UNSUPPORTED_KEY;
/*
* Find a good pair of prime numbers.
diff --git a/tests/test-rsa.c b/tests/test-rsa.c
index 9b346b5..03ea8bb 100644
--- a/tests/test-rsa.c
+++ b/tests/test-rsa.c
@@ -133,7 +133,9 @@ static int test_gen(const char * const kind, const rsa_tc_t * const tc)
hal_error_t err = HAL_OK;
FILE *f;
- if ((err = hal_rsa_key_gen(&key1, keybuf1, sizeof(keybuf1), bitsToBytes(tc->size), 0x010001)) != HAL_OK) {
+ const uint8_t f4[] = { 0x01, 0x00, 0x01 };
+
+ if ((err = hal_rsa_key_gen(&key1, keybuf1, sizeof(keybuf1), bitsToBytes(tc->size), f4, sizeof(f4))) != HAL_OK) {
printf("RSA key generation failed: %s\n", hal_error_string(err));
return 0;
}
More information about the Commits
mailing list