[Cryptech-Commits] [sw/libhal] 01/02: Allow host-side libhal build without access to secure hardware to store unencrypted public keys (we don't allow this for private keys). Yet another screwball feature to support PKCS #11, sigh. Anyway, with this change, mixed-mode builds should work again.

git at cryptech.is git at cryptech.is
Sun Jun 12 22:42:46 UTC 2016

Previous message (by thread): [Cryptech-Commits] [sw/libhal] branch makefile-cleanup updated (d3c3894 -> 290d6ff)
Next message (by thread): [Cryptech-Commits] [sw/libhal] 02/02: Turn hardware modexp off again, as it has problems with some of the key sizes hsmbully tries.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch makefile-cleanup
in repository sw/libhal.

commit 01e87b5d974c1ad761448732b78e7b33a43c6b61
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Fri Jun 10 11:29:38 2016 -0400

    Allow host-side libhal build without access to secure hardware to
    store unencrypted public keys (we don't allow this for private keys).
    Yet another screwball feature to support PKCS #11, sigh.  Anyway,
    with this change, mixed-mode builds should work again.
---
 ks.c | 45 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/ks.c b/ks.c
index b6cb32f..d252620 100644
--- a/ks.c
+++ b/ks.c
@@ -42,12 +42,28 @@
 
 #define KEK_LENGTH (bitsToBytes(256))
 
+/*
+ * In "remote" and "mixed" RPC modes we're a software only RPC client
+ * without (direct) access to secure hardware, thus there is no real
+ * point in encrypting keys.  As precautions, we (a) warn about this
+ * when configured in one of these modes, and (b) refuse to store any
+ * sort of private keys.
+ */
+
+#define USE_KEK (RPC_CLIENT != RPC_CLIENT_REMOTE && RPC_CLIENT != RPC_CLIENT_MIXED)
+
+#if !USE_KEK
+#warning ks.c compiled without KEK support and will only accept public keys -- this is normal for the host-side build of libhsm
+#endif
+
 static inline int acceptable_key_type(const hal_key_type_t type)
 {
   switch (type) {
+#if USE_KEK
   case HAL_KEY_TYPE_RSA_PRIVATE:
-  case HAL_KEY_TYPE_RSA_PUBLIC:
   case HAL_KEY_TYPE_EC_PRIVATE:
+#endif
+  case HAL_KEY_TYPE_RSA_PUBLIC:
   case HAL_KEY_TYPE_EC_PUBLIC:
     return 1;
   default:
@@ -96,6 +112,8 @@ hal_error_t hal_ks_store(const hal_key_type_t type,
   memset(&k, 0, sizeof(k));
   k.der_len = sizeof(k.der);
 
+#if USE_KEK
+
   uint8_t kek[KEK_LENGTH];
   size_t kek_len;
 
@@ -107,6 +125,16 @@ hal_error_t hal_ks_store(const hal_key_type_t type,
   if (err != HAL_OK)
     return err;
 
+#else /* USE_KEK */
+
+  if (der_len > k.der_len)
+    return HAL_ERROR_RESULT_TOO_LONG;
+
+  k.der_len = der_len;
+  memcpy(k.der, der, der_len);
+
+#endif /* USE_KEK */
+
   assert(name_len <= sizeof(k.name));
   memcpy(k.name, name, name_len);
   k.name_len = name_len;
@@ -199,6 +227,9 @@ hal_error_t hal_ks_fetch(const hal_key_type_t type,
     *der_len = k->der_len;
 
   if (der != NULL) {
+
+#if USE_KEK
+
     uint8_t kek[KEK_LENGTH];
     size_t kek_len, der_len_;
     hal_error_t err;
@@ -215,6 +246,18 @@ hal_error_t hal_ks_fetch(const hal_key_type_t type,
 
     if (err != HAL_OK)
       return err;
+
+#else /* USE_KEK */
+
+    if (k->der_len > der_max)
+      return HAL_ERROR_RESULT_TOO_LONG;
+
+    if (der_len != NULL)
+      *der_len = k->der_len;
+
+    memcpy(der, k->der, k->der_len);
+
+#endif /* USE_KEK */
   }
 
   return HAL_OK;

Previous message (by thread): [Cryptech-Commits] [sw/libhal] branch makefile-cleanup updated (d3c3894 -> 290d6ff)
Next message (by thread): [Cryptech-Commits] [sw/libhal] 02/02: Turn hardware modexp off again, as it has problems with some of the key sizes hsmbully tries.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list