[Cryptech-Commits] [sw/libhal] 01/05: Mixed mode needs to support PKCS #1.5 DigestInfo for RSA.

git at cryptech.is git at cryptech.is
Sun Oct 30 20:16:54 UTC 2016

Previous message (by thread): [Cryptech-Commits] [sw/libhal] branch ksng updated (3d3f71c -> b1d9922)
Next message (by thread): [Cryptech-Commits] [sw/libhal] 02/05: Add a bunch of static key tests, including a mixed-mode workout suite.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch ksng
in repository sw/libhal.

commit 82b698a7823d5293a457b52a7d4774e6e513e70a
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sat Oct 29 19:29:31 2016 -0400

    Mixed mode needs to support PKCS #1.5 DigestInfo for RSA.
---
 libhal.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/libhal.py b/libhal.py
index e02f1fa..41fb799 100644
--- a/libhal.py
+++ b/libhal.py
@@ -327,6 +327,14 @@ class LocalDigest(object):
     def finalize(self, length = None):
         return self._context.digest()
 
+    def finalize_padded(self, pkey):
+        if pkey.key_type not in (HAL_KEY_TYPE_RSA_PRIVATE, HAL_KEY_TYPE_RSA_PUBLIC):
+            return self.finalize()
+        # PKCS #1.5 requires the digest to be wrapped up in an ASN.1 DigestInfo object.
+        from Crypto.Util.asn1 import DerSequence, DerNull, DerOctetString
+        return DerSequence([DerSequence([self._context.oid, DerNull().encode()]).encode(),
+                            DerOctetString(self.finalize()).encode()]).encode()
+
 
 class PKey(Handle):
 
@@ -557,7 +565,7 @@ class HSM(object):
         with self.rpc(RPC_FUNC_PKEY_FIND, session, uuid, flags, client = client) as r:
             return PKey(self, r.unpack_uint(), uuid)
 
-    def pkey_generate_rsa(self, keylen, exponent, flags = 0, client = 0, session = 0):
+    def pkey_generate_rsa(self, keylen, exponent = "\x01\x00\x01", flags = 0, client = 0, session = 0):
         with self.rpc(RPC_FUNC_PKEY_GENERATE_RSA, session, keylen, exponent, flags, client = client) as r:
             return PKey(self, r.unpack_uint(), UUID(bytes = r.unpack_bytes()))
 
@@ -594,14 +602,14 @@ class HSM(object):
     def pkey_sign(self, pkey, hash = 0, data = "", length = 1024):
         assert not hash or not data
         if isinstance(hash, LocalDigest):
-            hash, data = 0, hash.finalize()
+            hash, data = 0, hash.finalize_padded(pkey)
         with self.rpc(RPC_FUNC_PKEY_SIGN, pkey, hash, data, length) as r:
             return r.unpack_bytes()
 
     def pkey_verify(self, pkey, hash = 0, data = "", signature = None):
         assert not hash or not data
         if isinstance(hash, LocalDigest):
-            hash, data = 0, hash.finalize()
+            hash, data = 0, hash.finalize_padded(pkey)
         with self.rpc(RPC_FUNC_PKEY_VERIFY, pkey, hash, data, signature):
             return

Previous message (by thread): [Cryptech-Commits] [sw/libhal] branch ksng updated (3d3f71c -> b1d9922)
Next message (by thread): [Cryptech-Commits] [sw/libhal] 02/05: Add a bunch of static key tests, including a mixed-mode workout suite.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list