dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Fix with RSA CRT import mode (keytype 6).

Browse Source 
In RSA CRT import, the N parameter shall not be imported. Otherwise, mbedtls will fail (it is deduced from N=PQ).

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-03-31 00:24:50 +02:00
parent 7aee18110e
commit 7410498df1
1 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/hsm/dkek.c
View File

@@ -279,7 +279,7 @@ int dkek_encode_key(void *key_ctx, int key_type, uint8_t *out, size_t *out_len)
} }
int dkek_type_key(const uint8_t *in) { int dkek_type_key(const uint8_t *in) {
if (in[8] == 5) if (in[8] == 5 || in[8] == 6)
return HSM_KEY_RSA; return HSM_KEY_RSA;
else if (in[8] == 12) else if (in[8] == 12)
return HSM_KEY_EC; return HSM_KEY_EC;
@@ -365,6 +365,13 @@ int dkek_decode_key(void *key_ctx, const uint8_t *in, size_t in_len, int *key_si
mbedtls_rsa_free(rsa); mbedtls_rsa_free(rsa);
return HSM_WRONG_DATA; return HSM_WRONG_DATA;
} }
len = get_uint16_t(kb, ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->N, kb+ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return HSM_WRONG_DATA;
}
} }
else if (key_type == 6) { else if (key_type == 6) {
//DP-1 //DP-1
@@ -373,6 +380,7 @@ int dkek_decode_key(void *key_ctx, const uint8_t *in, size_t in_len, int *key_si
//DQ-1 //DQ-1
len = get_uint16_t(kb, ofs); ofs += len+2; len = get_uint16_t(kb, ofs); ofs += len+2;
len = get_uint16_t(kb, ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->P, kb+ofs, len); ofs += len; r = mbedtls_mpi_read_binary(&rsa->P, kb+ofs, len); ofs += len;
if (r != 0) { if (r != 0) {
mbedtls_rsa_free(rsa); mbedtls_rsa_free(rsa);
@@ -382,17 +390,14 @@ int dkek_decode_key(void *key_ctx, const uint8_t *in, size_t in_len, int *key_si
//PQ //PQ
len = get_uint16_t(kb, ofs); ofs += len+2; len = get_uint16_t(kb, ofs); ofs += len+2;
len = get_uint16_t(kb, ofs); ofs += 2;
r = mbedtls_mpi_read_binary(&rsa->Q, kb+ofs, len); ofs += len; r = mbedtls_mpi_read_binary(&rsa->Q, kb+ofs, len); ofs += len;
if (r != 0) { if (r != 0) {
mbedtls_rsa_free(rsa); mbedtls_rsa_free(rsa);
return HSM_WRONG_DATA; return HSM_WRONG_DATA;
} }
} //N
len = get_uint16_t(kb, ofs); ofs += 2; len = get_uint16_t(kb, ofs); ofs += len+2;
r = mbedtls_mpi_read_binary(&rsa->N, kb+ofs, len); ofs += len;
if (r != 0) {
mbedtls_rsa_free(rsa);
return HSM_WRONG_DATA;
} }
len = get_uint16_t(kb, ofs); ofs += 2; len = get_uint16_t(kb, ofs); ofs += 2;
@@ -417,11 +422,13 @@ int dkek_decode_key(void *key_ctx, const uint8_t *in, size_t in_len, int *key_si
} }
} }
if (mbedtls_rsa_complete(rsa) != 0) { r = mbedtls_rsa_complete(rsa);
if (r != 0) {
mbedtls_rsa_free(rsa); mbedtls_rsa_free(rsa);
return HSM_EXEC_ERROR; return HSM_EXEC_ERROR;
} }
if (mbedtls_rsa_check_privkey(rsa) != 0) { r = mbedtls_rsa_check_privkey(rsa);
if (r != 0) {
mbedtls_rsa_free(rsa); mbedtls_rsa_free(rsa);
return HSM_EXEC_ERROR; return HSM_EXEC_ERROR;
} }