Skip to content

Commit

Permalink
Add RSA-3072 support
Browse files Browse the repository at this point in the history
  • Loading branch information
@sosthene-nitrokey
sosthene-nitrokey committed Mar 2, 2023
1 parent 6e76629 commit e89a35a
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 12 deletions.
20 changes: 18 additions & 2 deletions src/command/gen.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@ pub fn sign<const R: usize, T: trussed::Client>(
SignatureAlgorithm::Rsa2048 => {
gen_rsa_key(ctx.lend(), KeyType::Sign, Mechanism::Rsa2048Pkcs1v15)
}
SignatureAlgorithm::Rsa3072 => {
gen_rsa_key(ctx.lend(), KeyType::Sign, Mechanism::Rsa3072Pkcs1v15)
}
SignatureAlgorithm::Rsa4096 => {
#[cfg(feature = "rsa4096-gen")]
return gen_rsa_key(ctx.lend(), KeyType::Sign, Mechanism::Rsa4096Pkcs1v15);
Expand All @@ -60,6 +63,9 @@ pub fn dec<const R: usize, T: trussed::Client>(
DecryptionAlgorithm::Rsa2048 => {
gen_rsa_key(ctx.lend(), KeyType::Dec, Mechanism::Rsa2048Pkcs1v15)
}
DecryptionAlgorithm::Rsa3072 => {
gen_rsa_key(ctx.lend(), KeyType::Dec, Mechanism::Rsa3072Pkcs1v15)
}
DecryptionAlgorithm::Rsa4096 => {
#[cfg(feature = "rsa4096-gen")]
return gen_rsa_key(ctx.lend(), KeyType::Dec, Mechanism::Rsa4096Pkcs1v15);
Expand All @@ -82,6 +88,9 @@ pub fn aut<const R: usize, T: trussed::Client>(
AuthenticationAlgorithm::Rsa2048 => {
gen_rsa_key(ctx.lend(), KeyType::Aut, Mechanism::Rsa2048Pkcs1v15)
}
AuthenticationAlgorithm::Rsa3072 => {
gen_rsa_key(ctx.lend(), KeyType::Aut, Mechanism::Rsa3072Pkcs1v15)
}
AuthenticationAlgorithm::Rsa4096 => {
#[cfg(feature = "rsa4096-gen")]
return gen_rsa_key(ctx.lend(), KeyType::Aut, Mechanism::Rsa4096Pkcs1v15);
Expand Down Expand Up @@ -179,6 +188,7 @@ pub fn read_sign<const R: usize, T: trussed::Client>(
SignatureAlgorithm::Ed255 => read_ec_key(ctx.lend(), key_id, CurveAlgo::Ed255),
SignatureAlgorithm::EcDsaP256 => read_ec_key(ctx.lend(), key_id, CurveAlgo::EcDsaP256),
SignatureAlgorithm::Rsa2048 => read_rsa_key(ctx.lend(), key_id, Mechanism::Rsa2048Pkcs1v15),
SignatureAlgorithm::Rsa3072 => read_rsa_key(ctx.lend(), key_id, Mechanism::Rsa3072Pkcs1v15),
SignatureAlgorithm::Rsa4096 => read_rsa_key(ctx.lend(), key_id, Mechanism::Rsa4096Pkcs1v15),
}
}
Expand All @@ -199,6 +209,9 @@ pub fn read_dec<const R: usize, T: trussed::Client>(
DecryptionAlgorithm::Rsa2048 => {
read_rsa_key(ctx.lend(), key_id, Mechanism::Rsa2048Pkcs1v15)
}
DecryptionAlgorithm::Rsa3072 => {
read_rsa_key(ctx.lend(), key_id, Mechanism::Rsa3072Pkcs1v15)
}
DecryptionAlgorithm::Rsa4096 => {
read_rsa_key(ctx.lend(), key_id, Mechanism::Rsa4096Pkcs1v15)
}
Expand All @@ -221,6 +234,9 @@ pub fn read_aut<const R: usize, T: trussed::Client>(
AuthenticationAlgorithm::Rsa2048 => {
read_rsa_key(ctx.lend(), key_id, Mechanism::Rsa2048Pkcs1v15)
}
AuthenticationAlgorithm::Rsa3072 => {
read_rsa_key(ctx.lend(), key_id, Mechanism::Rsa3072Pkcs1v15)
}
AuthenticationAlgorithm::Rsa4096 => {
read_rsa_key(ctx.lend(), key_id, Mechanism::Rsa4096Pkcs1v15)
}
Expand Down Expand Up @@ -307,11 +323,11 @@ fn read_rsa_key<const R: usize, T: trussed::Client>(
})?;
ctx.reply.expand(&[0x81])?;
ctx.reply.append_len(parsed_pubkey_data.n.len())?;
ctx.reply.expand(&parsed_pubkey_data.n)?;
ctx.reply.expand(parsed_pubkey_data.n)?;

ctx.reply.expand(&[0x82])?;
ctx.reply.append_len(parsed_pubkey_data.e.len())?;
ctx.reply.expand(&parsed_pubkey_data.e)?;
ctx.reply.expand(parsed_pubkey_data.e)?;

ctx.reply.prepend_len(offset)?;

Expand Down
3 changes: 3 additions & 0 deletions src/command/private_key_template.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ pub fn put_sign<const R: usize, T: trussed::Client>(
SignatureAlgorithm::EcDsaP256 => put_ec(ctx.lend(), CurveAlgo::EcDsaP256)?,
SignatureAlgorithm::Ed255 => put_ec(ctx.lend(), CurveAlgo::Ed255)?,
SignatureAlgorithm::Rsa2048 => put_rsa(ctx.lend(), Mechanism::Rsa2048Pkcs1v15)?,
SignatureAlgorithm::Rsa3072 => put_rsa(ctx.lend(), Mechanism::Rsa3072Pkcs1v15)?,
SignatureAlgorithm::Rsa4096 => put_rsa(ctx.lend(), Mechanism::Rsa4096Pkcs1v15)?,
}
.map(|key_id| (key_id, KeyOrigin::Imported));
Expand Down Expand Up @@ -74,6 +75,7 @@ pub fn put_dec<const R: usize, T: trussed::Client>(
DecryptionAlgorithm::EcDhP256 => put_ec(ctx.lend(), CurveAlgo::EcDhP256)?,
DecryptionAlgorithm::X255 => put_ec(ctx.lend(), CurveAlgo::X255)?,
DecryptionAlgorithm::Rsa2048 => put_rsa(ctx.lend(), Mechanism::Rsa2048Pkcs1v15)?,
DecryptionAlgorithm::Rsa3072 => put_rsa(ctx.lend(), Mechanism::Rsa3072Pkcs1v15)?,
DecryptionAlgorithm::Rsa4096 => put_rsa(ctx.lend(), Mechanism::Rsa4096Pkcs1v15)?,
}
.map(|key_id| (key_id, KeyOrigin::Imported));
Expand Down Expand Up @@ -104,6 +106,7 @@ pub fn put_aut<const R: usize, T: trussed::Client>(
AuthenticationAlgorithm::EcDsaP256 => put_ec(ctx.lend(), CurveAlgo::EcDsaP256)?,
AuthenticationAlgorithm::Ed255 => put_ec(ctx.lend(), CurveAlgo::Ed255)?,
AuthenticationAlgorithm::Rsa2048 => put_rsa(ctx.lend(), Mechanism::Rsa2048Pkcs1v15)?,
AuthenticationAlgorithm::Rsa3072 => put_rsa(ctx.lend(), Mechanism::Rsa3072Pkcs1v15)?,
AuthenticationAlgorithm::Rsa4096 => put_rsa(ctx.lend(), Mechanism::Rsa4096Pkcs1v15)?,
}
.map(|key_id| (key_id, KeyOrigin::Imported));
Expand Down
5 changes: 5 additions & 0 deletions src/command/pso.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ pub fn sign<const R: usize, T: trussed::Client>(
sign_ec(ctx, key_id, Mechanism::P256Prehashed)
}
SignatureAlgorithm::Rsa2048 => sign_rsa(ctx, key_id, Mechanism::Rsa2048Pkcs1v15),
SignatureAlgorithm::Rsa3072 => sign_rsa(ctx, key_id, Mechanism::Rsa3072Pkcs1v15),
SignatureAlgorithm::Rsa4096 => sign_rsa(ctx, key_id, Mechanism::Rsa4096Pkcs1v15),
}
}
Expand Down Expand Up @@ -130,6 +131,7 @@ fn int_aut_key_mecha_uif<const R: usize, T: trussed::Client>(
AuthenticationAlgorithm::Ed255 => (Mechanism::Ed255, RsaOrEcc::Ecc),

AuthenticationAlgorithm::Rsa2048 => (Mechanism::Rsa2048Pkcs1v15, RsaOrEcc::Rsa),
AuthenticationAlgorithm::Rsa3072 => (Mechanism::Rsa3072Pkcs1v15, RsaOrEcc::Rsa),
AuthenticationAlgorithm::Rsa4096 => (Mechanism::Rsa4096Pkcs1v15, RsaOrEcc::Rsa),
},
),
Expand All @@ -142,6 +144,7 @@ fn int_aut_key_mecha_uif<const R: usize, T: trussed::Client>(
}
DecryptionAlgorithm::EcDhP256 => (Mechanism::P256Prehashed, RsaOrEcc::Ecc),
DecryptionAlgorithm::Rsa2048 => (Mechanism::Rsa2048Pkcs1v15, RsaOrEcc::Rsa),
DecryptionAlgorithm::Rsa3072 => (Mechanism::Rsa3072Pkcs1v15, RsaOrEcc::Rsa),
DecryptionAlgorithm::Rsa4096 => (Mechanism::Rsa4096Pkcs1v15, RsaOrEcc::Rsa),
},
),
Expand Down Expand Up @@ -196,6 +199,7 @@ fn decipher_key_mecha_uif<const R: usize, T: trussed::Client>(
DecryptionAlgorithm::X255 => (Mechanism::X255, RsaOrEcc::Ecc),
DecryptionAlgorithm::EcDhP256 => (Mechanism::P256, RsaOrEcc::Ecc),
DecryptionAlgorithm::Rsa2048 => (Mechanism::Rsa2048Pkcs1v15, RsaOrEcc::Rsa),
DecryptionAlgorithm::Rsa3072 => (Mechanism::Rsa3072Pkcs1v15, RsaOrEcc::Rsa),
DecryptionAlgorithm::Rsa4096 => (Mechanism::Rsa4096Pkcs1v15, RsaOrEcc::Rsa),
},
),
Expand All @@ -209,6 +213,7 @@ fn decipher_key_mecha_uif<const R: usize, T: trussed::Client>(
}

AuthenticationAlgorithm::Rsa2048 => (Mechanism::Rsa2048Pkcs1v15, RsaOrEcc::Rsa),
AuthenticationAlgorithm::Rsa3072 => (Mechanism::Rsa3072Pkcs1v15, RsaOrEcc::Rsa),
AuthenticationAlgorithm::Rsa4096 => (Mechanism::Rsa4096Pkcs1v15, RsaOrEcc::Rsa),
},
),
Expand Down
39 changes: 29 additions & 10 deletions src/types.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,35 +42,45 @@ const ED255_ATTRIBUTES: &[u8] = hex!("16 2B 06 01 04 01 DA 47 0F 01").as_slice()
const ECDSA_P256_ATTRIBUTES: &[u8] = hex!("13 2A 86 48 CE 3D 03 01 07").as_slice();
const ECDH_P256_ATTRIBUTES: &[u8] = hex!("12 2A 86 48 CE 3D 03 01 07").as_slice();
const X255_ATTRIBUTES: &[u8] = hex!("12 2B 06 01 04 01 97 55 01 05 01").as_slice();
const RSA_2K_ATTRIBUTES_CRT: &[u8] = hex!("
const RSA_2K_ATTRIBUTES: &[u8] = hex!("
01
0800 // Length modulus (in bit): 2048
0020 // Length exponent (in bit): 32
02 // import in CRT Format
00 // import in standard format
").as_slice();
const RSA_4K_ATTRIBUTES_CRT: &[u8] = hex!(
const RSA_3K_ATTRIBUTES: &[u8] = hex!("
01
0C00 // Length modulus (in bit): 2048
0020 // Length exponent (in bit): 32
00 // import in standard format
").as_slice();
const RSA_4K_ATTRIBUTES: &[u8] = hex!(
"
01
1000 // Length modulus (in bit): 4096
0020 // Length exponent (in bit): 32
02 // import in CRT Format
00 // import in standard format
"
)
.as_slice();

// Accepted for key generation, but overridden to always set the import format to CRT
const RSA_2K_ATTRIBUTES: &[u8] = hex!("
const RSA_2K_ATTRIBUTES_CRT: &[u8] = hex!("
01
0800 // Length modulus (in bit): 2048
0020 // Length exponent (in bit): 32
00 // import in standard format
02 // import in CRT Format
").as_slice();
const RSA_4K_ATTRIBUTES: &[u8] = hex!(
const RSA_3K_ATTRIBUTES_CRT: &[u8] = hex!("
01
0C00 // Length modulus (in bit): 2048
0020 // Length exponent (in bit): 32
02 // import in CRT Format
").as_slice();
const RSA_4K_ATTRIBUTES_CRT: &[u8] = hex!(
"
01
1000 // Length modulus (in bit): 4096
0020 // Length exponent (in bit): 32
00 // import in standard format
02 // import in CRT Format
"
)
.as_slice();
Expand All @@ -86,6 +96,7 @@ iterable_enum! {
Ed255,
EcDsaP256,
Rsa2048,
Rsa3072,
Rsa4096,
}
}
Expand All @@ -107,6 +118,7 @@ impl SignatureAlgorithm {
Self::Ed255 => ED255_ATTRIBUTES,
Self::EcDsaP256 => ECDSA_P256_ATTRIBUTES,
Self::Rsa2048 => RSA_2K_ATTRIBUTES,
Self::Rsa3072 => RSA_3K_ATTRIBUTES,
Self::Rsa4096 => RSA_4K_ATTRIBUTES,
}
}
Expand All @@ -125,6 +137,7 @@ impl TryFrom<&[u8]> for SignatureAlgorithm {
ED255_ATTRIBUTES => Ok(Self::Ed255),
ECDSA_P256_ATTRIBUTES => Ok(Self::EcDsaP256),
RSA_2K_ATTRIBUTES | RSA_2K_ATTRIBUTES_CRT => Ok(Self::Rsa2048),
RSA_3K_ATTRIBUTES | RSA_3K_ATTRIBUTES_CRT => Ok(Self::Rsa3072),
RSA_4K_ATTRIBUTES | RSA_4K_ATTRIBUTES_CRT => Ok(Self::Rsa4096),
_ => Err(AlgorithmFromAttributesError),
}
Expand All @@ -139,6 +152,7 @@ iterable_enum! {
X255,
EcDhP256,
Rsa2048,
Rsa3072,
Rsa4096,
}
}
Expand All @@ -160,6 +174,7 @@ impl DecryptionAlgorithm {
Self::X255 => X255_ATTRIBUTES,
Self::EcDhP256 => ECDH_P256_ATTRIBUTES,
Self::Rsa2048 => RSA_2K_ATTRIBUTES,
Self::Rsa3072 => RSA_3K_ATTRIBUTES,
Self::Rsa4096 => RSA_4K_ATTRIBUTES,
}
}
Expand All @@ -178,6 +193,7 @@ impl TryFrom<&[u8]> for DecryptionAlgorithm {
X255_ATTRIBUTES => Ok(Self::X255),
ECDH_P256_ATTRIBUTES => Ok(Self::EcDhP256),
RSA_2K_ATTRIBUTES | RSA_2K_ATTRIBUTES_CRT => Ok(Self::Rsa2048),
RSA_3K_ATTRIBUTES | RSA_3K_ATTRIBUTES_CRT => Ok(Self::Rsa3072),
RSA_4K_ATTRIBUTES | RSA_4K_ATTRIBUTES_CRT => Ok(Self::Rsa4096),
_ => Err(AlgorithmFromAttributesError),
}
Expand All @@ -192,6 +208,7 @@ iterable_enum! {
Ed255,
EcDsaP256,
Rsa2048,
Rsa3072,
Rsa4096,
}
}
Expand All @@ -213,6 +230,7 @@ impl AuthenticationAlgorithm {
Self::Ed255 => ED255_ATTRIBUTES,
Self::EcDsaP256 => ECDSA_P256_ATTRIBUTES,
Self::Rsa2048 => RSA_2K_ATTRIBUTES,
Self::Rsa3072 => RSA_3K_ATTRIBUTES,
Self::Rsa4096 => RSA_4K_ATTRIBUTES,
}
}
Expand All @@ -231,6 +249,7 @@ impl TryFrom<&[u8]> for AuthenticationAlgorithm {
ED255_ATTRIBUTES => Ok(Self::Ed255),
ECDSA_P256_ATTRIBUTES => Ok(Self::EcDsaP256),
RSA_2K_ATTRIBUTES | RSA_2K_ATTRIBUTES_CRT => Ok(Self::Rsa2048),
RSA_3K_ATTRIBUTES | RSA_3K_ATTRIBUTES_CRT => Ok(Self::Rsa3072),
RSA_4K_ATTRIBUTES | RSA_4K_ATTRIBUTES_CRT => Ok(Self::Rsa4096),
_ => Err(AlgorithmFromAttributesError),
}
Expand Down

0 comments on commit e89a35a

Please sign in to comment.