cc_u32 Seed[4];
SDRM_BIG_NUM *p, *q, *pi, *e, *temp1, *temp2;
cc_u32 RSA_KeyByteLen = 0;
+ cc_u32 e_ByteLen = 0;
int i, sp, t1;
cc_u8 *pbBuf = NULL;
return CRYPTO_NULL_POINTER;
RSA_KeyByteLen = crt->ctx->rsactx->k;
+ e_ByteLen = crt->ctx->rsactx->k;
t1 = (RSA_KeyByteLen * 4 - 1) % 32;
pbBuf = (cc_u8 *)malloc(SDRM_RSA_ALLOC_SIZE * 5);
SDRM_BN_Mul(crt->ctx->rsactx->n, p, q);
SDRM_BN_Mul(pi, temp1, temp2);
+ //For RSA 4096 keys generation we need to limit public exponent length as
+ //openssl has certain constraints, max e length for RSA 4096 is 64 bits
+ if (RSA_KeyByteLen == 512) {
+ e_ByteLen = 8;
+ }
+
//generate e
- e->Length = (RSA_KeyByteLen + 3) / 4;
+ e->Length = (e_ByteLen + 3) / 4;
do {
do {
- SDRM_RNG_X931((cc_u8 *)Seed, RSA_KeyByteLen * 8 - 8, (cc_u8 *)e->pData);
+ SDRM_RNG_X931((cc_u8 *)Seed, e_ByteLen * 8 - 8, (cc_u8 *)e->pData);
e->pData[0] |= 0x01;
} while (SDRM_BN_CheckRelativelyPrime(e, pi) != CRYPTO_ISPRIME);
} while (SDRM_BN_Cmp(e, pi) >= 0);
*RSA_N_Len = RSA_KeyByteLen;
if (RSA_E_Data != NULL)
- SDRM_I2OSP(crt->ctx->rsactx->e, RSA_KeyByteLen, RSA_E_Data);
+ SDRM_I2OSP(crt->ctx->rsactx->e, e_ByteLen, RSA_E_Data);
if (RSA_E_Len != NULL)
- *RSA_E_Len = RSA_KeyByteLen;
+ *RSA_E_Len = e_ByteLen;
if (RSA_D_Data != NULL)
SDRM_I2OSP(crt->ctx->rsactx->d, RSA_KeyByteLen, RSA_D_Data);
return retVal;
}
-
SDRM_OS2BN(pbBuf, RSA_KeyByteLen, BN_pMsg);
//RSA Signature by modular exponent
TEE_PopulateTransientObject(object, attrs, 1);
break;
case TEE_TYPE_RSA_KEYPAIR: {
- uci_key_s uci_key;
- int key_size = (keySize + 7) / 8;
- uci_key.ucik_rsa_n = (unsigned char*)OsaMalloc(key_size);
- uci_key.ucik_rsa_n_len = key_size;
- uci_key.ucik_rsa_e = (unsigned char*)OsaMalloc(key_size);
- uci_key.ucik_rsa_e_len = key_size;
- uci_key.ucik_rsa_d = (unsigned char*)OsaMalloc(key_size);
- uci_key.ucik_rsa_d_len = key_size;
- uci_param_s up;
- up.ucip_rsa_flag = RSA_GENKEYWITHNON;
- up.ucip_rsa_padding = ID_UCI_RSAES_PKCS15;
//alg
int alg = ID_UCI_RSA;
+ uci_key_s uci_key;
+ int key_size = (keySize + 7) / 8;
+ int e_size = (keySize + 7) / 8;
if (512 == keySize) {
alg = ID_UCI_RSA512;
} else if (1024 == keySize) {
alg = ID_UCI_RSA3072;
} else if (4096 == keySize) {
alg = ID_UCI_RSA4096;
+ //For RSA 4096 keys generation we need to limit public exponent length as
+ //openssl has certain constraints, max e length for RSA 4096 is 64 bits
+ e_size = (RSA4096_MAX_E_LEN_BITS + 7) / 8;
}
+ uci_key.ucik_rsa_n = (unsigned char*)OsaMalloc(key_size);
+ uci_key.ucik_rsa_n_len = key_size;
+ uci_key.ucik_rsa_e = (unsigned char*)OsaMalloc(e_size);
+ uci_key.ucik_rsa_e_len = e_size;
+ uci_key.ucik_rsa_d = (unsigned char*)OsaMalloc(key_size);
+ uci_key.ucik_rsa_d_len = key_size;
+ uci_param_s up;
+ up.ucip_rsa_flag = RSA_GENKEYWITHNON;
+ up.ucip_rsa_padding = ID_UCI_RSAES_PKCS15;
UCI_HANDLE uh = NULL;
int ret = uci_context_alloc(alg, UCI_SW, &uh);
if (ret != UCI_SUCCESS) {
TEE_InitRefAttribute(&attrs[0], TEE_ATTR_RSA_MODULUS, uci_key.ucik_rsa_n,
(keySize + 7) / 8);
TEE_InitRefAttribute(&attrs[1], TEE_ATTR_RSA_PUBLIC_EXPONENT,
- uci_key.ucik_rsa_e, (keySize + 7) / 8);
+ uci_key.ucik_rsa_e, e_size);
TEE_InitRefAttribute(&attrs[2], TEE_ATTR_RSA_PRIVATE_EXPONENT,
uci_key.ucik_rsa_d, (keySize + 7) / 8);
TEE_PopulateTransientObject(object, attrs, 3);
projects / platform / core / security / tef-simulator.git / commitdiff