use constants for algorithm ids
This commit is contained in:
+14
-14
@@ -134,13 +134,13 @@ static bool generate_key(ykpiv_state *state, const char *slot,
|
|||||||
in_data[3] = 1;
|
in_data[3] = 1;
|
||||||
switch(algorithm) {
|
switch(algorithm) {
|
||||||
case algorithm_arg_RSA2048:
|
case algorithm_arg_RSA2048:
|
||||||
in_data[4] = 0x07;
|
in_data[4] = YKPIV_ALGO_RSA2048;
|
||||||
break;
|
break;
|
||||||
case algorithm_arg_RSA1024:
|
case algorithm_arg_RSA1024:
|
||||||
in_data[4] = 0x06;
|
in_data[4] = YKPIV_ALGO_RSA1024;
|
||||||
break;
|
break;
|
||||||
case algorithm_arg_ECCP256:
|
case algorithm_arg_ECCP256:
|
||||||
in_data[4] = 0x11;
|
in_data[4] = YKPIV_ALGO_ECCP256;
|
||||||
break;
|
break;
|
||||||
case algorithm__NULL:
|
case algorithm__NULL:
|
||||||
default:
|
default:
|
||||||
@@ -344,7 +344,7 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
|
|||||||
unsigned char *in_ptr = in_data;
|
unsigned char *in_ptr = in_data;
|
||||||
unsigned char templ[] = {0, 0xfe, algorithm, key};
|
unsigned char templ[] = {0, 0xfe, algorithm, key};
|
||||||
int sw;
|
int sw;
|
||||||
if(algorithm == 0x06 || algorithm == 0x07) {
|
if(algorithm == YKPIV_ALGO_RSA1024 || algorithm == YKPIV_ALGO_RSA2048) {
|
||||||
RSA *rsa_private_key = EVP_PKEY_get1_RSA(private_key);
|
RSA *rsa_private_key = EVP_PKEY_get1_RSA(private_key);
|
||||||
|
|
||||||
*in_ptr++ = 0x01;
|
*in_ptr++ = 0x01;
|
||||||
@@ -366,7 +366,7 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
|
|||||||
*in_ptr++ = 0x05;
|
*in_ptr++ = 0x05;
|
||||||
in_ptr += set_length(in_ptr, BN_num_bytes(rsa_private_key->iqmp));
|
in_ptr += set_length(in_ptr, BN_num_bytes(rsa_private_key->iqmp));
|
||||||
in_ptr += BN_bn2bin(rsa_private_key->iqmp, in_ptr);
|
in_ptr += BN_bn2bin(rsa_private_key->iqmp, in_ptr);
|
||||||
} else if(algorithm == 0x11) {
|
} else if(algorithm == YKPIV_ALGO_ECCP256) {
|
||||||
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(private_key);
|
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(private_key);
|
||||||
const BIGNUM *s = EC_KEY_get0_private_key(ec);
|
const BIGNUM *s = EC_KEY_get0_private_key(ec);
|
||||||
|
|
||||||
@@ -606,16 +606,16 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
|
|||||||
}
|
}
|
||||||
|
|
||||||
switch(algorithm) {
|
switch(algorithm) {
|
||||||
case 0x6:
|
case YKPIV_ALGO_RSA1024:
|
||||||
len = 128;
|
len = 128;
|
||||||
case 0x7:
|
case YKPIV_ALGO_RSA2048:
|
||||||
if(len == 0) {
|
if(len == 0) {
|
||||||
len = 256;
|
len = 256;
|
||||||
}
|
}
|
||||||
RSA_padding_add_PKCS1_type_1(signinput, len, digest, sizeof(digest));
|
RSA_padding_add_PKCS1_type_1(signinput, len, digest, sizeof(digest));
|
||||||
req->sig_alg->algorithm = OBJ_nid2obj(NID_sha256WithRSAEncryption);
|
req->sig_alg->algorithm = OBJ_nid2obj(NID_sha256WithRSAEncryption);
|
||||||
break;
|
break;
|
||||||
case 0x11:
|
case YKPIV_ALGO_ECCP256:
|
||||||
req->sig_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA256);
|
req->sig_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA256);
|
||||||
len = DIGEST_LEN;
|
len = DIGEST_LEN;
|
||||||
memcpy(signinput, digest + sizeof(sha256oid), DIGEST_LEN);
|
memcpy(signinput, digest + sizeof(sha256oid), DIGEST_LEN);
|
||||||
@@ -742,16 +742,16 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
|
|||||||
goto selfsign_out;
|
goto selfsign_out;
|
||||||
}
|
}
|
||||||
switch(algorithm) {
|
switch(algorithm) {
|
||||||
case 0x6:
|
case YKPIV_ALGO_RSA1024:
|
||||||
len = 128;
|
len = 128;
|
||||||
case 0x7:
|
case YKPIV_ALGO_RSA2048:
|
||||||
if(len == 0) {
|
if(len == 0) {
|
||||||
len = 256;
|
len = 256;
|
||||||
}
|
}
|
||||||
RSA_padding_add_PKCS1_type_1(signinput, len, digest, sizeof(digest));
|
RSA_padding_add_PKCS1_type_1(signinput, len, digest, sizeof(digest));
|
||||||
x509->sig_alg->algorithm = OBJ_nid2obj(NID_sha256WithRSAEncryption);
|
x509->sig_alg->algorithm = OBJ_nid2obj(NID_sha256WithRSAEncryption);
|
||||||
break;
|
break;
|
||||||
case 0x11:
|
case YKPIV_ALGO_ECCP256:
|
||||||
x509->sig_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA256);
|
x509->sig_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA256);
|
||||||
len = DIGEST_LEN;
|
len = DIGEST_LEN;
|
||||||
memcpy(signinput, digest + sizeof(sha256oid), DIGEST_LEN);
|
memcpy(signinput, digest + sizeof(sha256oid), DIGEST_LEN);
|
||||||
@@ -937,9 +937,9 @@ static unsigned char get_algorithm(EVP_PKEY *key) {
|
|||||||
RSA *rsa = EVP_PKEY_get1_RSA(key);
|
RSA *rsa = EVP_PKEY_get1_RSA(key);
|
||||||
int size = RSA_size(rsa);
|
int size = RSA_size(rsa);
|
||||||
if(size == 256) {
|
if(size == 256) {
|
||||||
return 0x7;
|
return YKPIV_ALGO_RSA2048;
|
||||||
} else if(size == 128) {
|
} else if(size == 128) {
|
||||||
return 0x6;
|
return YKPIV_ALGO_RSA1024;
|
||||||
} else {
|
} else {
|
||||||
fprintf(stderr, "Unuseable key of %d bits, only 1024 and 2048 is supported.\n", size * 8);
|
fprintf(stderr, "Unuseable key of %d bits, only 1024 and 2048 is supported.\n", size * 8);
|
||||||
return 0;
|
return 0;
|
||||||
@@ -951,7 +951,7 @@ static unsigned char get_algorithm(EVP_PKEY *key) {
|
|||||||
const EC_GROUP *group = EC_KEY_get0_group(ec);
|
const EC_GROUP *group = EC_KEY_get0_group(ec);
|
||||||
int curve = EC_GROUP_get_curve_name(group);
|
int curve = EC_GROUP_get_curve_name(group);
|
||||||
if(curve == NID_X9_62_prime256v1) {
|
if(curve == NID_X9_62_prime256v1) {
|
||||||
return 0x11;
|
return YKPIV_ALGO_ECCP256;
|
||||||
} else {
|
} else {
|
||||||
fprintf(stderr, "Unknown EC curve %d\n", curve);
|
fprintf(stderr, "Unknown EC curve %d\n", curve);
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
Reference in New Issue
Block a user