add a test-decipher command
test-decipher will for rsa do public encrypt on a random string and let the key decrypt for ec it will generate a new ec key and do ecdh and confirm it gets the same answer back
This commit is contained in:
+36
-11
@@ -498,11 +498,10 @@ ykpiv_rc ykpiv_hex_decode(const char *hex_in, size_t in_len,
|
||||
return YKPIV_OK;
|
||||
}
|
||||
|
||||
ykpiv_rc ykpiv_sign_data(ykpiv_state *state,
|
||||
static ykpiv_rc _general_authenticate(ykpiv_state *state,
|
||||
const unsigned char *raw_in, size_t in_len,
|
||||
unsigned char *sign_out, size_t *out_len,
|
||||
unsigned char algorithm, unsigned char key) {
|
||||
|
||||
unsigned char *out, size_t *out_len,
|
||||
unsigned char algorithm, unsigned char key, bool decipher) {
|
||||
unsigned char indata[1024];
|
||||
unsigned char *dataptr = indata;
|
||||
unsigned char data[1024];
|
||||
@@ -522,14 +521,23 @@ ykpiv_rc ykpiv_sign_data(ykpiv_state *state,
|
||||
if(pad_len == 0) {
|
||||
pad_len = 256;
|
||||
}
|
||||
if(in_len + RSA_PKCS1_PADDING_SIZE > pad_len) {
|
||||
return YKPIV_SIZE_ERROR;
|
||||
if(!decipher) {
|
||||
if(in_len + RSA_PKCS1_PADDING_SIZE > pad_len) {
|
||||
return YKPIV_SIZE_ERROR;
|
||||
}
|
||||
RSA_padding_add_PKCS1_type_1(sign_in, pad_len, raw_in, in_len);
|
||||
in_len = pad_len;
|
||||
} else {
|
||||
if(in_len != pad_len) {
|
||||
return YKPIV_SIZE_ERROR;
|
||||
}
|
||||
memcpy(sign_in, raw_in, in_len);
|
||||
}
|
||||
RSA_padding_add_PKCS1_type_1(sign_in, pad_len, raw_in, in_len);
|
||||
in_len = pad_len;
|
||||
break;
|
||||
case YKPIV_ALGO_ECCP256:
|
||||
if(in_len > 32) {
|
||||
if(!decipher && in_len > 32) {
|
||||
return YKPIV_SIZE_ERROR;
|
||||
} else if(decipher && in_len != 65) {
|
||||
return YKPIV_SIZE_ERROR;
|
||||
}
|
||||
memcpy(sign_in, raw_in, in_len);
|
||||
@@ -550,7 +558,7 @@ ykpiv_rc ykpiv_sign_data(ykpiv_state *state,
|
||||
dataptr += set_length(dataptr, in_len + bytes + 3);
|
||||
*dataptr++ = 0x82;
|
||||
*dataptr++ = 0x00;
|
||||
*dataptr++ = 0x81;
|
||||
*dataptr++ = algorithm == YKPIV_ALGO_ECCP256 && decipher ? 0x85 : 0x81;
|
||||
dataptr += set_length(dataptr, in_len);
|
||||
memcpy(dataptr, sign_in, (size_t)in_len);
|
||||
dataptr += in_len;
|
||||
@@ -592,10 +600,27 @@ ykpiv_rc ykpiv_sign_data(ykpiv_state *state,
|
||||
return YKPIV_SIZE_ERROR;
|
||||
}
|
||||
*out_len = len;
|
||||
memcpy(sign_out, dataptr, len);
|
||||
memcpy(out, dataptr, len);
|
||||
return YKPIV_OK;
|
||||
}
|
||||
|
||||
ykpiv_rc ykpiv_sign_data(ykpiv_state *state,
|
||||
const unsigned char *raw_in, size_t in_len,
|
||||
unsigned char *sign_out, size_t *out_len,
|
||||
unsigned char algorithm, unsigned char key) {
|
||||
|
||||
return _general_authenticate(state, raw_in, in_len, sign_out, out_len,
|
||||
algorithm, key, false);
|
||||
}
|
||||
|
||||
|
||||
ykpiv_rc ykpiv_decipher_data(ykpiv_state *state, const unsigned char *in,
|
||||
size_t in_len, unsigned char *out, size_t *out_len,
|
||||
unsigned char algorithm, unsigned char key) {
|
||||
return _general_authenticate(state, in, in_len, out, out_len,
|
||||
algorithm, key, true);
|
||||
}
|
||||
|
||||
ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
|
||||
APDU apdu;
|
||||
unsigned char data[0xff];
|
||||
|
||||
@@ -75,6 +75,9 @@ extern "C"
|
||||
ykpiv_rc ykpiv_sign_data(ykpiv_state *state, const unsigned char *sign_in,
|
||||
size_t in_len,unsigned char *sign_out, size_t *out_len,
|
||||
unsigned char algorithm, unsigned char key);
|
||||
ykpiv_rc ykpiv_decipher_data(ykpiv_state *state, const unsigned char *enc_in,
|
||||
size_t in_len, unsigned char *enc_out, size_t *out_len,
|
||||
unsigned char algorithm, unsigned char key);
|
||||
ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len);
|
||||
ykpiv_rc ykpiv_verify(ykpiv_state *state, const char *pin, int *tries);
|
||||
ykpiv_rc ykpiv_fetch_object(ykpiv_state *state, int object_id,
|
||||
|
||||
@@ -47,3 +47,9 @@ global:
|
||||
local:
|
||||
*;
|
||||
};
|
||||
|
||||
YKPIV_0.2.0
|
||||
{
|
||||
global:
|
||||
ykpiv_decipher_data;
|
||||
} YKPIV_0.1.0;
|
||||
|
||||
Reference in New Issue
Block a user