drop ykpiv_sign_data2() and change ykpiv_sign_data() to not pad

This commit is contained in:
Klas Lindfors
2015-09-08 15:29:10 +02:00
parent 4bbd888f97
commit 49eab7dbfa
3 changed files with 28 additions and 24 deletions
+3 -14
View File
@@ -533,7 +533,7 @@ ykpiv_rc ykpiv_hex_decode(const char *hex_in, size_t in_len,
static ykpiv_rc _general_authenticate(ykpiv_state *state, static ykpiv_rc _general_authenticate(ykpiv_state *state,
const unsigned char *sign_in, size_t in_len, const unsigned char *sign_in, size_t in_len,
unsigned char *out, size_t *out_len, unsigned char *out, size_t *out_len,
unsigned char algorithm, unsigned char key, bool decipher, bool padding) { unsigned char algorithm, unsigned char key, bool decipher) {
unsigned char indata[1024]; unsigned char indata[1024];
unsigned char *dataptr = indata; unsigned char *dataptr = indata;
unsigned char data[1024]; unsigned char data[1024];
@@ -636,25 +636,14 @@ ykpiv_rc ykpiv_sign_data(ykpiv_state *state,
unsigned char algorithm, unsigned char key) { unsigned char algorithm, unsigned char key) {
return _general_authenticate(state, raw_in, in_len, sign_out, out_len, return _general_authenticate(state, raw_in, in_len, sign_out, out_len,
algorithm, key, false, true); algorithm, key, false);
} }
ykpiv_rc ykpiv_sign_data2(ykpiv_state *state,
const unsigned char *raw_in, size_t in_len,
unsigned char *sign_out, size_t *out_len,
unsigned char algorithm, unsigned char key,
int padding) {
return _general_authenticate(state, raw_in, in_len, sign_out, out_len,
algorithm, key, false, padding);
}
ykpiv_rc ykpiv_decipher_data(ykpiv_state *state, const unsigned char *in, ykpiv_rc ykpiv_decipher_data(ykpiv_state *state, const unsigned char *in,
size_t in_len, unsigned char *out, size_t *out_len, size_t in_len, unsigned char *out, size_t *out_len,
unsigned char algorithm, unsigned char key) { unsigned char algorithm, unsigned char key) {
return _general_authenticate(state, in, in_len, out, out_len, return _general_authenticate(state, in, in_len, out, out_len,
algorithm, key, true, true); algorithm, key, true);
} }
ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) { ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
+24 -9
View File
@@ -85,6 +85,25 @@ static void print_version(ykpiv_state *state, const char *output_file_name) {
} }
} }
static bool sign_data(ykpiv_state *state, const unsigned char *in, size_t len, unsigned char *out,
size_t *out_len, unsigned char algorithm, int key) {
unsigned char signinput[1024];
if(YKPIV_IS_RSA(algorithm)) {
size_t padlen = algorithm == YKPIV_ALGO_RSA1024 ? 128 : 256;
if(RSA_padding_add_PKCS1_type_1(signinput, padlen, in, len) == 0) {
fprintf(stderr, "Failed adding padding.\n");
return false;
}
in = signinput;
len = padlen;
}
if(ykpiv_sign_data(state, signinput, len, out, out_len, algorithm, key) == YKPIV_OK) {
return true;
}
return false;
}
static bool generate_key(ykpiv_state *state, const char *slot, static bool generate_key(ykpiv_state *state, const char *slot,
enum enum_algorithm algorithm, const char *output_file_name, enum enum_algorithm algorithm, const char *output_file_name,
enum enum_key_format key_format, enum enum_pin_policy pin_policy, enum enum_key_format key_format, enum enum_pin_policy pin_policy,
@@ -692,8 +711,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
{ {
unsigned char signature[1024]; unsigned char signature[1024];
size_t sig_len = sizeof(signature); size_t sig_len = sizeof(signature);
if(ykpiv_sign_data(state, signinput, len, signature, &sig_len, algorithm, key) if(!sign_data(state, signinput, len, signature, &sig_len, algorithm, key)) {
!= YKPIV_OK) {
fprintf(stderr, "Failed signing request.\n"); fprintf(stderr, "Failed signing request.\n");
goto request_out; goto request_out;
} }
@@ -845,8 +863,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
{ {
unsigned char signature[1024]; unsigned char signature[1024];
size_t sig_len = sizeof(signature); size_t sig_len = sizeof(signature);
if(ykpiv_sign_data(state, signinput, len, signature, &sig_len, algorithm, key) if(!sign_data(state, signinput, len, signature, &sig_len, algorithm, key)) {
!= YKPIV_OK) {
fprintf(stderr, "Failed signing certificate.\n"); fprintf(stderr, "Failed signing certificate.\n");
goto selfsign_out; goto selfsign_out;
} }
@@ -1122,9 +1139,8 @@ static bool sign_file(ykpiv_state *state, const char *input, const char *output,
{ {
unsigned char buf[1024]; unsigned char buf[1024];
size_t len = sizeof(buf); size_t len = sizeof(buf);
ykpiv_rc rc = ykpiv_sign_data(state, hashed, hash_len, buf, &len, algo, key); if(!sign_data(state, hashed, hash_len, buf, &len, algo, key)) {
if(rc != YKPIV_OK) { fprintf(stderr, "failed signing file\n");
fprintf(stderr, "failed signing file: %s\n", ykpiv_strerror(rc));
goto out; goto out;
} }
@@ -1373,8 +1389,7 @@ static bool test_signature(ykpiv_state *state, enum enum_slot slot,
} else { } else {
enc_len = data_len; enc_len = data_len;
} }
if(ykpiv_sign_data(state, ptr, enc_len, signature, &sig_len, algorithm, key) if(!sign_data(state, ptr, enc_len, signature, &sig_len, algorithm, key)) {
!= YKPIV_OK) {
fprintf(stderr, "Failed signing test data.\n"); fprintf(stderr, "Failed signing test data.\n");
goto test_out; goto test_out;
} }
+1 -1
View File
@@ -1690,7 +1690,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_Sign)(
dump_hex(op_info.buf, op_info.buf_len, stderr, CK_TRUE); dump_hex(op_info.buf, op_info.buf_len, stderr, CK_TRUE);
*pulSignatureLen = sizeof(op_info.buf); *pulSignatureLen = sizeof(op_info.buf);
if ((r = ykpiv_sign_data2(piv_state, op_info.buf, op_info.buf_len, pSignature, pulSignatureLen, op_info.op.sign.algo, op_info.op.sign.key_id, 0)) != YKPIV_OK) { if ((r = ykpiv_sign_data(piv_state, op_info.buf, op_info.buf_len, pSignature, pulSignatureLen, op_info.op.sign.algo, op_info.op.sign.key_id)) != YKPIV_OK) {
DBG(("Sign error, %s", ykpiv_strerror(r))); DBG(("Sign error, %s", ykpiv_strerror(r)));
return CKR_FUNCTION_FAILED; return CKR_FUNCTION_FAILED;
} }