for rsa let it sign a correct DigestInfo structure

which has to have the digest OID, with a NULL parameter
and then the hash.
This commit is contained in:
Klas Lindfors
2014-09-29 12:50:25 +02:00
parent 3b15949969
commit 6721fb777b
+45 -19
View File
@@ -71,12 +71,11 @@ static bool sign_file(ykpiv_state *state, const char *input, const char *output,
FILE *input_file = NULL; FILE *input_file = NULL;
FILE *output_file = NULL; FILE *output_file = NULL;
int key; int key;
const EVP_MD *md;
EVP_MD_CTX *mdctx = NULL;
unsigned int hash_len; unsigned int hash_len;
unsigned char hashed[EVP_MAX_MD_SIZE]; unsigned char hashed[EVP_MAX_MD_SIZE];
bool ret = false; bool ret = false;
int algo; int algo;
int nid;
sscanf(slot, "%x", &key); sscanf(slot, "%x", &key);
@@ -90,18 +89,6 @@ static bool sign_file(ykpiv_state *state, const char *input, const char *output,
return false; return false;
} }
switch(hash) {
case hash_arg_SHA1:
md = EVP_sha1();
break;
case hash_arg_SHA256:
md = EVP_sha256();
break;
case hash__NULL:
default:
goto out;
}
switch(algorithm) { switch(algorithm) {
case algorithm_arg_RSA2048: case algorithm_arg_RSA2048:
algo = YKPIV_ALGO_RSA2048; algo = YKPIV_ALGO_RSA2048;
@@ -117,6 +104,24 @@ static bool sign_file(ykpiv_state *state, const char *input, const char *output,
goto out; goto out;
} }
{
const EVP_MD *md;
EVP_MD_CTX *mdctx;
switch(hash) {
case hash_arg_SHA1:
md = EVP_sha1();
nid = NID_sha1;
break;
case hash_arg_SHA256:
md = EVP_sha256();
nid = NID_sha256;
break;
case hash__NULL:
default:
goto out;
}
mdctx = EVP_MD_CTX_create(); mdctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(mdctx, md, NULL); EVP_DigestInit_ex(mdctx, md, NULL);
while(!feof(input_file)) { while(!feof(input_file)) {
@@ -131,6 +136,29 @@ static bool sign_file(ykpiv_state *state, const char *input, const char *output,
dump_hex(hashed, hash_len); dump_hex(hashed, hash_len);
fprintf(stderr, "\n"); fprintf(stderr, "\n");
} }
EVP_MD_CTX_destroy(mdctx);
}
if(algo == YKPIV_ALGO_RSA1024 || algo == YKPIV_ALGO_RSA2048) {
X509_SIG digestInfo;
X509_ALGOR algor;
ASN1_TYPE parameter;
ASN1_OCTET_STRING digest;
unsigned char buf[1024];
unsigned char *ptr = hashed;
memcpy(buf, hashed, hash_len);
digestInfo.algor = &algor;
digestInfo.algor->algorithm = OBJ_nid2obj(nid);
digestInfo.algor->parameter = &parameter;
digestInfo.algor->parameter->type = V_ASN1_NULL;
digestInfo.algor->parameter->value.ptr = NULL;
digestInfo.digest = &digest;
digestInfo.digest->data = buf;
digestInfo.digest->length = (int)hash_len;
hash_len = (unsigned int)i2d_X509_SIG(&digestInfo, &ptr);
}
{ {
unsigned char buf[1024]; unsigned char buf[1024];
@@ -158,10 +186,6 @@ out:
fclose(output_file); fclose(output_file);
} }
if(mdctx) {
EVP_MD_CTX_destroy(mdctx);
}
return ret; return ret;
} }
@@ -188,7 +212,9 @@ int main(int argc, char *argv[]) {
} }
if(verify_pin(state, args_info.pin_arg)) { if(verify_pin(state, args_info.pin_arg)) {
printf("Successfully verified PIN.\n"); if(verbosity) {
fprintf(stderr, "Successfully verified PIN.\n");
}
} else { } else {
return EXIT_FAILURE; return EXIT_FAILURE;
} }