verify that e is 0x10001 on import

fixes #13
This commit is contained in:
Klas Lindfors
2015-06-23 14:27:25 +02:00
parent 9bd32ff72c
commit 6b4b3001c4
+8
View File
@@ -340,11 +340,19 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
int sw; int sw;
if(algorithm == YKPIV_ALGO_RSA1024 || algorithm == YKPIV_ALGO_RSA2048) { if(algorithm == YKPIV_ALGO_RSA1024 || algorithm == YKPIV_ALGO_RSA2048) {
RSA *rsa_private_key = EVP_PKEY_get1_RSA(private_key); RSA *rsa_private_key = EVP_PKEY_get1_RSA(private_key);
unsigned char e[4];
unsigned char *e_ptr = e;
int element_len = 128; int element_len = 128;
if(algorithm == YKPIV_ALGO_RSA1024) { if(algorithm == YKPIV_ALGO_RSA1024) {
element_len = 64; element_len = 64;
} }
if((set_component_with_len(&e_ptr, rsa_private_key->e, 3) == false) ||
!(e[1] == 0x01 && e[2] == 0x00 && e[3] == 0x01)) {
fprintf(stderr, "Invalid public exponent for import (only 0x10001 supported)\n");
goto import_out;
}
*in_ptr++ = 0x01; *in_ptr++ = 0x01;
if(set_component_with_len(&in_ptr, rsa_private_key->p, element_len) == false) { if(set_component_with_len(&in_ptr, rsa_private_key->p, element_len) == false) {
fprintf(stderr, "Failed setting p component.\n"); fprintf(stderr, "Failed setting p component.\n");