Added sign_data2 to libykpiv to disable padding.

This commit is contained in:
Alessio Di Mauro
2015-08-03 16:21:09 +02:00
parent 67ed63bc28
commit 7ce5ea4dc2
7 changed files with 48 additions and 29 deletions
+20 -6
View File
@@ -520,7 +520,7 @@ ykpiv_rc ykpiv_hex_decode(const char *hex_in, size_t in_len,
static ykpiv_rc _general_authenticate(ykpiv_state *state,
const unsigned char *raw_in, size_t in_len,
unsigned char *out, size_t *out_len,
unsigned char algorithm, unsigned char key, bool decipher) {
unsigned char algorithm, unsigned char key, bool decipher, bool padding) {
unsigned char indata[1024];
unsigned char *dataptr = indata;
unsigned char data[1024];
@@ -538,14 +538,18 @@ static ykpiv_rc _general_authenticate(ykpiv_state *state,
pad_len = 128;
case YKPIV_ALGO_RSA2048:
if(pad_len == 0) {
pad_len = 256;
pad_len = 256;
}
if(!decipher) {
if(in_len + RSA_PKCS1_PADDING_SIZE > pad_len) {
return YKPIV_SIZE_ERROR;
}
RSA_padding_add_PKCS1_type_1(sign_in, pad_len, raw_in, in_len);
in_len = pad_len;
if (padding) {
RSA_padding_add_PKCS1_type_1(sign_in, pad_len, raw_in, in_len);
in_len = pad_len;
}
else if (in_len != pad_len)
return YKPIV_SIZE_ERROR;
} else {
if(in_len != pad_len) {
return YKPIV_SIZE_ERROR;
@@ -629,7 +633,17 @@ ykpiv_rc ykpiv_sign_data(ykpiv_state *state,
unsigned char algorithm, unsigned char key) {
return _general_authenticate(state, raw_in, in_len, sign_out, out_len,
algorithm, key, false);
algorithm, key, false, true);
}
ykpiv_rc ykpiv_sign_data2(ykpiv_state *state,
const unsigned char *raw_in, size_t in_len,
unsigned char *sign_out, size_t *out_len,
unsigned char algorithm, unsigned char key,
int padding) {
return _general_authenticate(state, raw_in, in_len, sign_out, out_len,
algorithm, key, false, padding);
}
@@ -637,7 +651,7 @@ ykpiv_rc ykpiv_decipher_data(ykpiv_state *state, const unsigned char *in,
size_t in_len, unsigned char *out, size_t *out_len,
unsigned char algorithm, unsigned char key) {
return _general_authenticate(state, in, in_len, out, out_len,
algorithm, key, true);
algorithm, key, true, true);
}
ykpiv_rc ykpiv_get_version(ykpiv_state *state, char *version, size_t len) {
+5 -1
View File
@@ -64,7 +64,8 @@ extern "C"
ykpiv_rc ykpiv_init(ykpiv_state **state, int verbose);
ykpiv_rc ykpiv_done(ykpiv_state *state);
ykpiv_rc ykpiv_connect(ykpiv_state *state, const char *wanted);
ykpiv_rc ykpiv_connect2(ykpiv_state *state, const char *wanted, unsigned char **readers, unsigned long *len);
ykpiv_rc ykpiv_connect2(ykpiv_state *state, const char *wanted,
unsigned char **readers, unsigned long *len); // Allow to return a reader string
ykpiv_rc ykpiv_disconnect(ykpiv_state *state);
ykpiv_rc ykpiv_transfer_data(ykpiv_state *state, const unsigned char *templ,
const unsigned char *in_data, long in_len,
@@ -76,6 +77,9 @@ extern "C"
ykpiv_rc ykpiv_sign_data(ykpiv_state *state, const unsigned char *sign_in,
size_t in_len, unsigned char *sign_out, size_t *out_len,
unsigned char algorithm, unsigned char key);
ykpiv_rc ykpiv_sign_data2(ykpiv_state *state, const unsigned char *sign_in,
size_t in_len, unsigned char *sign_out, size_t *out_len,
unsigned char algorithm, unsigned char key, int padding); // Allow not to add padding
ykpiv_rc ykpiv_decipher_data(ykpiv_state *state, const unsigned char *enc_in,
size_t in_len, unsigned char *enc_out, size_t *out_len,
unsigned char algorithm, unsigned char key);
+1
View File
@@ -53,4 +53,5 @@ YKPIV_0.2.0
global:
ykpiv_decipher_data;
ykpiv_connect2;
ykpiv_sign_data2;
} YKPIV_0.1.0;