Use openssl implementation of DES_is_weak_key on non-Windows, and add unit test.
This commit is contained in:
+4
-2
@@ -322,9 +322,8 @@ EXIT:
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
// TREV TODO: use openssl's implementation when available
|
|
||||||
bool yk_des_is_weak_key(const unsigned char *key, const size_t cb_key) {
|
bool yk_des_is_weak_key(const unsigned char *key, const size_t cb_key) {
|
||||||
|
#ifdef _WINDOWS
|
||||||
/* defined weak keys, borrowed from openssl to be consistent across platforms */
|
/* defined weak keys, borrowed from openssl to be consistent across platforms */
|
||||||
static const unsigned char weak_keys[][DES_LEN_DES] = {
|
static const unsigned char weak_keys[][DES_LEN_DES] = {
|
||||||
/* weak keys */
|
/* weak keys */
|
||||||
@@ -377,6 +376,9 @@ bool yk_des_is_weak_key(const unsigned char *key, const size_t cb_key) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
|
#else
|
||||||
|
return DES_is_weak_key((const_DES_cblock *)key);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
prng_rc _ykpiv_prng_generate(unsigned char *buffer, const size_t cb_req) {
|
prng_rc _ykpiv_prng_generate(unsigned char *buffer, const size_t cb_req) {
|
||||||
|
|||||||
@@ -476,6 +476,7 @@ START_TEST(test_authenticate) {
|
|||||||
ykpiv_rc res;
|
ykpiv_rc res;
|
||||||
const char *default_mgm_key = "010203040506070801020304050607080102030405060708";
|
const char *default_mgm_key = "010203040506070801020304050607080102030405060708";
|
||||||
const char *mgm_key = "112233445566778811223344556677881122334455667788";
|
const char *mgm_key = "112233445566778811223344556677881122334455667788";
|
||||||
|
const char *weak_mgm_key = "FEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFE";
|
||||||
unsigned char key[24];
|
unsigned char key[24];
|
||||||
size_t key_len = sizeof(key);
|
size_t key_len = sizeof(key);
|
||||||
|
|
||||||
@@ -520,6 +521,18 @@ START_TEST(test_authenticate) {
|
|||||||
ck_assert_int_eq(res, YKPIV_OK);
|
ck_assert_int_eq(res, YKPIV_OK);
|
||||||
res = ykpiv_authenticate(g_state, key);
|
res = ykpiv_authenticate(g_state, key);
|
||||||
ck_assert_int_eq(res, YKPIV_OK);
|
ck_assert_int_eq(res, YKPIV_OK);
|
||||||
|
|
||||||
|
// Try to set a weak key, fail
|
||||||
|
res = ykpiv_hex_decode(weak_mgm_key, strlen(weak_mgm_key), key, &key_len);
|
||||||
|
ck_assert_int_eq(res, YKPIV_OK);
|
||||||
|
res = ykpiv_set_mgmkey(g_state, key);
|
||||||
|
ck_assert_int_eq(res, YKPIV_KEY_ERROR);
|
||||||
|
|
||||||
|
// Try default key, succeed
|
||||||
|
res = ykpiv_hex_decode(default_mgm_key, strlen(default_mgm_key), key, &key_len);
|
||||||
|
ck_assert_int_eq(res, YKPIV_OK);
|
||||||
|
res = ykpiv_authenticate(g_state, key);
|
||||||
|
ck_assert_int_eq(res, YKPIV_OK);
|
||||||
}
|
}
|
||||||
END_TEST
|
END_TEST
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user