Use openssl implementation of DES_is_weak_key on non-Windows, and add unit test.

This commit is contained in:
Trevor Bentley
2017-10-23 12:33:44 +02:00
parent 27933eaff8
commit 935e05485a
2 changed files with 17 additions and 2 deletions
+4 -2
View File
@@ -322,9 +322,8 @@ EXIT:
return rc;
}
// TREV TODO: use openssl's implementation when available
bool yk_des_is_weak_key(const unsigned char *key, const size_t cb_key) {
#ifdef _WINDOWS
/* defined weak keys, borrowed from openssl to be consistent across platforms */
static const unsigned char weak_keys[][DES_LEN_DES] = {
/* weak keys */
@@ -377,6 +376,9 @@ bool yk_des_is_weak_key(const unsigned char *key, const size_t cb_key) {
}
return false;
#else
return DES_is_weak_key((const_DES_cblock *)key);
#endif
}
prng_rc _ykpiv_prng_generate(unsigned char *buffer, const size_t cb_req) {
+13
View File
@@ -476,6 +476,7 @@ START_TEST(test_authenticate) {
ykpiv_rc res;
const char *default_mgm_key = "010203040506070801020304050607080102030405060708";
const char *mgm_key = "112233445566778811223344556677881122334455667788";
const char *weak_mgm_key = "FEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFE";
unsigned char key[24];
size_t key_len = sizeof(key);
@@ -520,6 +521,18 @@ START_TEST(test_authenticate) {
ck_assert_int_eq(res, YKPIV_OK);
res = ykpiv_authenticate(g_state, key);
ck_assert_int_eq(res, YKPIV_OK);
// Try to set a weak key, fail
res = ykpiv_hex_decode(weak_mgm_key, strlen(weak_mgm_key), key, &key_len);
ck_assert_int_eq(res, YKPIV_OK);
res = ykpiv_set_mgmkey(g_state, key);
ck_assert_int_eq(res, YKPIV_KEY_ERROR);
// Try default key, succeed
res = ykpiv_hex_decode(default_mgm_key, strlen(default_mgm_key), key, &key_len);
ck_assert_int_eq(res, YKPIV_OK);
res = ykpiv_authenticate(g_state, key);
ck_assert_int_eq(res, YKPIV_OK);
}
END_TEST