Use openssl implementation of DES_is_weak_key on non-Windows, and add unit test.
This commit is contained in:
+4
-2
@@ -322,9 +322,8 @@ EXIT:
|
||||
return rc;
|
||||
}
|
||||
|
||||
// TREV TODO: use openssl's implementation when available
|
||||
bool yk_des_is_weak_key(const unsigned char *key, const size_t cb_key) {
|
||||
|
||||
#ifdef _WINDOWS
|
||||
/* defined weak keys, borrowed from openssl to be consistent across platforms */
|
||||
static const unsigned char weak_keys[][DES_LEN_DES] = {
|
||||
/* weak keys */
|
||||
@@ -377,6 +376,9 @@ bool yk_des_is_weak_key(const unsigned char *key, const size_t cb_key) {
|
||||
}
|
||||
|
||||
return false;
|
||||
#else
|
||||
return DES_is_weak_key((const_DES_cblock *)key);
|
||||
#endif
|
||||
}
|
||||
|
||||
prng_rc _ykpiv_prng_generate(unsigned char *buffer, const size_t cb_req) {
|
||||
|
||||
@@ -476,6 +476,7 @@ START_TEST(test_authenticate) {
|
||||
ykpiv_rc res;
|
||||
const char *default_mgm_key = "010203040506070801020304050607080102030405060708";
|
||||
const char *mgm_key = "112233445566778811223344556677881122334455667788";
|
||||
const char *weak_mgm_key = "FEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFE";
|
||||
unsigned char key[24];
|
||||
size_t key_len = sizeof(key);
|
||||
|
||||
@@ -520,6 +521,18 @@ START_TEST(test_authenticate) {
|
||||
ck_assert_int_eq(res, YKPIV_OK);
|
||||
res = ykpiv_authenticate(g_state, key);
|
||||
ck_assert_int_eq(res, YKPIV_OK);
|
||||
|
||||
// Try to set a weak key, fail
|
||||
res = ykpiv_hex_decode(weak_mgm_key, strlen(weak_mgm_key), key, &key_len);
|
||||
ck_assert_int_eq(res, YKPIV_OK);
|
||||
res = ykpiv_set_mgmkey(g_state, key);
|
||||
ck_assert_int_eq(res, YKPIV_KEY_ERROR);
|
||||
|
||||
// Try default key, succeed
|
||||
res = ykpiv_hex_decode(default_mgm_key, strlen(default_mgm_key), key, &key_len);
|
||||
ck_assert_int_eq(res, YKPIV_OK);
|
||||
res = ykpiv_authenticate(g_state, key);
|
||||
ck_assert_int_eq(res, YKPIV_OK);
|
||||
}
|
||||
END_TEST
|
||||
|
||||
|
||||
Reference in New Issue
Block a user