change around and let ykpiv_sign_data() pad

This commit is contained in:
Klas Lindfors
2014-06-25 10:40:44 +02:00
parent d17c0650a9
commit 9b5ede8530
3 changed files with 35 additions and 19 deletions
+24 -3
View File
@@ -461,7 +461,7 @@ ykpiv_rc ykpiv_parse_key(ykpiv_state *state,
} }
ykpiv_rc ykpiv_sign_data(ykpiv_state *state, ykpiv_rc ykpiv_sign_data(ykpiv_state *state,
const unsigned char *sign_in, int in_len, const unsigned char *raw_in, int in_len,
unsigned char *sign_out, size_t *out_len, unsigned char *sign_out, size_t *out_len,
unsigned char algorithm, unsigned char key) { unsigned char algorithm, unsigned char key) {
@@ -470,13 +470,34 @@ ykpiv_rc ykpiv_sign_data(ykpiv_state *state,
unsigned char data[1024]; unsigned char data[1024];
unsigned char templ[] = {0, YKPIV_INS_AUTHENTICATE, algorithm, key}; unsigned char templ[] = {0, YKPIV_INS_AUTHENTICATE, algorithm, key};
unsigned long recv_len = sizeof(data); unsigned long recv_len = sizeof(data);
unsigned char sign_in[256];
size_t pad_len = 0;
int sw; int sw;
int bytes; int bytes;
size_t len = 0; size_t len = 0;
ykpiv_rc res; ykpiv_rc res;
if(in_len > 1000) { switch(algorithm) {
return YKPIV_SIZE_ERROR; case YKPIV_ALGO_RSA1024:
pad_len = 128;
case YKPIV_ALGO_RSA2048:
if(pad_len == 0) {
pad_len = 256;
}
if(in_len > pad_len) {
return YKPIV_SIZE_ERROR;
}
RSA_padding_add_PKCS1_type_1(sign_in, pad_len, raw_in, in_len);
in_len = pad_len;
break;
case YKPIV_ALGO_ECCP256:
if(in_len > 32) {
return YKPIV_SIZE_ERROR;
}
memcpy(sign_in, raw_in, in_len);
break;
default:
return YKPIV_ALGORITHM_ERROR;
} }
if(in_len < 0x80) { if(in_len < 0x80) {
+1
View File
@@ -55,6 +55,7 @@ extern "C"
YKPIV_PARSE_ERROR = -9, YKPIV_PARSE_ERROR = -9,
YKPIV_WRONG_PIN = -10, YKPIV_WRONG_PIN = -10,
YKPIV_INVALID_OBJECT = -11, YKPIV_INVALID_OBJECT = -11,
YKPIV_ALGORITHM_ERROR = -12,
} ykpiv_rc; } ykpiv_rc;
const char *ykpiv_strerror(ykpiv_rc err); const char *ykpiv_strerror(ykpiv_rc err);
+10 -16
View File
@@ -523,7 +523,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
unsigned int digest_len = DIGEST_LEN; unsigned int digest_len = DIGEST_LEN;
unsigned char algorithm; unsigned char algorithm;
int key = 0; int key = 0;
unsigned char signinput[256]; unsigned char *signinput;
int len = 0; int len = 0;
sscanf(slot, "%x", &key); sscanf(slot, "%x", &key);
@@ -582,18 +582,15 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
switch(algorithm) { switch(algorithm) {
case YKPIV_ALGO_RSA1024: case YKPIV_ALGO_RSA1024:
len = 128;
case YKPIV_ALGO_RSA2048: case YKPIV_ALGO_RSA2048:
if(len == 0) { signinput = digest;
len = 256; len = sizeof(digest);
}
RSA_padding_add_PKCS1_type_1(signinput, len, digest, sizeof(digest));
req->sig_alg->algorithm = OBJ_nid2obj(NID_sha256WithRSAEncryption); req->sig_alg->algorithm = OBJ_nid2obj(NID_sha256WithRSAEncryption);
break; break;
case YKPIV_ALGO_ECCP256: case YKPIV_ALGO_ECCP256:
req->sig_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA256); signinput = digest + sizeof(sha256oid);
len = DIGEST_LEN; len = DIGEST_LEN;
memcpy(signinput, digest + sizeof(sha256oid), DIGEST_LEN); req->sig_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA256);
break; break;
default: default:
fprintf(stderr, "Unsupported algorithm %x.\n", algorithm); fprintf(stderr, "Unsupported algorithm %x.\n", algorithm);
@@ -648,7 +645,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
unsigned int digest_len = DIGEST_LEN; unsigned int digest_len = DIGEST_LEN;
unsigned char algorithm; unsigned char algorithm;
int key = 0; int key = 0;
unsigned char signinput[256]; unsigned char *signinput;
int len = 0; int len = 0;
sscanf(slot, "%x", &key); sscanf(slot, "%x", &key);
@@ -718,18 +715,15 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
} }
switch(algorithm) { switch(algorithm) {
case YKPIV_ALGO_RSA1024: case YKPIV_ALGO_RSA1024:
len = 128;
case YKPIV_ALGO_RSA2048: case YKPIV_ALGO_RSA2048:
if(len == 0) { signinput = digest;
len = 256; len = sizeof(digest);
}
RSA_padding_add_PKCS1_type_1(signinput, len, digest, sizeof(digest));
x509->sig_alg->algorithm = OBJ_nid2obj(NID_sha256WithRSAEncryption); x509->sig_alg->algorithm = OBJ_nid2obj(NID_sha256WithRSAEncryption);
break; break;
case YKPIV_ALGO_ECCP256: case YKPIV_ALGO_ECCP256:
x509->sig_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA256); signinput = digest + sizeof(sha256oid);
len = DIGEST_LEN; len = DIGEST_LEN;
memcpy(signinput, digest + sizeof(sha256oid), DIGEST_LEN); x509->sig_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA256);
break; break;
default: default:
fprintf(stderr, "Unsupported algorithm %x.\n", algorithm); fprintf(stderr, "Unsupported algorithm %x.\n", algorithm);