Implement PrehashSigner on yubikey::Signer. (#656)
Co-authored-by: roblabla <robin@harfanglab.fr>
This commit is contained in:
@@ -309,6 +309,10 @@ pub mod yubikey_signer {
|
||||
|
||||
/// Prepare buffer before submitting it for signature
|
||||
fn prepare(input: &[u8]) -> SigResult<Vec<u8>>;
|
||||
|
||||
/// Prepare a prehashed message before submitting it for signature
|
||||
fn prepare_prehash(hashed: &[u8]) -> SigResult<Vec<u8>>;
|
||||
|
||||
/// Read back the signature from the device
|
||||
fn read_signature(input: &[u8]) -> SigResult<Self::Signature>;
|
||||
}
|
||||
@@ -340,6 +344,10 @@ pub mod yubikey_signer {
|
||||
Ok(Sha256::digest(input).to_vec())
|
||||
}
|
||||
|
||||
fn prepare_prehash(hashed: &[u8]) -> SigResult<Vec<u8>> {
|
||||
Ok(hashed.to_vec())
|
||||
}
|
||||
|
||||
fn read_signature(input: &[u8]) -> SigResult<Self::Signature> {
|
||||
Self::Signature::from_bytes(input)
|
||||
}
|
||||
@@ -356,6 +364,10 @@ pub mod yubikey_signer {
|
||||
Ok(Sha384::digest(input).to_vec())
|
||||
}
|
||||
|
||||
fn prepare_prehash(hashed: &[u8]) -> SigResult<Vec<u8>> {
|
||||
Ok(hashed.to_vec())
|
||||
}
|
||||
|
||||
fn read_signature(input: &[u8]) -> SigResult<Self::Signature> {
|
||||
Self::Signature::from_bytes(input)
|
||||
}
|
||||
@@ -415,7 +427,10 @@ pub mod yubikey_signer {
|
||||
|
||||
fn prepare(input: &[u8]) -> SigResult<Vec<u8>> {
|
||||
let hashed = Sha256::digest(input).to_vec();
|
||||
Self::prepare_prehash(&hashed)
|
||||
}
|
||||
|
||||
fn prepare_prehash(hashed: &[u8]) -> SigResult<Vec<u8>> {
|
||||
OctetString::new(hashed)
|
||||
.map_err(|e| e.into())
|
||||
.and_then(Self::emsa_pkcs1_1_5)
|
||||
@@ -515,4 +530,20 @@ pub mod yubikey_signer {
|
||||
Ok(out)
|
||||
}
|
||||
}
|
||||
|
||||
impl<KT: KeyType> signature::hazmat::PrehashSigner<KT::Signature> for Signer<'_, KT> {
|
||||
fn sign_prehash(&self, hashed: &[u8]) -> SigResult<KT::Signature> {
|
||||
let data = KT::prepare_prehash(hashed)?;
|
||||
|
||||
let out = sign_data(
|
||||
&mut self.yubikey.borrow_mut(),
|
||||
&data,
|
||||
KT::ALGORITHM,
|
||||
self.key,
|
||||
)
|
||||
.map_err(signature::Error::from_source)?;
|
||||
let out = KT::read_signature(&out)?;
|
||||
Ok(out)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user