Implement PrehashSigner on yubikey::Signer. (#656)
Co-authored-by: roblabla <robin@harfanglab.fr>
This commit is contained in:
@@ -309,6 +309,10 @@ pub mod yubikey_signer {
|
|||||||
|
|
||||||
/// Prepare buffer before submitting it for signature
|
/// Prepare buffer before submitting it for signature
|
||||||
fn prepare(input: &[u8]) -> SigResult<Vec<u8>>;
|
fn prepare(input: &[u8]) -> SigResult<Vec<u8>>;
|
||||||
|
|
||||||
|
/// Prepare a prehashed message before submitting it for signature
|
||||||
|
fn prepare_prehash(hashed: &[u8]) -> SigResult<Vec<u8>>;
|
||||||
|
|
||||||
/// Read back the signature from the device
|
/// Read back the signature from the device
|
||||||
fn read_signature(input: &[u8]) -> SigResult<Self::Signature>;
|
fn read_signature(input: &[u8]) -> SigResult<Self::Signature>;
|
||||||
}
|
}
|
||||||
@@ -340,6 +344,10 @@ pub mod yubikey_signer {
|
|||||||
Ok(Sha256::digest(input).to_vec())
|
Ok(Sha256::digest(input).to_vec())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn prepare_prehash(hashed: &[u8]) -> SigResult<Vec<u8>> {
|
||||||
|
Ok(hashed.to_vec())
|
||||||
|
}
|
||||||
|
|
||||||
fn read_signature(input: &[u8]) -> SigResult<Self::Signature> {
|
fn read_signature(input: &[u8]) -> SigResult<Self::Signature> {
|
||||||
Self::Signature::from_bytes(input)
|
Self::Signature::from_bytes(input)
|
||||||
}
|
}
|
||||||
@@ -356,6 +364,10 @@ pub mod yubikey_signer {
|
|||||||
Ok(Sha384::digest(input).to_vec())
|
Ok(Sha384::digest(input).to_vec())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn prepare_prehash(hashed: &[u8]) -> SigResult<Vec<u8>> {
|
||||||
|
Ok(hashed.to_vec())
|
||||||
|
}
|
||||||
|
|
||||||
fn read_signature(input: &[u8]) -> SigResult<Self::Signature> {
|
fn read_signature(input: &[u8]) -> SigResult<Self::Signature> {
|
||||||
Self::Signature::from_bytes(input)
|
Self::Signature::from_bytes(input)
|
||||||
}
|
}
|
||||||
@@ -415,7 +427,10 @@ pub mod yubikey_signer {
|
|||||||
|
|
||||||
fn prepare(input: &[u8]) -> SigResult<Vec<u8>> {
|
fn prepare(input: &[u8]) -> SigResult<Vec<u8>> {
|
||||||
let hashed = Sha256::digest(input).to_vec();
|
let hashed = Sha256::digest(input).to_vec();
|
||||||
|
Self::prepare_prehash(&hashed)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn prepare_prehash(hashed: &[u8]) -> SigResult<Vec<u8>> {
|
||||||
OctetString::new(hashed)
|
OctetString::new(hashed)
|
||||||
.map_err(|e| e.into())
|
.map_err(|e| e.into())
|
||||||
.and_then(Self::emsa_pkcs1_1_5)
|
.and_then(Self::emsa_pkcs1_1_5)
|
||||||
@@ -515,4 +530,20 @@ pub mod yubikey_signer {
|
|||||||
Ok(out)
|
Ok(out)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl<KT: KeyType> signature::hazmat::PrehashSigner<KT::Signature> for Signer<'_, KT> {
|
||||||
|
fn sign_prehash(&self, hashed: &[u8]) -> SigResult<KT::Signature> {
|
||||||
|
let data = KT::prepare_prehash(hashed)?;
|
||||||
|
|
||||||
|
let out = sign_data(
|
||||||
|
&mut self.yubikey.borrow_mut(),
|
||||||
|
&data,
|
||||||
|
KT::ALGORITHM,
|
||||||
|
self.key,
|
||||||
|
)
|
||||||
|
.map_err(signature::Error::from_source)?;
|
||||||
|
let out = KT::read_signature(&out)?;
|
||||||
|
Ok(out)
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user