use IS_RSAKEY and IS_ECKEY macros, fix minor stuff for ECCP384

This commit is contained in:
Klas Lindfors
2015-06-24 13:04:06 +02:00
parent 1541362866
commit c2621960a9
+18 -9
View File
@@ -325,7 +325,7 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
unsigned char *in_ptr = in_data; unsigned char *in_ptr = in_data;
unsigned char templ[] = {0, YKPIV_INS_IMPORT_KEY, algorithm, key}; unsigned char templ[] = {0, YKPIV_INS_IMPORT_KEY, algorithm, key};
int sw; int sw;
if(algorithm == YKPIV_ALGO_RSA1024 || algorithm == YKPIV_ALGO_RSA2048) { if(IS_RSAKEY(algorithm)) {
RSA *rsa_private_key = EVP_PKEY_get1_RSA(private_key); RSA *rsa_private_key = EVP_PKEY_get1_RSA(private_key);
unsigned char e[4]; unsigned char e[4];
unsigned char *e_ptr = e; unsigned char *e_ptr = e;
@@ -369,12 +369,17 @@ static bool import_key(ykpiv_state *state, enum enum_key_format key_format,
fprintf(stderr, "Failed setting iqmp component.\n"); fprintf(stderr, "Failed setting iqmp component.\n");
goto import_out; goto import_out;
} }
} else if(algorithm == YKPIV_ALGO_ECCP256) { } else if(IS_ECKEY(algorithm)) {
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(private_key); EC_KEY *ec = EVP_PKEY_get1_EC_KEY(private_key);
const BIGNUM *s = EC_KEY_get0_private_key(ec); const BIGNUM *s = EC_KEY_get0_private_key(ec);
int element_len = 32;
if(algorithm == YKPIV_ALGO_ECCP384) {
element_len = 48;
}
*in_ptr++ = 0x06; *in_ptr++ = 0x06;
if(set_component_with_len(&in_ptr, s, 32) == false) { if(set_component_with_len(&in_ptr, s, element_len) == false) {
fprintf(stderr, "Failed setting ec private key.\n"); fprintf(stderr, "Failed setting ec private key.\n");
goto import_out; goto import_out;
} }
@@ -629,7 +634,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
fprintf(stderr, "Unsupported algorithm %x or hash %x\n", algorithm, hash); fprintf(stderr, "Unsupported algorithm %x or hash %x\n", algorithm, hash);
goto request_out; goto request_out;
} }
if(algorithm == YKPIV_ALGO_RSA1024 || algorithm == YKPIV_ALGO_RSA2048) { if(IS_RSAKEY(algorithm)) {
signinput = digest; signinput = digest;
len = oid_len + digest_len; len = oid_len + digest_len;
} else { } else {
@@ -774,7 +779,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
if(nid == 0) { if(nid == 0) {
goto selfsign_out; goto selfsign_out;
} }
if(algorithm == YKPIV_ALGO_RSA1024 || algorithm == YKPIV_ALGO_RSA2048) { if(IS_RSAKEY(algorithm)) {
signinput = digest; signinput = digest;
len = oid_len + md_len; len = oid_len + md_len;
} else { } else {
@@ -1037,7 +1042,7 @@ static bool sign_file(ykpiv_state *state, const char *input, const char *output,
EVP_MD_CTX_destroy(mdctx); EVP_MD_CTX_destroy(mdctx);
} }
if(algo == YKPIV_ALGO_RSA1024 || algo == YKPIV_ALGO_RSA2048) { if(IS_RSAKEY(algo)) {
prepare_rsa_signature(hashed, hash_len, hashed, &hash_len, EVP_MD_type(md)); prepare_rsa_signature(hashed, hash_len, hashed, &hash_len, EVP_MD_type(md));
} }
@@ -1118,6 +1123,9 @@ static void print_cert_info(ykpiv_state *state, enum enum_slot slot, const EVP_M
case YKPIV_ALGO_ECCP256: case YKPIV_ALGO_ECCP256:
fprintf(output, "ECCP256\n"); fprintf(output, "ECCP256\n");
break; break;
case YKPIV_ALGO_ECCP384:
fprintf(output, "ECCP384\n");
break;
default: default:
fprintf(output, "Unknown\n"); fprintf(output, "Unknown\n");
} }
@@ -1286,7 +1294,7 @@ static bool test_signature(ykpiv_state *state, enum enum_slot slot,
goto test_out; goto test_out;
} }
sscanf(cmdline_parser_slot_values[slot], "%2x", &key); sscanf(cmdline_parser_slot_values[slot], "%2x", &key);
if(algorithm == YKPIV_ALGO_RSA1024 || algorithm == YKPIV_ALGO_RSA2048) { if(IS_RSAKEY(algorithm)) {
prepare_rsa_signature(data, data_len, encoded, &enc_len, EVP_MD_type(md)); prepare_rsa_signature(data, data_len, encoded, &enc_len, EVP_MD_type(md));
ptr = encoded; ptr = encoded;
} else { } else {
@@ -1320,6 +1328,7 @@ static bool test_signature(ykpiv_state *state, enum enum_slot slot,
break; break;
case YKPIV_ALGO_ECCP256: case YKPIV_ALGO_ECCP256:
case YKPIV_ALGO_ECCP384:
{ {
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pubkey); EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pubkey);
if(ECDSA_verify(0, data, (int)data_len, signature, (int)sig_len, ec) == 1) { if(ECDSA_verify(0, data, (int)data_len, signature, (int)sig_len, ec) == 1) {
@@ -1391,7 +1400,7 @@ static bool test_decipher(ykpiv_state *state, enum enum_slot slot,
goto decipher_out; goto decipher_out;
} }
sscanf(cmdline_parser_slot_values[slot], "%2x", &key); sscanf(cmdline_parser_slot_values[slot], "%2x", &key);
if(algorithm == YKPIV_ALGO_RSA1024 || algorithm == YKPIV_ALGO_RSA2048) { if(IS_RSAKEY(algorithm)) {
unsigned char secret[32]; unsigned char secret[32];
unsigned char secret2[32]; unsigned char secret2[32];
unsigned char data[256]; unsigned char data[256];
@@ -1432,7 +1441,7 @@ static bool test_decipher(ykpiv_state *state, enum enum_slot slot,
} else { } else {
fprintf(stderr, "Failed unwrapping PKCS1 envelope.\n"); fprintf(stderr, "Failed unwrapping PKCS1 envelope.\n");
} }
} else if(algorithm == YKPIV_ALGO_ECCP256 || algorithm == YKPIV_ALGO_ECCP384) { } else if(IS_ECKEY(algorithm)) {
unsigned char secret[48]; unsigned char secret[48];
unsigned char secret2[48]; unsigned char secret2[48];
unsigned char public_key[97]; unsigned char public_key[97];