pkcs15: add 'context' parameter to the strip padding procedures
and add debug messages
This commit is contained in:
parent
daa79054c0
commit
bdd264936c
|
@ -902,7 +902,7 @@ cardos_compute_signature(sc_card_t *card, const u8 *data, size_t datalen,
|
|||
if(do_rsa_sig == 1){
|
||||
sc_log(ctx, "trying RSA_SIG (just the DigestInfo)");
|
||||
/* remove padding: first try pkcs1 bt01 padding */
|
||||
r = sc_pkcs1_strip_01_padding(data, datalen, buf, &tmp_len);
|
||||
r = sc_pkcs1_strip_01_padding(ctx, data, datalen, buf, &tmp_len);
|
||||
if (r != SC_SUCCESS) {
|
||||
const u8 *p = data;
|
||||
/* no pkcs1 bt01 padding => let's try zero padding
|
||||
|
|
|
@ -551,7 +551,7 @@ incrypto34_compute_signature(sc_card_t *card, const u8 *data, size_t datalen,
|
|||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL,
|
||||
"trying RSA_SIG (just the DigestInfo)\n");
|
||||
/* remove padding: first try pkcs1 bt01 padding */
|
||||
r = sc_pkcs1_strip_01_padding(data, datalen, buf, &tmp_len);
|
||||
r = sc_pkcs1_strip_01_padding(ctx, data, datalen, buf, &tmp_len);
|
||||
if (r != SC_SUCCESS) {
|
||||
const u8 *p = data;
|
||||
/* no pkcs1 bt01 padding => let's try zero padding.
|
||||
|
|
|
@ -127,10 +127,10 @@ int _sc_card_add_ec_alg(struct sc_card *card, unsigned int key_length,
|
|||
/* pkcs1 padding/encoding functions */
|
||||
/********************************************************************/
|
||||
|
||||
int sc_pkcs1_strip_01_padding(const u8 *in_dat, size_t in_len, u8 *out_dat,
|
||||
size_t *out_len);
|
||||
int sc_pkcs1_strip_02_padding(const u8 *data, size_t len, u8 *out_dat,
|
||||
size_t *out_len);
|
||||
int sc_pkcs1_strip_01_padding(struct sc_context *ctx, const u8 *in_dat, size_t in_len,
|
||||
u8 *out_dat, size_t *out_len);
|
||||
int sc_pkcs1_strip_02_padding(struct sc_context *ctx, const u8 *data, size_t len,
|
||||
u8 *out_dat, size_t *out_len);
|
||||
int sc_pkcs1_strip_digest_info_prefix(unsigned int *algorithm,
|
||||
const u8 *in_dat, size_t in_len, u8 *out_dat, size_t *out_len);
|
||||
|
||||
|
@ -140,7 +140,7 @@ int sc_pkcs1_strip_digest_info_prefix(unsigned int *algorithm,
|
|||
* @param flags IN the algorithm to use
|
||||
* @param in IN input buffer
|
||||
* @param inlen IN length of the input
|
||||
* @param out OUT output buffer (in == out is allowed)
|
||||
* @param out OUT output buffer (in == out is allowed)
|
||||
* @param outlen OUT length of the output buffer
|
||||
* @param modlen IN length of the modulus in bytes
|
||||
* @return SC_SUCCESS on success and an error code otherwise
|
||||
|
|
|
@ -103,8 +103,9 @@ static int sc_pkcs1_add_01_padding(const u8 *in, size_t in_len,
|
|||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
int sc_pkcs1_strip_01_padding(const u8 *in_dat, size_t in_len,
|
||||
u8 *out, size_t *out_len)
|
||||
int
|
||||
sc_pkcs1_strip_01_padding(struct sc_context *ctx, const u8 *in_dat, size_t in_len,
|
||||
u8 *out, size_t *out_len)
|
||||
{
|
||||
const u8 *tmp = in_dat;
|
||||
size_t len;
|
||||
|
@ -134,37 +135,43 @@ int sc_pkcs1_strip_01_padding(const u8 *in_dat, size_t in_len,
|
|||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/* remove pkcs1 BT02 padding (adding BT02 padding is currently not
|
||||
* needed/implemented) */
|
||||
int sc_pkcs1_strip_02_padding(const u8 *data, size_t len, u8 *out,
|
||||
size_t *out_len)
|
||||
int
|
||||
sc_pkcs1_strip_02_padding(sc_context_t *ctx, const u8 *data, size_t len, u8 *out, size_t *out_len)
|
||||
{
|
||||
unsigned int n = 0;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
if (data == NULL || len < 3)
|
||||
return SC_ERROR_INTERNAL;
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_INTERNAL);
|
||||
|
||||
/* skip leading zero byte */
|
||||
if (*data == 0) {
|
||||
data++;
|
||||
len--;
|
||||
}
|
||||
if (data[0] != 0x02)
|
||||
return SC_ERROR_WRONG_PADDING;
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_WRONG_PADDING);
|
||||
/* skip over padding bytes */
|
||||
for (n = 1; n < len && data[n]; n++)
|
||||
;
|
||||
/* Must be at least 8 pad bytes */
|
||||
if (n >= len || n < 9)
|
||||
return SC_ERROR_WRONG_PADDING;
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_WRONG_PADDING);
|
||||
n++;
|
||||
if (out == NULL)
|
||||
/* just check the padding */
|
||||
return SC_SUCCESS;
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
|
||||
/* Now move decrypted contents to head of buffer */
|
||||
if (*out_len < len - n)
|
||||
return SC_ERROR_INTERNAL;
|
||||
LOG_FUNC_RETURN(ctx, SC_ERROR_INTERNAL);
|
||||
memmove(out, data + n, len - n);
|
||||
return len - n;
|
||||
|
||||
sc_log(ctx, "stripped output(%i): %s", len - n, sc_dump_hex(out, len - n));
|
||||
LOG_FUNC_RETURN(ctx, len - n);
|
||||
}
|
||||
|
||||
/* add/remove DigestInfo prefix */
|
||||
|
|
|
@ -169,7 +169,7 @@ int sc_pkcs15_decipher(struct sc_pkcs15_card *p15card,
|
|||
/* Strip any padding */
|
||||
if (pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) {
|
||||
size_t s = r;
|
||||
r = sc_pkcs1_strip_02_padding(out, s, out, &s);
|
||||
r = sc_pkcs1_strip_02_padding(ctx, out, s, out, &s);
|
||||
LOG_TEST_RET(ctx, r, "Invalid PKCS#1 padding");
|
||||
}
|
||||
|
||||
|
@ -276,7 +276,7 @@ int sc_pkcs15_derive(struct sc_pkcs15_card *p15card,
|
|||
/* Strip any padding */
|
||||
if (pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) {
|
||||
size_t s = r;
|
||||
r = sc_pkcs1_strip_02_padding(out, s, out, &s);
|
||||
r = sc_pkcs1_strip_02_padding(ctx, out, s, out, &s);
|
||||
LOG_TEST_RET(ctx, r, "Invalid PKCS#1 padding");
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue