From 288a2a8325d92521b78c8a386a74889c5967c0bb Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Tue, 9 Nov 2021 16:43:59 +0100 Subject: [PATCH] Add comments/assert for PSO: DECIPHER --- openpgp-card-sequoia/src/decryptor.rs | 8 +++++++- openpgp-card/src/card_app.rs | 7 +++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/openpgp-card-sequoia/src/decryptor.rs b/openpgp-card-sequoia/src/decryptor.rs index 46df862..08f412e 100644 --- a/openpgp-card-sequoia/src/decryptor.rs +++ b/openpgp-card-sequoia/src/decryptor.rs @@ -103,6 +103,12 @@ impl<'a> crypto::Decryptor for CardDecryptor<'a> { mpi::PublicKey::ECDH { ref curve, .. }, ) => { let dm = if curve == &Curve::Cv25519 { + assert_eq!( + e.value()[0], + 0x40, + "Unexpected shape of decrypted Cv25519 data" + ); + // Ephemeral key without header byte 0x40 Cryptogram::ECDH(&e.value()[1..]) } else { @@ -119,7 +125,7 @@ impl<'a> crypto::Decryptor for CardDecryptor<'a> { if curve == &Curve::NistP256 && dec.len() == 65 { assert_eq!( dec[0], 0x04, - "unexpected shape of decrypted data" + "Unexpected shape of decrypted NistP256 data" ); // see Gnuk src/call-ec.c:82 diff --git a/openpgp-card/src/card_app.rs b/openpgp-card/src/card_app.rs index 416dfbb..a5713bd 100644 --- a/openpgp-card/src/card_app.rs +++ b/openpgp-card/src/card_app.rs @@ -424,6 +424,7 @@ impl CardApp { pub fn decipher(&mut self, dm: Cryptogram) -> Result, Error> { match dm { Cryptogram::RSA(message) => { + // "Padding indicator byte (00) for RSA" (pg. 69) let mut data = vec![0x0]; // FIXME: The spec says we should "format according to PKCS#1" @@ -434,6 +435,12 @@ impl CardApp { self.pso_decipher(data) } Cryptogram::ECDH(eph) => { + // "In case of ECDH the card supports a partial decrypt + // only. The input is a cipher DO with the following data:" + // A6 xx Cipher DO + // -> 7F49 xx Public Key DO + // -> 86 xx External Public Key + // External Public Key let epk = Tlv::new([0x86], Value::S(eph.to_vec()));