Add comments/assert for PSO: DECIPHER
This commit is contained in:
parent
39e7eaa9cc
commit
288a2a8325
2 changed files with 14 additions and 1 deletions
|
@ -103,6 +103,12 @@ impl<'a> crypto::Decryptor for CardDecryptor<'a> {
|
||||||
mpi::PublicKey::ECDH { ref curve, .. },
|
mpi::PublicKey::ECDH { ref curve, .. },
|
||||||
) => {
|
) => {
|
||||||
let dm = if curve == &Curve::Cv25519 {
|
let dm = if curve == &Curve::Cv25519 {
|
||||||
|
assert_eq!(
|
||||||
|
e.value()[0],
|
||||||
|
0x40,
|
||||||
|
"Unexpected shape of decrypted Cv25519 data"
|
||||||
|
);
|
||||||
|
|
||||||
// Ephemeral key without header byte 0x40
|
// Ephemeral key without header byte 0x40
|
||||||
Cryptogram::ECDH(&e.value()[1..])
|
Cryptogram::ECDH(&e.value()[1..])
|
||||||
} else {
|
} else {
|
||||||
|
@ -119,7 +125,7 @@ impl<'a> crypto::Decryptor for CardDecryptor<'a> {
|
||||||
if curve == &Curve::NistP256 && dec.len() == 65 {
|
if curve == &Curve::NistP256 && dec.len() == 65 {
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
dec[0], 0x04,
|
dec[0], 0x04,
|
||||||
"unexpected shape of decrypted data"
|
"Unexpected shape of decrypted NistP256 data"
|
||||||
);
|
);
|
||||||
|
|
||||||
// see Gnuk src/call-ec.c:82
|
// see Gnuk src/call-ec.c:82
|
||||||
|
|
|
@ -424,6 +424,7 @@ impl CardApp {
|
||||||
pub fn decipher(&mut self, dm: Cryptogram) -> Result<Vec<u8>, Error> {
|
pub fn decipher(&mut self, dm: Cryptogram) -> Result<Vec<u8>, Error> {
|
||||||
match dm {
|
match dm {
|
||||||
Cryptogram::RSA(message) => {
|
Cryptogram::RSA(message) => {
|
||||||
|
// "Padding indicator byte (00) for RSA" (pg. 69)
|
||||||
let mut data = vec![0x0];
|
let mut data = vec![0x0];
|
||||||
|
|
||||||
// FIXME: The spec says we should "format according to PKCS#1"
|
// FIXME: The spec says we should "format according to PKCS#1"
|
||||||
|
@ -434,6 +435,12 @@ impl CardApp {
|
||||||
self.pso_decipher(data)
|
self.pso_decipher(data)
|
||||||
}
|
}
|
||||||
Cryptogram::ECDH(eph) => {
|
Cryptogram::ECDH(eph) => {
|
||||||
|
// "In case of ECDH the card supports a partial decrypt
|
||||||
|
// only. The input is a cipher DO with the following data:"
|
||||||
|
// A6 xx Cipher DO
|
||||||
|
// -> 7F49 xx Public Key DO
|
||||||
|
// -> 86 xx External Public Key
|
||||||
|
|
||||||
// External Public Key
|
// External Public Key
|
||||||
let epk = Tlv::new([0x86], Value::S(eph.to_vec()));
|
let epk = Tlv::new([0x86], Value::S(eph.to_vec()));
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue