From 7bb2fcb4974efc1527e05c04bd8da6ee63020f73 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Sun, 7 Nov 2021 20:15:24 +0100
Subject: [PATCH] Wrap RSA-hashes in digestinfo, for internal_authenticate() in
 the new fn authenticate_for_hash().

---
 openpgp-card/src/card_app.rs | 57 ++++++++++++++++++++++++------------
 1 file changed, 38 insertions(+), 19 deletions(-)

diff --git a/openpgp-card/src/card_app.rs b/openpgp-card/src/card_app.rs
index f2b4295..12227dd 100644
--- a/openpgp-card/src/card_app.rs
+++ b/openpgp-card/src/card_app.rs
@@ -461,22 +461,8 @@ impl CardApp {
 
     // --- sign ---
 
-    /// Sign `hash`, on the card.
-    ///
-    /// This is a wrapper around the low-level
-    /// pso_compute_digital_signature operation.
-    /// It builds the required `data` field from `hash`.
-    ///
-    /// For RSA, this means a "DigestInfo" data structure is generated.
-    /// (see 7.2.10.2 DigestInfo for RSA).
-    ///
-    /// With ECC the hash data is processed as is, using
-    /// pso_compute_digital_signature.
-    pub fn signature_for_hash(
-        &mut self,
-        hash: Hash,
-    ) -> Result<Vec<u8>, Error> {
-        let data = match hash {
+    fn digestinfo(hash: Hash) -> Vec<u8> {
+        match hash {
             Hash::SHA256(_) | Hash::SHA384(_) | Hash::SHA512(_) => {
                 let tlv = Tlv::new(
                     [0x30],
@@ -500,9 +486,25 @@ impl CardApp {
             }
             Hash::EdDSA(d) => d.to_vec(),
             Hash::ECDSA(d) => d.to_vec(),
-        };
+        }
+    }
 
-        self.pso_compute_digital_signature(data)
+    /// Sign `hash`, on the card.
+    ///
+    /// This is a wrapper around the low-level
+    /// pso_compute_digital_signature operation.
+    /// It builds the required `data` field from `hash`.
+    ///
+    /// For RSA, this means a "DigestInfo" data structure is generated.
+    /// (see 7.2.10.2 DigestInfo for RSA).
+    ///
+    /// With ECC the hash data is processed as is, using
+    /// pso_compute_digital_signature.
+    pub fn signature_for_hash(
+        &mut self,
+        hash: Hash,
+    ) -> Result<Vec<u8>, Error> {
+        self.pso_compute_digital_signature(Self::digestinfo(hash))
     }
 
     /// Run signing operation on the smartcard (low level operation)
@@ -520,9 +522,26 @@ impl CardApp {
 
     // --- internal authenticate ---
 
+    /// Auth-sign `hash`, on the card.
+    ///
+    /// This is a wrapper around the low-level
+    /// internal_authenticate operation.
+    /// It builds the required `data` field from `hash`.
+    ///
+    /// For RSA, this means a "DigestInfo" data structure is generated.
+    /// (see 7.2.10.2 DigestInfo for RSA).
+    ///
+    /// With ECC the hash data is processed as is.
+    pub fn authenticate_for_hash(
+        &mut self,
+        hash: Hash,
+    ) -> Result<Vec<u8>, Error> {
+        self.internal_authenticate(Self::digestinfo(hash))
+    }
+
     /// Run signing operation on the smartcard (low level operation)
     /// (7.2.13 INTERNAL AUTHENTICATE)
-    pub fn internal_authenticate(
+    fn internal_authenticate(
         &mut self,
         data: Vec<u8>,
     ) -> Result<Vec<u8>, Error> {