diff options
author | Jakub Jelen <jjelen@redhat.com> | 2020-10-29 16:23:34 +0100 |
---|---|---|
committer | Jakub Jelen <jjelen@redhat.com> | 2021-01-04 17:33:22 +0100 |
commit | 323defeef280bf2de63d6b5dcdfc13ab7ed9ff4b (patch) | |
tree | 3860fd7117f6d9e8be770a07959b0ae2edf1fa4d | |
parent | 8676f404a2284a7638717e59da0d1921e3e688b8 (diff) |
vcard_emul_nss: Fix RAW deciphering emulation using PKCS1 method
This reverts the commit c3838328 which technically made this
code dead code.
I got a clarifiction from Bob, that the code was wrong, including
the assert, which caused a lot of confusion in the past.
Fixes #25
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
-rw-r--r-- | src/vcard_emul_nss.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/vcard_emul_nss.c b/src/vcard_emul_nss.c index f30576e..1f922c5 100644 --- a/src/vcard_emul_nss.c +++ b/src/vcard_emul_nss.c @@ -201,10 +201,12 @@ vcard_emul_map_error(int error) case SEC_ERROR_NO_KEY: case SEC_ERROR_INVALID_KEY: case SEC_ERROR_DECRYPTION_DISALLOWED: + case SEC_ERROR_PKCS11_GENERAL_ERROR: return VCARD7816_STATUS_ERROR_DATA_INVALID; case SEC_ERROR_NO_MEMORY: return VCARD7816_STATUS_EXC_ERROR_MEMORY_FAILURE; default: + g_debug("error %x", 0x2000 + error); g_warn_if_reached(); } return VCARD7816_STATUS_EXC_ERROR_CHANGE; @@ -343,15 +345,21 @@ vcard_emul_rsa_op(VCard *card, VCardKey *key, key->failedX509 = VCardEmulTrue; goto cleanup; } - } else { - /* We can not do raw RSA operation, nor the data looks like PKCS#1.5 - * bail out. - */ - ret = VCARD7816_STATUS_ERROR_DATA_INVALID; + } + /* We can not do raw RSA operation and the bytes do not look like PKCS#1.5 + * Assuming it is deciphering operation. + */ + rv = PK11_PrivDecryptPKCS1(priv_key, bp, &signature_len, buffer_size, buffer, buffer_size); + if (rv != SECSuccess) { + /* The assumption was wrong. Give up */ + ret = vcard_emul_map_error(PORT_GetError()); goto cleanup; } pad_len = buffer_size - signature_len; - assert(pad_len < 4); + if (pad_len < 4) { + ret = VCARD7816_STATUS_ERROR_GENERAL; + goto cleanup; + } /* * OK now we've decrypted the payload, package it up in PKCS #1 for the * upper layer. |