feat: decrypt print raw data

2022-04-12 23:37:48 +08:00
parent 4a90258b6b
commit 9dafa55afa
2 changed files with 21 additions and 2 deletions
--- a/src/cmd_pivsign.rs
+++ b/src/cmd_pivsign.rs
@@ -31,13 +31,20 @@ impl Command for CommandImpl {
        let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}");
        opt_result!(yk.verify_pin(pin.as_bytes()), "YubiKey verify pin failed: {}");

-        let sha256_prefix = hex::decode("3031300d060960864801650304020105000420").unwrap();
+        // https://www.ibm.com/docs/en/zos/2.2.0?topic=cryptography-pkcs-1-formats
+        // MD5  X’3020300C 06082A86 4886F70D 02050500 0410’ || 16-byte hash value
+        // SHA-1  X'30213009 06052B0E 03021A05 000414’ || 20-byte hash value
+        // SHA-224  X’302D300D 06096086 48016503 04020405 00041C’ || 28-byte hash value
+        // SHA-256  X’3031300D 06096086 48016503 04020105 000420’ || 32-byte hash value
+        // SHA-384  X’3041300D 06096086 48016503 04020205 000430’ || 48-byte hash value
+        // SHA-512  X’3051300D 06096086 48016503 04020305 000440’ || 64-byte hash value
+        let sha256_der_prefix = hex::decode("3031300d060960864801650304020105000420").unwrap();

        if let Some(sha256_hex) = sha256_hex_opt {
            let hash = opt_result!(hex::decode(sha256_hex), "Decode sha256 failed: {}");

            let mut hash_with_oid = Vec::with_capacity(128);
-            hash_with_oid.extend_from_slice(&sha256_prefix);
+            hash_with_oid.extend_from_slice(&sha256_der_prefix);
            hash_with_oid.extend_from_slice(&hash);
            let hash_padding = pkcs1_padding_for_sign(&hash_with_oid, 2048).unwrap();
            rust_util::util_msg::when(MessageType::DEBUG, || {
--- a/src/cmd_rsadecrypt.rs
+++ b/src/cmd_rsadecrypt.rs
@@ -1,10 +1,12 @@
 use std::collections::BTreeMap;

 use clap::{App, Arg, ArgMatches, SubCommand};
+use openssl::bn::{BigNum, BigNumContext};
 use openssl::encrypt::Decrypter;
 use openssl::pkey::PKey;
 use openssl::rsa::Rsa;
 use rust_util::util_clap::{Command, CommandError};
+use rust_util::util_msg::MessageType;

 pub struct CommandImpl;

@@ -43,6 +45,16 @@ impl Command for CommandImpl {
            return simple_error!("Data is required, --data-hex or --data argument!");
        };

+        rust_util::util_msg::when(MessageType::DEBUG, || {
+            let rsa = keypair.rsa().unwrap();
+            let n = rsa.n();
+            let d = rsa.d();
+            let m = BigNum::from_slice(&encrypted).unwrap();
+            let mut r = BigNum::new().unwrap();
+            r.mod_exp(&m, d, n, &mut BigNumContext::new().unwrap()).unwrap();
+            debugging!("Encrypted raw HEX: {}", hex::encode(&r.to_vec()));
+        });
+
        let mut decrypter = opt_result!(Decrypter::new(&keypair), "Decrypter new failed: {}");
        opt_result!(decrypter.set_rsa_padding(padding), "Set RSA padding failed: {}");
        let buffer_len = opt_result!(decrypter.decrypt_len(&encrypted), "Decrypt len failed: {}");