From 9dafa55afa7d429cc5519a35e2acc1e7206a0c22 Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Tue, 12 Apr 2022 23:37:48 +0800
Subject: [PATCH] feat: decrypt print raw data

---
 src/cmd_pivsign.rs    | 11 +++++++++--
 src/cmd_rsadecrypt.rs | 12 ++++++++++++
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/cmd_pivsign.rs b/src/cmd_pivsign.rs
index 1a5b473..f079fa0 100644
--- a/src/cmd_pivsign.rs
+++ b/src/cmd_pivsign.rs
@@ -31,13 +31,20 @@ impl Command for CommandImpl {
         let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}");
         opt_result!(yk.verify_pin(pin.as_bytes()), "YubiKey verify pin failed: {}");
 
-        let sha256_prefix = hex::decode("3031300d060960864801650304020105000420").unwrap();
+        // https://www.ibm.com/docs/en/zos/2.2.0?topic=cryptography-pkcs-1-formats
+        // MD5  X’3020300C 06082A86 4886F70D 02050500 0410’ || 16-byte hash value
+        // SHA-1  X'30213009 06052B0E 03021A05 000414’ || 20-byte hash value
+        // SHA-224  X’302D300D 06096086 48016503 04020405 00041C’ || 28-byte hash value
+        // SHA-256  X’3031300D 06096086 48016503 04020105 000420’ || 32-byte hash value
+        // SHA-384  X’3041300D 06096086 48016503 04020205 000430’ || 48-byte hash value
+        // SHA-512  X’3051300D 06096086 48016503 04020305 000440’ || 64-byte hash value
+        let sha256_der_prefix = hex::decode("3031300d060960864801650304020105000420").unwrap();
 
         if let Some(sha256_hex) = sha256_hex_opt {
             let hash = opt_result!(hex::decode(sha256_hex), "Decode sha256 failed: {}");
 
             let mut hash_with_oid = Vec::with_capacity(128);
-            hash_with_oid.extend_from_slice(&sha256_prefix);
+            hash_with_oid.extend_from_slice(&sha256_der_prefix);
             hash_with_oid.extend_from_slice(&hash);
             let hash_padding = pkcs1_padding_for_sign(&hash_with_oid, 2048).unwrap();
             rust_util::util_msg::when(MessageType::DEBUG, || {
diff --git a/src/cmd_rsadecrypt.rs b/src/cmd_rsadecrypt.rs
index b4bd232..3b2b278 100644
--- a/src/cmd_rsadecrypt.rs
+++ b/src/cmd_rsadecrypt.rs
@@ -1,10 +1,12 @@
 use std::collections::BTreeMap;
 
 use clap::{App, Arg, ArgMatches, SubCommand};
+use openssl::bn::{BigNum, BigNumContext};
 use openssl::encrypt::Decrypter;
 use openssl::pkey::PKey;
 use openssl::rsa::Rsa;
 use rust_util::util_clap::{Command, CommandError};
+use rust_util::util_msg::MessageType;
 
 pub struct CommandImpl;
 
@@ -43,6 +45,16 @@ impl Command for CommandImpl {
             return simple_error!("Data is required, --data-hex or --data argument!");
         };
 
+        rust_util::util_msg::when(MessageType::DEBUG, || {
+            let rsa = keypair.rsa().unwrap();
+            let n = rsa.n();
+            let d = rsa.d();
+            let m = BigNum::from_slice(&encrypted).unwrap();
+            let mut r = BigNum::new().unwrap();
+            r.mod_exp(&m, d, n, &mut BigNumContext::new().unwrap()).unwrap();
+            debugging!("Encrypted raw HEX: {}", hex::encode(&r.to_vec()));
+        });
+
         let mut decrypter = opt_result!(Decrypter::new(&keypair), "Decrypter new failed: {}");
         opt_result!(decrypter.set_rsa_padding(padding), "Set RSA padding failed: {}");
         let buffer_len = opt_result!(decrypter.decrypt_len(&encrypted), "Decrypt len failed: {}");