add support for decrypt RSA OAEP

2023-11-01 18:13:33 -04:00 · 2023-11-01 18:13:33 -04:00 · 766068b5bc
parent dac1fd2bba
commit 766068b5bc
3 changed files with 31 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -14,6 +14,7 @@ Currently the following commands are implemented:
 * PutAsymmetricKey
 * GetPubKey
 * DeriveEcdh
+ * DecryptOaep
 * Echo
 * ChangeAuthenticationKey
 * PutAuthenticationKey
--- a/commands/constructors.go
+++ b/commands/constructors.go
@ -264,6 +264,24 @@ func CreateDeriveEcdhCommand(objID uint16, pubkey []byte) (*CommandMessage, erro
 	return command, nil
 }

+func CreateDecryptOaepCommand(objID uint16, algorithm Algorithm, ciphertextFile []byte) (*CommandMessage, error) {
+	if algorithm < AlgorithmRSAOAEPSHA1 || algorithm > AlgorithmRSAOAEPSHA512 {
+        return nil, errors.New("invalid algorithm")
+    }
+
+	command := &CommandMessage{
+		CommandType: CommandTypeDecryptOaep,
+	}
+
+	payload := bytes.NewBuffer([]byte{})
+	binary.Write(payload, binary.BigEndian, objID)
+	binary.Write(payload, binary.BigEndian, algorithm)
+	payload.Write(ciphertextFile)
+	command.Data = payload.Bytes()
+
+	return command, nil
+}
+
 func CreateChangeAuthenticationKeyCommand(objID uint16, newPassword string) (*CommandMessage, error) {
 	command := &CommandMessage{
 		CommandType: CommandTypeChangeAuthenticationKey,
--- a/commands/response.go
+++ b/commands/response.go
@ -94,6 +94,10 @@ type (
 		XCoordinate []byte
 	}

+    DecryptOaepResponse struct {
+		Plaintext []byte
+	}
+
 	ChangeAuthenticationKeyResponse struct {
 		ObjectID uint16
 	}
@ -183,6 +187,8 @@ func ParseResponse(data []byte) (Response, error) {
 		return parseEchoResponse(payload)
 	case CommandTypeDeriveEcdh:
 		return parseDeriveEcdhResponse(payload)
+    case CommandTypeDecryptOaep:
+		return parseDecryptOaepResponse(payload)
 	case CommandTypeChangeAuthenticationKey:
 		return parseChangeAuthenticationKeyResponse(payload)
 	case CommandTypeGetPseudoRandom:
@ -364,6 +370,12 @@ func parseDeriveEcdhResponse(payload []byte) (Response, error) {
 	}, nil
 }

+func parseDecryptOaepResponse(payload []byte) (Response, error) {
+	return &DecryptOaepResponse{
+		Plaintext: payload,
+	}, nil
+}
+
 func parseChangeAuthenticationKeyResponse(payload []byte) (Response, error) {
 	if len(payload) != 2 {
 		return nil, errors.New("invalid response payload length")