Skip to content

Commit ee087b8

Browse files
antoinelochetantoinelochet
committed
Refactored sign/verify mechanism parameters handling
1 parent 4ff60ad commit ee087b8

34 files changed

Lines changed: 348 additions & 264 deletions

src/lib/SoftHSM.cpp

Lines changed: 27 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@
6363
#include "GOSTPublicKey.h"
6464
#include "GOSTPrivateKey.h"
6565
#include "MLDSAParameters.h"
66+
#include "MLDSAMechanismParam.h"
6667
#include "MLDSAPublicKey.h"
6768
#include "MLDSAPrivateKey.h"
6869
#include "MLDSAUtil.h"
@@ -4182,6 +4183,7 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
41824183
AsymMech::Type mechanism = AsymMech::Unknown;
41834184
void* param = NULL;
41844185
size_t paramLen = 0;
4186+
MechanismParam* mechanismParam = NULL;
41854187
RSA_PKCS_PSS_PARAMS pssParam;
41864188
bool bAllowMultiPartOp;
41874189
bool isRSA = false;
@@ -4194,7 +4196,7 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
41944196
#endif
41954197
#ifdef WITH_ML_DSA
41964198
bool isMLDSA = false;
4197-
SIGN_ADDITIONAL_CONTEXT mldsaParam;
4199+
MLDSAMechanismParam mldsaParam;
41984200
#endif
41994201
switch(pMechanism->mechanism) {
42004202
case CKM_RSA_PKCS:
@@ -4493,12 +4495,13 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
44934495
ERROR_MSG("Invalid parameters");
44944496
return CKR_ARGUMENTS_BAD;
44954497
}
4496-
mldsaParam.additionalContext = new ByteString(ckSignAdditionalContext->pContext, ckSignAdditionalContext->ulContextLen);
4497-
} else {
4498-
mldsaParam.additionalContext = NULL;
4498+
if (ckSignAdditionalContext->ulContextLen > 255) {
4499+
ERROR_MSG("Invalid parameters");
4500+
return CKR_ARGUMENTS_BAD;
4501+
}
4502+
mldsaParam.additionalContext = ByteString(ckSignAdditionalContext->pContext, ckSignAdditionalContext->ulContextLen);
44994503
}
4500-
param = &mldsaParam;
4501-
paramLen = sizeof(mldsaParam);
4504+
mechanismParam = &mldsaParam;
45024505
}
45034506
break;
45044507
#endif
@@ -4651,6 +4654,7 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
46514654
session->setAsymmetricCryptoOp(asymCrypto);
46524655
session->setMechanism(mechanism);
46534656
session->setParameters(param, paramLen);
4657+
session->setMechanismParam(mechanismParam);
46544658
session->setAllowMultiPartOp(bAllowMultiPartOp);
46554659
session->setAllowSinglePartOp(true);
46564660
session->setPrivateKey(privateKey);
@@ -4732,6 +4736,7 @@ static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, C
47324736
PrivateKey* privateKey = session->getPrivateKey();
47334737
size_t paramLen;
47344738
void* param = session->getParameters(paramLen);
4739+
MechanismParam* mechanismParam = session->getMechanismParam();
47354740
if (asymCrypto == NULL || !session->getAllowSinglePartOp() || privateKey == NULL)
47364741
{
47374742
session->resetOp();
@@ -4781,7 +4786,7 @@ static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, C
47814786
return CKR_GENERAL_ERROR;
47824787
}
47834788
}
4784-
else if (!asymCrypto->sign(privateKey,data,signature,mechanism,param,paramLen))
4789+
else if (!asymCrypto->sign(privateKey,data,signature,mechanism,param,paramLen,mechanismParam))
47854790
{
47864791
session->resetOp();
47874792
return CKR_GENERAL_ERROR;
@@ -5250,6 +5255,7 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
52505255
AsymMech::Type mechanism = AsymMech::Unknown;
52515256
void* param = NULL;
52525257
size_t paramLen = 0;
5258+
MechanismParam* mechanismParam = NULL;
52535259
RSA_PKCS_PSS_PARAMS pssParam;
52545260
bool bAllowMultiPartOp;
52555261
bool isRSA = false;
@@ -5262,7 +5268,7 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
52625268
#endif
52635269
#ifdef WITH_ML_DSA
52645270
bool isMLDSA = false;
5265-
SIGN_ADDITIONAL_CONTEXT mldsaParam;
5271+
MLDSAMechanismParam mldsaParam;
52665272
#endif
52675273
switch(pMechanism->mechanism) {
52685274
case CKM_RSA_PKCS:
@@ -5555,12 +5561,17 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
55555561
return CKR_ARGUMENTS_BAD;
55565562
}
55575563
if (ckSignAdditionalContext->ulContextLen > 0) {
5558-
mldsaParam.additionalContext = new ByteString(ckSignAdditionalContext->pContext, ckSignAdditionalContext->ulContextLen);
5559-
} else {
5560-
mldsaParam.additionalContext = NULL;
5564+
if (ckSignAdditionalContext->pContext == NULL_PTR) {
5565+
ERROR_MSG("Invalid parameters");
5566+
return CKR_ARGUMENTS_BAD;
5567+
}
5568+
if (ckSignAdditionalContext->ulContextLen > 255) {
5569+
ERROR_MSG("Invalid parameters");
5570+
return CKR_ARGUMENTS_BAD;
5571+
}
5572+
mldsaParam.additionalContext = ByteString(ckSignAdditionalContext->pContext, ckSignAdditionalContext->ulContextLen);
55615573
}
5562-
param = &mldsaParam;
5563-
paramLen = sizeof(mldsaParam);
5574+
mechanismParam = &mldsaParam;
55645575
}
55655576
break;
55665577
#endif
@@ -5707,6 +5718,7 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
57075718
session->setAsymmetricCryptoOp(asymCrypto);
57085719
session->setMechanism(mechanism);
57095720
session->setParameters(param, paramLen);
5721+
session->setMechanismParam(mechanismParam);
57105722
session->setAllowMultiPartOp(bAllowMultiPartOp);
57115723
session->setAllowSinglePartOp(true);
57125724
session->setPublicKey(publicKey);
@@ -5776,6 +5788,7 @@ static CK_RV AsymVerify(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
57765788
PublicKey* publicKey = session->getPublicKey();
57775789
size_t paramLen;
57785790
void* param = session->getParameters(paramLen);
5791+
MechanismParam* mechanismParam = session->getMechanismParam();
57795792
if (asymCrypto == NULL || !session->getAllowSinglePartOp() || publicKey == NULL)
57805793
{
57815794
session->resetOp();
@@ -5815,7 +5828,7 @@ static CK_RV AsymVerify(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
58155828
return CKR_SIGNATURE_INVALID;
58165829
}
58175830
}
5818-
else if (!asymCrypto->verify(publicKey,data,signature,mechanism,param,paramLen))
5831+
else if (!asymCrypto->verify(publicKey,data,signature,mechanism,param,paramLen,mechanismParam))
58195832
{
58205833
session->resetOp();
58215834
return CKR_SIGNATURE_INVALID;

src/lib/crypto/AsymmetricAlgorithm.cpp

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,8 @@ AsymmetricAlgorithm::AsymmetricAlgorithm()
4747
// Signing functions
4848
bool AsymmetricAlgorithm::sign(PrivateKey* privateKey, const ByteString& dataToSign,
4949
ByteString& signature, const AsymMech::Type mechanism,
50-
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
50+
const void* param /* = NULL */, const size_t paramLen /* = 0 */,
51+
const MechanismParam* /* mechanismParam = NULL */)
5152
{
5253
// Compose from multi-part operations
5354
return (signInit(privateKey, mechanism, param, paramLen) && signUpdate(dataToSign) && signFinal(signature));
@@ -95,7 +96,8 @@ bool AsymmetricAlgorithm::signFinal(ByteString& /*signature*/)
9596
// Verification functions
9697
bool AsymmetricAlgorithm::verify(PublicKey* publicKey, const ByteString& originalData,
9798
const ByteString& signature, const AsymMech::Type mechanism,
98-
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
99+
const void* param /* = NULL */, const size_t paramLen /* = 0 */,
100+
const MechanismParam* /* mechanismParam = NULL */)
99101
{
100102
// Compose from multi-part operations
101103
return (verifyInit(publicKey, mechanism, param, paramLen) && verifyUpdate(originalData) && verifyFinal(signature));

src/lib/crypto/AsymmetricAlgorithm.h

Lines changed: 3 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@
3939
#include "config.h"
4040
#include "AsymmetricKeyPair.h"
4141
#include "AsymmetricParameters.h"
42+
#include "MechanismParam.h"
4243
#include "HashAlgorithm.h"
4344
#include "PublicKey.h"
4445
#include "PrivateKey.h"
@@ -121,22 +122,6 @@ struct RSA_PKCS_PSS_PARAMS
121122
size_t sLen;
122123
};
123124

124-
struct Hedge
125-
{
126-
enum Type
127-
{
128-
HEDGE_PREFERRED,
129-
HEDGE_REQUIRED,
130-
DETERMINISTIC_REQUIRED
131-
};
132-
};
133-
134-
struct SIGN_ADDITIONAL_CONTEXT
135-
{
136-
Hedge::Type hedgeType;
137-
ByteString* additionalContext;
138-
};
139-
140125
class AsymmetricAlgorithm
141126
{
142127
public:
@@ -147,13 +132,13 @@ class AsymmetricAlgorithm
147132
virtual ~AsymmetricAlgorithm() { }
148133

149134
// Signing functions
150-
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
135+
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
151136
virtual bool signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
152137
virtual bool signUpdate(const ByteString& dataToSign);
153138
virtual bool signFinal(ByteString& signature);
154139

155140
// Verification functions
156-
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
141+
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
157142
virtual bool verifyInit(PublicKey* publicKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
158143
virtual bool verifyUpdate(const ByteString& originalData);
159144
virtual bool verifyFinal(const ByteString& signature);

src/lib/crypto/BotanDSA.cpp

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,8 @@ BotanDSA::~BotanDSA()
6161
// Signing functions
6262
bool BotanDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
6363
ByteString& signature, const AsymMech::Type mechanism,
64-
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
64+
const void* param /* = NULL */, const size_t paramLen /* = 0 */,
65+
const MechanismParam* /* mechanismParam */)
6566
{
6667
std::string emsa;
6768

@@ -278,7 +279,8 @@ bool BotanDSA::signFinal(ByteString& signature)
278279
// Verification functions
279280
bool BotanDSA::verify(PublicKey* publicKey, const ByteString& originalData,
280281
const ByteString& signature, const AsymMech::Type mechanism,
281-
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
282+
const void* param /* = NULL */, const size_t paramLen /* = 0 */,
283+
const MechanismParam* /* mechanismParam */)
282284
{
283285
std::string emsa;
284286

src/lib/crypto/BotanDSA.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,13 +47,13 @@ class BotanDSA : public AsymmetricAlgorithm
4747
virtual ~BotanDSA();
4848

4949
// Signing functions
50-
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
50+
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
5151
virtual bool signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
5252
virtual bool signUpdate(const ByteString& dataToSign);
5353
virtual bool signFinal(ByteString& signature);
5454

5555
// Verification functions
56-
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
56+
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
5757
virtual bool verifyInit(PublicKey* publicKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
5858
virtual bool verifyUpdate(const ByteString& originalData);
5959
virtual bool verifyFinal(const ByteString& signature);

src/lib/crypto/BotanECDSA.cpp

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,8 @@ BotanECDSA::~BotanECDSA()
6363
// Signing functions
6464
bool BotanECDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
6565
ByteString& signature, const AsymMech::Type mechanism,
66-
const void* /* param = NULL */, const size_t /* paramLen = 0 */)
66+
const void* /* param = NULL */, const size_t /* paramLen = 0 */,
67+
const MechanismParam* /* mechanismParam */)
6768
{
6869
std::string emsa = "Raw";
6970

@@ -194,7 +195,8 @@ bool BotanECDSA::signFinal(ByteString& /*signature*/)
194195
// Verification functions
195196
bool BotanECDSA::verify(PublicKey* publicKey, const ByteString& originalData,
196197
const ByteString& signature, const AsymMech::Type mechanism,
197-
const void* /* param = NULL */, const size_t /* paramLen = 0 */)
198+
const void* /* param = NULL */, const size_t /* paramLen = 0 */,
199+
const MechanismParam* /* mechanismParam */)
198200
{
199201
std::string emsa = "Raw";
200202

src/lib/crypto/BotanECDSA.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,13 +47,13 @@ class BotanECDSA : public AsymmetricAlgorithm
4747
virtual ~BotanECDSA();
4848

4949
// Signing functions
50-
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
50+
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
5151
virtual bool signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
5252
virtual bool signUpdate(const ByteString& dataToSign);
5353
virtual bool signFinal(ByteString& signature);
5454

5555
// Verification functions
56-
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
56+
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
5757
virtual bool verifyInit(PublicKey* publicKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
5858
virtual bool verifyUpdate(const ByteString& originalData);
5959
virtual bool verifyFinal(const ByteString& signature);

src/lib/crypto/BotanEDDSA.cpp

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,8 @@ BotanEDDSA::~BotanEDDSA()
6565
// Signing functions
6666
bool BotanEDDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
6767
ByteString& signature, const AsymMech::Type mechanism,
68-
const void* /* param = NULL */, const size_t /* paramLen = 0 */)
68+
const void* /* param = NULL */, const size_t /* paramLen = 0 */,
69+
const MechanismParam* /* mechanismParam */)
6970
{
7071
std::string emsa;
7172

@@ -162,7 +163,8 @@ bool BotanEDDSA::signFinal(ByteString& /*signature*/)
162163
// Verification functions
163164
bool BotanEDDSA::verify(PublicKey* publicKey, const ByteString& originalData,
164165
const ByteString& signature, const AsymMech::Type mechanism,
165-
const void* /* param = NULL */, const size_t /* paramLen = 0 */)
166+
const void* /* param = NULL */, const size_t /* paramLen = 0 */,
167+
const MechanismParam* /* mechanismParam */)
166168
{
167169
std::string emsa;
168170

src/lib/crypto/BotanEDDSA.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,13 +47,13 @@ class BotanEDDSA : public AsymmetricAlgorithm
4747
virtual ~BotanEDDSA();
4848

4949
// Signing functions
50-
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
50+
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
5151
virtual bool signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
5252
virtual bool signUpdate(const ByteString& dataToSign);
5353
virtual bool signFinal(ByteString& signature);
5454

5555
// Verification functions
56-
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
56+
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
5757
virtual bool verifyInit(PublicKey* publicKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
5858
virtual bool verifyUpdate(const ByteString& originalData);
5959
virtual bool verifyFinal(const ByteString& signature);

src/lib/crypto/BotanRSA.cpp

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,8 @@ BotanRSA::~BotanRSA()
6060
// Signing functions
6161
bool BotanRSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
6262
ByteString& signature, const AsymMech::Type mechanism,
63-
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
63+
const void* param /* = NULL */, const size_t paramLen /* = 0 */,
64+
const MechanismParam* /* mechanismParam */)
6465
{
6566
std::string emsa = "";
6667

@@ -407,7 +408,8 @@ bool BotanRSA::signFinal(ByteString& signature)
407408
// Verification functions
408409
bool BotanRSA::verify(PublicKey* publicKey, const ByteString& originalData,
409410
const ByteString& signature, const AsymMech::Type mechanism,
410-
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
411+
const void* param /* = NULL */, const size_t paramLen /* = 0 */,
412+
const MechanismParam* /* mechanismParam */)
411413
{
412414
std::string emsa = "";
413415

0 commit comments

Comments
 (0)