Skip to content

Commit 86fea71

Browse files
antoinelochetantoinelochet
committed
Refactored sign/verify mechanism parameters handling
1 parent 4ff60ad commit 86fea71

33 files changed

+335
-264
lines changed

src/lib/SoftHSM.cpp

Lines changed: 19 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@
6363
#include "GOSTPublicKey.h"
6464
#include "GOSTPrivateKey.h"
6565
#include "MLDSAParameters.h"
66+
#include "MLDSAMechanismParam.h"
6667
#include "MLDSAPublicKey.h"
6768
#include "MLDSAPrivateKey.h"
6869
#include "MLDSAUtil.h"
@@ -4182,6 +4183,7 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
41824183
AsymMech::Type mechanism = AsymMech::Unknown;
41834184
void* param = NULL;
41844185
size_t paramLen = 0;
4186+
MechanismParam* mechanismParam = NULL;
41854187
RSA_PKCS_PSS_PARAMS pssParam;
41864188
bool bAllowMultiPartOp;
41874189
bool isRSA = false;
@@ -4194,7 +4196,7 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
41944196
#endif
41954197
#ifdef WITH_ML_DSA
41964198
bool isMLDSA = false;
4197-
SIGN_ADDITIONAL_CONTEXT mldsaParam;
4199+
MLDSAMechanismParam mldsaParam;
41984200
#endif
41994201
switch(pMechanism->mechanism) {
42004202
case CKM_RSA_PKCS:
@@ -4493,12 +4495,9 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
44934495
ERROR_MSG("Invalid parameters");
44944496
return CKR_ARGUMENTS_BAD;
44954497
}
4496-
mldsaParam.additionalContext = new ByteString(ckSignAdditionalContext->pContext, ckSignAdditionalContext->ulContextLen);
4497-
} else {
4498-
mldsaParam.additionalContext = NULL;
4498+
mldsaParam.additionalContext = ByteString(ckSignAdditionalContext->pContext, ckSignAdditionalContext->ulContextLen);
44994499
}
4500-
param = &mldsaParam;
4501-
paramLen = sizeof(mldsaParam);
4500+
mechanismParam = &mldsaParam;
45024501
}
45034502
break;
45044503
#endif
@@ -4651,6 +4650,7 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
46514650
session->setAsymmetricCryptoOp(asymCrypto);
46524651
session->setMechanism(mechanism);
46534652
session->setParameters(param, paramLen);
4653+
session->setMechanismParam(mechanismParam);
46544654
session->setAllowMultiPartOp(bAllowMultiPartOp);
46554655
session->setAllowSinglePartOp(true);
46564656
session->setPrivateKey(privateKey);
@@ -4732,6 +4732,7 @@ static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, C
47324732
PrivateKey* privateKey = session->getPrivateKey();
47334733
size_t paramLen;
47344734
void* param = session->getParameters(paramLen);
4735+
MechanismParam* mechanismParam = session->getMechanismParam();
47354736
if (asymCrypto == NULL || !session->getAllowSinglePartOp() || privateKey == NULL)
47364737
{
47374738
session->resetOp();
@@ -4781,7 +4782,7 @@ static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, C
47814782
return CKR_GENERAL_ERROR;
47824783
}
47834784
}
4784-
else if (!asymCrypto->sign(privateKey,data,signature,mechanism,param,paramLen))
4785+
else if (!asymCrypto->sign(privateKey,data,signature,mechanism,param,paramLen,mechanismParam))
47854786
{
47864787
session->resetOp();
47874788
return CKR_GENERAL_ERROR;
@@ -5250,6 +5251,7 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
52505251
AsymMech::Type mechanism = AsymMech::Unknown;
52515252
void* param = NULL;
52525253
size_t paramLen = 0;
5254+
MechanismParam* mechanismParam = NULL;
52535255
RSA_PKCS_PSS_PARAMS pssParam;
52545256
bool bAllowMultiPartOp;
52555257
bool isRSA = false;
@@ -5262,7 +5264,7 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
52625264
#endif
52635265
#ifdef WITH_ML_DSA
52645266
bool isMLDSA = false;
5265-
SIGN_ADDITIONAL_CONTEXT mldsaParam;
5267+
MLDSAMechanismParam mldsaParam;
52665268
#endif
52675269
switch(pMechanism->mechanism) {
52685270
case CKM_RSA_PKCS:
@@ -5555,12 +5557,13 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
55555557
return CKR_ARGUMENTS_BAD;
55565558
}
55575559
if (ckSignAdditionalContext->ulContextLen > 0) {
5558-
mldsaParam.additionalContext = new ByteString(ckSignAdditionalContext->pContext, ckSignAdditionalContext->ulContextLen);
5559-
} else {
5560-
mldsaParam.additionalContext = NULL;
5560+
if (ckSignAdditionalContext->pContext == NULL_PTR) {
5561+
ERROR_MSG("Invalid parameters");
5562+
return CKR_ARGUMENTS_BAD;
5563+
}
5564+
mldsaParam.additionalContext = ByteString(ckSignAdditionalContext->pContext, ckSignAdditionalContext->ulContextLen);
55615565
}
5562-
param = &mldsaParam;
5563-
paramLen = sizeof(mldsaParam);
5566+
mechanismParam = &mldsaParam;
55645567
}
55655568
break;
55665569
#endif
@@ -5707,6 +5710,7 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
57075710
session->setAsymmetricCryptoOp(asymCrypto);
57085711
session->setMechanism(mechanism);
57095712
session->setParameters(param, paramLen);
5713+
session->setMechanismParam(mechanismParam);
57105714
session->setAllowMultiPartOp(bAllowMultiPartOp);
57115715
session->setAllowSinglePartOp(true);
57125716
session->setPublicKey(publicKey);
@@ -5776,6 +5780,7 @@ static CK_RV AsymVerify(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
57765780
PublicKey* publicKey = session->getPublicKey();
57775781
size_t paramLen;
57785782
void* param = session->getParameters(paramLen);
5783+
MechanismParam* mechanismParam = session->getMechanismParam();
57795784
if (asymCrypto == NULL || !session->getAllowSinglePartOp() || publicKey == NULL)
57805785
{
57815786
session->resetOp();
@@ -5815,7 +5820,7 @@ static CK_RV AsymVerify(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
58155820
return CKR_SIGNATURE_INVALID;
58165821
}
58175822
}
5818-
else if (!asymCrypto->verify(publicKey,data,signature,mechanism,param,paramLen))
5823+
else if (!asymCrypto->verify(publicKey,data,signature,mechanism,param,paramLen,mechanismParam))
58195824
{
58205825
session->resetOp();
58215826
return CKR_SIGNATURE_INVALID;

src/lib/crypto/AsymmetricAlgorithm.cpp

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,8 @@ AsymmetricAlgorithm::AsymmetricAlgorithm()
4747
// Signing functions
4848
bool AsymmetricAlgorithm::sign(PrivateKey* privateKey, const ByteString& dataToSign,
4949
ByteString& signature, const AsymMech::Type mechanism,
50-
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
50+
const void* param /* = NULL */, const size_t paramLen /* = 0 */,
51+
const MechanismParam* /* mechanismParam = NULL */)
5152
{
5253
// Compose from multi-part operations
5354
return (signInit(privateKey, mechanism, param, paramLen) && signUpdate(dataToSign) && signFinal(signature));
@@ -95,7 +96,8 @@ bool AsymmetricAlgorithm::signFinal(ByteString& /*signature*/)
9596
// Verification functions
9697
bool AsymmetricAlgorithm::verify(PublicKey* publicKey, const ByteString& originalData,
9798
const ByteString& signature, const AsymMech::Type mechanism,
98-
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
99+
const void* param /* = NULL */, const size_t paramLen /* = 0 */,
100+
const MechanismParam* /* mechanismParam = NULL */)
99101
{
100102
// Compose from multi-part operations
101103
return (verifyInit(publicKey, mechanism, param, paramLen) && verifyUpdate(originalData) && verifyFinal(signature));

src/lib/crypto/AsymmetricAlgorithm.h

Lines changed: 3 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@
3939
#include "config.h"
4040
#include "AsymmetricKeyPair.h"
4141
#include "AsymmetricParameters.h"
42+
#include "MechanismParam.h"
4243
#include "HashAlgorithm.h"
4344
#include "PublicKey.h"
4445
#include "PrivateKey.h"
@@ -121,22 +122,6 @@ struct RSA_PKCS_PSS_PARAMS
121122
size_t sLen;
122123
};
123124

124-
struct Hedge
125-
{
126-
enum Type
127-
{
128-
HEDGE_PREFERRED,
129-
HEDGE_REQUIRED,
130-
DETERMINISTIC_REQUIRED
131-
};
132-
};
133-
134-
struct SIGN_ADDITIONAL_CONTEXT
135-
{
136-
Hedge::Type hedgeType;
137-
ByteString* additionalContext;
138-
};
139-
140125
class AsymmetricAlgorithm
141126
{
142127
public:
@@ -147,13 +132,13 @@ class AsymmetricAlgorithm
147132
virtual ~AsymmetricAlgorithm() { }
148133

149134
// Signing functions
150-
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
135+
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
151136
virtual bool signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
152137
virtual bool signUpdate(const ByteString& dataToSign);
153138
virtual bool signFinal(ByteString& signature);
154139

155140
// Verification functions
156-
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
141+
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
157142
virtual bool verifyInit(PublicKey* publicKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
158143
virtual bool verifyUpdate(const ByteString& originalData);
159144
virtual bool verifyFinal(const ByteString& signature);

src/lib/crypto/BotanDSA.cpp

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,8 @@ BotanDSA::~BotanDSA()
6161
// Signing functions
6262
bool BotanDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
6363
ByteString& signature, const AsymMech::Type mechanism,
64-
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
64+
const void* param /* = NULL */, const size_t paramLen /* = 0 */,
65+
const MechanismParam* /* mechanismParam */)
6566
{
6667
std::string emsa;
6768

@@ -278,7 +279,8 @@ bool BotanDSA::signFinal(ByteString& signature)
278279
// Verification functions
279280
bool BotanDSA::verify(PublicKey* publicKey, const ByteString& originalData,
280281
const ByteString& signature, const AsymMech::Type mechanism,
281-
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
282+
const void* param /* = NULL */, const size_t paramLen /* = 0 */,
283+
const MechanismParam* /* mechanismParam */)
282284
{
283285
std::string emsa;
284286

src/lib/crypto/BotanDSA.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,13 +47,13 @@ class BotanDSA : public AsymmetricAlgorithm
4747
virtual ~BotanDSA();
4848

4949
// Signing functions
50-
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
50+
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
5151
virtual bool signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
5252
virtual bool signUpdate(const ByteString& dataToSign);
5353
virtual bool signFinal(ByteString& signature);
5454

5555
// Verification functions
56-
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
56+
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
5757
virtual bool verifyInit(PublicKey* publicKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
5858
virtual bool verifyUpdate(const ByteString& originalData);
5959
virtual bool verifyFinal(const ByteString& signature);

src/lib/crypto/BotanECDSA.cpp

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,8 @@ BotanECDSA::~BotanECDSA()
6363
// Signing functions
6464
bool BotanECDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
6565
ByteString& signature, const AsymMech::Type mechanism,
66-
const void* /* param = NULL */, const size_t /* paramLen = 0 */)
66+
const void* /* param = NULL */, const size_t /* paramLen = 0 */,
67+
const MechanismParam* /* mechanismParam */)
6768
{
6869
std::string emsa = "Raw";
6970

@@ -194,7 +195,8 @@ bool BotanECDSA::signFinal(ByteString& /*signature*/)
194195
// Verification functions
195196
bool BotanECDSA::verify(PublicKey* publicKey, const ByteString& originalData,
196197
const ByteString& signature, const AsymMech::Type mechanism,
197-
const void* /* param = NULL */, const size_t /* paramLen = 0 */)
198+
const void* /* param = NULL */, const size_t /* paramLen = 0 */,
199+
const MechanismParam* /* mechanismParam */)
198200
{
199201
std::string emsa = "Raw";
200202

src/lib/crypto/BotanECDSA.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,13 +47,13 @@ class BotanECDSA : public AsymmetricAlgorithm
4747
virtual ~BotanECDSA();
4848

4949
// Signing functions
50-
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
50+
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
5151
virtual bool signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
5252
virtual bool signUpdate(const ByteString& dataToSign);
5353
virtual bool signFinal(ByteString& signature);
5454

5555
// Verification functions
56-
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
56+
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
5757
virtual bool verifyInit(PublicKey* publicKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
5858
virtual bool verifyUpdate(const ByteString& originalData);
5959
virtual bool verifyFinal(const ByteString& signature);

src/lib/crypto/BotanEDDSA.cpp

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,8 @@ BotanEDDSA::~BotanEDDSA()
6565
// Signing functions
6666
bool BotanEDDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
6767
ByteString& signature, const AsymMech::Type mechanism,
68-
const void* /* param = NULL */, const size_t /* paramLen = 0 */)
68+
const void* /* param = NULL */, const size_t /* paramLen = 0 */,
69+
const MechanismParam* /* mechanismParam */)
6970
{
7071
std::string emsa;
7172

@@ -162,7 +163,8 @@ bool BotanEDDSA::signFinal(ByteString& /*signature*/)
162163
// Verification functions
163164
bool BotanEDDSA::verify(PublicKey* publicKey, const ByteString& originalData,
164165
const ByteString& signature, const AsymMech::Type mechanism,
165-
const void* /* param = NULL */, const size_t /* paramLen = 0 */)
166+
const void* /* param = NULL */, const size_t /* paramLen = 0 */,
167+
const MechanismParam* /* mechanismParam */)
166168
{
167169
std::string emsa;
168170

src/lib/crypto/BotanEDDSA.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,13 +47,13 @@ class BotanEDDSA : public AsymmetricAlgorithm
4747
virtual ~BotanEDDSA();
4848

4949
// Signing functions
50-
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
50+
virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
5151
virtual bool signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
5252
virtual bool signUpdate(const ByteString& dataToSign);
5353
virtual bool signFinal(ByteString& signature);
5454

5555
// Verification functions
56-
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
56+
virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0, const MechanismParam* mechanismParam = NULL);
5757
virtual bool verifyInit(PublicKey* publicKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
5858
virtual bool verifyUpdate(const ByteString& originalData);
5959
virtual bool verifyFinal(const ByteString& signature);

src/lib/crypto/BotanRSA.cpp

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,8 @@ BotanRSA::~BotanRSA()
6060
// Signing functions
6161
bool BotanRSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
6262
ByteString& signature, const AsymMech::Type mechanism,
63-
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
63+
const void* param /* = NULL */, const size_t paramLen /* = 0 */,
64+
const MechanismParam* /* mechanismParam */)
6465
{
6566
std::string emsa = "";
6667

@@ -407,7 +408,8 @@ bool BotanRSA::signFinal(ByteString& signature)
407408
// Verification functions
408409
bool BotanRSA::verify(PublicKey* publicKey, const ByteString& originalData,
409410
const ByteString& signature, const AsymMech::Type mechanism,
410-
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
411+
const void* param /* = NULL */, const size_t paramLen /* = 0 */,
412+
const MechanismParam* /* mechanismParam */)
411413
{
412414
std::string emsa = "";
413415

0 commit comments

Comments
 (0)