Forbid HashAlgorithm::NONE for DSA & ECDSA signatures

[platform/core/security/key-manager.git] / src / manager / crypto / tz-backend / internals.cpp

diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp
index 7b7b9be..8aee58a 100644 (file)
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -533,6 +533,9 @@ RawBuffer sign(const RawBuffer &pkey,
 {
        AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
        HashAlgorithm hash = unpack<HashAlgorithm>(alg, ParamName::SV_HASH_ALGO);
+       if (algo != AlgoType::RSA_SV && hash == HashAlgorithm::NONE)
+               ThrowErr(Exc::Crypto::InputParam, "Only RSA supports no hash option");
+
        RawBuffer signature;
        TrustZoneContext::Instance().executeSign(getAlgType(algo),
                                                                                        getHashType(hash),
@@ -551,6 +554,9 @@ int verify(const RawBuffer &pkey,
 {
        AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
        HashAlgorithm hash = unpack<HashAlgorithm>(alg, ParamName::SV_HASH_ALGO);
+       if (algo != AlgoType::RSA_SV && hash == HashAlgorithm::NONE)
+               ThrowErr(Exc::Crypto::InputParam, "Only RSA supports no hash option");
+
        return TrustZoneContext::Instance().executeVerify(getAlgType(algo),
                                                                                                        getHashType(hash),
                                                                                                        pkey,