Detect invalid rsa padding parameter

Return proper error in case of wrong RSA padding parameter. Add more detailed
description of valid parameter combinations.

Change-Id: I100f0b900566dbb17bd66c62fabe278baf83c1ff

diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h
index 1ed88bf..7cc2d9a 100644 (file)
--- a/src/include/ckmc/ckmc-manager.h
+++ b/src/include/ckmc/ckmc-manager.h
@@ -532,7 +532,9 @@ int ckmc_create_key_aes(size_t size, const char *key_alias, ckmc_policy_s key_po
  * @param[in] message The message that is signed with a private key
  * @param[in] hash The hash algorithm used in creating signature
  * @param[in] padding The RSA padding algorithm used in creating signature \n
- *                    It is used only when the signature algorithm is RSA
+ *                    It is used only when the signature algorithm is RSA. If
+ *                    @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE
+ *                    and the message must be equal to key length
  * @param[out] ppsignature The pointer to a newly created signature \n
  *                         If an error occurs, @a *ppsignature will be null
  * @return @c 0 on success,
@@ -566,7 +568,9 @@ int ckmc_create_signature(const char *private_key_alias, const char *password, c
  * @param[in] signature The signature that is verified with public key
  * @param[in] hash The hash algorithm used in verifying signature
  * @param[in] padding The RSA padding algorithm used in verifying signature \n
- *                    It is used only when the signature algorithm is RSA
+ *                    It is used only when the signature algorithm is RSA. If
+ *                    @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE
+ *                    and the message must be equal to key length
  * @return @c 0 on success and the signature is valid,
  *         otherwise a negative error value
  * @retval #CKMC_ERROR_NONE Successful

diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp
index 91a61fe..f37d2ef 100644 (file)
--- a/src/manager/crypto/sw-backend/internals.cpp
+++ b/src/manager/crypto/sw-backend/internals.cpp
@@ -839,7 +839,7 @@ RawBuffer signMessage(EVP_PKEY *privKey,
        /* Set padding algorithm */
        if (EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA)
                if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding))
-                       ThrowErr(Exc::Crypto::InternalError,
+                       ThrowErr(Exc::Crypto::InputParam,
                                         "Error in EVP_PKEY_CTX_set_rsa_padding function");
 
        /* Finalize the Sign operation */
@@ -888,7 +888,7 @@ RawBuffer digestSignMessage(EVP_PKEY *privKey,
        /* Set padding algorithm */
        if (EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA)
                if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding))
-                       ThrowErr(Exc::Crypto::InternalError,
+                       ThrowErr(Exc::Crypto::InputParam,
                                         "Error in EVP_PKEY_CTX_set_rsa_padding function");
 
        /* Call update with the message */
@@ -973,7 +973,7 @@ int verifyMessage(EVP_PKEY *pubKey,
        /* Set padding algorithm  */
        if (EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA)
                if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding))
-                       ThrowErr(Exc::Crypto::InternalError,
+                       ThrowErr(Exc::Crypto::InputParam,
                                         "Error in EVP_PKEY_CTX_set_rsa_padding function");
 
        if (EVP_SUCCESS == EVP_PKEY_verify(pctx.get(), signature.data(),
@@ -1003,7 +1003,7 @@ int digestVerifyMessage(EVP_PKEY *pubKey,
 
        if (EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA)
                if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding))
-                       ThrowErr(Exc::Crypto::InternalError,
+                       ThrowErr(Exc::Crypto::InputParam,
                                         "Error in EVP_PKEY_CTX_set_rsa_padding function");
 
        if (EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx.get(), message.data(),