From b5096132b2b5aac5f654cb7a06e6bd5cb044e7dc Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Tue, 4 Jul 2017 11:00:05 +0200 Subject: [PATCH] Detect invalid rsa padding parameter Return proper error in case of wrong RSA padding parameter. Add more detailed description of valid parameter combinations. Change-Id: I100f0b900566dbb17bd66c62fabe278baf83c1ff --- src/include/ckmc/ckmc-manager.h | 8 ++++++-- src/manager/crypto/sw-backend/internals.cpp | 8 ++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h index 1ed88bf..7cc2d9a 100644 --- a/src/include/ckmc/ckmc-manager.h +++ b/src/include/ckmc/ckmc-manager.h @@ -532,7 +532,9 @@ int ckmc_create_key_aes(size_t size, const char *key_alias, ckmc_policy_s key_po * @param[in] message The message that is signed with a private key * @param[in] hash The hash algorithm used in creating signature * @param[in] padding The RSA padding algorithm used in creating signature \n - * It is used only when the signature algorithm is RSA + * It is used only when the signature algorithm is RSA. If + * @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE + * and the message must be equal to key length * @param[out] ppsignature The pointer to a newly created signature \n * If an error occurs, @a *ppsignature will be null * @return @c 0 on success, @@ -566,7 +568,9 @@ int ckmc_create_signature(const char *private_key_alias, const char *password, c * @param[in] signature The signature that is verified with public key * @param[in] hash The hash algorithm used in verifying signature * @param[in] padding The RSA padding algorithm used in verifying signature \n - * It is used only when the signature algorithm is RSA + * It is used only when the signature algorithm is RSA. If + * @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE + * and the message must be equal to key length * @return @c 0 on success and the signature is valid, * otherwise a negative error value * @retval #CKMC_ERROR_NONE Successful diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp index 91a61fe..f37d2ef 100644 --- a/src/manager/crypto/sw-backend/internals.cpp +++ b/src/manager/crypto/sw-backend/internals.cpp @@ -839,7 +839,7 @@ RawBuffer signMessage(EVP_PKEY *privKey, /* Set padding algorithm */ if (EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding)) - ThrowErr(Exc::Crypto::InternalError, + ThrowErr(Exc::Crypto::InputParam, "Error in EVP_PKEY_CTX_set_rsa_padding function"); /* Finalize the Sign operation */ @@ -888,7 +888,7 @@ RawBuffer digestSignMessage(EVP_PKEY *privKey, /* Set padding algorithm */ if (EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) - ThrowErr(Exc::Crypto::InternalError, + ThrowErr(Exc::Crypto::InputParam, "Error in EVP_PKEY_CTX_set_rsa_padding function"); /* Call update with the message */ @@ -973,7 +973,7 @@ int verifyMessage(EVP_PKEY *pubKey, /* Set padding algorithm */ if (EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding)) - ThrowErr(Exc::Crypto::InternalError, + ThrowErr(Exc::Crypto::InputParam, "Error in EVP_PKEY_CTX_set_rsa_padding function"); if (EVP_SUCCESS == EVP_PKEY_verify(pctx.get(), signature.data(), @@ -1003,7 +1003,7 @@ int digestVerifyMessage(EVP_PKEY *pubKey, if (EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) - ThrowErr(Exc::Crypto::InternalError, + ThrowErr(Exc::Crypto::InputParam, "Error in EVP_PKEY_CTX_set_rsa_padding function"); if (EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx.get(), message.data(), -- 2.7.4