* @param[in] private_key_alias The name of private key
* @param[in] password The password used in decrypting a private key value
* @param[in] message The message that is signed with a private key
- * @param[in] hash The hash algorithm used in creating signature
+ * @param[in] hash The hash algorithm used in creating signature. CKMC_HASH_NONE is invalid for DSA & ECDSA
* @param[in] padding The RSA padding algorithm used in creating signature \n
* It is used only when the signature algorithm is RSA. If
* @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE
* @param[in] password The password used in decrypting a public key value
* @param[in] message The input on which the signature is created
* @param[in] signature The signature that is verified with public key
- * @param[in] hash The hash algorithm used in verifying signature
+ * @param[in] hash The hash algorithm used in verifying signature. CKMC_HASH_NONE is invalid for DSA & ECDSA
* @param[in] padding The RSA padding algorithm used in verifying signature \n
* It is used only when the signature algorithm is RSA. If
* @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE
const RawBuffer &message,
const int rsa_padding)
{
+ if (EVP_PKEY_type(privKey->type) != EVP_PKEY_RSA)
+ ThrowErr(Exc::Crypto::InputParam, "Only RSA supports no hash option");
+
EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new(privKey, NULL), EVP_PKEY_CTX_free);
if (!pctx.get())
const RawBuffer &signature,
const int rsa_padding)
{
+ if (EVP_PKEY_type(pubKey->type) != EVP_PKEY_RSA)
+ ThrowErr(Exc::Crypto::InputParam, "Only RSA supports no hash option");
+
EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new(pubKey, NULL), EVP_PKEY_CTX_free);
if (!pctx.get())
} // namespace Internals
} // namespace SW
} // namespace Crypto
-} // namespace CKM
\ No newline at end of file
+} // namespace CKM
{
AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
HashAlgorithm hash = unpack<HashAlgorithm>(alg, ParamName::SV_HASH_ALGO);
+ if (algo != AlgoType::RSA_SV && hash == HashAlgorithm::NONE)
+ ThrowErr(Exc::Crypto::InputParam, "Only RSA supports no hash option");
+
RawBuffer signature;
TrustZoneContext::Instance().executeSign(getAlgType(algo),
getHashType(hash),
{
AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
HashAlgorithm hash = unpack<HashAlgorithm>(alg, ParamName::SV_HASH_ALGO);
+ if (algo != AlgoType::RSA_SV && hash == HashAlgorithm::NONE)
+ ThrowErr(Exc::Crypto::InputParam, "Only RSA supports no hash option");
+
return TrustZoneContext::Instance().executeVerify(getAlgType(algo),
getHashType(hash),
pkey,