Forbid HashAlgorithm::NONE for DSA & ECDSA signatures

Openssl uses SHA1 if no hash algorithm is provided for DSA & ECDSA
signatures. TZ does not support that option at all. It's better to
forbid it.

This commit changes the API behavior and may lead to errors in clients
that used HashAlgorithm::NONE with DSA or ECDSA which is highly
unlikely.

Change-Id: I8522e8f157b5ef2d6599bb672ef790ee8ea48644

diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h
index 22a295c..251052c 100644 (file)
--- a/src/include/ckmc/ckmc-manager.h
+++ b/src/include/ckmc/ckmc-manager.h
@@ -607,7 +607,7 @@ int ckmc_create_key_aes(size_t size, const char *key_alias, ckmc_policy_s key_po
  * @param[in] private_key_alias The name of private key
  * @param[in] password The password used in decrypting a private key value
  * @param[in] message The message that is signed with a private key
- * @param[in] hash The hash algorithm used in creating signature
+ * @param[in] hash The hash algorithm used in creating signature. CKMC_HASH_NONE is invalid for DSA & ECDSA
  * @param[in] padding The RSA padding algorithm used in creating signature \n
  *                    It is used only when the signature algorithm is RSA. If
  *                    @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE
@@ -643,7 +643,7 @@ int ckmc_create_signature(const char *private_key_alias, const char *password, c
  * @param[in] password The password used in decrypting a public key value
  * @param[in] message The input on which the signature is created
  * @param[in] signature The signature that is verified with public key
- * @param[in] hash The hash algorithm used in verifying signature
+ * @param[in] hash The hash algorithm used in verifying signature. CKMC_HASH_NONE is invalid for DSA & ECDSA
  * @param[in] padding The RSA padding algorithm used in verifying signature \n
  *                    It is used only when the signature algorithm is RSA. If
  *                    @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE

diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp
index afa3c88..a5f2f9e 100644 (file)
--- a/src/manager/crypto/sw-backend/internals.cpp
+++ b/src/manager/crypto/sw-backend/internals.cpp
@@ -817,6 +817,9 @@ RawBuffer signMessage(EVP_PKEY *privKey,
                                          const RawBuffer &message,
                                          const int rsa_padding)
 {
+       if (EVP_PKEY_type(privKey->type) != EVP_PKEY_RSA)
+               ThrowErr(Exc::Crypto::InputParam, "Only RSA supports no hash option");
+
        EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new(privKey, NULL), EVP_PKEY_CTX_free);
 
        if (!pctx.get())
@@ -931,6 +934,9 @@ int verifyMessage(EVP_PKEY *pubKey,
                                  const RawBuffer &signature,
                                  const int rsa_padding)
 {
+       if (EVP_PKEY_type(pubKey->type) != EVP_PKEY_RSA)
+               ThrowErr(Exc::Crypto::InputParam, "Only RSA supports no hash option");
+
        EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new(pubKey, NULL), EVP_PKEY_CTX_free);
 
        if (!pctx.get())
@@ -1048,4 +1054,4 @@ bool verifyBinaryData(DataType dataType, const RawBuffer &buffer)
 } // namespace Internals
 } // namespace SW
 } // namespace Crypto
-} // namespace CKM
\ No newline at end of file
+} // namespace CKM

diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp
index 7b7b9be..8aee58a 100644 (file)
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -533,6 +533,9 @@ RawBuffer sign(const RawBuffer &pkey,
 {
        AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
        HashAlgorithm hash = unpack<HashAlgorithm>(alg, ParamName::SV_HASH_ALGO);
+       if (algo != AlgoType::RSA_SV && hash == HashAlgorithm::NONE)
+               ThrowErr(Exc::Crypto::InputParam, "Only RSA supports no hash option");
+
        RawBuffer signature;
        TrustZoneContext::Instance().executeSign(getAlgType(algo),
                                                                                        getHashType(hash),
@@ -551,6 +554,9 @@ int verify(const RawBuffer &pkey,
 {
        AlgoType algo = unpack<AlgoType>(alg, ParamName::ALGO_TYPE);
        HashAlgorithm hash = unpack<HashAlgorithm>(alg, ParamName::SV_HASH_ALGO);
+       if (algo != AlgoType::RSA_SV && hash == HashAlgorithm::NONE)
+               ThrowErr(Exc::Crypto::InputParam, "Only RSA supports no hash option");
+
        return TrustZoneContext::Instance().executeVerify(getAlgType(algo),
                                                                                                        getHashType(hash),
                                                                                                        pkey,