Skip to content

Commit

Permalink
signature: ED448 requires parameter even if none is provided by OpenSSL
Browse files Browse the repository at this point in the history 
Signed-off-by: Jakub Jelen <[email protected]>
  • Loading branch information
@Jakuje @simo5
Jakuje authored and simo5 committed Jan 13, 2025
1 parent c25b3c2 commit c9e5fcb
Showing 1 changed file with 43 additions and 42 deletions.
85 changes: 43 additions & 42 deletions src/signature.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2289,62 +2289,33 @@ static int p11prov_eddsa_get_ctx_params(void *ctx, OSSL_PARAM *params)
static int p11prov_eddsa_set_ctx_params(void *ctx, const OSSL_PARAM params[])
{
P11PROV_SIG_CTX *sigctx = (P11PROV_SIG_CTX *)ctx;
const char *instance = "Ed25519";
const OSSL_PARAM *p;
CK_ULONG size;
bool matched = false;
int ret;

P11PROV_debug("eddsa set ctx params (ctx=%p, params=%p)", sigctx, params);

if (params == NULL) {
return RET_OSSL_OK;
size = p11prov_obj_get_key_bit_size(sigctx->key);
if (size != ED25519_BIT_SIZE && size != ED448_BIT_SIZE) {
P11PROV_raise(sigctx->provctx, CKR_KEY_TYPE_INCONSISTENT,
"Invalid EdDSA key size %lu", size);
return RET_OSSL_ERR;
}

/* PKCS #11 parameters are mandatory for Ed448 key type anyway */
if (size == ED448_BIT_SIZE) {
instance = "Ed448";
}

p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_INSTANCE);
if (p) {
const char *instance = NULL;
bool matched = false;
CK_ULONG size;

ret = OSSL_PARAM_get_utf8_string_ptr(p, &instance);
if (ret != RET_OSSL_OK) {
return ret;
}
P11PROV_debug("Set OSSL_SIGNATURE_PARAM_INSTANCE to %s", instance);

size = p11prov_obj_get_key_bit_size(sigctx->key);
if (size != ED25519_BIT_SIZE && size != ED448_BIT_SIZE) {
P11PROV_raise(sigctx->provctx, CKR_KEY_TYPE_INCONSISTENT,
"Invalid EdDSA key size %lu", size);
return RET_OSSL_ERR;
}
if (size == ED25519_BIT_SIZE) {
if (OPENSSL_strcasecmp(instance, "Ed25519") == 0) {
matched = true;
sigctx->use_eddsa_params = CK_FALSE;
} else if (OPENSSL_strcasecmp(instance, "Ed25519ph") == 0) {
matched = true;
sigctx->use_eddsa_params = CK_TRUE;
sigctx->eddsa_params.phFlag = CK_TRUE;
} else if (OPENSSL_strcasecmp(instance, "Ed25519ctx") == 0) {
matched = true;
sigctx->use_eddsa_params = CK_TRUE;
sigctx->eddsa_params.phFlag = CK_FALSE;
}
} else if (size == ED448_BIT_SIZE) {
if (OPENSSL_strcasecmp(instance, "Ed448") == 0) {
matched = true;
sigctx->use_eddsa_params = CK_TRUE;
sigctx->eddsa_params.phFlag = CK_FALSE;
} else if (OPENSSL_strcasecmp(instance, "Ed448ph") == 0) {
matched = true;
sigctx->use_eddsa_params = CK_TRUE;
sigctx->eddsa_params.phFlag = CK_TRUE;
}
}
if (!matched) {
P11PROV_raise(sigctx->provctx, CKR_ARGUMENTS_BAD,
"Invalid instance");
return RET_OSSL_ERR;
}
}

p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_CONTEXT_STRING);
Expand All @@ -2361,6 +2332,36 @@ static int p11prov_eddsa_set_ctx_params(void *ctx, const OSSL_PARAM params[])
sigctx->eddsa_params.ulContextDataLen = datalen;
}

if (size == ED25519_BIT_SIZE) {
if (OPENSSL_strcasecmp(instance, "Ed25519") == 0) {
matched = true;
sigctx->use_eddsa_params = CK_FALSE;
} else if (OPENSSL_strcasecmp(instance, "Ed25519ph") == 0) {
matched = true;
sigctx->use_eddsa_params = CK_TRUE;
sigctx->eddsa_params.phFlag = CK_TRUE;
} else if (OPENSSL_strcasecmp(instance, "Ed25519ctx") == 0) {
matched = true;
sigctx->use_eddsa_params = CK_TRUE;
sigctx->eddsa_params.phFlag = CK_FALSE;
}
} else if (size == ED448_BIT_SIZE) {
if (OPENSSL_strcasecmp(instance, "Ed448") == 0) {
matched = true;
sigctx->use_eddsa_params = CK_TRUE;
sigctx->eddsa_params.phFlag = CK_FALSE;
} else if (OPENSSL_strcasecmp(instance, "Ed448ph") == 0) {
matched = true;
sigctx->use_eddsa_params = CK_TRUE;
sigctx->eddsa_params.phFlag = CK_TRUE;
}
}
if (!matched) {
P11PROV_raise(sigctx->provctx, CKR_ARGUMENTS_BAD, "Invalid instance %s",
instance);
return RET_OSSL_ERR;
}

return RET_OSSL_OK;
}

Expand Down

0 comments on commit c9e5fcb

Please sign in to comment.