Skip to content

Commit

Permalink
Use rnp::secure_bytes for hash parameter in crypto.
Browse files Browse the repository at this point in the history
  • Loading branch information
ni4 committed Dec 23, 2024
1 parent adf0deb commit 16137d3
Show file tree
Hide file tree
Showing 16 changed files with 209 additions and 198 deletions.
12 changes: 6 additions & 6 deletions src/lib/crypto/dsa.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ Key::validate(rnp::RNG &rng, bool secret) const noexcept
}

rnp_result_t
Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) const
Key::sign(rnp::RNG &rng, Signature &sig, const rnp::secure_bytes &hash) const
{
sig = {};
size_t q_order = q.bytes();
Expand All @@ -85,7 +85,7 @@ Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) c
}

// As 'Raw' is used we need to reduce hash size (as per FIPS-186-4, 4.6)
size_t z_len = hash_len < q_order ? hash_len : q_order;
size_t z_len = std::min(hash.size(), q_order);

rnp::bn bp(p);
rnp::bn bq(q);
Expand All @@ -108,7 +108,7 @@ Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) c
return RNP_ERROR_SIGNING_FAILED;
}

if (botan_pk_op_sign_update(sign_op.get(), hash, z_len)) {
if (botan_pk_op_sign_update(sign_op.get(), hash.data(), z_len)) {
return RNP_ERROR_SIGNING_FAILED;
}

Expand All @@ -128,14 +128,14 @@ Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) c
}

rnp_result_t
Key::verify(const Signature &sig, const uint8_t *hash, size_t hash_len) const
Key::verify(const Signature &sig, const rnp::secure_bytes &hash) const
{
size_t q_order = q.bytes();
if (q_order > BITS_TO_BYTES(DSA_MAX_Q_BITLEN)) {
return RNP_ERROR_BAD_PARAMETERS;
}

size_t z_len = hash_len < q_order ? hash_len : q_order;
size_t z_len = std::min(hash.size(), q_order);
size_t r_blen = sig.r.bytes();
size_t s_blen = sig.s.bytes();
if ((r_blen > q_order) || (s_blen > q_order)) {
Expand Down Expand Up @@ -169,7 +169,7 @@ Key::verify(const Signature &sig, const uint8_t *hash, size_t hash_len) const
return RNP_ERROR_GENERIC;
}

if (botan_pk_op_verify_update(verify_op.get(), hash, z_len)) {
if (botan_pk_op_verify_update(verify_op.get(), hash.data(), z_len)) {
return RNP_ERROR_GENERIC;
}

Expand Down
8 changes: 3 additions & 5 deletions src/lib/crypto/dsa.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
#include <repgp/repgp_def.h>
#include "crypto/rng.h"
#include "crypto/mpi.h"
#include "crypto/mem.h"

#define DSA_MAX_Q_BITLEN 256

Expand Down Expand Up @@ -85,10 +86,7 @@ class Key {
* RNP_ERROR_BAD_PARAMETERS wrong input provided
* RNP_ERROR_SIGNING_FAILED internal error
*/
rnp_result_t sign(rnp::RNG & rng,
Signature & sig,
const uint8_t *hash,
size_t hash_len) const;
rnp_result_t sign(rnp::RNG &rng, Signature &sig, const rnp::secure_bytes &hash) const;

/*
* @brief Performs DSA verification
Expand All @@ -102,7 +100,7 @@ class Key {
* RNP_ERROR_GENERIC internal error
* RNP_ERROR_SIGNATURE_INVALID signature is invalid
*/
rnp_result_t verify(const Signature &sig, const uint8_t *hash, size_t hash_len) const;
rnp_result_t verify(const Signature &sig, const rnp::secure_bytes &hash) const;

/*
* @brief Performs DSA key generation
Expand Down
7 changes: 5 additions & 2 deletions src/lib/crypto/dsa_common.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,10 @@ Key::choose_qsize(size_t psize)
}

} // namespace dsa
} // namespace pgp

namespace ecdsa {
pgp_hash_alg_t
ecdsa_get_min_hash(pgp_curve_t curve)
get_min_hash(pgp_curve_t curve)
{
switch (curve) {
case PGP_CURVE_NIST_P_256:
Expand All @@ -82,3 +82,6 @@ ecdsa_get_min_hash(pgp_curve_t curve)
return PGP_HASH_UNKNOWN;
}
}
} // namespace ecdsa

} // namespace pgp
8 changes: 4 additions & 4 deletions src/lib/crypto/dsa_ossl.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ Key::validate(rnp::RNG &rng, bool secret) const noexcept
}

rnp_result_t
Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) const
Key::sign(rnp::RNG &rng, Signature &sig, const rnp::secure_bytes &hash) const
{
if (!x.bytes()) {
RNP_LOG("private key not set");
Expand All @@ -211,7 +211,7 @@ Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) c
return RNP_ERROR_GENERIC;
}
sig.s.len = PGP_MPINT_SIZE;
if (EVP_PKEY_sign(ctx.get(), sig.s.mpi, &sig.s.len, hash, hash_len) <= 0) {
if (EVP_PKEY_sign(ctx.get(), sig.s.mpi, &sig.s.len, hash.data(), hash.size()) <= 0) {
RNP_LOG("Signing failed: %lu", ERR_peek_last_error());
sig.s.len = 0;
return RNP_ERROR_GENERIC;
Expand All @@ -224,7 +224,7 @@ Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) c
}

rnp_result_t
Key::verify(const Signature &sig, const uint8_t *hash, size_t hash_len) const
Key::verify(const Signature &sig, const rnp::secure_bytes &hash) const
{
/* Load secret key to EVP key */
auto evpkey = load_key(*this, false);
Expand All @@ -249,7 +249,7 @@ Key::verify(const Signature &sig, const uint8_t *hash, size_t hash_len) const
if (!encode_sig(sigbuf.mpi, &sigbuf.len, sig)) {
return RNP_ERROR_GENERIC;
}
if (EVP_PKEY_verify(ctx.get(), sigbuf.mpi, sigbuf.len, hash, hash_len) <= 0) {
if (EVP_PKEY_verify(ctx.get(), sigbuf.mpi, sigbuf.len, hash.data(), hash.size()) <= 0) {
return RNP_ERROR_SIGNATURE_INVALID;
}
return RNP_SUCCESS;
Expand Down
52 changes: 26 additions & 26 deletions src/lib/crypto/ecdsa.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,11 @@
#include <string.h>
#include "botan_utils.hpp"

namespace pgp {
namespace ecdsa {

static bool
ecdsa_load_public_key(rnp::botan::Pubkey &pubkey, const pgp::ec::Key &keydata)
load_public_key(rnp::botan::Pubkey &pubkey, const pgp::ec::Key &keydata)
{
auto curve = pgp::ec::Curve::get(keydata.curve);
if (!curve) {
Expand Down Expand Up @@ -59,7 +62,7 @@ ecdsa_load_public_key(rnp::botan::Pubkey &pubkey, const pgp::ec::Key &keydata)
}

static bool
ecdsa_load_secret_key(rnp::botan::Privkey &seckey, const pgp::ec::Key &keydata)
load_secret_key(rnp::botan::Privkey &seckey, const pgp::ec::Key &keydata)
{
auto curve = pgp::ec::Curve::get(keydata.curve);
if (!curve) {
Expand All @@ -79,27 +82,26 @@ ecdsa_load_secret_key(rnp::botan::Privkey &seckey, const pgp::ec::Key &keydata)
}

rnp_result_t
ecdsa_validate_key(rnp::RNG &rng, const pgp::ec::Key &key, bool secret)
validate_key(rnp::RNG &rng, const pgp::ec::Key &key, bool secret)
{
rnp::botan::Pubkey bpkey;
if (!ecdsa_load_public_key(bpkey, key) ||
botan_pubkey_check_key(bpkey.get(), rng.handle(), 0)) {
if (!load_public_key(bpkey, key) || botan_pubkey_check_key(bpkey.get(), rng.handle(), 0)) {
return RNP_ERROR_BAD_PARAMETERS;
}
if (!secret) {
return RNP_SUCCESS;
}

rnp::botan::Privkey bskey;
if (!ecdsa_load_secret_key(bskey, key) ||
if (!load_secret_key(bskey, key) ||
botan_privkey_check_key(bskey.get(), rng.handle(), 0)) {
return RNP_ERROR_BAD_PARAMETERS;
}
return RNP_SUCCESS;
}

const char *
ecdsa_padding_str_for(pgp_hash_alg_t hash_alg)
padding_str_for(pgp_hash_alg_t hash_alg)
{
switch (hash_alg) {
case PGP_HASH_MD5:
Expand All @@ -108,7 +110,6 @@ ecdsa_padding_str_for(pgp_hash_alg_t hash_alg)
return "Raw(SHA-1)";
case PGP_HASH_RIPEMD:
return "Raw(RIPEMD-160)";

case PGP_HASH_SHA256:
return "Raw(SHA-256)";
case PGP_HASH_SHA384:
Expand All @@ -121,7 +122,6 @@ ecdsa_padding_str_for(pgp_hash_alg_t hash_alg)
return "Raw(SHA-3(256))";
case PGP_HASH_SHA3_512:
return "Raw(SHA-3(512))";

case PGP_HASH_SM3:
return "Raw(SM3)";
default:
Expand All @@ -130,28 +130,27 @@ ecdsa_padding_str_for(pgp_hash_alg_t hash_alg)
}

rnp_result_t
ecdsa_sign(rnp::RNG & rng,
pgp::ec::Signature &sig,
pgp_hash_alg_t hash_alg,
const uint8_t * hash,
size_t hash_len,
const pgp::ec::Key &key)
sign(rnp::RNG & rng,
pgp::ec::Signature & sig,
pgp_hash_alg_t hash_alg,
const rnp::secure_bytes &hash,
const pgp::ec::Key & key)
{
auto curve = pgp::ec::Curve::get(key.curve);
if (!curve) {
return RNP_ERROR_BAD_PARAMETERS;
}

rnp::botan::Privkey b_key;
if (!ecdsa_load_secret_key(b_key, key)) {
if (!load_secret_key(b_key, key)) {
RNP_LOG("Can't load private key");
return RNP_ERROR_GENERIC;
}

rnp::botan::op::Sign signer;
auto pad = ecdsa_padding_str_for(hash_alg);
auto pad = padding_str_for(hash_alg);
if (botan_pk_op_sign_create(&signer.get(), b_key.get(), pad, 0) ||
botan_pk_op_sign_update(signer.get(), hash, hash_len)) {
botan_pk_op_sign_update(signer.get(), hash.data(), hash.size())) {
return RNP_ERROR_GENERIC;
}

Expand All @@ -173,11 +172,10 @@ ecdsa_sign(rnp::RNG & rng,
}

rnp_result_t
ecdsa_verify(const pgp::ec::Signature &sig,
pgp_hash_alg_t hash_alg,
const uint8_t * hash,
size_t hash_len,
const pgp::ec::Key & key)
verify(const pgp::ec::Signature &sig,
pgp_hash_alg_t hash_alg,
const rnp::secure_bytes & hash,
const pgp::ec::Key & key)
{
auto curve = pgp::ec::Curve::get(key.curve);
if (!curve) {
Expand All @@ -194,14 +192,14 @@ ecdsa_verify(const pgp::ec::Signature &sig,
}

rnp::botan::Pubkey pub;
if (!ecdsa_load_public_key(pub, key)) {
if (!load_public_key(pub, key)) {
return RNP_ERROR_SIGNATURE_INVALID;
}

rnp::botan::op::Verify verifier;
auto pad = ecdsa_padding_str_for(hash_alg);
auto pad = padding_str_for(hash_alg);
if (botan_pk_op_verify_create(&verifier.get(), pub.get(), pad, 0) ||
botan_pk_op_verify_update(verifier.get(), hash, hash_len)) {
botan_pk_op_verify_update(verifier.get(), hash.data(), hash.size())) {
return RNP_ERROR_SIGNATURE_INVALID;
}

Expand All @@ -215,3 +213,5 @@ ecdsa_verify(const pgp::ec::Signature &sig,
}
return RNP_SUCCESS;
}
} // namespace ecdsa
} // namespace pgp
31 changes: 17 additions & 14 deletions src/lib/crypto/ecdsa.h
Original file line number Diff line number Diff line change
Expand Up @@ -29,22 +29,22 @@

#include "crypto/ec.h"

rnp_result_t ecdsa_validate_key(rnp::RNG &rng, const pgp::ec::Key &key, bool secret);
namespace pgp {
namespace ecdsa {
rnp_result_t validate_key(rnp::RNG &rng, const ec::Key &key, bool secret);

rnp_result_t ecdsa_sign(rnp::RNG & rng,
pgp::ec::Signature &sig,
pgp_hash_alg_t hash_alg,
const uint8_t * hash,
size_t hash_len,
const pgp::ec::Key &key);
rnp_result_t sign(rnp::RNG & rng,
ec::Signature & sig,
pgp_hash_alg_t hash_alg,
const rnp::secure_bytes &hash,
const ec::Key & key);

rnp_result_t ecdsa_verify(const pgp::ec::Signature &sig,
pgp_hash_alg_t hash_alg,
const uint8_t * hash,
size_t hash_len,
const pgp::ec::Key & key);
rnp_result_t verify(const ec::Signature & sig,
pgp_hash_alg_t hash_alg,
const rnp::secure_bytes &hash,
const ec::Key & key);

const char *ecdsa_padding_str_for(pgp_hash_alg_t hash_alg);
const char *padding_str_for(pgp_hash_alg_t hash_alg);

/*
* @brief Returns hash which should be used with the curve
Expand All @@ -54,6 +54,9 @@ const char *ecdsa_padding_str_for(pgp_hash_alg_t hash_alg);
* @returns Either ID of the hash algorithm, or PGP_HASH_UNKNOWN
* if not found
*/
pgp_hash_alg_t ecdsa_get_min_hash(pgp_curve_t curve);
pgp_hash_alg_t get_min_hash(pgp_curve_t curve);

} // namespace ecdsa
} // namespace pgp

#endif // ECDSA_H_
Loading

0 comments on commit 16137d3

Please sign in to comment.