diff options
author | Krzysztof Jackiewicz <k.jackiewicz@samsung.com> | 2017-07-04 11:00:05 +0200 |
---|---|---|
committer | Krzysztof Jackiewicz <k.jackiewicz@samsung.com> | 2017-07-04 11:00:05 +0200 |
commit | f69917404c3bb626c9f1a0ae4f13fd88bf6a2f6b (patch) | |
tree | f439e9cabe06c0794276e6ed13432ac96749e2ff | |
parent | 3ef92a6c151f78c75c9bd7036c6afe4b2bc92062 (diff) | |
download | key-manager-f69917404c3bb626c9f1a0ae4f13fd88bf6a2f6b.tar.gz key-manager-f69917404c3bb626c9f1a0ae4f13fd88bf6a2f6b.tar.bz2 key-manager-f69917404c3bb626c9f1a0ae4f13fd88bf6a2f6b.zip |
Detect invalid rsa padding parameter
Return proper error in case of wrong RSA padding parameter. Add more detailed
description of valid parameter combinations.
Change-Id: I100f0b900566dbb17bd66c62fabe278baf83c1ff
-rw-r--r-- | src/include/ckmc/ckmc-manager.h | 8 | ||||
-rw-r--r-- | src/manager/crypto/sw-backend/internals.cpp | 8 |
2 files changed, 10 insertions, 6 deletions
diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h index 1ed88bf6..7cc2d9ab 100644 --- a/src/include/ckmc/ckmc-manager.h +++ b/src/include/ckmc/ckmc-manager.h @@ -532,7 +532,9 @@ int ckmc_create_key_aes(size_t size, const char *key_alias, ckmc_policy_s key_po * @param[in] message The message that is signed with a private key * @param[in] hash The hash algorithm used in creating signature * @param[in] padding The RSA padding algorithm used in creating signature \n - * It is used only when the signature algorithm is RSA + * It is used only when the signature algorithm is RSA. If + * @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE + * and the message must be equal to key length * @param[out] ppsignature The pointer to a newly created signature \n * If an error occurs, @a *ppsignature will be null * @return @c 0 on success, @@ -566,7 +568,9 @@ int ckmc_create_signature(const char *private_key_alias, const char *password, c * @param[in] signature The signature that is verified with public key * @param[in] hash The hash algorithm used in verifying signature * @param[in] padding The RSA padding algorithm used in verifying signature \n - * It is used only when the signature algorithm is RSA + * It is used only when the signature algorithm is RSA. If + * @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE + * and the message must be equal to key length * @return @c 0 on success and the signature is valid, * otherwise a negative error value * @retval #CKMC_ERROR_NONE Successful diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp index 91a61fe5..f37d2ef6 100644 --- a/src/manager/crypto/sw-backend/internals.cpp +++ b/src/manager/crypto/sw-backend/internals.cpp @@ -839,7 +839,7 @@ RawBuffer signMessage(EVP_PKEY *privKey, /* Set padding algorithm */ if (EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding)) - ThrowErr(Exc::Crypto::InternalError, + ThrowErr(Exc::Crypto::InputParam, "Error in EVP_PKEY_CTX_set_rsa_padding function"); /* Finalize the Sign operation */ @@ -888,7 +888,7 @@ RawBuffer digestSignMessage(EVP_PKEY *privKey, /* Set padding algorithm */ if (EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) - ThrowErr(Exc::Crypto::InternalError, + ThrowErr(Exc::Crypto::InputParam, "Error in EVP_PKEY_CTX_set_rsa_padding function"); /* Call update with the message */ @@ -973,7 +973,7 @@ int verifyMessage(EVP_PKEY *pubKey, /* Set padding algorithm */ if (EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding)) - ThrowErr(Exc::Crypto::InternalError, + ThrowErr(Exc::Crypto::InputParam, "Error in EVP_PKEY_CTX_set_rsa_padding function"); if (EVP_SUCCESS == EVP_PKEY_verify(pctx.get(), signature.data(), @@ -1003,7 +1003,7 @@ int digestVerifyMessage(EVP_PKEY *pubKey, if (EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) - ThrowErr(Exc::Crypto::InternalError, + ThrowErr(Exc::Crypto::InputParam, "Error in EVP_PKEY_CTX_set_rsa_padding function"); if (EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx.get(), message.data(), |