From: lizhi <lizhi206@huawei.com> 1. Replace BN_bn2bin with BN_bn2binpad in ECDH exchange to prevent zero value of x. 2. Implement dedicated query_operation_name for RSA-PSS mode instead of reusing RSA's. Signed-off-by: lizhi <lizhi206@huawei.com> --- src/uadk_ec.c | 15 +++++++++++++-- src/uadk_prov_ecdh_exch.c | 6 ++++-- src/uadk_prov_rsa_kmgmt.c | 10 +++++++++- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/src/uadk_ec.c b/src/uadk_ec.c index 0fbbf46..08ff7a3 100644 --- a/src/uadk_ec.c +++ b/src/uadk_ec.c @@ -1015,6 +1015,15 @@ static int ecdh_keygen_init_iot(handle_t sess, struct wd_ecc_req *req, return 1; } +static size_t ecdh_get_ec_size(const EC_GROUP *group) +{ + size_t degree; + + degree = EC_GROUP_get_degree(group); + + return BITS_TO_BYTES(degree); +} + static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req, const EC_POINT *pubkey, const EC_KEY *ecdh) { @@ -1025,6 +1034,7 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req, struct wd_ecc_in *ecdh_in; BIGNUM *pkey_x, *pkey_y; const EC_GROUP *group; + size_t ec_size; BN_CTX *ctx; int ret = 0; @@ -1045,11 +1055,12 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req, if (!group) goto free_ctx; + ec_size = ecdh_get_ec_size(group); uadk_get_affine_coordinates(group, pubkey, pkey_x, pkey_y, ctx); in_pkey.x.data = buf_x; in_pkey.y.data = buf_y; - in_pkey.x.dsize = BN_bn2bin(pkey_x, (unsigned char *)in_pkey.x.data); - in_pkey.y.dsize = BN_bn2bin(pkey_y, (unsigned char *)in_pkey.y.data); + in_pkey.x.dsize = BN_bn2binpad(pkey_x, (unsigned char *)in_pkey.x.data, ec_size); + in_pkey.y.dsize = BN_bn2binpad(pkey_y, (unsigned char *)in_pkey.y.data, ec_size); /* Set public key */ ecdh_in = wd_ecxdh_new_in(sess, &in_pkey); diff --git a/src/uadk_prov_ecdh_exch.c b/src/uadk_prov_ecdh_exch.c index 3ee7e5e..f2d09fb 100644 --- a/src/uadk_prov_ecdh_exch.c +++ b/src/uadk_prov_ecdh_exch.c @@ -216,6 +216,7 @@ static int ecdh_init_req(struct ecdh_sess_ctx *sess_ctx, struct wd_ecc_in *ecdh_in; BIGNUM *pkey_x, *pkey_y; int ret = UADK_P_FAIL; + size_t ec_size; BN_CTX *ctx; ctx = BN_CTX_new(); @@ -231,11 +232,12 @@ static int ecdh_init_req(struct ecdh_sess_ctx *sess_ctx, if (!pkey_y) goto free_ctx; + ec_size = ecdh_get_ec_size(sess_ctx->group); uadk_prov_get_affine_coordinates(sess_ctx->group, sess_ctx->pub_key, pkey_x, pkey_y, ctx); in_pkey.x.data = buf_x; in_pkey.y.data = buf_y; - in_pkey.x.dsize = BN_bn2bin(pkey_x, (unsigned char *)in_pkey.x.data); - in_pkey.y.dsize = BN_bn2bin(pkey_y, (unsigned char *)in_pkey.y.data); + in_pkey.x.dsize = BN_bn2binpad(pkey_x, (unsigned char *)in_pkey.x.data, ec_size); + in_pkey.y.dsize = BN_bn2binpad(pkey_y, (unsigned char *)in_pkey.y.data, ec_size); /* Set public key */ ecdh_in = wd_ecxdh_new_in(sess, &in_pkey); diff --git a/src/uadk_prov_rsa_kmgmt.c b/src/uadk_prov_rsa_kmgmt.c index 1286ae5..fe87493 100644 --- a/src/uadk_prov_rsa_kmgmt.c +++ b/src/uadk_prov_rsa_kmgmt.c @@ -790,6 +790,14 @@ static const char *uadk_keymgmt_rsa_query_operation_name(int operation_id) return get_default_rsa_keymgmt().query_operation_name(operation_id); } +static const char *uadk_keymgmt_rsapss_query_operation_name(int operation_id) +{ + if (!get_default_rsapss_keymgmt().query_operation_name) + return NULL; + + return get_default_rsapss_keymgmt().query_operation_name(operation_id); +} + static void *uadk_keymgmt_rsa_new(void *provctx) { if (!get_default_rsa_keymgmt().new_fun) @@ -1071,6 +1079,6 @@ const OSSL_DISPATCH uadk_rsapss_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))uadk_keymgmt_rsa_export_types }, { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))uadk_keymgmt_rsa_dup }, { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, - (void (*)(void))uadk_keymgmt_rsa_query_operation_name }, + (void (*)(void))uadk_keymgmt_rsapss_query_operation_name }, { 0, NULL } }; -- 2.43.0