Skip to content

Commit 9f1d0aa

Browse files
gowthamsk-armgowthamsk-arm
committed
sign: Convert sign() to digest_sign()
Signed-off-by: Gowtham Suresh Kumar <[email protected]>
1 parent d7037c6 commit 9f1d0aa

File tree

1 file changed

+26
-14
lines changed
  • parsec-openssl-provider/src/signature

1 file changed

+26
-14
lines changed

parsec-openssl-provider/src/signature/mod.rs

Lines changed: 26 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ use crate::{
1111
PARSEC_PROVIDER_DFLT_PROPERTIES, PARSEC_PROVIDER_ECDSA_NAME, PARSEC_PROVIDER_RSA_NAME,
1212
};
1313
use parsec_client::core::interface::operations::psa_algorithm::Algorithm;
14+
use parsec_client::core::interface::operations::psa_algorithm::Hash;
1415
use parsec_client::core::interface::operations::psa_key_attributes::{Attributes, EccFamily, Type};
1516
use parsec_openssl2::types::VOID_PTR;
1617
use parsec_openssl2::*;
@@ -77,13 +78,12 @@ fn get_signature_len(key_attrs: Attributes) -> Result<usize, String> {
7778
}
7879

7980
/*
80-
performs the actual signing itself. A previously initialised signature context is passed in the ctx parameter. The data
81-
to be signed is pointed to be the tbs parameter which is tbslen bytes long. Unless sig is NULL, the signature should be
82-
written to the location pointed to by the sig parameter and it should not exceed sigsize bytes in length. The length of
83-
the signature should be written to *siglen. If sig is NULL then the maximum length of the signature should be written
84-
to *siglen.
81+
implements a "one shot" digest sign operation previously started through
82+
OSSL_FUNC_signature_digeset_sign_init(). A previously initialised signature
83+
context is passed in the ctx parameter. The data to be signed is in tbs which
84+
should be tbslen bytes long.
8585
*/
86-
unsafe extern "C" fn parsec_provider_signature_sign(
86+
unsafe extern "C" fn parsec_provider_signature_digest_sign(
8787
ctx: VOID_PTR,
8888
sig: *mut std::os::raw::c_uchar,
8989
siglen: *mut std::os::raw::c_uint,
@@ -100,19 +100,19 @@ unsafe extern "C" fn parsec_provider_signature_sign(
100100
let sig_ctx = Arc::from_raw(ctx as *const RwLock<ParsecProviderSignatureContext>);
101101

102102
let reader_sig_ctx = sig_ctx.read().unwrap();
103-
let keyobj = match reader_sig_ctx.keyobj {
103+
let key_data = match reader_sig_ctx.keyobj {
104104
None => {
105105
return Err("Key Object not set. This should be done through sign_init()".into())
106106
}
107107
Some(ref keyobj) => keyobj.read().unwrap(),
108108
};
109109

110-
let key_name = match keyobj.get_key_name() {
110+
let key_name = match key_data.get_key_name() {
111111
None => return Err("Key name not set in the Key Object".into()),
112112
Some(ref name) => name,
113113
};
114114

115-
let key_attributes = keyobj
115+
let key_attributes = key_data
116116
.get_provctx()
117117
.get_client()
118118
.key_attributes(key_name)
@@ -152,10 +152,16 @@ unsafe extern "C" fn parsec_provider_signature_sign(
152152
}
153153
};
154154

155-
let sign_res: Vec<u8> = keyobj
155+
let hash_res: Vec<u8> = key_data
156156
.get_provctx()
157157
.get_client()
158-
.psa_sign_hash(key_name, tbs_slice, sign_algorithm)
158+
.psa_hash_compute(Hash::Sha256, tbs_slice)
159+
.map_err(|e| format!("Parsec Client failed to hash: {:?}", e))?;
160+
161+
let sign_res: Vec<u8> = key_data
162+
.get_provctx()
163+
.get_client()
164+
.psa_sign_hash(key_name, &hash_res, sign_algorithm)
159165
.map_err(|e| format!("Parsec Client failed to sign: {:?}", e))?;
160166

161167
if siglength != sign_res.len() {
@@ -176,7 +182,7 @@ unsafe extern "C" fn parsec_provider_signature_sign(
176182
pub type SignatureNewCtxPtr =
177183
unsafe extern "C" fn(VOID_PTR, *const std::os::raw::c_char) -> VOID_PTR;
178184
pub type SignatureFreeCtxPtr = unsafe extern "C" fn(VOID_PTR);
179-
pub type SignatureSignPtr = unsafe extern "C" fn(
185+
pub type SignatureDigestSignPtr = unsafe extern "C" fn(
180186
VOID_PTR,
181187
*mut std::os::raw::c_uchar,
182188
*mut std::os::raw::c_uint,
@@ -187,12 +193,18 @@ pub type SignatureSignPtr = unsafe extern "C" fn(
187193

188194
const OSSL_FUNC_SIGNATURE_NEWCTX_PTR: SignatureNewCtxPtr = parsec_provider_signature_newctx;
189195
const OSSL_FUNC_SIGNATURE_FREECTX_PTR: SignatureFreeCtxPtr = parsec_provider_signature_freectx;
190-
const OSSL_FUNC_SIGNATURE_SIGN_PTR: SignatureSignPtr = parsec_provider_signature_sign;
196+
const OSSL_FUNC_SIGNATURE_DIGEST_SIGN_PTR: SignatureDigestSignPtr =
197+
parsec_provider_signature_digest_sign;
191198

192199
const PARSEC_PROVIDER_SIGN_IMPL: [OSSL_DISPATCH; 5] = [
193200
unsafe { ossl_dispatch!(OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_FUNC_SIGNATURE_NEWCTX_PTR) },
194201
unsafe { ossl_dispatch!(OSSL_FUNC_SIGNATURE_FREECTX, OSSL_FUNC_SIGNATURE_FREECTX_PTR) },
195-
unsafe { ossl_dispatch!(OSSL_FUNC_SIGNATURE_SIGN, OSSL_FUNC_SIGNATURE_SIGN_PTR) },
202+
unsafe {
203+
ossl_dispatch!(
204+
OSSL_FUNC_SIGNATURE_DIGEST_SIGN,
205+
OSSL_FUNC_SIGNATURE_DIGEST_SIGN_PTR
206+
)
207+
},
196208
ossl_dispatch!(),
197209
];
198210

0 commit comments

Comments
 (0)