Support for ECDSA with hashing

MatthiasValvekens · MatthiasValvekens · commit a5d8b9346232 · 2025-06-06T09:14:15.000+02:00
Aims to fix #620.
diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
@@ -804,6 +804,11 @@ void SoftHSM::prepareSupportedMechanisms(std::map<std::string, CK_MECHANISM_TYPE
 #ifdef WITH_ECC
 	t["CKM_EC_KEY_PAIR_GEN"]	= CKM_EC_KEY_PAIR_GEN;
 	t["CKM_ECDSA"]			= CKM_ECDSA;
+	t["CKM_ECDSA_SHA1"]		= CKM_ECDSA_SHA1;
+	t["CKM_ECDSA_SHA224"]		= CKM_ECDSA_SHA224;
+	t["CKM_ECDSA_SHA256"]		= CKM_ECDSA_SHA256;
+	t["CKM_ECDSA_SHA384"]		= CKM_ECDSA_SHA384;
+	t["CKM_ECDSA_SHA512"]		= CKM_ECDSA_SHA512;
 #endif
 #if defined(WITH_ECC) || defined(WITH_EDDSA)
 	t["CKM_ECDH1_DERIVE"]		= CKM_ECDH1_DERIVE;
@@ -4360,6 +4365,31 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
 			bAllowMultiPartOp = false;
 			isECDSA = true;
 			break;
+		case CKM_ECDSA_SHA1:
+			mechanism = AsymMech::ECDSA_SHA1;
+			bAllowMultiPartOp = false;
+			isECDSA = true;
+			break;
+		case CKM_ECDSA_SHA224:
+			mechanism = AsymMech::ECDSA_SHA224;
+			bAllowMultiPartOp = false;
+			isECDSA = true;
+			break;
+		case CKM_ECDSA_SHA256:
+			mechanism = AsymMech::ECDSA_SHA256;
+			bAllowMultiPartOp = false;
+			isECDSA = true;
+			break;
+		case CKM_ECDSA_SHA384:
+			mechanism = AsymMech::ECDSA_SHA384;
+			bAllowMultiPartOp = false;
+			isECDSA = true;
+			break;
+		case CKM_ECDSA_SHA512:
+			mechanism = AsymMech::ECDSA_SHA512;
+			bAllowMultiPartOp = false;
+			isECDSA = true;
+			break;
 #endif
 #ifdef WITH_GOST
 		case CKM_GOSTR3410:
diff --git a/src/lib/crypto/AsymmetricAlgorithm.h b/src/lib/crypto/AsymmetricAlgorithm.h
@@ -85,6 +85,11 @@ struct AsymMech
 		DSA_SHA384,
 		DSA_SHA512,
 		ECDSA,
+		ECDSA_SHA1,
+		ECDSA_SHA224,
+		ECDSA_SHA256,
+		ECDSA_SHA384,
+		ECDSA_SHA512,
 		GOST,
 		GOST_GOST,
 		EDDSA
diff --git a/src/lib/crypto/BotanECDSA.cpp b/src/lib/crypto/BotanECDSA.cpp
@@ -65,17 +65,33 @@ bool BotanECDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
 		      ByteString& signature, const AsymMech::Type mechanism,
 		      const void* /* param = NULL */, const size_t /* paramLen = 0 */)
 {
-	std::string emsa;
+	std::string emsa = "Raw";
 
-	if (mechanism == AsymMech::ECDSA)
+	HashAlgo::Type hash = HashAlgo::Unknown;
+	if (mechanism != AsymMech::ECDSA)
 	{
-		emsa = "Raw";
+		switch (mechanism)
+		{
+			case AsymMech::ECDSA_SHA1:
+				hash = HashAlgo::SHA1;
+				break;
+			case AsymMech::ECDSA_SHA224:
+				hash = HashAlgo::SHA224;
+				break;
+			case AsymMech::ECDSA_SHA256:
+				hash = HashAlgo::SHA256;
+				break;
+			case AsymMech::ECDSA_SHA384:
+				hash = HashAlgo::SHA384;
+				break;
+			case AsymMech::ECDSA_SHA512:
+				hash = HashAlgo::SHA512;
+				break;
+			default:
+				ERROR_MSG("Invalid mechanism supplied (%i)", mechanism);
+				return false;
+		}
 	}
-        else
-        {
-		ERROR_MSG("Invalid mechanism supplied (%i)", mechanism);
-		return false;
-        }
 
 	// Check if the private key is the right type
 	if (!privateKey->isOfType(BotanECDSAPrivateKey::type))
@@ -107,12 +123,30 @@ bool BotanECDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
 		return false;
 	}
 
+	// Pre-hash the data if necessary
+	ByteString prepDataToSign;
+
+	if (hash == HashAlgo::Unknown) {
+		prepDataToSign = dataToSign;
+	} else {
+		HashAlgorithm* digest = BotanCryptoFactory::i()->getHashAlgorithm(hash);
+
+		if (!digest->hashInit()
+				|| !digest->hashUpdate(dataToSign)
+				|| !digest->hashFinal(prepDataToSign))
+		{
+			delete digest;
+			return false;
+		}
+		delete digest;
+	}
+
 	// Perform the signature operation
 	std::vector<uint8_t> signResult;
 	try
 	{
 		BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG();
-		signResult = signer->sign_message(dataToSign.const_byte_str(), dataToSign.size(), *rng->getRNG());
+		signResult = signer->sign_message(prepDataToSign.const_byte_str(), prepDataToSign.size(), *rng->getRNG());
 	}
 	catch (...)
 	{
diff --git a/src/lib/crypto/OSSLECDSA.cpp b/src/lib/crypto/OSSLECDSA.cpp
@@ -53,10 +53,32 @@ bool OSSLECDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
 		     ByteString& signature, const AsymMech::Type mechanism,
 		     const void* /* param = NULL */, const size_t /* paramLen = 0 */)
 {
+
+	HashAlgo::Type hash = HashAlgo::Unknown;
+
 	if (mechanism != AsymMech::ECDSA)
 	{
-		ERROR_MSG("Invalid mechanism supplied (%i)", mechanism);
-		return false;
+		switch (mechanism)
+		{
+			case AsymMech::ECDSA_SHA1:
+				hash = HashAlgo::SHA1;
+				break;
+			case AsymMech::ECDSA_SHA224:
+				hash = HashAlgo::SHA224;
+				break;
+			case AsymMech::ECDSA_SHA256:
+				hash = HashAlgo::SHA256;
+				break;
+			case AsymMech::ECDSA_SHA384:
+				hash = HashAlgo::SHA384;
+				break;
+			case AsymMech::ECDSA_SHA512:
+				hash = HashAlgo::SHA512;
+				break;
+			default:
+				ERROR_MSG("Invalid mechanism supplied (%i)", mechanism);
+				return false;
+		}
 	}
 
 	// Check if the private key is the right type
@@ -93,6 +115,24 @@ bool OSSLECDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
 	EC_KEY_set_method(eckey, EC_KEY_OpenSSL());
 #endif
 
+	// Pre-hash the data if necessary
+	ByteString prepDataToSign;
+	if (hash == HashAlgo::Unknown) {
+		prepDataToSign = dataToSign;
+	} else {
+		HashAlgorithm* digest = CryptoFactory::i()->getHashAlgorithm(hash);
+
+		if (!digest->hashInit()
+				|| !digest->hashUpdate(dataToSign)
+				|| !digest->hashFinal(prepDataToSign))
+		{
+			delete digest;
+			return false;
+		}
+		delete digest;
+	}
+
+
 	// Perform the signature operation
 	size_t len = pk->getOrderLength();
 	if (len == 0)
@@ -102,7 +142,7 @@ bool OSSLECDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
 	}
 	signature.resize(2 * len);
 	memset(&signature[0], 0, 2 * len);
-	ECDSA_SIG *sig = ECDSA_do_sign(dataToSign.const_byte_str(), dataToSign.size(), eckey);
+	ECDSA_SIG *sig = ECDSA_do_sign(prepDataToSign.const_byte_str(), prepDataToSign.size(), eckey);
 	if (sig == NULL)
 	{
 		ERROR_MSG("ECDSA sign failed (0x%08X)", ERR_get_error());
