From a526c7e8658eae88ac7b98767c11e061739a7c18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Thu, 16 May 2024 16:43:25 +0100 Subject: [PATCH] src: Apply formatting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomás González --- parsec-openssl-provider/src/keymgmt/mod.rs | 4 +- parsec-openssl-provider/src/signature/mod.rs | 242 ++++++++++--------- 2 files changed, 127 insertions(+), 119 deletions(-) diff --git a/parsec-openssl-provider/src/keymgmt/mod.rs b/parsec-openssl-provider/src/keymgmt/mod.rs index 8fec939..ae5859c 100644 --- a/parsec-openssl-provider/src/keymgmt/mod.rs +++ b/parsec-openssl-provider/src/keymgmt/mod.rs @@ -684,7 +684,9 @@ pub unsafe extern "C" fn parsec_provider_ecdsa_kmgmt_match( group.set_asn1_flag(openssl::ec::Asn1Flag::NAMED_CURVE); let mut big_num_context = openssl::bn::BigNumContext::new()?; - let are_equal = a.eq(group.as_ref(), b, &mut big_num_context).map_err(|e| format!("Failed to match keys: {}", e))?; + let are_equal = a + .eq(group.as_ref(), b, &mut big_num_context) + .map_err(|e| format!("Failed to match keys: {}", e))?; if are_equal { Ok(OPENSSL_SUCCESS) } else { diff --git a/parsec-openssl-provider/src/signature/mod.rs b/parsec-openssl-provider/src/signature/mod.rs index f957a3c..c77bbf8 100644 --- a/parsec-openssl-provider/src/signature/mod.rs +++ b/parsec-openssl-provider/src/signature/mod.rs @@ -96,91 +96,96 @@ unsafe extern "C" fn parsec_provider_signature_digest_sign( tbs: *const std::os::raw::c_uchar, tbslen: std::os::raw::c_uint, ) -> std::os::raw::c_int { - let result = super::r#catch(Some(|| super::Error::PROVIDER_SIGNATURE_DIGEST_SIGN), || { - if ctx.is_null() || siglen.is_null() { - return Err("Received unexpected NULL pointer as an argument.".into()); - } + let result = super::r#catch( + Some(|| super::Error::PROVIDER_SIGNATURE_DIGEST_SIGN), + || { + if ctx.is_null() || siglen.is_null() { + return Err("Received unexpected NULL pointer as an argument.".into()); + } - Arc::increment_strong_count(ctx as *const RwLock); - let sig_ctx = Arc::from_raw(ctx as *const RwLock); + Arc::increment_strong_count(ctx as *const RwLock); + let sig_ctx = Arc::from_raw(ctx as *const RwLock); + + let reader_sig_ctx = sig_ctx.read().unwrap(); + let key_data = match reader_sig_ctx.keyobj { + None => { + return Err( + "Key Object not set. This should be done through sign_init()".into(), + ) + } + Some(ref keyobj) => keyobj.read().unwrap(), + }; + + let key_name = match key_data.get_key_name() { + None => return Err("Key name not set in the Key Object".into()), + Some(ref name) => name, + }; + + let key_attributes = key_data + .get_provctx() + .get_client() + .key_attributes(key_name) + .map_err(|e| format!("Failed to get specified key's attributes: {}", e))?; + let siglength = get_signature_len(key_attributes).map_err(|e| { + format!( + "Failed to Get correct signature length for the given key: {}", + e + ) + })?; - let reader_sig_ctx = sig_ctx.read().unwrap(); - let key_data = match reader_sig_ctx.keyobj { - None => { - return Err("Key Object not set. This should be done through sign_init()".into()) + if sig.is_null() { + *siglen = siglength as std::os::raw::c_uint; + return Ok(OPENSSL_SUCCESS); } - Some(ref keyobj) => keyobj.read().unwrap(), - }; - - let key_name = match key_data.get_key_name() { - None => return Err("Key name not set in the Key Object".into()), - Some(ref name) => name, - }; - - let key_attributes = key_data - .get_provctx() - .get_client() - .key_attributes(key_name) - .map_err(|e| format!("Failed to get specified key's attributes: {}", e))?; - let siglength = get_signature_len(key_attributes).map_err(|e| { - format!( - "Failed to Get correct signature length for the given key: {}", - e - ) - })?; - - if sig.is_null() { - *siglen = siglength as std::os::raw::c_uint; - return Ok(OPENSSL_SUCCESS); - } - - if (sigsize as usize) < siglength { - return Err(format!( - "Signature length is bigger than sigsize. Signature length: {}", - siglength - ) - .into()); - } - if tbs.is_null() { - return Err("Received unexpected NULL pointer as an argument.".into()); - } + if (sigsize as usize) < siglength { + return Err(format!( + "Signature length is bigger than sigsize. Signature length: {}", + siglength + ) + .into()); + } - let tbs_slice: &[u8] = core::slice::from_raw_parts(tbs, tbslen as usize); + if tbs.is_null() { + return Err("Received unexpected NULL pointer as an argument.".into()); + } - let sign_algorithm = match key_attributes.policy.permitted_algorithms { - Algorithm::AsymmetricSignature(signature_algo) => signature_algo, - _ => { - return Err( - "Specified key does not permit the AsymmetricSignature algorithm".into(), - ) + let tbs_slice: &[u8] = core::slice::from_raw_parts(tbs, tbslen as usize); + + let sign_algorithm = match key_attributes.policy.permitted_algorithms { + Algorithm::AsymmetricSignature(signature_algo) => signature_algo, + _ => { + return Err( + "Specified key does not permit the AsymmetricSignature algorithm".into(), + ) + } + }; + + let hash_res: Vec = key_data + .get_provctx() + .get_client() + .psa_hash_compute(Hash::Sha256, tbs_slice) + .map_err(|e| format!("Parsec Client failed to hash: {:?}", e))?; + + let mut sign_res: Vec = key_data + .get_provctx() + .get_client() + .psa_sign_hash(key_name, &hash_res, sign_algorithm) + .map_err(|e| format!("Parsec Client failed to sign: {:?}", e))?; + + if sign_algorithm.is_ecc_alg() { + let s = IntegerAsn1::from_bytes_be_unsigned(sign_res.split_off(sign_res.len() / 2)); + sign_res = picky_asn1_der::to_vec(&EccSignature { + r: IntegerAsn1::from_bytes_be_unsigned(sign_res), + s, + }) + .map_err(|e| format!("Failed to convert ECC Signature: {:?}", e))?; } - }; - - let hash_res: Vec = key_data - .get_provctx() - .get_client() - .psa_hash_compute(Hash::Sha256, tbs_slice) - .map_err(|e| format!("Parsec Client failed to hash: {:?}", e))?; - - let mut sign_res: Vec = key_data - .get_provctx() - .get_client() - .psa_sign_hash(key_name, &hash_res, sign_algorithm) - .map_err(|e| format!("Parsec Client failed to sign: {:?}", e))?; - - if sign_algorithm.is_ecc_alg() { - let s = IntegerAsn1::from_bytes_be_unsigned(sign_res.split_off(sign_res.len() / 2)); - sign_res = picky_asn1_der::to_vec(&EccSignature { - r: IntegerAsn1::from_bytes_be_unsigned(sign_res), - s, - }) - .map_err(|e| format!("Failed to convert ECC Signature: {:?}", e))?; - } - std::ptr::copy(sign_res.as_ptr(), sig, sign_res.len()); - *siglen = sign_res.len() as u32; - Ok(OPENSSL_SUCCESS) - }); + std::ptr::copy(sign_res.as_ptr(), sig, sign_res.len()); + *siglen = sign_res.len() as u32; + Ok(OPENSSL_SUCCESS) + }, + ); match result { Ok(result) => result, @@ -194,49 +199,50 @@ unsafe extern "C" fn parsec_provider_signature_digest_sign_init( provkey: VOID_PTR, params: *const OSSL_PARAM, ) -> std::os::raw::c_int { - let result = super::r#catch(Some(|| super::Error::PROVIDER_SIGNATURE_DIGEST_SIGN_INIT), || { - if ctx.is_null() || provkey.is_null() { - return Err("Neither ctx nor provkey pointers should be NULL.".into()); - } - - Arc::increment_strong_count(ctx as *const RwLock); - let sig_ctx = Arc::from_raw(ctx as *const RwLock); - let mut writer_sig_ctx = sig_ctx.write().unwrap(); - Arc::increment_strong_count(provkey as *const RwLock); - let prov_key = Arc::from_raw(provkey as *const RwLock); + let result = super::r#catch( + Some(|| super::Error::PROVIDER_SIGNATURE_DIGEST_SIGN_INIT), + || { + if ctx.is_null() || provkey.is_null() { + return Err("Neither ctx nor provkey pointers should be NULL.".into()); + } - writer_sig_ctx.keyobj = Some(prov_key.clone()); - let key_data = match writer_sig_ctx.keyobj { - None => { - return Err("Key Object not set.".into()) + Arc::increment_strong_count(ctx as *const RwLock); + let sig_ctx = Arc::from_raw(ctx as *const RwLock); + let mut writer_sig_ctx = sig_ctx.write().unwrap(); + Arc::increment_strong_count(provkey as *const RwLock); + let prov_key = Arc::from_raw(provkey as *const RwLock); + + writer_sig_ctx.keyobj = Some(prov_key.clone()); + let key_data = match writer_sig_ctx.keyobj { + None => return Err("Key Object not set.".into()), + Some(ref keyobj) => keyobj.read().unwrap(), + }; + + let key_name = match key_data.get_key_name() { + None => return Err("Key name not set in the Key Object".into()), + Some(ref name) => name, + }; + // Currently we only support SHA256 hash function. + // Return error if any other function is selected. + if let Ok(hash_function) = CStr::from_ptr(mdname).to_str() { + if hash_function != "SHA256" && hash_function != "SHA2-256" { + return Err("Invalid hash function".into()); + } } - Some(ref keyobj) => keyobj.read().unwrap(), - }; - - let key_name = match key_data.get_key_name() { - None => return Err("Key name not set in the Key Object".into()), - Some(ref name) => name, - }; - // Currently we only support SHA256 hash function. - // Return error if any other function is selected. - if let Ok(hash_function) = CStr::from_ptr(mdname).to_str() { - if hash_function != "SHA256" && hash_function != "SHA2-256" { - return Err("Invalid hash function".into()); + let key_attributes = key_data + .get_provctx() + .get_client() + .key_attributes(key_name) + .map_err(|e| format!("Failed to get specified key's attributes: {}", e))?; + match key_attributes.key_type { + Type::RsaKeyPair => Ok(parsec_provider_signature_rsa_set_params(ctx, params)), + Type::EccKeyPair { + curve_family: EccFamily::SecpR1, + } => Ok(parsec_provider_signature_ecdsa_set_params(ctx, params)), + _ => Err("Key type not recognized".to_string().into()), } - } - let key_attributes = key_data - .get_provctx() - .get_client() - .key_attributes(key_name) - .map_err(|e| format!("Failed to get specified key's attributes: {}", e))?; - match key_attributes.key_type { - Type::RsaKeyPair => Ok(parsec_provider_signature_rsa_set_params(ctx, params)), - Type::EccKeyPair { - curve_family: EccFamily::SecpR1, - } => Ok(parsec_provider_signature_ecdsa_set_params(ctx, params)), - _ => Err("Key type not recognized".to_string().into()), - } - }); + }, + ); match result { Ok(result) => result,