Use rnp::secure_bytes for hash parameter in crypto.

src/lib/crypto/dsa.cpp

@@ -75,7 +75,7 @@ Key::validate(rnp::RNG &rng, bool secret) const noexcept
 }
 
 rnp_result_t
-Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) const
+Key::sign(rnp::RNG &rng, Signature &sig, const rnp::secure_bytes &hash) const
 {
     sig = {};
     size_t q_order = q.bytes();
@@ -85,7 +85,7 @@ Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) c
     }
 
     // As 'Raw' is used we need to reduce hash size (as per FIPS-186-4, 4.6)
-    size_t z_len = hash_len < q_order ? hash_len : q_order;
+    size_t z_len = std::min(hash.size(), q_order);
 
     rnp::bn bp(p);
     rnp::bn bq(q);
@@ -108,7 +108,7 @@ Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) c
         return RNP_ERROR_SIGNING_FAILED;
     }
 
-    if (botan_pk_op_sign_update(sign_op.get(), hash, z_len)) {
+    if (botan_pk_op_sign_update(sign_op.get(), hash.data(), z_len)) {
         return RNP_ERROR_SIGNING_FAILED;
     }
 
@@ -128,14 +128,14 @@ Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) c
 }
 
 rnp_result_t
-Key::verify(const Signature &sig, const uint8_t *hash, size_t hash_len) const
+Key::verify(const Signature &sig, const rnp::secure_bytes &hash) const
 {
     size_t q_order = q.bytes();
     if (q_order > BITS_TO_BYTES(DSA_MAX_Q_BITLEN)) {
         return RNP_ERROR_BAD_PARAMETERS;
     }
 
-    size_t z_len = hash_len < q_order ? hash_len : q_order;
+    size_t z_len = std::min(hash.size(), q_order);
     size_t r_blen = sig.r.bytes();
     size_t s_blen = sig.s.bytes();
     if ((r_blen > q_order) || (s_blen > q_order)) {
@@ -169,7 +169,7 @@ Key::verify(const Signature &sig, const uint8_t *hash, size_t hash_len) const
         return RNP_ERROR_GENERIC;
     }
 
-    if (botan_pk_op_verify_update(verify_op.get(), hash, z_len)) {
+    if (botan_pk_op_verify_update(verify_op.get(), hash.data(), z_len)) {
         return RNP_ERROR_GENERIC;
     }
 

src/lib/crypto/dsa.h

@@ -31,6 +31,7 @@
 #include <repgp/repgp_def.h>
 #include "crypto/rng.h"
 #include "crypto/mpi.h"
+#include "crypto/mem.h"
 
 #define DSA_MAX_Q_BITLEN 256
 
@@ -85,10 +86,7 @@ class Key {
      *          RNP_ERROR_BAD_PARAMETERS wrong input provided
      *          RNP_ERROR_SIGNING_FAILED internal error
      */
-    rnp_result_t sign(rnp::RNG &     rng,
-                      Signature &    sig,
-                      const uint8_t *hash,
-                      size_t         hash_len) const;
+    rnp_result_t sign(rnp::RNG &rng, Signature &sig, const rnp::secure_bytes &hash) const;
 
     /*
      * @brief   Performs DSA verification
@@ -102,7 +100,7 @@ class Key {
      *          RNP_ERROR_GENERIC internal error
      *          RNP_ERROR_SIGNATURE_INVALID signature is invalid
      */
-    rnp_result_t verify(const Signature &sig, const uint8_t *hash, size_t hash_len) const;
+    rnp_result_t verify(const Signature &sig, const rnp::secure_bytes &hash) const;
 
     /*
      * @brief   Performs DSA key generation

src/lib/crypto/dsa_common.cpp

@@ -62,10 +62,10 @@ Key::choose_qsize(size_t psize)
 }
 
 } // namespace dsa
-} // namespace pgp
 
+namespace ecdsa {
 pgp_hash_alg_t
-ecdsa_get_min_hash(pgp_curve_t curve)
+get_min_hash(pgp_curve_t curve)
 {
     switch (curve) {
     case PGP_CURVE_NIST_P_256:
@@ -82,3 +82,6 @@ ecdsa_get_min_hash(pgp_curve_t curve)
         return PGP_HASH_UNKNOWN;
     }
 }
+} // namespace ecdsa
+
+} // namespace pgp

src/lib/crypto/dsa_ossl.cpp

@@ -184,7 +184,7 @@ Key::validate(rnp::RNG &rng, bool secret) const noexcept
 }
 
 rnp_result_t
-Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) const
+Key::sign(rnp::RNG &rng, Signature &sig, const rnp::secure_bytes &hash) const
 {
     if (!x.bytes()) {
         RNP_LOG("private key not set");
@@ -211,7 +211,7 @@ Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) c
         return RNP_ERROR_GENERIC;
     }
     sig.s.len = PGP_MPINT_SIZE;
-    if (EVP_PKEY_sign(ctx.get(), sig.s.mpi, &sig.s.len, hash, hash_len) <= 0) {
+    if (EVP_PKEY_sign(ctx.get(), sig.s.mpi, &sig.s.len, hash.data(), hash.size()) <= 0) {
         RNP_LOG("Signing failed: %lu", ERR_peek_last_error());
         sig.s.len = 0;
         return RNP_ERROR_GENERIC;
@@ -224,7 +224,7 @@ Key::sign(rnp::RNG &rng, Signature &sig, const uint8_t *hash, size_t hash_len) c
 }
 
 rnp_result_t
-Key::verify(const Signature &sig, const uint8_t *hash, size_t hash_len) const
+Key::verify(const Signature &sig, const rnp::secure_bytes &hash) const
 {
     /* Load secret key to EVP key */
     auto evpkey = load_key(*this, false);
@@ -249,7 +249,7 @@ Key::verify(const Signature &sig, const uint8_t *hash, size_t hash_len) const
     if (!encode_sig(sigbuf.mpi, &sigbuf.len, sig)) {
         return RNP_ERROR_GENERIC;
     }
-    if (EVP_PKEY_verify(ctx.get(), sigbuf.mpi, sigbuf.len, hash, hash_len) <= 0) {
+    if (EVP_PKEY_verify(ctx.get(), sigbuf.mpi, sigbuf.len, hash.data(), hash.size()) <= 0) {
         return RNP_ERROR_SIGNATURE_INVALID;
     }
     return RNP_SUCCESS;

src/lib/crypto/ecdsa.cpp

@@ -30,8 +30,11 @@
 #include <string.h>
 #include "botan_utils.hpp"
 
+namespace pgp {
+namespace ecdsa {
+
 static bool
-ecdsa_load_public_key(rnp::botan::Pubkey &pubkey, const pgp::ec::Key &keydata)
+load_public_key(rnp::botan::Pubkey &pubkey, const pgp::ec::Key &keydata)
 {
     auto curve = pgp::ec::Curve::get(keydata.curve);
     if (!curve) {
@@ -59,7 +62,7 @@ ecdsa_load_public_key(rnp::botan::Pubkey &pubkey, const pgp::ec::Key &keydata)
 }
 
 static bool
-ecdsa_load_secret_key(rnp::botan::Privkey &seckey, const pgp::ec::Key &keydata)
+load_secret_key(rnp::botan::Privkey &seckey, const pgp::ec::Key &keydata)
 {
     auto curve = pgp::ec::Curve::get(keydata.curve);
     if (!curve) {
@@ -79,27 +82,26 @@ ecdsa_load_secret_key(rnp::botan::Privkey &seckey, const pgp::ec::Key &keydata)
 }
 
 rnp_result_t
-ecdsa_validate_key(rnp::RNG &rng, const pgp::ec::Key &key, bool secret)
+validate_key(rnp::RNG &rng, const pgp::ec::Key &key, bool secret)
 {
     rnp::botan::Pubkey bpkey;
-    if (!ecdsa_load_public_key(bpkey, key) ||
-        botan_pubkey_check_key(bpkey.get(), rng.handle(), 0)) {
+    if (!load_public_key(bpkey, key) || botan_pubkey_check_key(bpkey.get(), rng.handle(), 0)) {
         return RNP_ERROR_BAD_PARAMETERS;
     }
     if (!secret) {
         return RNP_SUCCESS;
     }
 
     rnp::botan::Privkey bskey;
-    if (!ecdsa_load_secret_key(bskey, key) ||
+    if (!load_secret_key(bskey, key) ||
         botan_privkey_check_key(bskey.get(), rng.handle(), 0)) {
         return RNP_ERROR_BAD_PARAMETERS;
     }
     return RNP_SUCCESS;
 }
 
 const char *
-ecdsa_padding_str_for(pgp_hash_alg_t hash_alg)
+padding_str_for(pgp_hash_alg_t hash_alg)
 {
     switch (hash_alg) {
     case PGP_HASH_MD5:
@@ -108,7 +110,6 @@ ecdsa_padding_str_for(pgp_hash_alg_t hash_alg)
         return "Raw(SHA-1)";
     case PGP_HASH_RIPEMD:
         return "Raw(RIPEMD-160)";
-
     case PGP_HASH_SHA256:
         return "Raw(SHA-256)";
     case PGP_HASH_SHA384:
@@ -121,7 +122,6 @@ ecdsa_padding_str_for(pgp_hash_alg_t hash_alg)
         return "Raw(SHA-3(256))";
     case PGP_HASH_SHA3_512:
         return "Raw(SHA-3(512))";
-
     case PGP_HASH_SM3:
         return "Raw(SM3)";
     default:
@@ -130,28 +130,27 @@ ecdsa_padding_str_for(pgp_hash_alg_t hash_alg)
 }
 
 rnp_result_t
-ecdsa_sign(rnp::RNG &          rng,
-           pgp::ec::Signature &sig,
-           pgp_hash_alg_t      hash_alg,
-           const uint8_t *     hash,
-           size_t              hash_len,
-           const pgp::ec::Key &key)
+sign(rnp::RNG &               rng,
+     pgp::ec::Signature &     sig,
+     pgp_hash_alg_t           hash_alg,
+     const rnp::secure_bytes &hash,
+     const pgp::ec::Key &     key)
 {
     auto curve = pgp::ec::Curve::get(key.curve);
     if (!curve) {
         return RNP_ERROR_BAD_PARAMETERS;
     }
 
     rnp::botan::Privkey b_key;
-    if (!ecdsa_load_secret_key(b_key, key)) {
+    if (!load_secret_key(b_key, key)) {
         RNP_LOG("Can't load private key");
         return RNP_ERROR_GENERIC;
     }
 
     rnp::botan::op::Sign signer;
-    auto                 pad = ecdsa_padding_str_for(hash_alg);
+    auto                 pad = padding_str_for(hash_alg);
     if (botan_pk_op_sign_create(&signer.get(), b_key.get(), pad, 0) ||
-        botan_pk_op_sign_update(signer.get(), hash, hash_len)) {
+        botan_pk_op_sign_update(signer.get(), hash.data(), hash.size())) {
         return RNP_ERROR_GENERIC;
     }
 
@@ -173,11 +172,10 @@ ecdsa_sign(rnp::RNG &          rng,
 }
 
 rnp_result_t
-ecdsa_verify(const pgp::ec::Signature &sig,
-             pgp_hash_alg_t            hash_alg,
-             const uint8_t *           hash,
-             size_t                    hash_len,
-             const pgp::ec::Key &      key)
+verify(const pgp::ec::Signature &sig,
+       pgp_hash_alg_t            hash_alg,
+       const rnp::secure_bytes & hash,
+       const pgp::ec::Key &      key)
 {
     auto curve = pgp::ec::Curve::get(key.curve);
     if (!curve) {
@@ -194,14 +192,14 @@ ecdsa_verify(const pgp::ec::Signature &sig,
     }
 
     rnp::botan::Pubkey pub;
-    if (!ecdsa_load_public_key(pub, key)) {
+    if (!load_public_key(pub, key)) {
         return RNP_ERROR_SIGNATURE_INVALID;
     }
 
     rnp::botan::op::Verify verifier;
-    auto                   pad = ecdsa_padding_str_for(hash_alg);
+    auto                   pad = padding_str_for(hash_alg);
     if (botan_pk_op_verify_create(&verifier.get(), pub.get(), pad, 0) ||
-        botan_pk_op_verify_update(verifier.get(), hash, hash_len)) {
+        botan_pk_op_verify_update(verifier.get(), hash.data(), hash.size())) {
         return RNP_ERROR_SIGNATURE_INVALID;
     }
 
@@ -215,3 +213,5 @@ ecdsa_verify(const pgp::ec::Signature &sig,
     }
     return RNP_SUCCESS;
 }
+} // namespace ecdsa
+} // namespace pgp

src/lib/crypto/ecdsa.h

@@ -29,22 +29,22 @@
 
 #include "crypto/ec.h"
 
-rnp_result_t ecdsa_validate_key(rnp::RNG &rng, const pgp::ec::Key &key, bool secret);
+namespace pgp {
+namespace ecdsa {
+rnp_result_t validate_key(rnp::RNG &rng, const ec::Key &key, bool secret);
 
-rnp_result_t ecdsa_sign(rnp::RNG &          rng,
-                        pgp::ec::Signature &sig,
-                        pgp_hash_alg_t      hash_alg,
-                        const uint8_t *     hash,
-                        size_t              hash_len,
-                        const pgp::ec::Key &key);
+rnp_result_t sign(rnp::RNG &               rng,
+                  ec::Signature &          sig,
+                  pgp_hash_alg_t           hash_alg,
+                  const rnp::secure_bytes &hash,
+                  const ec::Key &          key);
 
-rnp_result_t ecdsa_verify(const pgp::ec::Signature &sig,
-                          pgp_hash_alg_t            hash_alg,
-                          const uint8_t *           hash,
-                          size_t                    hash_len,
-                          const pgp::ec::Key &      key);
+rnp_result_t verify(const ec::Signature &    sig,
+                    pgp_hash_alg_t           hash_alg,
+                    const rnp::secure_bytes &hash,
+                    const ec::Key &          key);
 
-const char *ecdsa_padding_str_for(pgp_hash_alg_t hash_alg);
+const char *padding_str_for(pgp_hash_alg_t hash_alg);
 
 /*
  * @brief   Returns hash which should be used with the curve
@@ -54,6 +54,9 @@ const char *ecdsa_padding_str_for(pgp_hash_alg_t hash_alg);
  * @returns  Either ID of the hash algorithm, or PGP_HASH_UNKNOWN
  *           if not found
  */
-pgp_hash_alg_t ecdsa_get_min_hash(pgp_curve_t curve);
+pgp_hash_alg_t get_min_hash(pgp_curve_t curve);
+
+} // namespace ecdsa
+} // namespace pgp
 
 #endif // ECDSA_H_