-
Notifications
You must be signed in to change notification settings - Fork 417
Fixed EDDSA context/pre-hash support #892
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft
antoinelochet
wants to merge
1
commit into
softhsm:main
Choose a base branch
from
antoinelochet:bugfix/issue_873
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -38,6 +38,7 @@ | |
| #include "CryptoFactory.h" | ||
| #include "BotanCryptoFactory.h" | ||
| #include "ECParameters.h" | ||
| #include "EDDSAMechanismParam.h" | ||
| #include "BotanEDKeyPair.h" | ||
| #include "BotanUtil.h" | ||
| #include <algorithm> | ||
|
|
@@ -65,19 +66,19 @@ BotanEDDSA::~BotanEDDSA() | |
| // Signing functions | ||
| bool BotanEDDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, | ||
| ByteString& signature, const AsymMech::Type mechanism, | ||
| const MechanismParam* /* mechanismParam */) | ||
| const MechanismParam* mechanismParam) | ||
| { | ||
| std::string emsa; | ||
|
|
||
| if (mechanism == AsymMech::EDDSA) | ||
| { | ||
| emsa = "Pure"; | ||
| } | ||
| else | ||
| { | ||
| else | ||
| { | ||
| ERROR_MSG("Invalid mechanism supplied (%i)", mechanism); | ||
| return false; | ||
| } | ||
| } | ||
|
|
||
| // Check if the private key is the right type | ||
| if (!privateKey->isOfType(BotanEDPrivateKey::type)) | ||
|
|
@@ -87,16 +88,49 @@ bool BotanEDDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, | |
| return false; | ||
| } | ||
|
|
||
| BotanEDPrivateKey* pk = (BotanEDPrivateKey*) privateKey; | ||
| Botan::Ed25519_PrivateKey* botanKey = dynamic_cast<Botan::Ed25519_PrivateKey*>(pk->getBotanKey()); | ||
| BotanEDPrivateKey* pk = (BotanEDPrivateKey*) privateKey; | ||
| Botan::Ed25519_PrivateKey* botanKey = dynamic_cast<Botan::Ed25519_PrivateKey*>(pk->getBotanKey()); | ||
|
|
||
| if (botanKey == NULL) | ||
| { | ||
| if (botanKey == NULL) | ||
| { | ||
| ERROR_MSG("Could not get the Botan private key"); | ||
|
|
||
| return false; | ||
| } | ||
|
|
||
| // Extract context parameters if provided | ||
| bool preHash = false; | ||
| ByteString contextData; | ||
| if (mechanismParam != NULL && mechanismParam->isOfType(EDDSAMechanismParam::type)) | ||
| { | ||
| EDDSAMechanismParam* eddsaParam = (EDDSAMechanismParam*) mechanismParam; | ||
| preHash = eddsaParam->flag; | ||
| if (!preHash && eddsaParam->contextData.size() > 0) | ||
| { | ||
| ERROR_MSG("Context data is not supported in Botan EDDSA implementation"); | ||
| return false; | ||
| } | ||
| } | ||
|
|
||
| if (preHash) | ||
| { | ||
| unsigned long len = pk->getOrderLength(); | ||
| if (len == 0) | ||
| { | ||
| ERROR_MSG("EDDSA: Could not get the order length"); | ||
| return false; | ||
| } | ||
|
|
||
| if (pk->getOrderLength() == 32) | ||
| { | ||
| emsa = "Ed25519ph"; | ||
| } | ||
| else | ||
| { | ||
| emsa = "Ed448ph"; | ||
| } | ||
| } | ||
|
|
||
| try | ||
| { | ||
| BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); | ||
|
|
@@ -162,7 +196,7 @@ bool BotanEDDSA::signFinal(ByteString& /*signature*/) | |
| // Verification functions | ||
| bool BotanEDDSA::verify(PublicKey* publicKey, const ByteString& originalData, | ||
| const ByteString& signature, const AsymMech::Type mechanism, | ||
| const MechanismParam* /* mechanismParam */) | ||
| const MechanismParam* mechanismParam) | ||
| { | ||
| std::string emsa; | ||
|
|
||
|
|
@@ -195,6 +229,39 @@ bool BotanEDDSA::verify(PublicKey* publicKey, const ByteString& originalData, | |
| return false; | ||
| } | ||
|
|
||
| // Extract context parameters if provided | ||
| bool preHash = false; | ||
| ByteString contextData; | ||
| if (mechanismParam != NULL && mechanismParam->isOfType(EDDSAMechanismParam::type)) | ||
| { | ||
| EDDSAMechanismParam* eddsaParam = (EDDSAMechanismParam*) mechanismParam; | ||
| preHash = eddsaParam->flag; | ||
| if (!preHash && eddsaParam->contextData.size() > 0) | ||
| { | ||
| ERROR_MSG("Context data is not supported in Botan EDDSA implementation"); | ||
| return false; | ||
| } | ||
| } | ||
|
|
||
| if (preHash) | ||
| { | ||
| unsigned long len = pk->getOrderLength(); | ||
| if (len == 0) | ||
| { | ||
| ERROR_MSG("EDDSA: Could not get the order length"); | ||
| return false; | ||
| } | ||
|
|
||
| if (pk->getOrderLength() == 32) | ||
| { | ||
| emsa = "Ed25519ph"; | ||
| } | ||
| else | ||
| { | ||
| emsa = "Ed448ph"; | ||
|
Comment on lines
+259
to
+261
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. same as in the openssl case, there should be explicit check for the order length 57B and fail in other cases as other "key sizes" are not defined by eddsa |
||
| } | ||
| } | ||
|
|
||
| try | ||
| { | ||
| verifier = new Botan::PK_Verifier(*botanKey, emsa); | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| /* | ||
| * Copyright (c) 2026 SoftHSMv2 contributors | ||
| * | ||
| * SPDX-License-Identifier: BSD-2-Clause | ||
| */ | ||
| /***************************************************************************** | ||
| EDDSAMechanismParam.cpp | ||
|
|
||
| EdDSA mechanism parameters used for signing/verifying operations | ||
| *****************************************************************************/ | ||
|
|
||
| #include "config.h" | ||
| #ifdef WITH_EDDSA | ||
| #include "ByteString.h" | ||
| #include "MechanismParam.h" | ||
| #include "EDDSAMechanismParam.h" | ||
|
|
||
| EDDSAMechanismParam::EDDSAMechanismParam() { | ||
| this->flag = false; | ||
| } | ||
|
|
||
| EDDSAMechanismParam::EDDSAMechanismParam(bool flag) { | ||
| this->flag = flag; | ||
| } | ||
|
|
||
| EDDSAMechanismParam::EDDSAMechanismParam(bool flag, ByteString contextData) { | ||
| this->flag = flag; | ||
| this->contextData = contextData; | ||
| } | ||
|
|
||
| // Set the type | ||
| /*static*/ const char* EDDSAMechanismParam::type = "EdDSA Signature param"; | ||
|
|
||
| EDDSAMechanismParam* EDDSAMechanismParam::clone() const | ||
| { | ||
| return new EDDSAMechanismParam(static_cast<const EDDSAMechanismParam&>(*this)); // call the copy ctor. | ||
| } | ||
|
|
||
| // Check if the parameter is of the given type | ||
| bool EDDSAMechanismParam::isOfType(const char* inType) const | ||
| { | ||
| return !strcmp(type, inType); | ||
| } | ||
| #endif |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| /* | ||
| * Copyright (c) 2026 SoftHSMv2 contributors | ||
| * | ||
| * SPDX-License-Identifier: BSD-2-Clause | ||
| */ | ||
| /***************************************************************************** | ||
| EDDSAMechanismParam.h | ||
|
|
||
| EdDSA mechanism parameters used for signing/verifying operations | ||
| *****************************************************************************/ | ||
|
|
||
| #ifndef _SOFTHSM_V2_EDDSAMECHANISMPARAM_H | ||
| #define _SOFTHSM_V2_EDDSAMECHANISMPARAM_H | ||
|
|
||
| #include "config.h" | ||
| #ifdef WITH_EDDSA | ||
| #include "ByteString.h" | ||
| #include "MechanismParam.h" | ||
|
|
||
| class EDDSAMechanismParam : public MechanismParam | ||
| { | ||
| public: | ||
|
|
||
| // EdDSA parameters from ck_eddsa_params | ||
| bool flag; // false = no pre-hash (pure), true = with pre-hash (ph) | ||
| ByteString contextData; | ||
|
|
||
| // The type | ||
| static const char* type; | ||
|
|
||
| EDDSAMechanismParam(); | ||
|
|
||
| EDDSAMechanismParam(bool flag); | ||
|
|
||
| EDDSAMechanismParam(bool flag, ByteString contextData); | ||
|
|
||
| EDDSAMechanismParam* clone() const; | ||
|
|
||
| // Check if the mechanism param is of the given type | ||
| virtual bool isOfType(const char* inType) const; | ||
| }; | ||
|
|
||
| #endif // WITH_EDDSA | ||
| #endif // !_SOFTHSM_V2_EDDSAMECHANISMPARAM_H |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
Context data is silently discarded when
preHashis true.The guard only rejects context when
preHash == false. WhenpreHash == true,eddsaParam->contextDatais never passed to Botan —Ed25519ph/Ed448phare constructed with no context, so a caller-suppliedcontextData(a valid PKCS#11CK_EDDSA_PARAMScombination) is silently ignored and the resulting signature will not verify against a context-aware verifier. Either reject non-emptycontextDataoutright in the Botan backend (as done for the pure case) or fail loudly, rather than dropping it.Also note
ByteString contextData;(Line 103) is declared but never assigned or used.🤖 Prompt for AI Agents