signature: Add Signature operation

tgonzalezorlandoarm · tgonzalezorlandoarm · commit 9503740c9695 · 2024-04-12T11:09:02.000+01:00
Implement: * OSSL_FUNC_SIGNATURE_SIGN_INIT as indicated by https://www.openssl.org/docs/man3.0/man7/provider-signature.html Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
diff --git a/parsec-openssl-provider/src/keymgmt/mod.rs b/parsec-openssl-provider/src/keymgmt/mod.rs
@@ -14,7 +14,7 @@ use crate::{
 };
 use parsec_openssl2::types::VOID_PTR;
 use parsec_openssl2::*;
-use std::sync::{Arc, Mutex};
+use std::sync::{Arc, Mutex, MutexGuard};
 
 pub struct ParsecProviderKeyObject {
     provctx: Arc<ParsecProviderContext>,
@@ -31,6 +31,16 @@ impl Clone for ParsecProviderKeyObject {
     }
 }
 
+impl ParsecProviderKeyObject {
+    pub fn get_provctx(&self) -> Arc<ParsecProviderContext> {
+        self.provctx.clone()
+    }
+
+    pub fn get_key_name(&self) -> MutexGuard<'_, Option<String>> {
+        self.key_name.lock().unwrap()
+    }
+}
+
 pub fn kmgmt_keyobj_new(provctx: Arc<ParsecProviderContext>) -> Arc<ParsecProviderKeyObject> {
     Arc::new(ParsecProviderKeyObject {
         provctx: provctx.clone(),
diff --git a/parsec-openssl-provider/src/signature/mod.rs b/parsec-openssl-provider/src/signature/mod.rs
@@ -4,12 +4,13 @@
 use crate::keymgmt::ParsecProviderKeyObject;
 use crate::openssl_bindings::{
     OSSL_ALGORITHM, OSSL_DISPATCH, OSSL_FUNC_SIGNATURE_FREECTX, OSSL_FUNC_SIGNATURE_NEWCTX,
-    OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_PARAM,
+    OSSL_FUNC_SIGNATURE_SIGN, OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_PARAM,
 };
 use crate::{
     PARSEC_PROVIDER_DESCRIPTION_ECDSA, PARSEC_PROVIDER_DESCRIPTION_RSA,
     PARSEC_PROVIDER_DFLT_PROPERTIES, PARSEC_PROVIDER_ECDSA_NAME, PARSEC_PROVIDER_RSA_NAME,
 };
+use parsec_client::core::interface::operations::psa_algorithm::{AsymmetricSignature, Hash};
 use parsec_openssl2::types::VOID_PTR;
 use parsec_openssl2::*;
 
@@ -97,20 +98,88 @@ unsafe extern "C" fn parsec_provider_signature_sign_init(
     }
 }
 
+unsafe extern "C" fn parsec_provider_signature_sign(
+    ctx: VOID_PTR,
+    sig: *mut std::os::raw::c_uchar,
+    siglen: *mut std::os::raw::c_uint,
+    sigsize: std::os::raw::c_uint,
+    tbs: *const std::os::raw::c_uchar,
+    tbslen: std::os::raw::c_uint,
+) -> std::os::raw::c_int {
+    let result = super::r#catch(Some(|| super::Error::PROVIDER_SIGNATURE_SIGN_INIT), || {
+        if ctx.is_null() || tbs.is_null() || sig.is_null() || siglen.is_null() {
+            return Err("Received unexpected NULL pointer as an argument.".into());
+        }
+
+        Arc::increment_strong_count(ctx as *const ParsecProviderSignatureContext);
+        let arc_sig_ctx = Arc::from_raw(ctx as *const ParsecProviderSignatureContext);
+
+        let keyobj = match *arc_sig_ctx.keyobj.lock().unwrap() {
+            None => {
+                return Err("Key Object not set. This should be done through sign_init()".into())
+            }
+            Some(ref keyobj) => keyobj.clone(),
+        };
+
+        let key_name_binding = keyobj.get_key_name();
+        let key_name = match *key_name_binding {
+            None => return Err("Key name not set in the Key Object".into()),
+            Some(ref name) => name,
+        };
+
+        let tbs_slice: &[u8] = core::slice::from_raw_parts(tbs, tbslen as usize);
+
+        let sign_algorithm = AsymmetricSignature::RsaPkcs1v15Sign {
+            hash_alg: Hash::Sha256.into(),
+        };
+
+        let sign_res: Vec<u8> = keyobj
+            .get_provctx()
+            .get_client()
+            .psa_sign_hash(key_name, tbs_slice, sign_algorithm)
+            .map_err(|_| "Parsec Client failed to sign".to_string())?;
+
+        if sigsize > sign_res.len() as u32 {
+            std::ptr::copy(sign_res.as_ptr(), sig, sign_res.len());
+        } else {
+            std::ptr::copy(sign_res.as_ptr(), sig, sigsize as usize);
+        }
+
+        *siglen = sign_res.len() as u32;
+
+        Ok(OPENSSL_SUCCESS)
+    });
+
+    match result {
+        Ok(result) => result,
+        Err(()) => OPENSSL_ERROR,
+    }
+}
+
 pub type SignatureNewCtxPtr =
     unsafe extern "C" fn(VOID_PTR, *const std::os::raw::c_char) -> VOID_PTR;
 pub type SignatureFreeCtxPtr = unsafe extern "C" fn(VOID_PTR);
+pub type SignatureSignPtr = unsafe extern "C" fn(
+    VOID_PTR,
+    *mut std::os::raw::c_uchar,
+    *mut std::os::raw::c_uint,
+    std::os::raw::c_uint,
+    *const std::os::raw::c_uchar,
+    std::os::raw::c_uint,
+) -> std::os::raw::c_int;
 pub type SignatureSignInitPtr =
     unsafe extern "C" fn(VOID_PTR, VOID_PTR, *const OSSL_PARAM) -> std::os::raw::c_int;
 
 const OSSL_FUNC_SIGNATURE_NEWCTX_PTR: SignatureNewCtxPtr = parsec_provider_signature_newctx;
 const OSSL_FUNC_SIGNATURE_FREECTX_PTR: SignatureFreeCtxPtr = parsec_provider_signature_freectx;
+const OSSL_FUNC_SIGNATURE_SIGN_PTR: SignatureSignPtr = parsec_provider_signature_sign;
 const OSSL_FUNC_SIGNATURE_SIGN_INIT_PTR: SignatureSignInitPtr = parsec_provider_signature_sign_init;
 
 const PARSEC_PROVIDER_ECDSA_SIGN_IMPL: [OSSL_DISPATCH; 1] = [ossl_dispatch!()];
-const PARSEC_PROVIDER_RSA_SIGN_IMPL: [OSSL_DISPATCH; 4] = [
+const PARSEC_PROVIDER_RSA_SIGN_IMPL: [OSSL_DISPATCH; 5] = [
     unsafe { ossl_dispatch!(OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_FUNC_SIGNATURE_NEWCTX_PTR) },
     unsafe { ossl_dispatch!(OSSL_FUNC_SIGNATURE_FREECTX, OSSL_FUNC_SIGNATURE_FREECTX_PTR) },
+    unsafe { ossl_dispatch!(OSSL_FUNC_SIGNATURE_SIGN, OSSL_FUNC_SIGNATURE_SIGN_PTR) },
     unsafe {
         ossl_dispatch!(
             OSSL_FUNC_SIGNATURE_SIGN_INIT,
