Add botan_pkcs_hash_id to FFI

Extend EMSA_PKCS1v15_Raw to optionally take a hash function for which
the PKCS hash id is prefixed to the message as usual. This allows signing
a message using PKCSv1.5 padding where the hash is provided externally.

3 files changed, 35 insertions, 3 deletions

diff --git a/src/lib/pk_pad/emsa.cpp b/src/lib/pk_pad/emsa.cpp
index 94274916e..074af273a 100644
--- a/src/lib/pk_pad/emsa.cpp
+++ b/src/lib/pk_pad/emsa.cpp
@@ -50,7 +50,11 @@ EMSA* get_emsa(const std::string& algo_spec)
          req.algo_name() == "EMSA-PKCS1-v1_5" ||
          req.algo_name() == "EMSA3")
       {
-      if(req.arg_count() == 1)
+      if(req.arg_count() == 2 && req.arg(0) == "Raw")
+         {
+         return new EMSA_PKCS1v15_Raw(req.arg(1));
+         }
+      else if(req.arg_count() == 1)
          {
          if(req.arg(0) == "Raw")
             {
diff --git a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp
index ebe6f5fa7..d5a6aa8fb 100644
--- a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp
+++ b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp
@@ -85,6 +85,20 @@ EMSA_PKCS1v15::EMSA_PKCS1v15(HashFunction* hash) : m_hash(hash)
    m_hash_id = pkcs_hash_id(m_hash->name());
    }
 
+EMSA_PKCS1v15_Raw::EMSA_PKCS1v15_Raw(const std::string& hash_algo)
+   {
+   if(!hash_algo.empty())
+      {
+      m_hash_id = pkcs_hash_id(hash_algo);
+      std::unique_ptr<HashFunction> hash(HashFunction::create(hash_algo));
+      m_hash_output_len = hash->output_length();
+      }
+   else
+      {
+      m_hash_output_len = 0;
+      }
+   }
+
 void EMSA_PKCS1v15_Raw::update(const uint8_t input[], size_t length)
    {
    m_message += std::make_pair(input, length);
@@ -94,6 +108,10 @@ secure_vector<uint8_t> EMSA_PKCS1v15_Raw::raw_data()
    {
    secure_vector<uint8_t> ret;
    std::swap(ret, m_message);
+
+   if(m_hash_output_len > 0 && ret.size() != m_hash_output_len)
+      throw Encoding_Error("EMSA_PKCS1v15_Raw::encoding_of: Bad input length");
+
    return ret;
    }
 
@@ -102,16 +120,19 @@ EMSA_PKCS1v15_Raw::encoding_of(const secure_vector<uint8_t>& msg,
                                size_t output_bits,
                                RandomNumberGenerator&)
    {
-   return emsa3_encoding(msg, output_bits, nullptr, 0);
+   return emsa3_encoding(msg, output_bits, m_hash_id.data(), m_hash_id.size());
    }
 
 bool EMSA_PKCS1v15_Raw::verify(const secure_vector<uint8_t>& coded,
                                const secure_vector<uint8_t>& raw,
                                size_t key_bits)
    {
+   if(m_hash_output_len > 0 && raw.size() != m_hash_output_len)
+      return false;
+
    try
       {
-      return (coded == emsa3_encoding(raw, key_bits, nullptr, 0));
+      return (coded == emsa3_encoding(raw, key_bits, m_hash_id.data(), m_hash_id.size()));
       }
    catch(...)
       {
diff --git a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h
index 95ccafa4d..ddfabeae3 100644
--- a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h
+++ b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.h
@@ -62,7 +62,14 @@ class BOTAN_DLL EMSA_PKCS1v15_Raw final : public EMSA
       bool verify(const secure_vector<uint8_t>&, const secure_vector<uint8_t>&,
                   size_t) override;
 
+      /**
+      * @param hash_algo if non-empty, the digest id for that hash is
+      * included in the signature.
+      */
+      EMSA_PKCS1v15_Raw(const std::string& hash_algo = "");
    private:
+      size_t m_hash_output_len = 0;
+      std::vector<uint8_t> m_hash_id;
       secure_vector<uint8_t> m_message;
    };