WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TLS, SM2: fixes to get SM handshakes working 

Pass around the algorithm id from the private key so that the WOLFSSL or
WOLFSSL_CTX get the correct key format set.
Use different verification context when self-signed certificate with SM2
and SM3 signature but public key OID is ECC.
pull/7493/head
Sean Parkinson 2024-05-02 11:14:35 +10:00
parent 1ddc552828
commit add7428d1c
5 changed files with 50 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
src/ssl_load.c
View File

@ -116,13 +116,14 @@
* @param [in, out] info Info for encryption.
* @param [in] heap Dynamic memory allocation hint.
* @param [out] der Holds DER encoded data.
* @param [out] algId Algorithm identifier for private keys.
* @return 0 on success.
* @return NOT_COMPILED_IN when format is PEM and PEM not supported.
* @return ASN_PARSE_E when format is ASN.1 and invalid DER encoding.
* @return MEMORY_E when dynamic memory allocation fails.
*/
static int DataToDerBuffer(const unsigned char* buff, word32 len, int format,
int type, EncryptedInfo* info, void* heap, DerBuffer** der)
int type, EncryptedInfo* info, void* heap, DerBuffer** der, int* algId)
{
int ret;
@ -131,7 +132,7 @@ static int DataToDerBuffer(const unsigned char* buff, word32 len, int format,
/* Data in buffer has PEM format - extract DER data. */
if (format == WOLFSSL_FILETYPE_PEM) {
#ifdef WOLFSSL_PEM_TO_DER
ret = PemToDer(buff, len, type, der, heap, info, NULL);
ret = PemToDer(buff, len, type, der, heap, info, algId);
if (ret != 0) {
FreeDer(der);
}
@ -341,7 +342,7 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
/* Get a certificate as DER. */
ret = DataToDerBuffer(buff + consumed, (word32)(sz - consumed),
format, type, info, heap, &part);
format, type, info, heap, &part, NULL);
if (ret == 0) {
/* Process the user certificate. */
ret = ProcessUserCert(ctx->cm, &part, type, verify,
@ -604,6 +605,12 @@ static int ProcessBufferTryDecodeEcc(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
idx = 0;
ret = wc_EccPublicKeyDecode(der->buffer, &idx, key, der->length);
}
#endif
#ifdef WOLFSSL_SM2
if (*keyFormat == SM2k) {
ret = wc_ecc_set_curve(key, WOLFSSL_SM2_KEY_BITS / 8,
ECC_SM2P256V1);
}
#endif
if (ret == 0) {
/* Get the minimum ECC key size from SSL or SSL context object. */
@ -1317,17 +1324,18 @@ static void ProcessBufferPrivKeyHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
* @param [in] heap Dynamic memory allocation hint.
* @param [in] type Type of data:
* PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE.
* @param [in] algId Algorithm id of key.
* @return 0 on success.
* @return WOLFSSL_BAD_FILE when not able to decode.
*/
static int ProcessBufferPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
DerBuffer* der, int format, EncryptedInfo* info, void* heap, int type)
DerBuffer* der, int format, EncryptedInfo* info, void* heap, int type,
int algId)
{
int ret;
int keyFormat = 0;
#if (defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)) || \
defined(HAVE_PKCS8)
word32 algId = 0;
word32 p8AlgId = 0;
#endif
(void)info;
@ -1335,34 +1343,34 @@ static int ProcessBufferPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
#ifdef HAVE_PKCS8
/* Try and remove PKCS8 header and get algorithm id. */
ret = ToTraditional_ex(der->buffer, der->length, &algId);
ret = ToTraditional_ex(der->buffer, der->length, &p8AlgId);
if (ret > 0) {
/* Header stripped inline. */
der->length = ret;
keyFormat = algId;
algId = p8AlgId;
}
#endif
/* Put the data into the SSL or SSL context object. */
ProcessBufferPrivKeyHandleDer(ctx, ssl, &der, type);
/* Try to decode the DER data. */
ret = ProcessBufferTryDecode(ctx, ssl, der, &keyFormat, heap, type);
ret = ProcessBufferTryDecode(ctx, ssl, der, &algId, heap, type);
#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
/* If private key type PKCS8 header wasn't already removed (algId == 0). */
if (((ret != 0) || (keyFormat == 0)) && (format != WOLFSSL_FILETYPE_PEM) &&
if (((ret != 0) || (algId == 0)) && (format != WOLFSSL_FILETYPE_PEM) &&
(info->passwd_cb != NULL) && (algId == 0)) {
/* Try to decrypt DER data as a PKCS#8 private key. */
ret = ProcessBufferPrivPkcs8Dec(info, der, heap);
if (ret >= 0) {
/* Try to decode decrypted data. */
ret = ProcessBufferTryDecode(ctx, ssl, der, &keyFormat, heap, type);
ret = ProcessBufferTryDecode(ctx, ssl, der, &algId, heap, type);
}
}
#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */
/* Check if we were able to determine key format. */
if ((ret == 0) && (keyFormat == 0)) {
/* Check if we were able to determine algorithm id. */
if ((ret == 0) && (algId == 0)) {
#ifdef OPENSSL_EXTRA
/* Decryption password is probably wrong. */
if (info->passwd_cb) {
@ -2265,6 +2273,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
#else
EncryptedInfo info[1];
#endif
int algId = 0;
WOLFSSL_ENTER("ProcessBuffer");
@ -2306,7 +2315,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
#endif
/* Get the DER data for a private key or certificate. */
ret = DataToDerBuffer(buff, (word32)sz, format, type, info, heap, &der);
ret = DataToDerBuffer(buff, (word32)sz, format, type, info, heap, &der,
&algId);
if (used != NULL) {
/* Update to amount used/consumed. */
*used = info->consumed;
@ -2321,7 +2331,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
if ((ret == 0) && IS_PRIVKEY_TYPE(type)) {
/* Process the private key. */
ret = ProcessBufferPrivateKey(ctx, ssl, der, format, info, heap, type);
ret = ProcessBufferPrivateKey(ctx, ssl, der, format, info, heap, type,
algId);
#ifdef WOLFSSL_SMALL_STACK
/* Info no longer needed - keep max memory usage down. */
XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);

2
wolfcrypt/benchmark/benchmark.c
View File

@ -5536,7 +5536,7 @@ exit:
#endif
#ifdef WOLFSSL_SM4_CCM
void bench_sm4_ccm()
void bench_sm4_ccm(void)
{
wc_Sm4 enc;
double start;

10
wolfcrypt/src/asn.c
View File

@ -23790,13 +23790,19 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
if (cert->ca) {
if (verify == VERIFY || verify == VERIFY_OCSP ||
verify == VERIFY_SKIP_DATE) {
word32 keyOID = cert->ca->keyOID;
#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
if (cert->selfSigned && (cert->signatureOID == CTC_SM3wSM2)) {
keyOID = SM2k;
}
#endif
/* try to confirm/verify signature */
if ((ret = ConfirmSignature(&cert->sigCtx,
cert->source + cert->certBegin,
cert->sigIndex - cert->certBegin,
cert->ca->publicKey, cert->ca->pubKeySize,
cert->ca->keyOID, cert->signature,
cert->sigLength, cert->signatureOID,
keyOID, cert->signature, cert->sigLength,
cert->signatureOID,
#ifdef WC_RSA_PSS
cert->source + cert->sigParamsIndex,
cert->sigParamsLength,

2
wolfcrypt/src/port/arm/armv8-aes.c
View File

@ -1532,6 +1532,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
"USHR v7.2d, v7.2d, #56 \n"
"# AAD \n"
"CBZ %[a], 20f \n"
"CBZ %w[aSz], 20f \n"
"MOV w12, %w[aSz] \n"
@ -1702,6 +1703,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
"20: \n"
"# Cipher Text \n"
"CBZ %[c], 120f \n"
"CBZ %w[cSz], 120f \n"
"MOV w12, %w[cSz] \n"

34
wolfcrypt/test/test.c
View File

@ -29740,21 +29740,19 @@ static wc_test_ret_t ecc_test_custom_curves(WC_RNG* rng)
#ifdef WOLFSSL_SM2
#ifdef HAVE_ECC_VERIFY
#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_CUSTOM_CURVES)
#ifdef WOLFSSL_SM2
#ifdef HAVE_OID_ENCODING
#define CODED_SM2P256V1 {1,2,156,10197,1,301}
#define CODED_SM2P256V1_SZ 6
#else
#define CODED_SM2P256V1 {0x06,0x08,0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D}
#define CODED_SM2P256V1_SZ 10
#endif
#ifndef WOLFSSL_ECC_CURVE_STATIC
static const ecc_oid_t ecc_oid_sm2p256v1[] = CODED_SM2P256V1;
#else
#define ecc_oid_sm2p256v1 CODED_SM2P256V1
#endif
#define ecc_oid_sm2p256v1_sz CODED_SM2P256V1_SZ
#endif /* WOLFSSL_SM2 */
#ifdef HAVE_OID_ENCODING
#define CODED_SM2P256V1 {1,2,156,10197,1,301}
#define CODED_SM2P256V1_SZ 6
#else
#define CODED_SM2P256V1 {0x06,0x08,0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D}
#define CODED_SM2P256V1_SZ 10
#endif
#ifndef WOLFSSL_ECC_CURVE_STATIC
static const ecc_oid_t ecc_oid_sm2p256v1[] = CODED_SM2P256V1;
#else
#define ecc_oid_sm2p256v1 CODED_SM2P256V1
#endif
#define ecc_oid_sm2p256v1_sz CODED_SM2P256V1_SZ
#define ECC_SM2P256V1_TEST 102
static int test_sm2_verify_caseA2(void)
{
@ -29931,9 +29929,7 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
int i;
#ifdef HAVE_ECC_VERIFY
int verify;
#endif /* HAVE_ECC_VERIFY */
#endif /* HAVE_ECC_SIGN */
int ret;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@ -30129,7 +30125,6 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_ECC_VERIFY
for (i = 0; i < testVerifyCount; i++) {
verify = 0;
ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify,
@ -30139,7 +30134,6 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
if (verify != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif /* HAVE_ECC_VERIFY */
#endif /* ECC_SHAMIR */
/* test DSA sign hash with sequence (0,1,2,3,4,...) */
@ -30152,7 +30146,6 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
if (ret != 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
#ifdef HAVE_ECC_VERIFY
for (i = 0; i < testVerifyCount; i++) {
verify = 0;
ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify,
@ -30162,7 +30155,6 @@ static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
if (verify != 1)
ERROR_OUT(WC_TEST_RET_ENC_NC, done);
}
#endif /* HAVE_ECC_VERIFY */
#endif /* HAVE_ECC_SIGN */
#endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && !WC_NO_RNG) */