feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix to use different PEM header for EDDSA keys

Browse Source 
Include new cert and key files in distribution
Fix compile issue when only doing TLS13.
This commit is contained in:
Sean Parkinson
2017-06-06 10:52:48 +10:00
parent a30e8eb4ad
commit 1db52f0c04
10 changed files with 68 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
certs/ed25519/ca-ed25519-key.pem
View File

@ -1,4 +1,4 @@
-----BEGIN RSA PRIVATE KEY-----
-----BEGIN EDDSA PRIVATE KEY-----
MFICAQAwBQYDK2VwBCIEIE3EyZVR/gbofvUgIsCeuA3yZ9E7DbTQxW7HMDYQhbxl
oSIEIEEH7HUMaHISPASCB24Wb0BBbaSPCPLinadDwiQomH6s
-----END RSA PRIVATE KEY-----
-----END EDDSA PRIVATE KEY-----

4
certs/ed25519/client-ed25519-key.pem
View File

@ -1,4 +1,4 @@
-----BEGIN RSA PRIVATE KEY-----
-----BEGIN EDDSA PRIVATE KEY-----
MFICAQAwBQYDK2VwBCIEIBGdNYxa3ommO8aYO1oGaGSRQBqDYB0sKOdR3bqejqIQ
oSIEIDY9UZ60w5FgsDoJuIdapQUPW1PlZBc+cLkNZhKk5fFR
-----END RSA PRIVATE KEY-----
-----END EDDSA PRIVATE KEY-----

4
certs/ed25519/root-ed25519-key.pem
View File

@ -1,4 +1,4 @@
-----BEGIN RSA PRIVATE KEY-----
-----BEGIN EDDSA PRIVATE KEY-----
MFICAQAwBQYDK2VwBCIEIFwOftlJ9QL4yEBIBh9UmTRwCu+A6puPK9OFmVk0A19P
oSIEIKZgKbt92EfL1B7QbQ9XANgqH1BqQrxd5bgZZbLfJK9Q
-----END RSA PRIVATE KEY-----
-----END EDDSA PRIVATE KEY-----

4
certs/ed25519/server-ed25519-key.pem
View File

@ -1,4 +1,4 @@
-----BEGIN RSA PRIVATE KEY-----
-----BEGIN EDDSA PRIVATE KEY-----
MFICAQAwBQYDK2VwBCIEINjpdrI/H/eIdfXd+HrGSTBu6Z/LnR4rwBjvu3WJ5ndn
oSIEIBowiBhHL5faBPSk471sDBa5SMHRQteOkoSgdCpDng4p
-----END RSA PRIVATE KEY-----
-----END EDDSA PRIVATE KEY-----

17
certs/include.am
View File

@ -55,6 +55,23 @@ EXTRA_DIST += \
certs/server-ecc.der \
certs/server-ecc-rsa.der \
certs/server-cert-chain.der
EXTRA_DIST += \
certs/ed25519/ca-ed25519.der \
certs/ed25519/ca-ed25519-key.der \
certs/ed25519/ca-ed25519-key.pem \
certs/ed25519/ca-ed25519.pem \
certs/ed25519/client-ed25519.der \
certs/ed25519/client-ed25519-key.der \
certs/ed25519/client-ed25519-key.pem \
certs/ed25519/client-ed25519.pem \
certs/ed25519/root-ed25519.der \
certs/ed25519/root-ed25519-key.der \
certs/ed25519/root-ed25519-key.pem \
certs/ed25519/root-ed25519.pem \
certs/ed25519/server-ed25519.der \
certs/ed25519/server-ed25519-key.der \
certs/ed25519/server-ed25519-key.pem \
certs/ed25519/server-ed25519.pem
dist_doc_DATA+= certs/taoCert.txt

44
src/ssl.c
View File

@ -4035,16 +4035,28 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
switch (type) {
case CA_TYPE: /* same as below */
case TRUSTED_PEER_TYPE:
case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT; break;
case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL; break;
case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM; break;
case DSA_PARAM_TYPE: header=BEGIN_DSA_PARAM; footer=END_DSA_PARAM; break;
case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ; break;
case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV; break;
case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV; break;
case RSA_TYPE: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break;
case PUBLICKEY_TYPE: header=BEGIN_PUB_KEY; footer=END_PUB_KEY; break;
default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break;
case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT;
break;
case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL;
break;
case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM;
break;
case DSA_PARAM_TYPE: header=BEGIN_DSA_PARAM; footer=END_DSA_PARAM;
break;
case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ;
break;
case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV;
break;
case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV;
break;
case RSA_TYPE: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV;
break;
case ED25519_TYPE: header=BEGIN_EDDSA_PRIV; footer=END_EDDSA_PRIV;
break;
case PUBLICKEY_TYPE: header=BEGIN_PUB_KEY; footer=END_PUB_KEY;
break;
default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV;
break;
}
/* find header */
@ -4061,6 +4073,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
header = BEGIN_EC_PRIV; footer = END_EC_PRIV;
} else if (header == BEGIN_EC_PRIV) {
header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;
} else if (header == BEGIN_DSA_PRIV) {
header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV;
} else
break;
}
@ -4685,6 +4699,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
resetSuites = 1;
}
}
else
eccKey = 0;
wc_ecc_free(&key);
}
@ -4707,7 +4723,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
return SSL_BAD_FILE;
}
/* check for minimum ECC key size and then free */
/* check for minimum key size and then free */
if (ssl) {
if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) {
wc_ed25519_free(&key);
@ -4725,12 +4741,6 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wc_ed25519_free(&key);
ed25519Key = 1;
if (ssl) {
ssl->options.haveStaticECC = 1;
}
else if (ctx) {
ctx->haveStaticECC = 1;
}
if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
resetSuites = 1;

2
src/tls13.c
View File

@ -4190,10 +4190,12 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
}
/* Check for public key of required type. */
#ifdef HAVE_ED25519
if (args->sigAlgo == ed25519_sa_algo &&
!ssl->peerEd25519KeyPresent) {
WOLFSSL_MSG("Oops, peer sent ED25519 key but not in verify");
}
#endif
if (args->sigAlgo == ecc_dsa_sa_algo &&
!ssl->peerEccDsaKeyPresent) {
WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");

20
wolfcrypt/src/asn.c
View File

@ -6550,6 +6550,8 @@ const char* BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----";
const char* END_DSA_PRIV = "-----END DSA PRIVATE KEY-----";
const char* BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----";
const char* END_PUB_KEY = "-----END PUBLIC KEY-----";
const char* BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----";
const char* END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----";
#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA)
@ -6625,6 +6627,15 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
XSTRNCAT(footer, "\n", 1);
}
#endif
#ifdef HAVE_ED25519
else if (type == EDDSA_PRIVATEKEY_TYPE) {
XSTRNCPY(header, BEGIN_EDDSA_PRIV, headerLen);
XSTRNCAT(header, "\n", 1);
XSTRNCPY(footer, END_EDDSA_PRIV, footerLen);
XSTRNCAT(footer, "\n", 1);
}
#endif
#ifdef WOLFSSL_CERT_REQ
else if (type == CERTREQ_TYPE)
{
@ -10230,15 +10241,6 @@ int wc_Ed25519PrivateKeyDecode(const byte* input, word32* inOutIdx,
if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0)
return BAD_FUNC_ARG;
if (GetOctetString(input, inOutIdx, &privSz, inSz) >= 0) {
priv = input + *inOutIdx;
*inOutIdx += privSz;
if (*inOutIdx != inSz)
return ASN_PARSE_E;
return wc_ed25519_import_private_only(priv, privSz, key);
}
if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E;
endKeyIdx = *inOutIdx + length;

2
wolfssl/wolfcrypt/asn.h
View File

@ -660,6 +660,8 @@ extern const char* BEGIN_DSA_PRIV;
extern const char* END_DSA_PRIV;
extern const char* BEGIN_PUB_KEY;
extern const char* END_PUB_KEY;
extern const char* BEGIN_EDDSA_PRIV;
extern const char* END_EDDSA_PRIV;
#ifdef NO_SHA
#define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE

1
wolfssl/wolfcrypt/asn_public.h
View File

@ -66,6 +66,7 @@ enum CertType {
RSA_PUBLICKEY_TYPE,
ECC_PUBLICKEY_TYPE,
TRUSTED_PEER_TYPE,
EDDSA_PRIVATEKEY_TYPE,
ED25519_TYPE
};