Fix to use different PEM header for EDDSA keys

Include new cert and key files in distribution
Fix compile issue when only doing TLS13.
This commit is contained in:
Sean Parkinson
2017-06-06 10:52:48 +10:00
parent a30e8eb4ad
commit 1db52f0c04
10 changed files with 68 additions and 34 deletions

View File

@ -1,4 +1,4 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN EDDSA PRIVATE KEY-----
MFICAQAwBQYDK2VwBCIEIE3EyZVR/gbofvUgIsCeuA3yZ9E7DbTQxW7HMDYQhbxl MFICAQAwBQYDK2VwBCIEIE3EyZVR/gbofvUgIsCeuA3yZ9E7DbTQxW7HMDYQhbxl
oSIEIEEH7HUMaHISPASCB24Wb0BBbaSPCPLinadDwiQomH6s oSIEIEEH7HUMaHISPASCB24Wb0BBbaSPCPLinadDwiQomH6s
-----END RSA PRIVATE KEY----- -----END EDDSA PRIVATE KEY-----

View File

@ -1,4 +1,4 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN EDDSA PRIVATE KEY-----
MFICAQAwBQYDK2VwBCIEIBGdNYxa3ommO8aYO1oGaGSRQBqDYB0sKOdR3bqejqIQ MFICAQAwBQYDK2VwBCIEIBGdNYxa3ommO8aYO1oGaGSRQBqDYB0sKOdR3bqejqIQ
oSIEIDY9UZ60w5FgsDoJuIdapQUPW1PlZBc+cLkNZhKk5fFR oSIEIDY9UZ60w5FgsDoJuIdapQUPW1PlZBc+cLkNZhKk5fFR
-----END RSA PRIVATE KEY----- -----END EDDSA PRIVATE KEY-----

View File

@ -1,4 +1,4 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN EDDSA PRIVATE KEY-----
MFICAQAwBQYDK2VwBCIEIFwOftlJ9QL4yEBIBh9UmTRwCu+A6puPK9OFmVk0A19P MFICAQAwBQYDK2VwBCIEIFwOftlJ9QL4yEBIBh9UmTRwCu+A6puPK9OFmVk0A19P
oSIEIKZgKbt92EfL1B7QbQ9XANgqH1BqQrxd5bgZZbLfJK9Q oSIEIKZgKbt92EfL1B7QbQ9XANgqH1BqQrxd5bgZZbLfJK9Q
-----END RSA PRIVATE KEY----- -----END EDDSA PRIVATE KEY-----

View File

@ -1,4 +1,4 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN EDDSA PRIVATE KEY-----
MFICAQAwBQYDK2VwBCIEINjpdrI/H/eIdfXd+HrGSTBu6Z/LnR4rwBjvu3WJ5ndn MFICAQAwBQYDK2VwBCIEINjpdrI/H/eIdfXd+HrGSTBu6Z/LnR4rwBjvu3WJ5ndn
oSIEIBowiBhHL5faBPSk471sDBa5SMHRQteOkoSgdCpDng4p oSIEIBowiBhHL5faBPSk471sDBa5SMHRQteOkoSgdCpDng4p
-----END RSA PRIVATE KEY----- -----END EDDSA PRIVATE KEY-----

View File

@ -55,6 +55,23 @@ EXTRA_DIST += \
certs/server-ecc.der \ certs/server-ecc.der \
certs/server-ecc-rsa.der \ certs/server-ecc-rsa.der \
certs/server-cert-chain.der certs/server-cert-chain.der
EXTRA_DIST += \
certs/ed25519/ca-ed25519.der \
certs/ed25519/ca-ed25519-key.der \
certs/ed25519/ca-ed25519-key.pem \
certs/ed25519/ca-ed25519.pem \
certs/ed25519/client-ed25519.der \
certs/ed25519/client-ed25519-key.der \
certs/ed25519/client-ed25519-key.pem \
certs/ed25519/client-ed25519.pem \
certs/ed25519/root-ed25519.der \
certs/ed25519/root-ed25519-key.der \
certs/ed25519/root-ed25519-key.pem \
certs/ed25519/root-ed25519.pem \
certs/ed25519/server-ed25519.der \
certs/ed25519/server-ed25519-key.der \
certs/ed25519/server-ed25519-key.pem \
certs/ed25519/server-ed25519.pem
dist_doc_DATA+= certs/taoCert.txt dist_doc_DATA+= certs/taoCert.txt

View File

@ -4035,16 +4035,28 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
switch (type) { switch (type) {
case CA_TYPE: /* same as below */ case CA_TYPE: /* same as below */
case TRUSTED_PEER_TYPE: case TRUSTED_PEER_TYPE:
case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT; break; case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT;
case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL; break; break;
case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM; break; case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL;
case DSA_PARAM_TYPE: header=BEGIN_DSA_PARAM; footer=END_DSA_PARAM; break; break;
case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ; break; case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM;
case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV; break; break;
case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV; break; case DSA_PARAM_TYPE: header=BEGIN_DSA_PARAM; footer=END_DSA_PARAM;
case RSA_TYPE: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break; break;
case PUBLICKEY_TYPE: header=BEGIN_PUB_KEY; footer=END_PUB_KEY; break; case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ;
default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break; break;
case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV;
break;
case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV;
break;
case RSA_TYPE: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV;
break;
case ED25519_TYPE: header=BEGIN_EDDSA_PRIV; footer=END_EDDSA_PRIV;
break;
case PUBLICKEY_TYPE: header=BEGIN_PUB_KEY; footer=END_PUB_KEY;
break;
default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV;
break;
} }
/* find header */ /* find header */
@ -4061,6 +4073,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
header = BEGIN_EC_PRIV; footer = END_EC_PRIV; header = BEGIN_EC_PRIV; footer = END_EC_PRIV;
} else if (header == BEGIN_EC_PRIV) { } else if (header == BEGIN_EC_PRIV) {
header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV; header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;
} else if (header == BEGIN_DSA_PRIV) {
header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV;
} else } else
break; break;
} }
@ -4685,6 +4699,8 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
resetSuites = 1; resetSuites = 1;
} }
} }
else
eccKey = 0;
wc_ecc_free(&key); wc_ecc_free(&key);
} }
@ -4707,7 +4723,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
return SSL_BAD_FILE; return SSL_BAD_FILE;
} }
/* check for minimum ECC key size and then free */ /* check for minimum key size and then free */
if (ssl) { if (ssl) {
if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) { if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) {
wc_ed25519_free(&key); wc_ed25519_free(&key);
@ -4725,12 +4741,6 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wc_ed25519_free(&key); wc_ed25519_free(&key);
ed25519Key = 1; ed25519Key = 1;
if (ssl) {
ssl->options.haveStaticECC = 1;
}
else if (ctx) {
ctx->haveStaticECC = 1;
}
if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
resetSuites = 1; resetSuites = 1;

View File

@ -4190,10 +4190,12 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
} }
/* Check for public key of required type. */ /* Check for public key of required type. */
#ifdef HAVE_ED25519
if (args->sigAlgo == ed25519_sa_algo && if (args->sigAlgo == ed25519_sa_algo &&
!ssl->peerEd25519KeyPresent) { !ssl->peerEd25519KeyPresent) {
WOLFSSL_MSG("Oops, peer sent ED25519 key but not in verify"); WOLFSSL_MSG("Oops, peer sent ED25519 key but not in verify");
} }
#endif
if (args->sigAlgo == ecc_dsa_sa_algo && if (args->sigAlgo == ecc_dsa_sa_algo &&
!ssl->peerEccDsaKeyPresent) { !ssl->peerEccDsaKeyPresent) {
WOLFSSL_MSG("Oops, peer sent ECC key but not in verify"); WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");

View File

@ -6550,6 +6550,8 @@ const char* BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----";
const char* END_DSA_PRIV = "-----END DSA PRIVATE KEY-----"; const char* END_DSA_PRIV = "-----END DSA PRIVATE KEY-----";
const char* BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----"; const char* BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----";
const char* END_PUB_KEY = "-----END PUBLIC KEY-----"; const char* END_PUB_KEY = "-----END PUBLIC KEY-----";
const char* BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----";
const char* END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----";
#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA)
@ -6625,6 +6627,15 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
XSTRNCAT(footer, "\n", 1); XSTRNCAT(footer, "\n", 1);
} }
#endif #endif
#ifdef HAVE_ED25519
else if (type == EDDSA_PRIVATEKEY_TYPE) {
XSTRNCPY(header, BEGIN_EDDSA_PRIV, headerLen);
XSTRNCAT(header, "\n", 1);
XSTRNCPY(footer, END_EDDSA_PRIV, footerLen);
XSTRNCAT(footer, "\n", 1);
}
#endif
#ifdef WOLFSSL_CERT_REQ #ifdef WOLFSSL_CERT_REQ
else if (type == CERTREQ_TYPE) else if (type == CERTREQ_TYPE)
{ {
@ -10230,15 +10241,6 @@ int wc_Ed25519PrivateKeyDecode(const byte* input, word32* inOutIdx,
if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (GetOctetString(input, inOutIdx, &privSz, inSz) >= 0) {
priv = input + *inOutIdx;
*inOutIdx += privSz;
if (*inOutIdx != inSz)
return ASN_PARSE_E;
return wc_ed25519_import_private_only(priv, privSz, key);
}
if (GetSequence(input, inOutIdx, &length, inSz) < 0) if (GetSequence(input, inOutIdx, &length, inSz) < 0)
return ASN_PARSE_E; return ASN_PARSE_E;
endKeyIdx = *inOutIdx + length; endKeyIdx = *inOutIdx + length;

View File

@ -660,6 +660,8 @@ extern const char* BEGIN_DSA_PRIV;
extern const char* END_DSA_PRIV; extern const char* END_DSA_PRIV;
extern const char* BEGIN_PUB_KEY; extern const char* BEGIN_PUB_KEY;
extern const char* END_PUB_KEY; extern const char* END_PUB_KEY;
extern const char* BEGIN_EDDSA_PRIV;
extern const char* END_EDDSA_PRIV;
#ifdef NO_SHA #ifdef NO_SHA
#define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE #define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE

View File

@ -66,6 +66,7 @@ enum CertType {
RSA_PUBLICKEY_TYPE, RSA_PUBLICKEY_TYPE,
ECC_PUBLICKEY_TYPE, ECC_PUBLICKEY_TYPE,
TRUSTED_PEER_TYPE, TRUSTED_PEER_TYPE,
EDDSA_PRIVATEKEY_TYPE,
ED25519_TYPE ED25519_TYPE
}; };