feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2146 from dgarske/sigalgo_ecdh

Browse Source 
ECDSA option to limit sig/algos to key size with `USE_ECDSA_KEYSZ_HASH_ALGO`
This commit is contained in:
toddouska
2019-03-12 14:08:10 -07:00
committed by GitHub
parent 696fe47de2 7d1bb05c0c
commit 28a1ff5d59
1 changed files with 104 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

182
src/internal.c
View File

@ -1829,88 +1829,136 @@ void InitCipherSpecs(CipherSpecs* cs)
cs->sig_algo = INVALID_BYTE; cs->sig_algo = INVALID_BYTE;
} }
#ifdef USE_ECDSA_KEYSZ_HASH_ALGO
static int GetMacDigestSize(byte macAlgo)
{
switch (macAlgo) {
#ifndef NO_SHA
case sha_mac:
return WC_SHA_DIGEST_SIZE;
#endif
#ifndef NO_SHA256
case sha256_mac:
return WC_SHA256_DIGEST_SIZE;
#endif
#ifdef WOLFSSL_SHA384
case sha384_mac:
return WC_SHA384_DIGEST_SIZE;
#endif
#ifdef WOLFSSL_SHA512
case sha512_mac:
return WC_SHA512_DIGEST_SIZE;
#endif
default:
break;
}
return NOT_COMPILED_IN;
}
#endif /* USE_ECDSA_KEYSZ_HASH_ALGO */
static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo, byte sigAlgo,
int keySz, word16* inOutIdx)
{
int addSigAlgo = 1;
#ifdef USE_ECDSA_KEYSZ_HASH_ALGO
if (sigAlgo == ecc_dsa_sa_algo) {
int digestSz = GetMacDigestSize(macAlgo);
/* do not add sig/algos with digest size larger than key size */
if (digestSz <= 0 || (keySz > 0 && digestSz > keySz)) {
addSigAlgo = 0;
}
}
#else
(void)keySz;
#endif /* USE_ECDSA_KEYSZ_HASH_ALGO */
if (addSigAlgo) {
if (sigAlgo == rsa_pss_sa_algo) {
/* RSA PSS is sig then mac */
suites->hashSigAlgo[*inOutIdx] = sigAlgo;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = macAlgo;
*inOutIdx += 1;
}
else {
suites->hashSigAlgo[*inOutIdx] = macAlgo;
*inOutIdx += 1;
suites->hashSigAlgo[*inOutIdx] = sigAlgo;
*inOutIdx += 1;
}
}
}
void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
int haveAnon, int tls1_2, int keySz) int haveAnon, int tls1_2, int keySz)
{ {
int idx = 0; word16 idx = 0;
(void)tls1_2; (void)tls1_2;
(void)keySz; (void)keySz;
#if defined(HAVE_ECC) || defined(HAVE_ED25519) #if defined(HAVE_ECC) || defined(HAVE_ED25519)
if (haveECDSAsig) { if (haveECDSAsig) {
#ifdef HAVE_ECC #ifdef HAVE_ECC
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
suites->hashSigAlgo[idx++] = sha512_mac; AddSuiteHashSigAlgo(suites, sha512_mac, ecc_dsa_sa_algo, keySz, &idx);
suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; #endif
#endif #ifdef WOLFSSL_SHA384
#ifdef WOLFSSL_SHA384 AddSuiteHashSigAlgo(suites, sha384_mac, ecc_dsa_sa_algo, keySz, &idx);
suites->hashSigAlgo[idx++] = sha384_mac; #endif
suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; #ifndef NO_SHA256
#endif AddSuiteHashSigAlgo(suites, sha256_mac, ecc_dsa_sa_algo, keySz, &idx);
#ifndef NO_SHA256 #endif
suites->hashSigAlgo[idx++] = sha256_mac; #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; defined(WOLFSSL_ALLOW_TLS_SHA1))
#endif AddSuiteHashSigAlgo(suites, sha_mac, ecc_dsa_sa_algo, keySz, &idx);
#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ #endif
defined(WOLFSSL_ALLOW_TLS_SHA1)) #endif
suites->hashSigAlgo[idx++] = sha_mac; #ifdef HAVE_ED25519
suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; AddSuiteHashSigAlgo(suites, ED25519_SA_MAJOR, ED25519_SA_MINOR, keySz, &idx);
#endif
#endif #endif
#ifdef HAVE_ED25519
suites->hashSigAlgo[idx++] = ED25519_SA_MAJOR;
suites->hashSigAlgo[idx++] = ED25519_SA_MINOR;
#endif
} }
#endif /* HAVE_ECC || HAVE_ED25519 */ #endif /* HAVE_ECC || HAVE_ED25519 */
if (haveRSAsig) { if (haveRSAsig) {
#ifdef WC_RSA_PSS #ifdef WC_RSA_PSS
if (tls1_2) { if (tls1_2) {
#ifdef WOLFSSL_SHA512
suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
suites->hashSigAlgo[idx++] = sha512_mac;
#endif
#ifdef WOLFSSL_SHA384
suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
suites->hashSigAlgo[idx++] = sha384_mac;
#endif
#ifndef NO_SHA256
suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
suites->hashSigAlgo[idx++] = sha256_mac;
#endif
}
#endif
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
suites->hashSigAlgo[idx++] = sha512_mac; AddSuiteHashSigAlgo(suites, sha512_mac, rsa_pss_sa_algo, keySz, &idx);
suites->hashSigAlgo[idx++] = rsa_sa_algo;
#endif #endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
suites->hashSigAlgo[idx++] = sha384_mac; AddSuiteHashSigAlgo(suites, sha384_mac, rsa_pss_sa_algo, keySz, &idx);
suites->hashSigAlgo[idx++] = rsa_sa_algo;
#endif #endif
#ifndef NO_SHA256 #ifndef NO_SHA256
suites->hashSigAlgo[idx++] = sha256_mac; AddSuiteHashSigAlgo(suites, sha256_mac, rsa_pss_sa_algo, keySz, &idx);
suites->hashSigAlgo[idx++] = rsa_sa_algo;
#endif
#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1))
suites->hashSigAlgo[idx++] = sha_mac;
suites->hashSigAlgo[idx++] = rsa_sa_algo;
#endif #endif
}
#endif
#ifdef WOLFSSL_SHA512
AddSuiteHashSigAlgo(suites, sha512_mac, rsa_sa_algo, keySz, &idx);
#endif
#ifdef WOLFSSL_SHA384
AddSuiteHashSigAlgo(suites, sha384_mac, rsa_sa_algo, keySz, &idx);
#endif
#ifndef NO_SHA256
AddSuiteHashSigAlgo(suites, sha256_mac, rsa_sa_algo, keySz, &idx);
#endif
#if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
defined(WOLFSSL_ALLOW_TLS_SHA1))
AddSuiteHashSigAlgo(suites, sha_mac, rsa_sa_algo, keySz, &idx);
#endif
} }
#ifdef HAVE_ANON #ifdef HAVE_ANON
if (haveAnon) { if (haveAnon) {
suites->hashSigAlgo[idx++] = sha_mac; AddSuiteHashSigAlgo(suites, sha_mac, anonymous_sa_algo, keySz, &idx);
suites->hashSigAlgo[idx++] = anonymous_sa_algo;
} }
#endif #endif
(void)haveAnon; (void)haveAnon;
(void)haveECDSAsig; (void)haveECDSAsig;
suites->hashSigAlgoSz = (word16)idx; suites->hashSigAlgoSz = idx;
} }
void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
@ -16721,31 +16769,9 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
*/ */
#if defined(HAVE_ECC) && defined(USE_ECDSA_KEYSZ_HASH_ALGO) #if defined(HAVE_ECC) && defined(USE_ECDSA_KEYSZ_HASH_ALGO)
if (sigAlgo == ssl->suites->sigAlgo && sigAlgo == ecc_dsa_sa_algo) { if (sigAlgo == ssl->suites->sigAlgo && sigAlgo == ecc_dsa_sa_algo) {
word32 digestSz = 0; int digestSz = GetMacDigestSize(hashAlgo);
switch (hashAlgo) { if (digestSz <= 0)
#ifndef NO_SHA continue;
case sha_mac:
digestSz = WC_SHA_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA256
case sha256_mac:
digestSz = WC_SHA256_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA384
case sha384_mac:
digestSz = WC_SHA384_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA512
case sha512_mac:
digestSz = WC_SHA512_DIGEST_SIZE;
break;
#endif
default:
continue;
}
/* For ecc_dsa_sa_algo, pick hash algo that is curve size unless /* For ecc_dsa_sa_algo, pick hash algo that is curve size unless
algorithm in not compiled in, then choose next highest */ algorithm in not compiled in, then choose next highest */