forked from wolfSSL/wolfssl
Merge pull request #787 from SparkiDev/def_p256
Fix elliptic curve selection.
This commit is contained in:
toddouska
GitHub
134
src/tls.c
134
src/tls.c
@@ -2888,6 +2888,13 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
|
|||||||
: NULL;
|
: NULL;
|
||||||
EllipticCurve* curve = NULL;
|
EllipticCurve* curve = NULL;
|
||||||
word32 oid = 0;
|
word32 oid = 0;
|
||||||
|
word32 defOid = 0;
|
||||||
|
word32 defSz = 80; /* Maximum known curve size is 66. */
|
||||||
|
word32 nextOid = 0;
|
||||||
|
word32 nextSz = 80; /* Maximum known curve size is 66. */
|
||||||
|
word32 currOid = ssl->ecdhCurveOID;
|
||||||
|
int ephmSuite = 0;
|
||||||
|
word16 octets = 0; /* according to 'ecc_set_type ecc_sets[];' */
|
||||||
int sig = 0; /* validate signature */
|
int sig = 0; /* validate signature */
|
||||||
int key = 0; /* validate key */
|
int key = 0; /* validate key */
|
||||||
|
|
||||||
@@ -2904,65 +2911,136 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
|
|||||||
switch (curve->name) {
|
switch (curve->name) {
|
||||||
#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
|
#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
|
||||||
#ifndef NO_ECC_SECP
|
#ifndef NO_ECC_SECP
|
||||||
case WOLFSSL_ECC_SECP160R1: oid = ECC_SECP160R1_OID; break;
|
case WOLFSSL_ECC_SECP160R1:
|
||||||
|
oid = ECC_SECP160R1_OID;
|
||||||
|
octets = 20;
|
||||||
|
/* Default for 160-bits. */
|
||||||
|
if (ssl->eccTempKeySz <= octets && defSz > octets) {
|
||||||
|
defOid = oid;
|
||||||
|
defSz = octets;
|
||||||
|
}
|
||||||
|
break;
|
||||||
#endif /* !NO_ECC_SECP */
|
#endif /* !NO_ECC_SECP */
|
||||||
#ifdef HAVE_ECC_SECPR2
|
#ifdef HAVE_ECC_SECPR2
|
||||||
case WOLFSSL_ECC_SECP160R2: oid = ECC_SECP160R2_OID; break;
|
case WOLFSSL_ECC_SECP160R2:
|
||||||
|
oid = ECC_SECP160R2_OID;
|
||||||
|
octets = 20;
|
||||||
|
break;
|
||||||
#endif /* HAVE_ECC_SECPR2 */
|
#endif /* HAVE_ECC_SECPR2 */
|
||||||
#ifdef HAVE_ECC_KOBLITZ
|
#ifdef HAVE_ECC_KOBLITZ
|
||||||
case WOLFSSL_ECC_SECP160K1: oid = ECC_SECP160K1_OID; break;
|
case WOLFSSL_ECC_SECP160K1:
|
||||||
|
oid = ECC_SECP160K1_OID;
|
||||||
|
octets = 20;
|
||||||
|
break;
|
||||||
#endif /* HAVE_ECC_KOBLITZ */
|
#endif /* HAVE_ECC_KOBLITZ */
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
|
#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
|
||||||
#ifndef NO_ECC_SECP
|
#ifndef NO_ECC_SECP
|
||||||
case WOLFSSL_ECC_SECP192R1: oid = ECC_SECP192R1_OID; break;
|
case WOLFSSL_ECC_SECP192R1:
|
||||||
|
oid = ECC_SECP192R1_OID;
|
||||||
|
octets = 24;
|
||||||
|
/* Default for 192-bits. */
|
||||||
|
if (ssl->eccTempKeySz <= octets && defSz > octets) {
|
||||||
|
defOid = oid;
|
||||||
|
defSz = octets;
|
||||||
|
}
|
||||||
|
break;
|
||||||
#endif /* !NO_ECC_SECP */
|
#endif /* !NO_ECC_SECP */
|
||||||
#ifdef HAVE_ECC_KOBLITZ
|
#ifdef HAVE_ECC_KOBLITZ
|
||||||
case WOLFSSL_ECC_SECP192K1: oid = ECC_SECP192K1_OID; break;
|
case WOLFSSL_ECC_SECP192K1:
|
||||||
|
oid = ECC_SECP192K1_OID;
|
||||||
|
octets = 24;
|
||||||
|
break;
|
||||||
#endif /* HAVE_ECC_KOBLITZ */
|
#endif /* HAVE_ECC_KOBLITZ */
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
|
#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
|
||||||
#ifndef NO_ECC_SECP
|
#ifndef NO_ECC_SECP
|
||||||
case WOLFSSL_ECC_SECP224R1: oid = ECC_SECP224R1_OID; break;
|
case WOLFSSL_ECC_SECP224R1:
|
||||||
|
oid = ECC_SECP224R1_OID;
|
||||||
|
octets = 28;
|
||||||
|
/* Default for 224-bits. */
|
||||||
|
if (ssl->eccTempKeySz <= octets && defSz > octets) {
|
||||||
|
defOid = oid;
|
||||||
|
defSz = octets;
|
||||||
|
}
|
||||||
|
break;
|
||||||
#endif /* !NO_ECC_SECP */
|
#endif /* !NO_ECC_SECP */
|
||||||
#ifdef HAVE_ECC_KOBLITZ
|
#ifdef HAVE_ECC_KOBLITZ
|
||||||
case WOLFSSL_ECC_SECP224K1: oid = ECC_SECP224K1_OID; break;
|
case WOLFSSL_ECC_SECP224K1:
|
||||||
|
oid = ECC_SECP224K1_OID;
|
||||||
|
octets = 28;
|
||||||
|
break;
|
||||||
#endif /* HAVE_ECC_KOBLITZ */
|
#endif /* HAVE_ECC_KOBLITZ */
|
||||||
#endif
|
#endif
|
||||||
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
|
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
|
||||||
#ifndef NO_ECC_SECP
|
#ifndef NO_ECC_SECP
|
||||||
case WOLFSSL_ECC_SECP256R1: oid = ECC_SECP256R1_OID; break;
|
case WOLFSSL_ECC_SECP256R1:
|
||||||
|
oid = ECC_SECP256R1_OID;
|
||||||
|
octets = 32;
|
||||||
|
/* Default for 256-bits. */
|
||||||
|
if (ssl->eccTempKeySz <= octets && defSz > octets) {
|
||||||
|
defOid = oid;
|
||||||
|
defSz = octets;
|
||||||
|
}
|
||||||
|
break;
|
||||||
#endif /* !NO_ECC_SECP */
|
#endif /* !NO_ECC_SECP */
|
||||||
#ifdef HAVE_ECC_KOBLITZ
|
#ifdef HAVE_ECC_KOBLITZ
|
||||||
case WOLFSSL_ECC_SECP256K1: oid = ECC_SECP256K1_OID; break;
|
case WOLFSSL_ECC_SECP256K1:
|
||||||
|
oid = ECC_SECP256K1_OID;
|
||||||
|
octets = 32;
|
||||||
|
break;
|
||||||
#endif /* HAVE_ECC_KOBLITZ */
|
#endif /* HAVE_ECC_KOBLITZ */
|
||||||
#ifdef HAVE_ECC_BRAINPOOL
|
#ifdef HAVE_ECC_BRAINPOOL
|
||||||
case WOLFSSL_ECC_BRAINPOOLP256R1: oid = ECC_BRAINPOOLP256R1_OID; break;
|
case WOLFSSL_ECC_BRAINPOOLP256R1:
|
||||||
|
oid = ECC_BRAINPOOLP256R1_OID;
|
||||||
|
octets = 32;
|
||||||
|
break;
|
||||||
#endif /* HAVE_ECC_BRAINPOOL */
|
#endif /* HAVE_ECC_BRAINPOOL */
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
|
#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
|
||||||
#ifndef NO_ECC_SECP
|
#ifndef NO_ECC_SECP
|
||||||
case WOLFSSL_ECC_SECP384R1: oid = ECC_SECP384R1_OID; break;
|
case WOLFSSL_ECC_SECP384R1:
|
||||||
|
oid = ECC_SECP384R1_OID;
|
||||||
|
octets = 48;
|
||||||
|
/* Default for 384-bits. */
|
||||||
|
if (ssl->eccTempKeySz <= octets && defSz > octets) {
|
||||||
|
defOid = oid;
|
||||||
|
defSz = octets;
|
||||||
|
}
|
||||||
|
break;
|
||||||
#endif /* !NO_ECC_SECP */
|
#endif /* !NO_ECC_SECP */
|
||||||
#ifdef HAVE_ECC_BRAINPOOL
|
#ifdef HAVE_ECC_BRAINPOOL
|
||||||
case WOLFSSL_ECC_BRAINPOOLP384R1: oid = ECC_BRAINPOOLP384R1_OID; break;
|
case WOLFSSL_ECC_BRAINPOOLP384R1:
|
||||||
|
oid = ECC_BRAINPOOLP384R1_OID;
|
||||||
|
octets = 48;
|
||||||
|
break;
|
||||||
#endif /* HAVE_ECC_BRAINPOOL */
|
#endif /* HAVE_ECC_BRAINPOOL */
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
|
#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
|
||||||
#ifdef HAVE_ECC_BRAINPOOL
|
#ifdef HAVE_ECC_BRAINPOOL
|
||||||
case WOLFSSL_ECC_BRAINPOOLP512R1: oid = ECC_BRAINPOOLP512R1_OID; break;
|
case WOLFSSL_ECC_BRAINPOOLP512R1:
|
||||||
|
oid = ECC_BRAINPOOLP512R1_OID;
|
||||||
|
octets = 64;
|
||||||
|
break;
|
||||||
#endif /* HAVE_ECC_BRAINPOOL */
|
#endif /* HAVE_ECC_BRAINPOOL */
|
||||||
#endif
|
#endif
|
||||||
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
|
#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
|
||||||
#ifndef NO_ECC_SECP
|
#ifndef NO_ECC_SECP
|
||||||
case WOLFSSL_ECC_SECP521R1: oid = ECC_SECP521R1_OID; break;
|
case WOLFSSL_ECC_SECP521R1:
|
||||||
|
oid = ECC_SECP521R1_OID;
|
||||||
|
octets = 66;
|
||||||
|
break;
|
||||||
#endif /* !NO_ECC_SECP */
|
#endif /* !NO_ECC_SECP */
|
||||||
#endif
|
#endif
|
||||||
default: continue; /* unsupported curve */
|
default: continue; /* unsupported curve */
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ssl->ecdhCurveOID == 0)
|
if (currOid == 0 && ssl->eccTempKeySz == octets)
|
||||||
ssl->ecdhCurveOID = oid;
|
currOid = oid;
|
||||||
|
if ((nextOid == 0 || nextSz > octets) && ssl->eccTempKeySz <= octets) {
|
||||||
|
nextOid = oid;
|
||||||
|
nextSz = octets;
|
||||||
|
}
|
||||||
|
|
||||||
if (first == ECC_BYTE) {
|
if (first == ECC_BYTE) {
|
||||||
switch (second) {
|
switch (second) {
|
||||||
@@ -2979,6 +3057,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
|
|||||||
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
|
case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8:
|
||||||
sig |= ssl->pkCurveOID == oid;
|
sig |= ssl->pkCurveOID == oid;
|
||||||
key |= ssl->ecdhCurveOID == oid;
|
key |= ssl->ecdhCurveOID == oid;
|
||||||
|
ephmSuite = 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#ifdef WOLFSSL_STATIC_DH
|
#ifdef WOLFSSL_STATIC_DH
|
||||||
@@ -3007,6 +3086,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
|
|||||||
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
|
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
|
||||||
sig = 1;
|
sig = 1;
|
||||||
key |= ssl->ecdhCurveOID == oid;
|
key |= ssl->ecdhCurveOID == oid;
|
||||||
|
ephmSuite = 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#ifdef WOLFSSL_STATIC_DH
|
#ifdef WOLFSSL_STATIC_DH
|
||||||
@@ -3039,6 +3119,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
|
|||||||
case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
|
case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
|
||||||
sig |= ssl->pkCurveOID == oid;
|
sig |= ssl->pkCurveOID == oid;
|
||||||
key |= ssl->ecdhCurveOID == oid;
|
key |= ssl->ecdhCurveOID == oid;
|
||||||
|
ephmSuite = 1;
|
||||||
break;
|
break;
|
||||||
#ifndef NO_RSA
|
#ifndef NO_RSA
|
||||||
/* ECDHE_RSA */
|
/* ECDHE_RSA */
|
||||||
@@ -3046,6 +3127,7 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
|
|||||||
case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
|
case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
|
||||||
sig = 1;
|
sig = 1;
|
||||||
key |= ssl->ecdhCurveOID == oid;
|
key |= ssl->ecdhCurveOID == oid;
|
||||||
|
ephmSuite = 1;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
default:
|
default:
|
||||||
@@ -3056,6 +3138,26 @@ int TLSX_ValidateEllipticCurves(WOLFSSL* ssl, byte first, byte second) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Choose the default if it is at the required strength. */
|
||||||
|
if (ssl->ecdhCurveOID == 0 && defSz == ssl->eccTempKeySz) {
|
||||||
|
key = 1;
|
||||||
|
ssl->ecdhCurveOID = defOid;
|
||||||
|
}
|
||||||
|
/* Choose any curve at the required strength. */
|
||||||
|
if (ssl->ecdhCurveOID == 0) {
|
||||||
|
key = 1;
|
||||||
|
ssl->ecdhCurveOID = currOid;
|
||||||
|
}
|
||||||
|
/* Choose the default if it is at the next highest strength. */
|
||||||
|
if (ssl->ecdhCurveOID == 0 && defSz == nextSz)
|
||||||
|
ssl->ecdhCurveOID = defOid;
|
||||||
|
/* Choose any curve at the next highest strength. */
|
||||||
|
if (ssl->ecdhCurveOID == 0)
|
||||||
|
ssl->ecdhCurveOID = nextOid;
|
||||||
|
/* No curve and ephemeral ECC suite requires a matching curve. */
|
||||||
|
if (ssl->ecdhCurveOID == 0 && ephmSuite)
|
||||||
|
key = 0;
|
||||||
|
|
||||||
return sig && key;
|
return sig && key;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user