wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add DSA support to x509 certs

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2020-10-09 15:34:14 +02:00
parent 031ca80fe7
commit 8edeaae3e2
3 changed files with 91 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/ssl.c
View File

@ -31182,6 +31182,8 @@ WOLFSSL_DH* wolfSSL_DH_new(void)
return NULL; return NULL;
} }
external->internal = key; external->internal = key;
external->priv_key = wolfSSL_BN_new();
external->pub_key = wolfSSL_BN_new();
return external; return external;
} }
@ -31995,8 +31997,6 @@ int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p,
wolfSSL_BN_free(dh->p); wolfSSL_BN_free(dh->p);
wolfSSL_BN_free(dh->q); wolfSSL_BN_free(dh->q);
wolfSSL_BN_free(dh->g); wolfSSL_BN_free(dh->g);
wolfSSL_BN_free(dh->pub_key);
wolfSSL_BN_free(dh->priv_key);
dh->p = p; dh->p = p;
dh->q = q; dh->q = q;
@ -39821,6 +39821,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
ecc_key ecc; ecc_key ecc;
#endif
#ifndef NO_DSA
DsaKey dsa;
#endif #endif
WC_RNG rng; WC_RNG rng;
word32 idx = 0; word32 idx = 0;
@ -39878,6 +39881,21 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
} }
key = (void*)&ecc; key = (void*)&ecc;
} }
#endif
#ifndef NO_DSA
if (x509->pubKeyOID == DSAk) {
type = DSA_TYPE;
ret = wc_InitDsaKey(&dsa);
if (ret != 0)
return ret;
ret = wc_DsaPublicKeyDecode(x509->pubKey.buffer, &idx, &dsa,
x509->pubKey.length);
if (ret != 0) {
wc_FreeDsaKey(&dsa);
return ret;
}
key = (void*)&dsa;
}
#endif #endif
if (key == NULL) { if (key == NULL) {
WOLFSSL_MSG("No public key found for certificate"); WOLFSSL_MSG("No public key found for certificate");
@ -51676,6 +51694,8 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
cert->pubKeyOID = RSAk; cert->pubKeyOID = RSAk;
else if (pkey->type == EVP_PKEY_EC) else if (pkey->type == EVP_PKEY_EC)
cert->pubKeyOID = ECDSAk; cert->pubKeyOID = ECDSAk;
else if (pkey->type == EVP_PKEY_DSA)
cert->pubKeyOID = DSAk;
else else
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;

89
wolfcrypt/src/asn.c
View File

@ -13435,7 +13435,7 @@ int SetName(byte* output, word32 outputSz, CertName* name)
/* encode info from cert into DER encoded format */ /* encode info from cert into DER encoded format */
static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
WC_RNG* rng, const byte* ntruKey, word16 ntruSz, WC_RNG* rng, const byte* ntruKey, word16 ntruSz, DsaKey* dsaKey,
ed25519_key* ed25519Key, ed448_key* ed448Key) ed25519_key* ed25519Key, ed448_key* ed448Key)
{ {
int ret; int ret;
@ -13445,7 +13445,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* make sure at least one key type is provided */ /* make sure at least one key type is provided */
if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL && if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL &&
ed448Key == NULL && ntruKey == NULL) { dsaKey == NULL && ed448Key == NULL && ntruKey == NULL) {
return PUBLIC_KEY_E; return PUBLIC_KEY_E;
} }
@ -13493,6 +13493,15 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
} }
#endif #endif
#ifndef NO_DSA
if (cert->keyType == DSA_KEY) {
if (dsaKey == NULL)
return PUBLIC_KEY_E;
der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey,
sizeof(der->publicKey), 1);
}
#endif
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
if (cert->keyType == ED25519_KEY) { if (cert->keyType == ED25519_KEY) {
if (ed25519Key == NULL) if (ed25519Key == NULL)
@ -13997,7 +14006,7 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
/* Make an x509 Certificate v3 any key type from cert input, write to buffer */ /* Make an x509 Certificate v3 any key type from cert input, write to buffer */
static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng,
const byte* ntruKey, word16 ntruSz, DsaKey* dsaKey, const byte* ntruKey, word16 ntruSz,
ed25519_key* ed25519Key, ed448_key* ed448Key) ed25519_key* ed25519Key, ed448_key* ed448Key)
{ {
int ret; int ret;
@ -14007,12 +14016,23 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
DerCert der[1]; DerCert der[1];
#endif #endif
if (derBuffer == NULL) { if (derBuffer == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
cert->keyType = eccKey ? ECC_KEY : (rsaKey ? RSA_KEY : if (eccKey)
(ed25519Key ? ED25519_KEY : (ed448Key ? ED448_KEY : NTRU_KEY))); cert->keyType = ECC_KEY;
else if (rsaKey)
cert->keyType = RSA_KEY;
else if (dsaKey)
cert->keyType = DSA_KEY;
else if (ed25519Key)
cert->keyType = ED25519_KEY;
else if (ed448Key)
cert->keyType = ED448_KEY;
else if (ntruKey)
cert->keyType = NTRU_KEY;
else
return BAD_FUNC_ARG;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
der = (DerCert*)XMALLOC(sizeof(DerCert), cert->heap, DYNAMIC_TYPE_TMP_BUFFER); der = (DerCert*)XMALLOC(sizeof(DerCert), cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
@ -14020,7 +14040,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
return MEMORY_E; return MEMORY_E;
#endif #endif
ret = EncodeCert(cert, der, rsaKey, eccKey, rng, ntruKey, ntruSz, ret = EncodeCert(cert, der, rsaKey, eccKey, rng, ntruKey, ntruSz, dsaKey,
ed25519Key, ed448Key); ed25519Key, ed448Key);
if (ret == 0) { if (ret == 0) {
if (der->total + MAX_SEQ_SZ * 2 > (int)derSz) if (der->total + MAX_SEQ_SZ * 2 > (int)derSz)
@ -14042,12 +14062,15 @@ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
void* key, WC_RNG* rng) void* key, WC_RNG* rng)
{ {
RsaKey* rsaKey = NULL; RsaKey* rsaKey = NULL;
DsaKey* dsaKey = NULL;
ecc_key* eccKey = NULL; ecc_key* eccKey = NULL;
ed25519_key* ed25519Key = NULL; ed25519_key* ed25519Key = NULL;
ed448_key* ed448Key = NULL; ed448_key* ed448Key = NULL;
if (keyType == RSA_TYPE) if (keyType == RSA_TYPE)
rsaKey = (RsaKey*)key; rsaKey = (RsaKey*)key;
else if (keyType == DSA_TYPE)
dsaKey = (DsaKey*)key;
else if (keyType == ECC_TYPE) else if (keyType == ECC_TYPE)
eccKey = (ecc_key*)key; eccKey = (ecc_key*)key;
else if (keyType == ED25519_TYPE) else if (keyType == ED25519_TYPE)
@ -14055,14 +14078,14 @@ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
else if (keyType == ED448_TYPE) else if (keyType == ED448_TYPE)
ed448Key = (ed448_key*)key; ed448Key = (ed448_key*)key;
return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0, return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, dsaKey,
ed25519Key, ed448Key); NULL, 0, ed25519Key, ed448Key);
} }
/* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */ /* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */
int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,
ecc_key* eccKey, WC_RNG* rng) ecc_key* eccKey, WC_RNG* rng)
{ {
return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0, return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, NULL, 0,
NULL, NULL); NULL, NULL);
} }
@ -14072,7 +14095,7 @@ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,
int wc_MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz, int wc_MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz,
const byte* ntruKey, word16 keySz, WC_RNG* rng) const byte* ntruKey, word16 keySz, WC_RNG* rng)
{ {
return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, NULL,
ntruKey, keySz, NULL, NULL); ntruKey, keySz, NULL, NULL);
} }
@ -14161,8 +14184,8 @@ static int SetReqAttrib(byte* output, char* pw, int pwPrintableString,
/* encode info from cert into DER encoded format */ /* encode info from cert into DER encoded format */
static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
ecc_key* eccKey, ed25519_key* ed25519Key, DsaKey* dsaKey, ecc_key* eccKey,
ed448_key* ed448Key) ed25519_key* ed25519Key, ed448_key* ed448Key)
{ {
(void)eccKey; (void)eccKey;
(void)ed25519Key; (void)ed25519Key;
@ -14172,7 +14195,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL && if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL &&
ed448Key == NULL) { dsaKey == NULL && ed448Key == NULL) {
return PUBLIC_KEY_E; return PUBLIC_KEY_E;
} }
@ -14219,6 +14242,15 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
} }
#endif #endif
#ifndef NO_DSA
if (cert->keyType == DSA_KEY) {
if (dsaKey == NULL)
return PUBLIC_KEY_E;
der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey,
sizeof(der->publicKey), 1);
}
#endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (cert->keyType == ECC_KEY) { if (cert->keyType == ECC_KEY) {
if (eccKey == NULL) if (eccKey == NULL)
@ -14434,8 +14466,8 @@ static int WriteCertReqBody(DerCert* der, byte* buf)
static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
RsaKey* rsaKey, ecc_key* eccKey, ed25519_key* ed25519Key, RsaKey* rsaKey, DsaKey* dsaKey, ecc_key* eccKey,
ed448_key* ed448Key) ed25519_key* ed25519Key, ed448_key* ed448Key)
{ {
int ret; int ret;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@ -14444,8 +14476,18 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
DerCert der[1]; DerCert der[1];
#endif #endif
cert->keyType = eccKey ? ECC_KEY : (ed25519Key ? ED25519_KEY : if (eccKey)
(ed448Key ? ED448_KEY: RSA_KEY)); cert->keyType = ECC_KEY;
else if (rsaKey)
cert->keyType = RSA_KEY;
else if (dsaKey)
cert->keyType = DSA_KEY;
else if (ed25519Key)
cert->keyType = ED25519_KEY;
else if (ed448Key)
cert->keyType = ED448_KEY;
else
return BAD_FUNC_ARG;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
der = (DerCert*)XMALLOC(sizeof(DerCert), cert->heap, der = (DerCert*)XMALLOC(sizeof(DerCert), cert->heap,
@ -14454,7 +14496,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
return MEMORY_E; return MEMORY_E;
#endif #endif
ret = EncodeCertReq(cert, der, rsaKey, eccKey, ed25519Key, ed448Key); ret = EncodeCertReq(cert, der, rsaKey, dsaKey, eccKey, ed25519Key, ed448Key);
if (ret == 0) { if (ret == 0) {
if (der->total + MAX_SEQ_SZ * 2 > (int)derSz) if (der->total + MAX_SEQ_SZ * 2 > (int)derSz)
@ -14474,12 +14516,15 @@ int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
void* key) void* key)
{ {
RsaKey* rsaKey = NULL; RsaKey* rsaKey = NULL;
DsaKey* dsaKey = NULL;
ecc_key* eccKey = NULL; ecc_key* eccKey = NULL;
ed25519_key* ed25519Key = NULL; ed25519_key* ed25519Key = NULL;
ed448_key* ed448Key = NULL; ed448_key* ed448Key = NULL;
if (keyType == RSA_TYPE) if (keyType == RSA_TYPE)
rsaKey = (RsaKey*)key; rsaKey = (RsaKey*)key;
else if (keyType == DSA_TYPE)
dsaKey = (DsaKey*)key;
else if (keyType == ECC_TYPE) else if (keyType == ECC_TYPE)
eccKey = (ecc_key*)key; eccKey = (ecc_key*)key;
else if (keyType == ED25519_TYPE) else if (keyType == ED25519_TYPE)
@ -14487,14 +14532,14 @@ int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
else if (keyType == ED448_TYPE) else if (keyType == ED448_TYPE)
ed448Key = (ed448_key*)key; ed448Key = (ed448_key*)key;
return MakeCertReq(cert, derBuffer, derSz, rsaKey, eccKey, ed25519Key, return MakeCertReq(cert, derBuffer, derSz, rsaKey, dsaKey, eccKey, ed25519Key,
ed448Key); ed448Key);
} }
int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
RsaKey* rsaKey, ecc_key* eccKey) RsaKey* rsaKey, ecc_key* eccKey)
{ {
return MakeCertReq(cert, derBuffer, derSz, rsaKey, eccKey, NULL, NULL); return MakeCertReq(cert, derBuffer, derSz, rsaKey, NULL, eccKey, NULL, NULL);
} }
#endif /* WOLFSSL_CERT_REQ */ #endif /* WOLFSSL_CERT_REQ */

3
wolfssl/wolfcrypt/asn.h
View File

@ -1247,7 +1247,8 @@ enum cert_enums {
NTRU_KEY = 11, NTRU_KEY = 11,
ECC_KEY = 12, ECC_KEY = 12,
ED25519_KEY = 13, ED25519_KEY = 13,
ED448_KEY = 14 ED448_KEY = 14,
DSA_KEY = 15
}; };
#endif /* WOLFSSL_CERT_GEN */ #endif /* WOLFSSL_CERT_GEN */