mirror of https://github.com/wolfSSL/wolfssl
Merge pull request #1485 from dgarske/tlskeygeneccorcurve
Fix TLS 1.3 with ED25519/CURVE25519 enabled and ECC disabled
This commit is contained in:
commit
2ded38ec2b
11
src/ssl.c
11
src/ssl.c
|
@ -4725,7 +4725,12 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
|
|||
} else
|
||||
#endif
|
||||
#ifdef HAVE_ED25519
|
||||
if (header == BEGIN_DSA_PRIV) {
|
||||
#ifdef HAVE_ECC
|
||||
if (header == BEGIN_DSA_PRIV)
|
||||
#else
|
||||
if (header == BEGIN_ENC_PRIV_KEY)
|
||||
#endif
|
||||
{
|
||||
header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV;
|
||||
} else
|
||||
#endif
|
||||
|
@ -5319,7 +5324,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
|||
!= 0) {
|
||||
#ifdef HAVE_ECC
|
||||
/* could have DER ECC (or pkcs8 ecc), no easy way to tell */
|
||||
eccKey = 1; /* so try it out */
|
||||
eccKey = 1; /* try it next */
|
||||
#elif defined(HAVE_ED25519)
|
||||
ed25519Key = 1; /* try it next */
|
||||
#else
|
||||
WOLFSSL_MSG("RSA decode failed and ECC not enabled to try");
|
||||
ret = WOLFSSL_BAD_FILE;
|
||||
|
|
52
src/tls.c
52
src/tls.c
|
@ -5256,7 +5256,7 @@ end:
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
|
||||
/* Create a key share entry using named elliptic curve parameters group.
|
||||
* Generates a key pair.
|
||||
*
|
||||
|
@ -5269,13 +5269,17 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
|||
int ret;
|
||||
byte* keyData = NULL;
|
||||
word32 dataSize;
|
||||
byte* keyPtr = NULL;
|
||||
word32 keySize;
|
||||
ecc_key* eccKey = NULL;
|
||||
#ifdef HAVE_ECC
|
||||
ecc_key* eccKey;
|
||||
word16 curveId;
|
||||
#endif
|
||||
|
||||
/* TODO: [TLS13] The key sizes should come from wolfcrypt. */
|
||||
/* Translate named group to a curve id. */
|
||||
switch (kse->group) {
|
||||
#ifdef HAVE_ECC
|
||||
#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
|
||||
#ifndef NO_ECC_SECP
|
||||
case WOLFSSL_ECC_SECP256R1:
|
||||
|
@ -5303,52 +5307,49 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
|||
break;
|
||||
#endif /* !NO_ECC_SECP */
|
||||
#endif
|
||||
#endif
|
||||
#ifdef HAVE_CURVE25519
|
||||
case WOLFSSL_ECC_X25519:
|
||||
{
|
||||
curve25519_key* key;
|
||||
curve25519_key* curve_key;
|
||||
/* Allocate an ECC key to hold private key. */
|
||||
key = (curve25519_key*)XMALLOC(sizeof(curve25519_key),
|
||||
keyPtr = (byte*)XMALLOC(sizeof(curve25519_key),
|
||||
ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
if (key == NULL) {
|
||||
if (keyPtr == NULL) {
|
||||
WOLFSSL_MSG("EccTempKey Memory error");
|
||||
return MEMORY_E;
|
||||
}
|
||||
curve_key = (curve25519_key*)keyPtr;
|
||||
|
||||
dataSize = keySize = 32;
|
||||
|
||||
/* Make an ECC key. */
|
||||
ret = wc_curve25519_init(key);
|
||||
if (ret != 0) {
|
||||
eccKey = (ecc_key*)key; /* assign for freeing key */
|
||||
ret = wc_curve25519_init(curve_key);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
}
|
||||
ret = wc_curve25519_make_key(ssl->rng, keySize, key);
|
||||
if (ret != 0) {
|
||||
eccKey = (ecc_key*)key; /* assign for freeing key */
|
||||
ret = wc_curve25519_make_key(ssl->rng, keySize, curve_key);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* Allocate space for the public key. */
|
||||
keyData = (byte*)XMALLOC(dataSize, ssl->heap,
|
||||
DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
if (keyData == NULL) {
|
||||
WOLFSSL_MSG("Key data Memory error");
|
||||
ret = MEMORY_E;
|
||||
eccKey = (ecc_key*)key; /* assign for freeing key */
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* Export public key. */
|
||||
if (wc_curve25519_export_public_ex(key, keyData, &dataSize,
|
||||
if (wc_curve25519_export_public_ex(curve_key, keyData, &dataSize,
|
||||
EC25519_LITTLE_ENDIAN) != 0) {
|
||||
ret = ECC_EXPORT_ERROR;
|
||||
eccKey = (ecc_key*)key; /* assign for freeing key */
|
||||
goto end;
|
||||
}
|
||||
|
||||
kse->ke = keyData;
|
||||
kse->keLen = dataSize;
|
||||
kse->key = key;
|
||||
kse->key = keyPtr;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_TLS
|
||||
WOLFSSL_MSG("Public Curve25519 Key");
|
||||
|
@ -5368,13 +5369,15 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
|||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
/* Allocate an ECC key to hold private key. */
|
||||
eccKey = (ecc_key*)XMALLOC(sizeof(ecc_key), ssl->heap,
|
||||
keyPtr = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap,
|
||||
DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
if (eccKey == NULL) {
|
||||
if (keyPtr == NULL) {
|
||||
WOLFSSL_MSG("EccTempKey Memory error");
|
||||
return MEMORY_E;
|
||||
}
|
||||
eccKey = (ecc_key*)keyPtr;
|
||||
|
||||
/* Make an ECC key. */
|
||||
ret = wc_ecc_init_ex(eccKey, ssl->heap, ssl->devId);
|
||||
|
@ -5406,20 +5409,21 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse)
|
|||
|
||||
kse->ke = keyData;
|
||||
kse->keLen = dataSize;
|
||||
kse->key = eccKey;
|
||||
kse->key = keyPtr;
|
||||
|
||||
#ifdef WOLFSSL_DEBUG_TLS
|
||||
WOLFSSL_MSG("Public ECC Key");
|
||||
WOLFSSL_BUFFER(keyData, dataSize);
|
||||
#endif
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
end:
|
||||
if (ret != 0) {
|
||||
/* Data owned by key share entry otherwise. */
|
||||
if (eccKey != NULL)
|
||||
XFREE(eccKey, ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||
if (keyPtr != NULL)
|
||||
XFREE(keyPtr, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
|
||||
if (keyData != NULL)
|
||||
XFREE(keyData, ssl->heap, DYNAMIC_TYPE_TLSX);
|
||||
XFREE(keyData, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
@ -5437,7 +5441,7 @@ static int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse)
|
|||
if ((kse->group & NAMED_DH_MASK) == NAMED_DH_MASK)
|
||||
return TLSX_KeyShare_GenDhKey(ssl, kse);
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
|
||||
return TLSX_KeyShare_GenEccKey(ssl, kse);
|
||||
#else
|
||||
return NOT_COMPILED_IN;
|
||||
|
|
|
@ -18123,6 +18123,14 @@ static int test_tls13_apis(void)
|
|||
WOLFSSL_SUCCESS);
|
||||
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
|
||||
WOLFSSL_SUCCESS);
|
||||
#elif defined(HAVE_CURVE25519)
|
||||
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG);
|
||||
AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
|
||||
SIDE_ERROR);
|
||||
AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519),
|
||||
WOLFSSL_SUCCESS);
|
||||
AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519),
|
||||
WOLFSSL_SUCCESS);
|
||||
#else
|
||||
AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
|
||||
AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1),
|
||||
|
|
Loading…
Reference in New Issue