Merge pull request #68 from SparkiDev/nginx_fixes

Fixes to get nginx tests passing

Author: ColtonWilley

include/wolfprovider/alg_funcs.h

@@ -339,6 +339,7 @@ extern const OSSL_DISPATCH wp_dh_pki_decoder_functions[];
 extern const OSSL_DISPATCH wp_ecc_type_specific_decoder_functions[];
 extern const OSSL_DISPATCH wp_ecc_spki_decoder_functions[];
 extern const OSSL_DISPATCH wp_ecc_pki_decoder_functions[];
+extern const OSSL_DISPATCH wp_ecc_x9_62_decoder_functions[];
 extern const OSSL_DISPATCH wp_x25519_spki_decoder_functions[];
 extern const OSSL_DISPATCH wp_x25519_pki_decoder_functions[];
 extern const OSSL_DISPATCH wp_ed25519_spki_decoder_functions[];
@@ -378,6 +379,8 @@ extern const OSSL_DISPATCH wp_ecc_pki_der_encoder_functions[];
 extern const OSSL_DISPATCH wp_ecc_pki_pem_encoder_functions[];
 extern const OSSL_DISPATCH wp_ecc_epki_der_encoder_functions[];
 extern const OSSL_DISPATCH wp_ecc_epki_pem_encoder_functions[];
+extern const OSSL_DISPATCH wp_ecc_x9_62_der_encoder_functions[];
+extern const OSSL_DISPATCH wp_ecc_x9_62_pem_encoder_functions[];
 extern const OSSL_DISPATCH wp_x25519_spki_der_encoder_functions[];
 extern const OSSL_DISPATCH wp_x25519_spki_pem_encoder_functions[];
 extern const OSSL_DISPATCH wp_x25519_pki_der_encoder_functions[];

include/wolfprovider/internal.h

@@ -74,6 +74,8 @@
 #define WP_ENC_FORMAT_EPKI              3
 /** Type-specific encoding format. */
 #define WP_ENC_FORMAT_TYPE_SPECIFIC     4
+/** X9_62 encoding format. */
+#define WP_ENC_FORMAT_X9_62             5
 
 /* Data format. */
 /** DER - Binary encoding. */
@@ -94,6 +96,9 @@
 /** Default iterations for PKCS#12 PBKDF2. */
 #define WP_PKCS12_ITERATIONS_DEFAULT    2048
 
+/** Maximum salt length for PKCS. */
+#define WP_MAX_SALT_SIZE    64
+
 
 /* These values are taken from ssl.h.
  * Can't include this header as it re-declares OpenSSL types.
@@ -175,6 +180,8 @@ int wp_encrypt_key(WOLFPROV_CTX* provCtx, const char* cipherName,
     OSSL_PASSPHRASE_CALLBACK *pwCb, void *pwCbArg, byte** cipherInfo);
 
 int wp_read_der_bio(WOLFPROV_CTX* provCtx, OSSL_CORE_BIO *coreBio, unsigned char** data, word32* len);
+int wp_read_pem_bio(WOLFPROV_CTX *provctx, OSSL_CORE_BIO *coreBio,
+    unsigned char** data, word32* len);
 BIO* wp_corebio_get_bio(WOLFPROV_CTX* provCtx, OSSL_CORE_BIO *coreBio);
 
 byte wp_ct_byte_mask_eq(byte a, byte b);

src/wp_dec_pem2der.c

@@ -133,36 +133,38 @@ static int wp_pem_password_cb(char* passwd, int sz, int rw, void* userdata)
 #endif /* WOLFSSL_ENCRYPTED_KEYS */
 
 /**
- * Convert PEM encoded EC parameters to DER.
+ * Convert PEM to DER for unsupported header/footer.
  *
  * wolfSSL does not support PEM encoded EC parameters.
  *
- * @param [in]      data  PEM encoded data.
- * @param [in]      len   Length of data in bytes.
- * @param [out]     pDer  DER Buffer holding decoded data.
- * @param [in, out] info  Information about decodeding PEM.
+ * @param [in]      data     PEM encoded data.
+ * @param [in]      len      Length of data in bytes.
+ * @param [out]     pDer     DER Buffer holding decoded data.
+ * @param [in, out] info     Information about decodeding PEM.
+ * @param [in]      nameLen  Length of name in header and footer.
  * @return  1 on success.
  * @return  0 on failure.
  */
-static int wp_pem2der_ec_params(const char* data, word32 len, DerBuffer** pDer,
-    EncryptedInfo* info)
+static int wp_pem2der_convert(const char* data, word32 len, DerBuffer** pDer,
+    EncryptedInfo* info, int nameLen)
 {
     int ok = 1;
     int rc;
     const char* footer;
     const char* base64Data;
     size_t base64Len;
 
-    base64Data = data + 29;
-    base64Len = len - 29;
-    footer = strstr(base64Data, "-----END EC PARAMETERS-----");
+    /* Skip '-----BEGIN <name>-----\n'. */
+    base64Data = data + 16 + nameLen + 1;
+    base64Len = len - 16 + nameLen + 1;
+    footer = XSTRSTR(base64Data, "-----END ");
     if (footer == NULL) {
         info->consumed = len;
         ok = 0;
     }
     if (ok) {
         /* Include footer and '\n'. */
-        info->consumed = (long)(footer - data) + 27 + 1;
+        info->consumed = (long)(footer - data) + 14 + nameLen + 1;
         base64Len = footer - base64Data;
         rc = wc_AllocDer(pDer, (word32)base64Len, ECC_TYPE, NULL);
         if (rc != 0) {
@@ -226,6 +228,22 @@ static int wp_pem2der_decode_data(const unsigned char* data, word32 len,
         type = CERT_TYPE;
         obj = OSSL_OBJECT_CERT;
     }
+#if LIBWOLFSSL_VERSION_HEX > 0x05007006
+    else if (XMEMCMP(data, "-----BEGIN TRUSTED CERTIFICATE-----", 35) == 0) {
+        type = TRUSTED_CERT_TYPE;
+        obj = OSSL_OBJECT_CERT;
+    }
+#else
+    else if (XMEMCMP(data, "-----BEGIN TRUSTED CERTIFICATE-----", 35) == 0) {
+        type = CERT_TYPE;
+        obj = OSSL_OBJECT_CERT;
+        if (!wp_pem2der_convert((const char*)data, len, &der, &info,
+                XSTRLEN("TRUSTED CERTIFICATE"))) {
+            ok = 0;
+        }
+        done = 1;
+    }
+#endif
     else if (XMEMCMP(data, "-----BEGIN X509 CRL-----", 24) == 0) {
         type = CRL_TYPE;
         obj = OSSL_OBJECT_CRL;
@@ -246,7 +264,8 @@ static int wp_pem2der_decode_data(const unsigned char* data, word32 len,
         dataType = "EC";
         dataFormat = "type-specific";
         obj = OSSL_OBJECT_PKEY;
-        if (!wp_pem2der_ec_params((const char*)data, len, &der, &info)) {
+        if (!wp_pem2der_convert((const char*)data, len, &der, &info,
+                XSTRLEN("EC PARAMETERS"))) {
             ok = 0;
         }
         done = 1;
@@ -391,7 +410,7 @@ static int wp_pem2der_decode(wp_Pem2Der* ctx, OSSL_CORE_BIO* coreBio,
     (void)selection;
 
     /* Read the data from the BIO into buffer that is allocated on the fly. */
-    if (!wp_read_der_bio(ctx->provCtx, coreBio, &data, &len)) {
+    if (!wp_read_pem_bio(ctx->provCtx, coreBio, &data, &len)) {
         ok = 0;
     }
     /* No data - nothing to do. */

src/wp_ecc_kmgmt.c

@@ -2076,7 +2076,8 @@ static int wp_ecc_decode(wp_EccEncDecCtx* ctx, OSSL_CORE_BIO *cBio,
     if (ok && (!wp_read_der_bio(ctx->provCtx, cBio, &data, &len))) {
         ok = 0;
     }
-    if (ok && (ctx->format == WP_ENC_FORMAT_TYPE_SPECIFIC)) {
+    if (ok && ((ctx->format == WP_ENC_FORMAT_TYPE_SPECIFIC) ||
+               (ctx->format == WP_ENC_FORMAT_X9_62))) {
         if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
             if (!wp_ecc_decode_pki(ecc, data, len)) {
                 ok = 0;
@@ -2439,7 +2440,8 @@ static int wp_ecc_encode(wp_EccEncDecCtx* ctx, OSSL_CORE_BIO *cBio,
         ok = 0;
     }
 
-    if (ok && (ctx->format == WP_ENC_FORMAT_TYPE_SPECIFIC)) {
+    if (ok && ((ctx->format == WP_ENC_FORMAT_TYPE_SPECIFIC) ||
+               (ctx->format == WP_ENC_FORMAT_X9_62))) {
         if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
             if (!wp_ecc_encode_params_size(key, &derLen)) {
                 ok = 0;
@@ -2480,14 +2482,18 @@ static int wp_ecc_encode(wp_EccEncDecCtx* ctx, OSSL_CORE_BIO *cBio,
         }
     }
 
-    if (ok && (ctx->format == WP_ENC_FORMAT_TYPE_SPECIFIC)) {
+    if (ok && ((ctx->format == WP_ENC_FORMAT_TYPE_SPECIFIC) ||
+               (ctx->format == WP_ENC_FORMAT_X9_62))) {
         if (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) {
             pemType = DH_PARAM_TYPE;
             if (!wp_ecc_encode_params(key, derData, &derLen)) {
                 ok = 0;
             }
         }
         else {
+            if (ctx->format == WP_ENC_FORMAT_X9_62) {
+                pemType = ECC_PRIVATEKEY_TYPE;
+            }
             private = 1;
             if (!wp_ecc_encode_priv(key, derData, &derLen)) {
                 ok = 0;
@@ -2543,8 +2549,9 @@ static int wp_ecc_encode(wp_EccEncDecCtx* ctx, OSSL_CORE_BIO *cBio,
             keyLen = pemLen = rc;
             keyData = pemData;
         }
-        if (ok && (ctx->format == WP_ENC_FORMAT_TYPE_SPECIFIC) &&
-            (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) {
+        if (ok && ((ctx->format == WP_ENC_FORMAT_TYPE_SPECIFIC) ||
+               (ctx->format == WP_ENC_FORMAT_X9_62)) &&
+               (selection == OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) {
             pemData[11] = 'E';
             pemData[12] = 'C';
             pemData[pemLen - 19] = 'E';
@@ -2984,4 +2991,119 @@ const OSSL_DISPATCH wp_ecc_epki_pem_encoder_functions[] = {
     { 0, NULL }
 };
 
+/*
+ * ECC X9.62
+ */
+
+/**
+ * Create a new ECC encoder/decoder context that handles decoding X9.62.
+ *
+ * @param [in] provCtx  Provider context.
+ * @return  New ECC encoder/decoder context object on success.
+ * @return  NULL on failure.
+ */
+static wp_EccEncDecCtx* wp_ecc_x9_62_dec_new(WOLFPROV_CTX* provCtx)
+{
+    return wp_ecc_enc_dec_new(provCtx, WP_ENC_FORMAT_X9_62, 0);
+}
+
+/**
+ * Return whether the X9.62 decoder/encoder handles the part of the key.
+ *
+ * @param [in] ctx        ECC encoder/decoder context object.
+ * @param [in] selection  Parts of key to handle.
+ * @return  1 when supported.
+ * @return  0 when not supported.
+ */
+static int wp_ecc_x9_62_does_selection(WOLFPROV_CTX* provCtx,
+    int selection)
+{
+    int ok;
+
+    (void)provCtx;
+
+    if (selection == 0) {
+        ok = 1;
+    }
+    else {
+        ok = (selection & (OSSL_KEYMGMT_SELECT_ALL_PARAMETERS |
+                           OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) != 0;
+    }
+
+    WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
+    return ok;
+}
+
+/**
+ * Dispatch table for x9_62 decoder.
+ */
+const OSSL_DISPATCH wp_ecc_x9_62_decoder_functions[] = {
+    { OSSL_FUNC_DECODER_NEWCTX,         (DFUNC)wp_ecc_x9_62_dec_new           },
+    { OSSL_FUNC_DECODER_FREECTX,        (DFUNC)wp_ecc_enc_dec_free            },
+    { OSSL_FUNC_DECODER_DOES_SELECTION,
+                                        (DFUNC)wp_ecc_x9_62_does_selection    },
+    { OSSL_FUNC_DECODER_DECODE,         (DFUNC)wp_ecc_decode                  },
+    { OSSL_FUNC_DECODER_EXPORT_OBJECT,  (DFUNC)wp_ecc_export_object           },
+    { 0, NULL }
+};
+
+/**
+ * Create a new ECC encoder/decoder context that handles encoding params in DER.
+ *
+ * @param [in] provCtx  Provider context.
+ * @return  New ECC encoder/decoder context object on success.
+ * @return  NULL on failure.
+ */
+static wp_EccEncDecCtx* wp_ecc_x9_62_der_enc_new(WOLFPROV_CTX* provCtx)
+{
+    return wp_ecc_enc_dec_new(provCtx, WP_ENC_FORMAT_X9_62, WP_FORMAT_DER);
+}
+
+/**
+ * Dispatch table for X9.62 to DER encoder.
+ */
+const OSSL_DISPATCH wp_ecc_x9_62_der_encoder_functions[] = {
+    { OSSL_FUNC_ENCODER_NEWCTX,         (DFUNC)wp_ecc_x9_62_der_enc_new       },
+    { OSSL_FUNC_ENCODER_FREECTX,        (DFUNC)wp_ecc_enc_dec_free            },
+    { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS,
+                                   (DFUNC)wp_ecc_enc_dec_settable_ctx_params  },
+    { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, (DFUNC)wp_ecc_enc_dec_set_ctx_params  },
+    { OSSL_FUNC_ENCODER_DOES_SELECTION,
+                                        (DFUNC)wp_ecc_x9_62_does_selection    },
+    { OSSL_FUNC_ENCODER_ENCODE,         (DFUNC)wp_ecc_encode                  },
+    { OSSL_FUNC_ENCODER_IMPORT_OBJECT,  (DFUNC)wp_ecc_import                  },
+    { OSSL_FUNC_ENCODER_FREE_OBJECT,    (DFUNC)wp_ecc_free                    },
+    { 0, NULL }
+};
+
+/**
+ * Create a new ECC encoder/decoder context that handles encoding X9.62 in PEM.
+ *
+ * @param [in] provCtx  Provider context.
+ * @return  New ECC encoder/decoder context object on success.
+ * @return  NULL on failure.
+ */
+static wp_EccEncDecCtx* wp_ecc_x9_62_pem_enc_new(WOLFPROV_CTX* provCtx)
+{
+    return wp_ecc_enc_dec_new(provCtx, WP_ENC_FORMAT_X9_62, WP_FORMAT_PEM);
+}
+
+/**
+ * Dispatch table for X9.62 to PEM encoder.
+ */
+const OSSL_DISPATCH wp_ecc_x9_62_pem_encoder_functions[] = {
+    { OSSL_FUNC_ENCODER_NEWCTX,
+                                        (DFUNC)wp_ecc_x9_62_pem_enc_new       },
+    { OSSL_FUNC_ENCODER_FREECTX,        (DFUNC)wp_ecc_enc_dec_free            },
+    { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS,
+                                  (DFUNC)wp_ecc_enc_dec_settable_ctx_params   },
+    { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, (DFUNC)wp_ecc_enc_dec_set_ctx_params  },
+    { OSSL_FUNC_ENCODER_DOES_SELECTION,
+                                        (DFUNC)wp_ecc_x9_62_does_selection    },
+    { OSSL_FUNC_ENCODER_ENCODE,         (DFUNC)wp_ecc_encode                  },
+    { OSSL_FUNC_ENCODER_IMPORT_OBJECT,  (DFUNC)wp_ecc_import                  },
+    { OSSL_FUNC_ENCODER_FREE_OBJECT,    (DFUNC)wp_ecc_free                    },
+    { 0, NULL }
+};
+
 #endif /* WP_HAVE_ECC */

src/wp_ecdsa_sig.c

@@ -677,10 +677,29 @@ static int wp_ecdsa_digest_verify_final(wp_EcdsaSigCtx *ctx, unsigned char *sig,
  */
 static int wp_ecdsa_get_alg_id(wp_EcdsaSigCtx *ctx, OSSL_PARAM *p)
 {
-    /* TODO: implement */
-    (void)ctx;
-    (void)p;
-    return 0;
+    int ok = 0;
+
+    if (XMEMCMP(ctx->mdName, "SHA256", 7) == 0) {
+        static const unsigned char ecdsa_sha256[] = {
+            0x30, 0x0a, 0x06, 0x08, 42, 134, 72, 206, 61, 4, 3, 2
+        };
+        ok = OSSL_PARAM_set_octet_string(p, ecdsa_sha256, sizeof(ecdsa_sha256));
+    }
+    if (XMEMCMP(ctx->mdName, "SHA384", 7) == 0) {
+        static const unsigned char ecdsa_sha384[] = {
+            0x30, 0x0a, 0x06, 0x08, 42, 134, 72, 206, 61, 4, 3, 3
+        };
+        ok = OSSL_PARAM_set_octet_string(p, ecdsa_sha384, sizeof(ecdsa_sha384));
+    }
+    if (XMEMCMP(ctx->mdName, "SHA512", 7) == 0) {
+        static const unsigned char ecdsa_sha512[] = {
+            0x30, 0x0a, 0x06, 0x08, 42, 134, 72, 206, 61, 4, 3, 4
+        };
+        ok = OSSL_PARAM_set_octet_string(p, ecdsa_sha512, sizeof(ecdsa_sha512));
+    }
+    /* TODO: support more digests */
+
+    return ok;
 }
 
 /**