Merge pull request #96 from SparkiDev/alg_id_sig_enc_dec

RSA/RSA-PSS/ECC/ECX: fixes for DER encoding

Author: JacobBarthelmeh

include/wolfprovider/alg_funcs.h

@@ -185,7 +185,10 @@ int wp_rsa_get_bits(wp_Rsa* rsa);
 RsaKey* wp_rsa_get_key(wp_Rsa* rsa);
 void wp_rsa_get_pss_mds(wp_Rsa* rsa, char** mdName, char** mgfMdName);
 int wp_rsa_get_pss_salt_len(wp_Rsa* rsa);
+int wp_rsa_get_pss_params_set(wp_Rsa* rsa);
 int wp_rsa_check_key_size(wp_Rsa* rsa, int allow1024);
+int wp_rsa_pss_encode_alg_id(const wp_Rsa* rsa, const char* mdName,
+    const char* mgf1Name, int saltLen, byte* pssAlgId, word32* len);
 
 /* Internal ECC types and functions. */
 typedef struct wp_Ecc wp_Ecc;

include/wolfprovider/internal.h

@@ -99,6 +99,8 @@
 /** Maximum salt length for PKCS. */
 #define WP_MAX_SALT_SIZE    64
 
+/** Default salt length for PSS. */
+#define WP_RSA_DEFAULT_SALT_LEN     20
 
 /* These values are taken from ssl.h.
  * Can't include this header as it re-declares OpenSSL types.

include/wolfprovider/wp_logging.h

@@ -142,7 +142,18 @@ int wolfProv_SetLogComponents(int componentMask);
     WOLFPROV_ERROR_FUNC_NULL_LINE(type, funcName, ret, __FILE__, __LINE__)
 
 void WOLFPROV_ENTER(int type, const char* msg);
-void WOLFPROV_LEAVE(int type, const char* msg, int ret);
+/* Call the extended version of the API with the function name of the caller. */
+#ifdef _WIN32
+    #define WOLFPROV_LEAVE(type, msg, ret) \
+        WOLFPROV_LEAVE_EX(type, __FUNCTION__, msg, ret)
+#elif __STDC__ && __STDC_VERSION__ >= 199901L
+    #define WOLFPROV_LEAVE(type, msg, ret) \
+        WOLFPROV_LEAVE_EX(type, __func__, msg, ret)
+#else
+    #define WOLFPROV_LEAVE(type, msg, ret) \
+        WOLFPROV_LEAVE_EX(type, "", msg, ret)
+#endif
+void WOLFPROV_LEAVE_EX(int type, const char* func, const char* msg, int ret);
 void WOLFPROV_MSG(int type, const char* fmt, ...);
 void WOLFPROV_MSG_VERBOSE(int type, const char* fmt, ...);
 void WOLFPROV_ERROR_LINE(int type, int err, const char* file, int line);

src/wp_dec_epki2pki.c

@@ -210,6 +210,22 @@ static int wp_epki2pki_decode(wp_Epki2Pki* ctx, OSSL_CORE_BIO* coreBio,
         done = 1;
         ok = 1;
     }
+    if ((!done) && ok) {
+        /* Try decrypting without password and look for ASN_PARSE_E to indicate
+         * that the format is not PKCS#8 encrypted.
+         * TODO: should be parsing the structure without decrypting to
+         *       determine it is encrypted PKCS#8.
+         */
+    #if LIBWOLFSSL_VERSION_HEX >= 0x05000000
+        rc = wc_DecryptPKCS8Key(data, len, password, 0);
+    #else
+        rc = wp_DecryptPKCS8Key(data, len, password, 0);
+    #endif
+        if (rc == ASN_PARSE_E) {
+            done = 1;
+            ok = 1;
+        }
+    }
     if ((!done) && ok && (!pwCb(password, sizeof(password), &passwordLen, NULL,
             pwCbArg))) {
         done = 1;

src/wp_dec_pem2der.c

@@ -294,7 +294,8 @@ static int wp_pem2der_decode_data(const unsigned char* data, word32 len,
         dataFormat = "SubjectPublicKeyInfo";
         obj = OSSL_OBJECT_PKEY;
     }
-    else if (XMEMCMP(data, "-----BEGIN DH PARAMETERS-----", 29) == 0) {
+    else if ((XMEMCMP(data, "-----BEGIN DH PARAMETERS-----", 29) == 0) ||
+             (XMEMCMP(data, "-----BEGIN X9.42 DH PARAMETERS-----", 35) == 0)) {
         type = DH_PARAM_TYPE;
         dataType = NULL;
         dataFormat = "type-specific";

src/wp_ecc_kmgmt.c

@@ -866,8 +866,9 @@ static int wp_ecc_match(wp_Ecc* ecc1, wp_Ecc* ecc2, int selection)
     if (!wolfssl_prov_is_running()) {
         ok = 0;
     }
+    /* Check the curve ID to see whether the parameters are the same. */
     if (ok && ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) &&
-        (ecc1->key.dp->id != ecc2->key.dp->id)) {
+            (ecc1->curveId != ecc2->curveId)) {
         ok = 0;
     }
     if (ok && ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)) {
@@ -2535,9 +2536,7 @@ static int wp_ecc_encode(wp_EccEncDecCtx* ctx, OSSL_CORE_BIO *cBio,
     if (ok && ((ctx->format == WP_ENC_FORMAT_TYPE_SPECIFIC) ||
                (ctx->format == WP_ENC_FORMAT_X9_62))) {
         if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) {
-            if (ctx->format == WP_ENC_FORMAT_X9_62) {
-                pemType = ECC_PRIVATEKEY_TYPE;
-            }
+            pemType = ECC_PRIVATEKEY_TYPE;
             private = 1;
             if (!wp_ecc_encode_priv(key, derData, &derLen)) {
                 ok = 0;

src/wp_ecx_kmgmt.c

@@ -2571,8 +2571,22 @@ const OSSL_DISPATCH wp_ed25519_spki_decoder_functions[] = {
 static int wp_Ed25519PublicKeyToDer(ed25519_key* key, byte* output,
     word32 inLen)
 {
-    /* Always include the algorithm. */
-    return wc_Ed25519PublicKeyToDer(key, output, inLen, 1);
+    int ok = 1;
+
+    /* Check if this is private key only. */
+    if (!key->pubKeySet) {
+        int rc;
+        /* Make the public key to encode. */
+        rc = wc_ed25519_make_public(key, key->p, ED25519_PUB_KEY_SIZE);
+        ok = key->pubKeySet = (rc == 0);
+    }
+    if (ok) {
+        /* Always include the algorithm. */
+        ok = wc_Ed25519PublicKeyToDer(key, output, inLen, 1);
+    }
+
+    WOLFPROV_LEAVE(WP_LOG_KE, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
+    return ok;
 }
 
 /**
@@ -3202,8 +3216,22 @@ const OSSL_DISPATCH wp_ed448_spki_decoder_functions[] = {
  */
 static int wp_Ed448PublicKeyToDer(ed448_key* key, byte* output, word32 inLen)
 {
-    /* Always include the algorithm. */
-    return wc_Ed448PublicKeyToDer(key, output, inLen, 1);
+    int ok = 1;
+
+    /* Check if this is private key only. */
+    if (!key->pubKeySet) {
+        int rc;
+        /* Make the public key to encode. */
+        rc = wc_ed448_make_public(key, key->p, ED448_PUB_KEY_SIZE);
+        ok = key->pubKeySet = (rc == 0);
+    }
+    if (ok) {
+        /* Always include the algorithm. */
+        ok = wc_Ed448PublicKeyToDer(key, output, inLen, 1);
+    }
+
+    WOLFPROV_LEAVE(WP_LOG_KE, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
+    return ok;
 }
 
 /**

src/wp_ecx_sig.c

@@ -258,30 +258,82 @@ static int wp_ecx_digest_verify_init(wp_EcxSigCtx *ctx, const char *mdName,
 }
 
 /**
- * Put DER encoding of the ECX signature algorithm in the parameter object.
+ * Put DER encoding of the Ed25519 signature algorithm in the parameter object.
  *
  * @param [in] ctx  ECX signature context object.
  * @param [in] p    Parameter object.
  * @return  1 on success.
  * @return  0 on failure.
  */
-static int wp_ecx_get_alg_id(wp_EcxSigCtx *ctx, OSSL_PARAM *p)
+static int wp_ed25519_get_alg_id(wp_EcxSigCtx *ctx, OSSL_PARAM *p)
 {
-    /* TODO: implement */
+    /* Ed25519 Algorithm Id: SEQ OBJ 2b 65 70 */
+    static const byte ed25519AlgId[] = {
+        0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
+    };
+
+    (void)ctx;
+
+    return OSSL_PARAM_set_octet_string(p, ed25519AlgId, sizeof(ed25519AlgId));
+}
+
+/**
+ * Put data from Ed25519 signture context object into parameter objects.
+ *
+ * @param [in] ctx     ECX signature context object.
+ * @param [in] params  Array of parameter objects.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+static int wp_ed25519_get_ctx_params(wp_EcxSigCtx *ctx, OSSL_PARAM *params)
+{
+    int ok = 1;
+    OSSL_PARAM *p;
+
+    if (ctx == NULL) {
+        ok = 0;
+    }
+
+    if (ok) {
+        p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
+        if (p != NULL) {
+            ok = wp_ed25519_get_alg_id(ctx, p);
+        }
+    }
+
+    WOLFPROV_LEAVE(WP_LOG_KE, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
+    return ok;
+}
+
+/**
+ * Put DER encoding of the Ed448 signature algorithm in the parameter object.
+ *
+ * @param [in] ctx  ECX signature context object.
+ * @param [in] p    Parameter object.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+static int wp_ed448_get_alg_id(wp_EcxSigCtx *ctx, OSSL_PARAM *p)
+{
+    /* Ed448 Algorithm Id: SEQ OBJ 2b 65 71 */
+    static const byte ed448AlgId[] = {
+        0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x71,
+    };
+
     (void)ctx;
-    (void)p;
-    return 0;
+
+    return OSSL_PARAM_set_octet_string(p, ed448AlgId, sizeof(ed448AlgId));
 }
 
 /**
- * Put data from ECX signture context object into parameter objects.
+ * Put data from Ed448 signture context object into parameter objects.
  *
  * @param [in] ctx     ECX signature context object.
  * @param [in] params  Array of parameter objects.
  * @return  1 on success.
  * @return  0 on failure.
  */
-static int wp_ecx_get_ctx_params(wp_EcxSigCtx *ctx, OSSL_PARAM *params)
+static int wp_ed448_get_ctx_params(wp_EcxSigCtx *ctx, OSSL_PARAM *params)
 {
     int ok = 1;
     OSSL_PARAM *p;
@@ -293,7 +345,7 @@ static int wp_ecx_get_ctx_params(wp_EcxSigCtx *ctx, OSSL_PARAM *params)
     if (ok) {
         p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
         if (p != NULL) {
-            ok = wp_ecx_get_alg_id(ctx, p);
+            ok = wp_ed448_get_alg_id(ctx, p);
         }
     }
 
@@ -458,7 +510,7 @@ const OSSL_DISPATCH wp_ed25519_signature_functions[] = {
     { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,
                                             (DFUNC)wp_ecx_digest_verify_init  },
     { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY,    (DFUNC)wp_ed25519_digest_verify   },
-    { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS,   (DFUNC)wp_ecx_get_ctx_params      },
+    { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS,   (DFUNC)wp_ed25519_get_ctx_params  },
     { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
                                             (DFUNC)wp_ecx_gettable_ctx_params },
     { 0, NULL }
@@ -606,7 +658,7 @@ const OSSL_DISPATCH wp_ed448_signature_functions[] = {
     { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,
                                             (DFUNC)wp_ecx_digest_verify_init  },
     { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY,    (DFUNC)wp_ed448_digest_verify     },
-    { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS,   (DFUNC)wp_ecx_get_ctx_params      },
+    { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS,    (DFUNC)wp_ed448_get_ctx_params   },
     { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
                                             (DFUNC)wp_ecx_gettable_ctx_params },
     { 0, NULL }

src/wp_logging.c

@@ -241,18 +241,20 @@ void WOLFPROV_ENTER(int component, const char* msg)
 }
 
 /**
- * Log function used to record function exit.
+ * Log function used to record function exit. Extended for function name.
  *
  * @param component [IN] Component type, from wolfProv_LogComponents enum.
+ * @param func [IN] Name of function that exitting.
  * @param msg  [IN] Log message.
  * @param ret  [IN] Value that function will be returning.
  */
-void WOLFPROV_LEAVE(int component, const char* msg, int ret)
+void WOLFPROV_LEAVE_EX(int component, const char* func, const char* msg,
+    int ret)
 {
     if (loggingEnabled) {
         char buffer[WOLFPROV_MAX_LOG_WIDTH];
-        XSNPRINTF(buffer, sizeof(buffer), "wolfProv Leaving %s, return %d",
-                  msg, ret);
+        XSNPRINTF(buffer, sizeof(buffer), "wolfProv Leaving %s, return %d (%s)",
+                  msg, ret, func);
         wolfprovider_log(WP_LOG_LEAVE, component, buffer);
     }
 }