RSA/RSA-PSS/ECC/ECX: fixes for DER encoding

Changes to get OpenSSL testing passing.

Fix encoding and getting of algorithm identifiers and signatures.
Support "X9.42 DH PARAMETERS" PEM hedaer.
Detect whether the DER encoding is PKCS#8 encrypted data before asking
for a password.
ECX: when encoding public key, make sure it is available.

Changed logging to include function name when logging the leaving of a
function.

Author: SparkiDev

include/wolfprovider/alg_funcs.h

@@ -185,7 +185,10 @@ int wp_rsa_get_bits(wp_Rsa* rsa);
 RsaKey* wp_rsa_get_key(wp_Rsa* rsa);
 void wp_rsa_get_pss_mds(wp_Rsa* rsa, char** mdName, char** mgfMdName);
 int wp_rsa_get_pss_salt_len(wp_Rsa* rsa);
+int wp_rsa_get_pss_params_set(wp_Rsa* rsa);
 int wp_rsa_check_key_size(wp_Rsa* rsa, int allow1024);
+int wp_rsa_pss_encode_alg_id(const wp_Rsa* rsa, const char* mdName,
+    const char* mgf1Name, int saltLen, byte* pssAlgId, word32* len);
 
 /* Internal ECC types and functions. */
 typedef struct wp_Ecc wp_Ecc;

include/wolfprovider/internal.h

@@ -99,6 +99,8 @@
 /** Maximum salt length for PKCS. */
 #define WP_MAX_SALT_SIZE    64
 
+/** Default salt length for PSS. */
+#define WP_RSA_DEFAULT_SALT_LEN     20
 
 /* These values are taken from ssl.h.
  * Can't include this header as it re-declares OpenSSL types.

include/wolfprovider/wp_logging.h

@@ -142,7 +142,18 @@ int wolfProv_SetLogComponents(int componentMask);
     WOLFPROV_ERROR_FUNC_NULL_LINE(type, funcName, ret, __FILE__, __LINE__)
 
 void WOLFPROV_ENTER(int type, const char* msg);
-void WOLFPROV_LEAVE(int type, const char* msg, int ret);
+/* Call the extended version of the API with the function name of the caller. */
+#ifdef _WIN32
+    #define WOLFPROV_LEAVE(type, msg, ret) \
+        WOLFPROV_LEAVE_EX(type, __FUNCTION__, msg, ret)
+#elif __STDC__ && __STDC_VERSION__ >= 199901L
+    #define WOLFPROV_LEAVE(type, msg, ret) \
+        WOLFPROV_LEAVE_EX(type, __func__, msg, ret)
+#else
+    #define WOLFPROV_LEAVE(type, msg, ret) \
+        WOLFPROV_LEAVE_EX(type, "", msg, ret)
+#endif
+void WOLFPROV_LEAVE_EX(int type, const char* func, const char* msg, int ret);
 void WOLFPROV_MSG(int type, const char* fmt, ...);
 void WOLFPROV_MSG_VERBOSE(int type, const char* fmt, ...);
 void WOLFPROV_ERROR_LINE(int type, int err, const char* file, int line);

src/wp_dec_epki2pki.c

@@ -210,6 +210,22 @@ static int wp_epki2pki_decode(wp_Epki2Pki* ctx, OSSL_CORE_BIO* coreBio,
         done = 1;
         ok = 1;
     }
+    if ((!done) && ok) {
+        /* Try decrypting without password and look for ASN_PARSE_E to indicate
+         * that the format is not PKCS#8 encrypted.
+         * TODO: should be parsing the structure without decrypting to
+         *       determine it is encrypted PKCS#8.
+         */
+    #if LIBWOLFSSL_VERSION_HEX >= 0x05000000
+        rc = wc_DecryptPKCS8Key(data, len, password, 0);
+    #else
+        rc = wp_DecryptPKCS8Key(data, len, password, 0);
+    #endif
+        if (rc == ASN_PARSE_E) {
+            done = 1;
+            ok = 1;
+        }
+    }
     if ((!done) && ok && (!pwCb(password, sizeof(password), &passwordLen, NULL,
             pwCbArg))) {
         done = 1;

src/wp_dec_pem2der.c

@@ -294,7 +294,8 @@ static int wp_pem2der_decode_data(const unsigned char* data, word32 len,
         dataFormat = "SubjectPublicKeyInfo";
         obj = OSSL_OBJECT_PKEY;
     }
-    else if (XMEMCMP(data, "-----BEGIN DH PARAMETERS-----", 29) == 0) {
+    else if ((XMEMCMP(data, "-----BEGIN DH PARAMETERS-----", 29) == 0) ||
+             (XMEMCMP(data, "-----BEGIN X9.42 DH PARAMETERS-----", 35) == 0)) {
         type = DH_PARAM_TYPE;
         dataType = NULL;
         dataFormat = "type-specific";

src/wp_ecc_kmgmt.c

@@ -866,8 +866,9 @@ static int wp_ecc_match(wp_Ecc* ecc1, wp_Ecc* ecc2, int selection)
     if (!wolfssl_prov_is_running()) {
         ok = 0;
     }
+    /* Check the curve ID to see whether the parameters are the same. */
     if (ok && ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) &&
-        (ecc1->key.dp->id != ecc2->key.dp->id)) {
+            (ecc1->curveId != ecc2->curveId)) {
         ok = 0;
     }
     if (ok && ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)) {
@@ -2535,9 +2536,7 @@ static int wp_ecc_encode(wp_EccEncDecCtx* ctx, OSSL_CORE_BIO *cBio,
     if (ok && ((ctx->format == WP_ENC_FORMAT_TYPE_SPECIFIC) ||
                (ctx->format == WP_ENC_FORMAT_X9_62))) {
         if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) {
-            if (ctx->format == WP_ENC_FORMAT_X9_62) {
-                pemType = ECC_PRIVATEKEY_TYPE;
-            }
+            pemType = ECC_PRIVATEKEY_TYPE;
             private = 1;
             if (!wp_ecc_encode_priv(key, derData, &derLen)) {
                 ok = 0;

src/wp_ecx_kmgmt.c

@@ -2571,8 +2571,22 @@ const OSSL_DISPATCH wp_ed25519_spki_decoder_functions[] = {
 static int wp_Ed25519PublicKeyToDer(ed25519_key* key, byte* output,
     word32 inLen)
 {
-    /* Always include the algorithm. */
-    return wc_Ed25519PublicKeyToDer(key, output, inLen, 1);
+    int ok = 1;
+
+    /* Check if this is private key only. */
+    if (!key->pubKeySet) {
+        int rc;
+        /* Make the public key to encode. */
+        rc = wc_ed25519_make_public(key, key->p, ED25519_PUB_KEY_SIZE);
+        ok = key->pubKeySet = (rc == 0);
+    }
+    if (ok) {
+        /* Always include the algorithm. */
+        ok = wc_Ed25519PublicKeyToDer(key, output, inLen, 1);
+    }
+
+    WOLFPROV_LEAVE(WP_LOG_KE, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
+    return ok;
 }
 
 /**
@@ -3202,8 +3216,22 @@ const OSSL_DISPATCH wp_ed448_spki_decoder_functions[] = {
  */
 static int wp_Ed448PublicKeyToDer(ed448_key* key, byte* output, word32 inLen)
 {
-    /* Always include the algorithm. */
-    return wc_Ed448PublicKeyToDer(key, output, inLen, 1);
+    int ok = 1;
+
+    /* Check if this is private key only. */
+    if (!key->pubKeySet) {
+        int rc;
+        /* Make the public key to encode. */
+        rc = wc_ed448_make_public(key, key->p, ED448_PUB_KEY_SIZE);
+        ok = key->pubKeySet = (rc == 0);
+    }
+    if (ok) {
+        /* Always include the algorithm. */
+        ok = wc_Ed448PublicKeyToDer(key, output, inLen, 1);
+    }
+
+    WOLFPROV_LEAVE(WP_LOG_KE, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
+    return ok;
 }
 
 /**

src/wp_ecx_sig.c

@@ -258,30 +258,82 @@ static int wp_ecx_digest_verify_init(wp_EcxSigCtx *ctx, const char *mdName,
 }
 
 /**
- * Put DER encoding of the ECX signature algorithm in the parameter object.
+ * Put DER encoding of the Ed25519 signature algorithm in the parameter object.
  *
  * @param [in] ctx  ECX signature context object.
  * @param [in] p    Parameter object.
  * @return  1 on success.
  * @return  0 on failure.
  */
-static int wp_ecx_get_alg_id(wp_EcxSigCtx *ctx, OSSL_PARAM *p)
+static int wp_ed25519_get_alg_id(wp_EcxSigCtx *ctx, OSSL_PARAM *p)
 {
-    /* TODO: implement */
+    /* Ed25519 Algorithm Id: SEQ OBJ 2b 65 70 */
+    static const byte ed25519AlgId[] = {
+        0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
+    };
+
+    (void)ctx;
+
+    return OSSL_PARAM_set_octet_string(p, ed25519AlgId, sizeof(ed25519AlgId));
+}
+
+/**
+ * Put data from Ed25519 signture context object into parameter objects.
+ *
+ * @param [in] ctx     ECX signature context object.
+ * @param [in] params  Array of parameter objects.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+static int wp_ed25519_get_ctx_params(wp_EcxSigCtx *ctx, OSSL_PARAM *params)
+{
+    int ok = 1;
+    OSSL_PARAM *p;
+
+    if (ctx == NULL) {
+        ok = 0;
+    }
+
+    if (ok) {
+        p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
+        if (p != NULL) {
+            ok = wp_ed25519_get_alg_id(ctx, p);
+        }
+    }
+
+    WOLFPROV_LEAVE(WP_LOG_KE, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
+    return ok;
+}
+
+/**
+ * Put DER encoding of the Ed448 signature algorithm in the parameter object.
+ *
+ * @param [in] ctx  ECX signature context object.
+ * @param [in] p    Parameter object.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+static int wp_ed448_get_alg_id(wp_EcxSigCtx *ctx, OSSL_PARAM *p)
+{
+    /* Ed448 Algorithm Id: SEQ OBJ 2b 65 71 */
+    static const byte ed448AlgId[] = {
+        0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x71,
+    };
+
     (void)ctx;
-    (void)p;
-    return 0;
+
+    return OSSL_PARAM_set_octet_string(p, ed448AlgId, sizeof(ed448AlgId));
 }
 
 /**
- * Put data from ECX signture context object into parameter objects.
+ * Put data from Ed448 signture context object into parameter objects.
  *
  * @param [in] ctx     ECX signature context object.
  * @param [in] params  Array of parameter objects.
  * @return  1 on success.
  * @return  0 on failure.
  */
-static int wp_ecx_get_ctx_params(wp_EcxSigCtx *ctx, OSSL_PARAM *params)
+static int wp_ed448_get_ctx_params(wp_EcxSigCtx *ctx, OSSL_PARAM *params)
 {
     int ok = 1;
     OSSL_PARAM *p;
@@ -293,7 +345,7 @@ static int wp_ecx_get_ctx_params(wp_EcxSigCtx *ctx, OSSL_PARAM *params)
     if (ok) {
         p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
         if (p != NULL) {
-            ok = wp_ecx_get_alg_id(ctx, p);
+            ok = wp_ed448_get_alg_id(ctx, p);
         }
     }
 
@@ -458,7 +510,7 @@ const OSSL_DISPATCH wp_ed25519_signature_functions[] = {
     { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,
                                             (DFUNC)wp_ecx_digest_verify_init  },
     { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY,    (DFUNC)wp_ed25519_digest_verify   },
-    { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS,   (DFUNC)wp_ecx_get_ctx_params      },
+    { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS,   (DFUNC)wp_ed25519_get_ctx_params  },
     { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
                                             (DFUNC)wp_ecx_gettable_ctx_params },
     { 0, NULL }
@@ -606,7 +658,7 @@ const OSSL_DISPATCH wp_ed448_signature_functions[] = {
     { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,
                                             (DFUNC)wp_ecx_digest_verify_init  },
     { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY,    (DFUNC)wp_ed448_digest_verify     },
-    { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS,   (DFUNC)wp_ecx_get_ctx_params      },
+    { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS,    (DFUNC)wp_ed448_get_ctx_params   },
     { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
                                             (DFUNC)wp_ecx_gettable_ctx_params },
     { 0, NULL }

src/wp_logging.c

@@ -241,18 +241,20 @@ void WOLFPROV_ENTER(int component, const char* msg)
 }
 
 /**
- * Log function used to record function exit.
+ * Log function used to record function exit. Extended for function name.
  *
  * @param component [IN] Component type, from wolfProv_LogComponents enum.
+ * @param func [IN] Name of function that exitting.
  * @param msg  [IN] Log message.
  * @param ret  [IN] Value that function will be returning.
  */
-void WOLFPROV_LEAVE(int component, const char* msg, int ret)
+void WOLFPROV_LEAVE_EX(int component, const char* func, const char* msg,
+    int ret)
 {
     if (loggingEnabled) {
         char buffer[WOLFPROV_MAX_LOG_WIDTH];
-        XSNPRINTF(buffer, sizeof(buffer), "wolfProv Leaving %s, return %d",
-                  msg, ret);
+        XSNPRINTF(buffer, sizeof(buffer), "wolfProv Leaving %s, return %d (%s)",
+                  msg, ret, func);
         wolfprovider_log(WP_LOG_LEAVE, component, buffer);
     }
 }