From 025f55df4a07a89b106c2dd7a597d88aa3b2fe1d Mon Sep 17 00:00:00 2001 From: John Jiang Date: Thu, 14 Dec 2023 00:08:36 +0800 Subject: [PATCH] TKSS-594: Enhance passing SM2SignatureParameterSpec to sm2sig_sm3 --- .../sun/security/ssl/CertificateVerify.java | 21 +------- .../sun/security/ssl/ProtocolVersion.java | 4 ++ .../sun/security/ssl/SignatureScheme.java | 48 ++++++++++--------- .../security/ssl/TLCPCertificateVerify.java | 8 ++-- 4 files changed, 35 insertions(+), 46 deletions(-) diff --git a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/CertificateVerify.java b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/CertificateVerify.java index 985f3751..50e3c4cf 100644 --- a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/CertificateVerify.java +++ b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/CertificateVerify.java @@ -674,15 +674,8 @@ static final class T12CertificateVerifyMessage extends HandshakeMessage { // opaque signature<0..2^16-1>; this.signature = Record.getBytes16(m); try { - // Set ID and public key for SM3withSM2. - SM2SignatureParameterSpec smSignParamSpec = null; - if (PKIXUtils.isSM3withSM2(signatureScheme.name)) { - smSignParamSpec = new SM2SignatureParameterSpec( - (ECPublicKey) x509Credentials.popPublicKey); - } - Signature signer = signatureScheme.getVerifier( - x509Credentials.popPublicKey, smSignParamSpec); + x509Credentials.popPublicKey); signer.update(shc.handshakeHash.archived()); if (!signer.verify(signature)) { throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, @@ -1019,18 +1012,8 @@ static final class T13CertificateVerifyMessage extends HandshakeMessage { } try { - // Set ID and public key for SM3withSM2. - SM2SignatureParameterSpec smSignParamSpec = null; - X509Certificate popCert = x509Credentials.popCerts[0]; - if (PKIXUtils.isSM3withSM2(popCert.getSigAlgName())) { - smSignParamSpec = new SM2SignatureParameterSpec( - Utilities.TLS13_SM_ID, - (ECPublicKey) x509Credentials.popPublicKey); - } - Signature signer = signatureScheme.getVerifier( - x509Credentials.popPublicKey, smSignParamSpec); - + x509Credentials.popPublicKey, true); signer.update(contentCovered); if (!signer.verify(signature)) { diff --git a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/ProtocolVersion.java b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/ProtocolVersion.java index 5f40047d..867bc569 100644 --- a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/ProtocolVersion.java +++ b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/ProtocolVersion.java @@ -365,6 +365,10 @@ boolean isTLS12() { return this.id == TLS12.id; } + boolean isTLS13() { + return this.id == TLS13.id; + } + /** * Return true if this ProtocolVersion object is of (D)TLS 1.3 or * newer version. diff --git a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/SignatureScheme.java b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/SignatureScheme.java index 764bdff6..7e215b10 100644 --- a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/SignatureScheme.java +++ b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/SignatureScheme.java @@ -44,7 +44,6 @@ import com.tencent.kona.crypto.CryptoInsts; import com.tencent.kona.crypto.spec.SM2SignatureParameterSpec; -import com.tencent.kona.crypto.util.Constants; import com.tencent.kona.sun.security.ssl.NamedGroup.NamedGroupSpec; import com.tencent.kona.sun.security.ssl.X509Authentication.X509Possession; import com.tencent.kona.sun.security.util.KeyUtil; @@ -507,16 +506,6 @@ static Map.Entry getSignerOfPreferableAlgorithm( NamedGroup namedGroup = params != null ? NamedGroup.valueOf(params) : null; - // Just select sm2sig_sm3 for curveSM2. - if (namedGroup == NamedGroup.CURVESM2) { - SM2SignatureParameterSpec paramSpec = !version.useTLS13PlusSpec() - ? new SM2SignatureParameterSpec((ECPublicKey) publicKey) - : new SM2SignatureParameterSpec(Utilities.TLS13_SM_ID, - (ECPublicKey) publicKey); - Signature signer = SignatureScheme.SM2SIG_SM3.getSigner(signingKey, paramSpec); - return new SimpleImmutableEntry<>(SignatureScheme.SM2SIG_SM3, signer); - } - String keyAlgorithm = signingKey.getAlgorithm(); int keySize; // Only need to check RSA algorithm at present. @@ -534,7 +523,8 @@ static Map.Entry getSignerOfPreferableAlgorithm( if ((ss.namedGroup != null) && (ss.namedGroup.spec == NamedGroupSpec.NAMED_GROUP_ECDHE)) { if (namedGroup == ss.namedGroup) { - Signature signer = ss.getSigner(signingKey); + Signature signer = ss.getSigner(signingKey, + publicKey, version.isTLS13()); if (signer != null) { return new SimpleImmutableEntry<>(ss, signer); } @@ -603,8 +593,7 @@ static String[] getAlgorithmNames(Collection schemes) { // is bubbled up. If the public key does not support this signature // scheme, it normally means the TLS handshaking cannot continue and // the connection should be terminated. - Signature getVerifier(PublicKey publicKey, - SM2SignatureParameterSpec smSignParamSpec) + Signature getVerifier(PublicKey publicKey, boolean isTLS13) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException { if (!isAvailable) { @@ -612,9 +601,17 @@ Signature getVerifier(PublicKey publicKey, } Signature verifier = CryptoInsts.getSignature(algorithm); - if (smSignParamSpec != null) { - verifier.setParameter(smSignParamSpec); + + // sm2sig_sm3 always needs SM2SignatureParameterSpec containing public key. + // And for TLS 1.3, the spec has to set "TLSv1.3+GM+Cipher+Suite" as ID. + if (this == SM2SIG_SM3) { + SM2SignatureParameterSpec paramSpec = isTLS13 + ? new SM2SignatureParameterSpec(Utilities.TLS13_SM_ID, + (ECPublicKey) publicKey) + : new SM2SignatureParameterSpec((ECPublicKey) publicKey); + verifier.setParameter(paramSpec); } + SignatureUtil.initVerifyWithParam(verifier, publicKey, (signAlgParams != null ? signAlgParams.parameterSpec : null)); @@ -624,24 +621,31 @@ Signature getVerifier(PublicKey publicKey, Signature getVerifier(PublicKey publicKey) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, InvalidKeyException { - return getVerifier(publicKey, null); + return getVerifier(publicKey, false); } // This method is also used to choose preferable signature scheme for the // specific private key. If the private key does not support the signature // scheme, {@code null} is returned, and the caller may fail back to next // available signature scheme. - Signature getSigner(PrivateKey privateKey, - SM2SignatureParameterSpec smSignParamSpec) { + Signature getSigner(PrivateKey privateKey, PublicKey publicKey, boolean isTLS13) { if (!isAvailable) { return null; } try { Signature signer = CryptoInsts.getSignature(algorithm); - if (smSignParamSpec != null) { - signer.setParameter(smSignParamSpec); + + // sm2sig_sm3 always needs SM2SignatureParameterSpec containing public key. + // And for TLS 1.3, the spec has to set "TLSv1.3+GM+Cipher+Suite" as ID. + if (this == SM2SIG_SM3) { + SM2SignatureParameterSpec paramSpec = isTLS13 + ? new SM2SignatureParameterSpec(Utilities.TLS13_SM_ID, + (ECPublicKey) publicKey) + : new SM2SignatureParameterSpec((ECPublicKey) publicKey); + signer.setParameter(paramSpec); } + SignatureUtil.initSignWithParam(signer, privateKey, (signAlgParams != null ? signAlgParams.parameterSpec : null), @@ -661,6 +665,6 @@ Signature getSigner(PrivateKey privateKey, } Signature getSigner(PrivateKey privateKey) { - return getSigner(privateKey, null); + return getSigner(privateKey, null, false); } } diff --git a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPCertificateVerify.java b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPCertificateVerify.java index d48396be..e0837f54 100644 --- a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPCertificateVerify.java +++ b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPCertificateVerify.java @@ -76,8 +76,8 @@ private static final class TLCPCertificateVerifyMessage try { Signature signer = SignatureScheme.SM2SIG_SM3.getSigner( tlcpPossession.popSignPrivateKey, - new SM2SignatureParameterSpec( - (ECPublicKey) tlcpPossession.popSignPublicKey)); + tlcpPossession.popSignPublicKey, + false); signer.update(chc.handshakeHash.digest()); temporary = signer.sign(); } catch (SignatureException se) { @@ -152,9 +152,7 @@ private static final class TLCPCertificateVerifyMessage try { Signature signer = SignatureScheme.SM2SIG_SM3.getVerifier( - tlcpCredentials.popSignPublicKey, - new SM2SignatureParameterSpec( - (ECPublicKey) tlcpCredentials.popSignPublicKey)); + tlcpCredentials.popSignPublicKey); signer.update(shc.handshakeHash.digest()); if (!signer.verify(signature)) {