Tencent · johnshajiang · Dec 13, 2023 · Dec 13, 2023
diff --git a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/CertificateVerify.java b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/CertificateVerify.java
@@ -674,15 +674,8 @@ static final class T12CertificateVerifyMessage extends HandshakeMessage {
             // opaque signature<0..2^16-1>;
             this.signature = Record.getBytes16(m);
             try {
-                // Set ID and public key for SM3withSM2.
-                SM2SignatureParameterSpec smSignParamSpec = null;
-                if (PKIXUtils.isSM3withSM2(signatureScheme.name)) {
-                    smSignParamSpec = new SM2SignatureParameterSpec(
-                            (ECPublicKey) x509Credentials.popPublicKey);
-                }
-
                 Signature signer = signatureScheme.getVerifier(
-                        x509Credentials.popPublicKey, smSignParamSpec);
+                        x509Credentials.popPublicKey);
                 signer.update(shc.handshakeHash.archived());
                 if (!signer.verify(signature)) {
                     throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
@@ -1019,18 +1012,8 @@ static final class T13CertificateVerifyMessage extends HandshakeMessage {
             }
 
             try {
-                // Set ID and public key for SM3withSM2.
-                SM2SignatureParameterSpec smSignParamSpec = null;
-                X509Certificate popCert = x509Credentials.popCerts[0];
-                if (PKIXUtils.isSM3withSM2(popCert.getSigAlgName())) {
-                    smSignParamSpec = new SM2SignatureParameterSpec(
-                            Utilities.TLS13_SM_ID,
-                            (ECPublicKey) x509Credentials.popPublicKey);
-                }
-
                 Signature signer = signatureScheme.getVerifier(
-                        x509Credentials.popPublicKey, smSignParamSpec);
-
+                        x509Credentials.popPublicKey, true);
 
                 signer.update(contentCovered);
                 if (!signer.verify(signature)) {

diff --git a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/ProtocolVersion.java b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/ProtocolVersion.java
@@ -365,6 +365,10 @@ boolean isTLS12() {
         return this.id == TLS12.id;
     }
 
+    boolean isTLS13() {
+        return this.id == TLS13.id;
+    }
+
     /**
      * Return true if this ProtocolVersion object is of (D)TLS 1.3 or
      * newer version.

diff --git a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/SignatureScheme.java b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/SignatureScheme.java
@@ -44,7 +44,6 @@
 
 import com.tencent.kona.crypto.CryptoInsts;
 import com.tencent.kona.crypto.spec.SM2SignatureParameterSpec;
-import com.tencent.kona.crypto.util.Constants;
 import com.tencent.kona.sun.security.ssl.NamedGroup.NamedGroupSpec;
 import com.tencent.kona.sun.security.ssl.X509Authentication.X509Possession;
 import com.tencent.kona.sun.security.util.KeyUtil;
@@ -507,16 +506,6 @@ static Map.Entry<SignatureScheme, Signature> getSignerOfPreferableAlgorithm(
         NamedGroup namedGroup = params != null
                 ? NamedGroup.valueOf(params) : null;
 
-        // Just select sm2sig_sm3 for curveSM2.
-        if (namedGroup == NamedGroup.CURVESM2) {
-            SM2SignatureParameterSpec paramSpec = !version.useTLS13PlusSpec()
-                    ? new SM2SignatureParameterSpec((ECPublicKey) publicKey)
-                    : new SM2SignatureParameterSpec(Utilities.TLS13_SM_ID,
-                            (ECPublicKey) publicKey);
-            Signature signer = SignatureScheme.SM2SIG_SM3.getSigner(signingKey, paramSpec);
-            return new SimpleImmutableEntry<>(SignatureScheme.SM2SIG_SM3, signer);
-        }
-
         String keyAlgorithm = signingKey.getAlgorithm();
         int keySize;
         // Only need to check RSA algorithm at present.
@@ -534,7 +523,8 @@ static Map.Entry<SignatureScheme, Signature> getSignerOfPreferableAlgorithm(
                 if ((ss.namedGroup != null) && (ss.namedGroup.spec ==
                         NamedGroupSpec.NAMED_GROUP_ECDHE)) {
                     if (namedGroup == ss.namedGroup) {
-                        Signature signer = ss.getSigner(signingKey);
+                        Signature signer = ss.getSigner(signingKey,
+                                publicKey, version.isTLS13());
                         if (signer != null) {
                             return new SimpleImmutableEntry<>(ss, signer);
                         }
@@ -603,18 +593,25 @@ static String[] getAlgorithmNames(Collection<SignatureScheme> schemes) {
     // is bubbled up.  If the public key does not support this signature
     // scheme, it normally means the TLS handshaking cannot continue and
     // the connection should be terminated.
-    Signature getVerifier(PublicKey publicKey,
-            SM2SignatureParameterSpec smSignParamSpec)
+    Signature getVerifier(PublicKey publicKey, boolean isTLS13)
             throws NoSuchAlgorithmException, InvalidAlgorithmParameterException,
             InvalidKeyException {
         if (!isAvailable) {
             return null;
         }
 
         Signature verifier = CryptoInsts.getSignature(algorithm);
-        if (smSignParamSpec != null) {
-            verifier.setParameter(smSignParamSpec);
+
+        // sm2sig_sm3 always needs SM2SignatureParameterSpec containing public key.
+        // And for TLS 1.3, the spec has to set "TLSv1.3+GM+Cipher+Suite" as ID.
+        if (this == SM2SIG_SM3) {
+            SM2SignatureParameterSpec paramSpec = isTLS13
+                    ? new SM2SignatureParameterSpec(Utilities.TLS13_SM_ID,
+                            (ECPublicKey) publicKey)
+                    : new SM2SignatureParameterSpec((ECPublicKey) publicKey);
+            verifier.setParameter(paramSpec);
         }
+
         SignatureUtil.initVerifyWithParam(verifier, publicKey,
                 (signAlgParams != null ? signAlgParams.parameterSpec : null));
 
@@ -624,24 +621,31 @@ Signature getVerifier(PublicKey publicKey,
     Signature getVerifier(PublicKey publicKey)
             throws InvalidAlgorithmParameterException,
             NoSuchAlgorithmException, InvalidKeyException {
-        return getVerifier(publicKey, null);
+        return getVerifier(publicKey, false);
     }
 
     // This method is also used to choose preferable signature scheme for the
     // specific private key.  If the private key does not support the signature
     // scheme, {@code null} is returned, and the caller may fail back to next
     // available signature scheme.
-    Signature getSigner(PrivateKey privateKey,
-            SM2SignatureParameterSpec smSignParamSpec) {
+    Signature getSigner(PrivateKey privateKey, PublicKey publicKey, boolean isTLS13) {
         if (!isAvailable) {
             return null;
         }
 
         try {
             Signature signer = CryptoInsts.getSignature(algorithm);
-            if (smSignParamSpec != null) {
-                signer.setParameter(smSignParamSpec);
+
+            // sm2sig_sm3 always needs SM2SignatureParameterSpec containing public key.
+            // And for TLS 1.3, the spec has to set "TLSv1.3+GM+Cipher+Suite" as ID.
+            if (this == SM2SIG_SM3) {
+                SM2SignatureParameterSpec paramSpec = isTLS13
+                        ? new SM2SignatureParameterSpec(Utilities.TLS13_SM_ID,
+                                (ECPublicKey) publicKey)
+                        : new SM2SignatureParameterSpec((ECPublicKey) publicKey);
+                signer.setParameter(paramSpec);
             }
+
             SignatureUtil.initSignWithParam(signer, privateKey,
                     (signAlgParams != null ?
                             signAlgParams.parameterSpec : null),
@@ -661,6 +665,6 @@ Signature getSigner(PrivateKey privateKey,
     }
 
     Signature getSigner(PrivateKey privateKey) {
-        return getSigner(privateKey, null);
+        return getSigner(privateKey, null, false);
     }
 }
diff --git a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPCertificateVerify.java b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/TLCPCertificateVerify.java
@@ -76,8 +76,8 @@ private static final class TLCPCertificateVerifyMessage
             try {
                 Signature signer = SignatureScheme.SM2SIG_SM3.getSigner(
                         tlcpPossession.popSignPrivateKey,
-                        new SM2SignatureParameterSpec(
-                                (ECPublicKey) tlcpPossession.popSignPublicKey));
+                        tlcpPossession.popSignPublicKey,
+                        false);
                 signer.update(chc.handshakeHash.digest());
                 temporary = signer.sign();
             } catch (SignatureException se) {
@@ -152,9 +152,7 @@ private static final class TLCPCertificateVerifyMessage
 
             try {
                 Signature signer = SignatureScheme.SM2SIG_SM3.getVerifier(
-                        tlcpCredentials.popSignPublicKey,
-                        new SM2SignatureParameterSpec(
-                                (ECPublicKey) tlcpCredentials.popSignPublicKey));
+                        tlcpCredentials.popSignPublicKey);
 
                 signer.update(shc.handshakeHash.digest());
                 if (!signer.verify(signature)) {