Merge pull request #14 from easyops-cn/gmsm

Using sm2 sm3 smx509 from github.com/emmansun/gmsm

Author: stallman-cui

gmtls/auth.go

@@ -23,7 +23,7 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/tjfoc/gmsm/sm2"
+	"github.com/emmansun/gmsm/sm2"
 )
 
 // pickSignatureAlgorithm selects a signature algorithm that is compatible with
@@ -40,17 +40,19 @@ func pickSignatureAlgorithm(pubkey crypto.PublicKey, peerSigAlgs, ourSigAlgs []S
 		// For TLS 1.2, if the client didn't send signature_algorithms
 		// extension then we can assume that it supports SHA1. See
 		// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
-		switch pubkey.(type) {
+		switch pubKey := pubkey.(type) {
 		case *rsa.PublicKey:
 			if tlsVersion < VersionTLS12 {
 				return 0, signaturePKCS1v15, crypto.MD5SHA1, nil
 			} else {
 				return PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1, nil
 			}
 		case *ecdsa.PublicKey:
-			return ECDSAWithSHA1, signatureECDSA, crypto.SHA1, nil
-		case *sm2.PublicKey:
-			return SM2WITHSM3, signatureSM2, crypto.SHA1, nil
+			if pubKey.Curve == sm2.P256() {
+				return SM2WITHSM3, signatureSM2, crypto.SHA1, nil
+			} else {
+				return ECDSAWithSHA1, signatureECDSA, crypto.SHA1, nil
+			}
 		default:
 			return 0, 0, 0, fmt.Errorf("tls: unsupported public key: %T", pubkey)
 		}
@@ -73,10 +75,6 @@ func pickSignatureAlgorithm(pubkey crypto.PublicKey, peerSigAlgs, ourSigAlgs []S
 			if sigType == signatureECDSA {
 				return sigAlg, sigType, hashAlg, nil
 			}
-		case *sm2.PublicKey:
-			if sigType == signatureECDSA {
-				return sigAlg, sigType, hashAlg, nil
-			}
 		default:
 			return 0, 0, 0, fmt.Errorf("tls: unsupported public key: %T", pubkey)
 		}
@@ -100,18 +98,21 @@ func verifyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc c
 		if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
 			return errors.New("tls: ECDSA signature contained zero or negative values")
 		}
-		if pubKey.Curve == sm2.P256Sm2() {
-			sm2Public := sm2.PublicKey{
-				Curve: pubKey.Curve,
-				X:     pubKey.X,
-				Y:     pubKey.Y,
-			}
-			if !sm2Public.Verify(digest, sig) {
+		if pubKey.Curve == sm2.P256() {
+			if !sm2.VerifyWithSM2(pubKey, nil, digest, ecdsaSig.R, ecdsaSig.S) {
 				return errors.New("tls: SM2 verification failure")
 			}
 		} else if !ecdsa.Verify(pubKey, digest, ecdsaSig.R, ecdsaSig.S) {
 			return errors.New("tls: ECDSA verification failure")
 		}
+	case signatureSM2:
+		pubKey, ok := pubkey.(*ecdsa.PublicKey)
+		if !ok {
+			return errors.New("tls: SM2 signing requires a SM2 public key")
+		}
+		if ok := sm2.VerifyASN1WithSM2(pubKey, nil, digest, sig); !ok {
+			return errors.New("verify sm2 signature error")
+		}
 	case signaturePKCS1v15:
 		pubKey, ok := pubkey.(*rsa.PublicKey)
 		if !ok {
@@ -129,14 +130,6 @@ func verifyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc c
 		if err := rsa.VerifyPSS(pubKey, hashFunc, digest, sig, signOpts); err != nil {
 			return err
 		}
-	case signatureSM2:
-		pubKey, ok := pubkey.(*sm2.PublicKey)
-		if !ok {
-			return errors.New("tls: SM2 signing requires a SM2 public key")
-		}
-		if ok := pubKey.Verify(digest, sig); !ok {
-			return errors.New("verify sm2 signature error")
-		}
 	default:
 		return errors.New("tls: unknown signature algorithm")
 	}

gmtls/cipher_suites.go

@@ -25,9 +25,9 @@ import (
 	"crypto/sha256"
 	"hash"
 
-	"github.com/tjfoc/gmsm/x509"
-
 	"golang.org/x/crypto/chacha20poly1305"
+
+	"github.com/emmansun/gmsm/smx509"
 )
 
 // a keyAgreement implements the client and server side of a TLS key agreement
@@ -45,8 +45,8 @@ type keyAgreement interface {
 
 	// This method may not be called if the server doesn't send a
 	// ServerKeyExchange message.
-	processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, *x509.Certificate, *serverKeyExchangeMsg) error
-	generateClientKeyExchange(*Config, *clientHelloMsg, *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error)
+	processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, *smx509.Certificate, *serverKeyExchangeMsg) error
+	generateClientKeyExchange(*Config, *clientHelloMsg, *smx509.Certificate) ([]byte, *clientKeyExchangeMsg, error)
 }
 
 const (

gmtls/common.go

@@ -28,7 +28,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/tjfoc/gmsm/x509"
+	"github.com/emmansun/gmsm/smx509"
 )
 
 const (
@@ -163,17 +163,17 @@ var supportedSignatureAlgorithms = []SignatureScheme{
 
 // ConnectionState records basic TLS details about the connection.
 type ConnectionState struct {
-	Version                     uint16                // TLS version used by the connection (e.g. VersionTLS12)
-	HandshakeComplete           bool                  // TLS handshake is complete
-	DidResume                   bool                  // connection resumes a previous TLS connection
-	CipherSuite                 uint16                // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...)
-	NegotiatedProtocol          string                // negotiated next protocol (not guaranteed to be from Config.NextProtos)
-	NegotiatedProtocolIsMutual  bool                  // negotiated protocol was advertised by server (client side only)
-	ServerName                  string                // server name requested by client, if any (server side only)
-	PeerCertificates            []*x509.Certificate   // certificate chain presented by remote peer
-	VerifiedChains              [][]*x509.Certificate // verified chains built from PeerCertificates
-	SignedCertificateTimestamps [][]byte              // SCTs from the server, if any
-	OCSPResponse                []byte                // stapled OCSP response from server, if any
+	Version                     uint16                  // TLS version used by the connection (e.g. VersionTLS12)
+	HandshakeComplete           bool                    // TLS handshake is complete
+	DidResume                   bool                    // connection resumes a previous TLS connection
+	CipherSuite                 uint16                  // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...)
+	NegotiatedProtocol          string                  // negotiated next protocol (not guaranteed to be from Config.NextProtos)
+	NegotiatedProtocolIsMutual  bool                    // negotiated protocol was advertised by server (client side only)
+	ServerName                  string                  // server name requested by client, if any (server side only)
+	PeerCertificates            []*smx509.Certificate   // certificate chain presented by remote peer
+	VerifiedChains              [][]*smx509.Certificate // verified chains built from PeerCertificates
+	SignedCertificateTimestamps [][]byte                // SCTs from the server, if any
+	OCSPResponse                []byte                  // stapled OCSP response from server, if any
 
 	// ekm is a closure exposed via ExportKeyingMaterial.
 	ekm func(label string, context []byte, length int) ([]byte, error)
@@ -210,12 +210,12 @@ const (
 // ClientSessionState contains the state needed by clients to resume TLS
 // sessions.
 type ClientSessionState struct {
-	sessionTicket      []uint8               // Encrypted ticket used for session resumption with server
-	vers               uint16                // SSL/TLS version negotiated for the session
-	cipherSuite        uint16                // Ciphersuite negotiated for the session
-	masterSecret       []byte                // MasterSecret generated by client on a full handshake
-	serverCertificates []*x509.Certificate   // Certificate chain presented by the server
-	verifiedChains     [][]*x509.Certificate // Certificate chains we built for verification
+	sessionTicket      []uint8                 // Encrypted ticket used for session resumption with server
+	vers               uint16                  // SSL/TLS version negotiated for the session
+	cipherSuite        uint16                  // Ciphersuite negotiated for the session
+	masterSecret       []byte                  // MasterSecret generated by client on a full handshake
+	serverCertificates []*smx509.Certificate   // Certificate chain presented by the server
+	verifiedChains     [][]*smx509.Certificate // Certificate chains we built for verification
 }
 
 // ClientSessionCache is a cache of ClientSessionState objects that can be used
@@ -443,12 +443,12 @@ type Config struct {
 	// setting InsecureSkipVerify, or (for a server) when ClientAuth is
 	// RequestClientCert or RequireAnyClientCert, then this callback will
 	// be considered but the verifiedChains argument will always be nil.
-	VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
+	VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*smx509.Certificate) error
 
 	// RootCAs defines the set of root certificate authorities
 	// that clients use when verifying server certificates.
 	// If RootCAs is nil, TLS uses the host's root CA set.
-	RootCAs *x509.CertPool
+	RootCAs *smx509.CertPool
 
 	// NextProtos is a list of supported, application level protocols.
 	NextProtos []string
@@ -466,7 +466,7 @@ type Config struct {
 	// ClientCAs defines the set of root certificate authorities
 	// that servers use if required to verify a client certificate
 	// by the policy in ClientAuth.
-	ClientCAs *x509.CertPool
+	ClientCAs *smx509.CertPool
 
 	// InsecureSkipVerify controls whether a client verifies the
 	// server's certificate chain and host name.
@@ -809,7 +809,7 @@ func (c *Config) BuildNameToCertificate() {
 	c.NameToCertificate = make(map[string]*Certificate)
 	for i := range c.Certificates {
 		cert := &c.Certificates[i]
-		x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
+		x509Cert, err := smx509.ParseCertificate(cert.Certificate[0])
 		if err != nil {
 			continue
 		}
@@ -861,7 +861,7 @@ type Certificate struct {
 	// initialized using x509.ParseCertificate to reduce per-handshake
 	// processing for TLS clients doing client authentication. If nil, the
 	// leaf certificate will be parsed as needed.
-	Leaf *x509.Certificate
+	Leaf *smx509.Certificate
 }
 
 type handshakeMessage interface {

gmtls/conn.go

@@ -26,7 +26,7 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/tjfoc/gmsm/x509"
+	"github.com/emmansun/gmsm/smx509"
 )
 
 // A Conn represents a secured connection.
@@ -54,10 +54,10 @@ type Conn struct {
 	cipherSuite      uint16
 	ocspResponse     []byte   // stapled OCSP response
 	scts             [][]byte // signed certificate timestamps from server
-	peerCertificates []*x509.Certificate
+	peerCertificates []*smx509.Certificate
 	// verifiedChains contains the certificate chains that we built, as
 	// opposed to the ones presented by the server.
-	verifiedChains [][]*x509.Certificate
+	verifiedChains [][]*smx509.Certificate
 	// serverName contains the server name indicated by the client, if any.
 	serverName string
 	// secureRenegotiation is true if the server echoed the secure

gmtls/gm_handshake_client.go

@@ -19,8 +19,8 @@ import (
 	"strconv"
 	"sync/atomic"
 
-	"github.com/tjfoc/gmsm/sm2"
-	"github.com/tjfoc/gmsm/x509"
+	"github.com/emmansun/gmsm/sm2"
+	"github.com/emmansun/gmsm/smx509"
 )
 
 type clientHandshakeStateGM struct {
@@ -195,9 +195,9 @@ func (hs *clientHandshakeStateGM) doFullHandshake() error {
 	if c.handshakes == 0 {
 		// If this is the first handshake on a connection, process and
 		// (optionally) verify the server's certificates.
-		certs := make([]*x509.Certificate, len(certMsg.certificates))
+		certs := make([]*smx509.Certificate, len(certMsg.certificates))
 		for i, asn1Data := range certMsg.certificates {
-			cert, err := x509.ParseCertificate(asn1Data)
+			cert, err := smx509.ParseCertificate(asn1Data)
 			if err != nil {
 				c.sendAlert(alertBadCertificate)
 				return errors.New("tls: failed to parse certificate from server: " + err.Error())
@@ -231,14 +231,14 @@ func (hs *clientHandshakeStateGM) doFullHandshake() error {
 		}
 
 		if !c.config.InsecureSkipVerify {
-			opts := x509.VerifyOptions{
+			opts := smx509.VerifyOptions{
 				Roots:         c.config.RootCAs,
 				CurrentTime:   c.config.time(),
 				DNSName:       c.config.ServerName,
-				Intermediates: x509.NewCertPool(),
+				Intermediates: smx509.NewCertPool(),
 			}
 			if opts.Roots == nil {
-				opts.Roots = x509.NewCertPool()
+				opts.Roots = smx509.NewCertPool()
 			}
 
 			for _, rootca := range getCAs() {
@@ -636,14 +636,14 @@ findCert:
 			// node, or if chain.Leaf was nil
 			if j != 0 || x509Cert == nil {
 				var err error
-				if x509Cert, err = x509.ParseCertificate(cert); err != nil {
+				if x509Cert, err = smx509.ParseCertificate(cert); err != nil {
 					c.sendAlert(alertInternalError)
 					return nil, errors.New("tls: failed to parse client certificate #" + strconv.Itoa(i) + ": " + err.Error())
 				}
 			}
 
 			switch {
-			case x509Cert.PublicKeyAlgorithm == x509.SM2:
+			case x509Cert.PublicKeyAlgorithm == smx509.SM2:
 			default:
 				continue findCert
 			}

gmtls/gm_handshake_client_double.go

@@ -16,8 +16,8 @@ import (
 	"strconv"
 	"sync/atomic"
 
-	"github.com/tjfoc/gmsm/sm2"
-	"github.com/tjfoc/gmsm/x509"
+	"github.com/emmansun/gmsm/sm2"
+	"github.com/emmansun/gmsm/smx509"
 )
 
 type clientHandshakeStateGM struct {
@@ -193,16 +193,16 @@ func (hs *clientHandshakeStateGM) doFullHandshake() error {
 	if c.handshakes == 0 {
 		// If this is the first handshake on a connection, process and
 		// (optionally) verify the server's certificates.
-		certs := make([]*x509.Certificate, len(certMsg.certificates))
+		certs := make([]*smx509.Certificate, len(certMsg.certificates))
 		for i, asn1Data := range certMsg.certificates {
-			cert, err := x509.ParseCertificate(asn1Data)
+			cert, err := smx509.ParseCertificate(asn1Data)
 			if err != nil {
 				c.sendAlert(alertBadCertificate)
 				return errors.New("tls: failed to parse certificate from server: " + err.Error())
 			}
 
 			pubKey, _ := cert.PublicKey.(*ecdsa.PublicKey)
-			if pubKey.Curve != sm2.P256Sm2() {
+			if pubKey.Curve != sm2.P256() {
 				c.sendAlert(alertUnsupportedCertificate)
 				return fmt.Errorf("tls: pubkey type of cert is error, expect sm2.publicKey")
 			}
@@ -211,12 +211,12 @@ func (hs *clientHandshakeStateGM) doFullHandshake() error {
 			//check key usage
 			switch i {
 			case 0:
-				if cert.KeyUsage == 0 || (cert.KeyUsage&(x509.KeyUsageDigitalSignature|cert.KeyUsage&x509.KeyUsageContentCommitment)) == 0 {
+				if cert.KeyUsage == 0 || (cert.KeyUsage&(smx509.KeyUsageDigitalSignature|cert.KeyUsage&smx509.KeyUsageContentCommitment)) == 0 {
 					c.sendAlert(alertInsufficientSecurity)
 					return fmt.Errorf("tls: the keyusage of cert[0] does not exist or is not for KeyUsageDigitalSignature/KeyUsageContentCommitment, value:%d", cert.KeyUsage)
 				}
 			case 1:
-				if cert.KeyUsage == 0 || (cert.KeyUsage&(x509.KeyUsageDataEncipherment|x509.KeyUsageKeyEncipherment|x509.KeyUsageKeyAgreement)) == 0 {
+				if cert.KeyUsage == 0 || (cert.KeyUsage&(smx509.KeyUsageDataEncipherment|smx509.KeyUsageKeyEncipherment|smx509.KeyUsageKeyAgreement)) == 0 {
 					c.sendAlert(alertInsufficientSecurity)
 					return fmt.Errorf("tls: the keyusage of cert[1] does not exist or is not for KeyUsageDataEncipherment/KeyUsageKeyEncipherment/KeyUsageKeyAgreement, value:%d", cert.KeyUsage)
 				}
@@ -226,14 +226,14 @@ func (hs *clientHandshakeStateGM) doFullHandshake() error {
 		}
 
 		if !c.config.InsecureSkipVerify {
-			opts := x509.VerifyOptions{
+			opts := smx509.VerifyOptions{
 				Roots:         c.config.RootCAs,
 				CurrentTime:   c.config.time(),
 				DNSName:       c.config.ServerName,
-				Intermediates: x509.NewCertPool(),
+				Intermediates: smx509.NewCertPool(),
 			}
 			if opts.Roots == nil {
-				opts.Roots = x509.NewCertPool()
+				opts.Roots = smx509.NewCertPool()
 			}
 
 			for _, rootca := range getCAs() {
@@ -263,7 +263,7 @@ func (hs *clientHandshakeStateGM) doFullHandshake() error {
 		}
 
 		switch certs[0].PublicKey.(type) {
-		case *sm2.PublicKey, *ecdsa.PublicKey, *rsa.PublicKey:
+		case *ecdsa.PublicKey, *rsa.PublicKey:
 			break
 		default:
 			c.sendAlert(alertUnsupportedCertificate)
@@ -369,7 +369,9 @@ func (hs *clientHandshakeStateGM) doFullHandshake() error {
 
 		digest := hs.finishedHash.client.Sum(nil)
 
-		certVerify.signature, err = key.Sign(c.config.rand(), digest, nil)
+		// TODO: SignerOpts
+		signOpts := sm2.NewSM2SignerOption(true, nil)
+		certVerify.signature, err = key.Sign(c.config.rand(), digest, signOpts)
 		if err != nil {
 			c.sendAlert(alertInternalError)
 			return err
@@ -629,17 +631,17 @@ findCert:
 			// node, or if chain.Leaf was nil
 			if j != 0 || x509Cert == nil {
 				var err error
-				if x509Cert, err = x509.ParseCertificate(cert); err != nil {
+				if x509Cert, err = smx509.ParseCertificate(cert); err != nil {
 					c.sendAlert(alertInternalError)
 					return nil, errors.New("tls: failed to parse client certificate #" + strconv.Itoa(i) + ": " + err.Error())
 				}
 			}
 
 			var isGMCert bool
 
-			if x509Cert.PublicKeyAlgorithm == x509.ECDSA {
+			if x509Cert.PublicKeyAlgorithm == smx509.ECDSA {
 				pubKey, ok := x509Cert.PublicKey.(*ecdsa.PublicKey)
-				if ok && pubKey.Curve == sm2.P256Sm2() {
+				if ok && pubKey.Curve == sm2.P256() {
 					isGMCert = true
 				}
 			}