fix SM2 signature issue

canokeys · Dec 26, 2023 · c81f322 · c81f322
1 parent 0be5417
commit c81f322
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/applets/ctap/ctap-parser.c b/applets/ctap/ctap-parser.c
@@ -17,6 +17,8 @@
     if (ret != CborNoError) return CTAP2_ERR_INVALID_CBOR;                                                             \
   } while (0)
 
+extern CTAP_sm2_attr ctap_sm2_attr;
+
 static void maybe_truncate_rpid(uint8_t stored_rpid[MAX_STORED_RPID_LENGTH], size_t *stored_len, const uint8_t *rpid,
                                 size_t rpid_len) {
   if (rpid_len <= MAX_STORED_RPID_LENGTH) {
@@ -183,7 +185,9 @@ uint8_t parse_verify_pub_key_cred_params(CborValue *val, int32_t *alg_type) {
   for (size_t i = 0; i < arr_length; ++i) {
     ret = parse_pub_key_cred_param(&arr, &cur_alg_type);
     CHECK_PARSER_RET(ret);
-    if (ret == 0 && (cur_alg_type == COSE_ALG_ES256 || cur_alg_type == COSE_ALG_EDDSA)) {
+    if (ret == 0 && (cur_alg_type == COSE_ALG_ES256 ||
+                     cur_alg_type == COSE_ALG_EDDSA ||
+                     ctap_sm2_attr.enabled && cur_alg_type == ctap_sm2_attr.algo_id)) {
       // https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#authenticatorMakeCredential
       //
       // > This sequence is ordered from most preferred (by the RP) to least preferred.
@@ -674,6 +678,7 @@ uint8_t parse_make_credential(CborParser *parser, CTAP_make_credential *mc, cons
         CHECK_PARSER_RET(ret);
         if (mc->alg_type == COSE_ALG_ES256) DBG_MSG("EcDSA found\n");
         else if (mc->alg_type == COSE_ALG_EDDSA) DBG_MSG("EdDSA found\n");
+        else if (mc->alg_type == ctap_sm2_attr.algo_id) DBG_MSG("SM2 found\n");
         else
           DBG_MSG("Found other algorithm\n");
         mc->parsed_params |= PARAM_PUB_KEY_CRED_PARAMS;

diff --git a/applets/ctap/secret.c b/applets/ctap/secret.c
@@ -361,6 +361,10 @@ int sign_with_private_key(int32_t alg_type, ecc_key_t *key, const uint8_t *input
     return SIGNATURE_LENGTH[key_type];
   }
   if (key_type == SM2) {
+    if (ecc_complete_key(key_type, key) < 0) {  // Compute Z requiring the public key
+      ERR_MSG("Failed to complete key\n");
+      return -1;
+    }
     uint8_t z[SM3_DIGEST_LENGTH];
     sm2_z(SM2_ID_DEFAULT, key, z);
     sm3_init();
@@ -378,6 +382,10 @@ int sign_with_private_key(int32_t alg_type, ecc_key_t *key, const uint8_t *input
     ERR_MSG("Failed to sign\n");
     return -1;
   }
+
+  if (key_type == SM2) return SIGNATURE_LENGTH[key_type];
+
+  // For ES256, convert the signature to ansi format
   DBG_MSG("Raw signature: ");
   PRINT_HEX(sig, SIGNATURE_LENGTH[key_type]);
   return ecdsa_sig2ansi(PRIVATE_KEY_LENGTH[key_type], sig, sig);