SM2 Cipher Suite Not Recognized in Pipy's NTLS Configuration with SM2 Certificates

ruhuang2001 commented 1 month ago

I am testing Pipy's support for the SM2 and wrote a simple file main.js based on the reply in #192.

// main.js
var certSign = new crypto.Certificate(
  pipy.load('sm2_sign.crt')   
);

var keySign = new crypto.PrivateKey(
  pipy.load('sm2_sign.key')    
);

var certEnc = new crypto.Certificate(
  pipy.load('sm2_enc.crt')   
);

var keyEnc = new crypto.PrivateKey(
  pipy.load('sm2_enc.key')    
);

pipy()
  .listen(443) 
  .acceptTLS({
    ntls: true,  
    certificate: {
      cert: certSign,   
      key: keySign,     
      certEnc: certEnc, 
      keyEnc: keyEnc   
    },
    ciphers: 'ECC-SM2-SM4-CBC-SM3',
  })
  .to(
    $ => $.replaceMessage(
      new Message({
        status: 200,
        headers: {
          'Content-Type': 'text/html'
        },
        body: `<h1>TLS handshake successful with SM2! Welcome to the server.</h1>`
      })
    )
  );

$ ./pipy main.js
2024-10-17 18:15:41.412 [INF] [config]
2024-10-17 18:15:41.413 [INF] [config] Module /main.js
2024-10-17 18:15:41.413 [INF] [config] ===============
2024-10-17 18:15:41.413 [INF] [config]
2024-10-17 18:15:41.413 [INF] [config]  [Listen on 443 at 0.0.0.0]
2024-10-17 18:15:41.413 [INF] [config]  ----->|
2024-10-17 18:15:41.413 [INF] [config]        |
2024-10-17 18:15:41.413 [INF] [config]       acceptTLS
2024-10-17 18:15:41.413 [INF] [config]        |
2024-10-17 18:15:41.413 [INF] [config]        |--> []
2024-10-17 18:15:41.413 [INF] [config]              replaceMessage -->|
2024-10-17 18:15:41.413 [INF] [config]                                |
2024-10-17 18:15:41.414 [INF] [config]  <-----------------------------|
2024-10-17 18:15:41.414 [INF] [config]
2024-10-17 18:15:41.415 [INF] [listener] Listening on TCP port 443 at 0.0.0.0

Opened a new terminal to test establishing an NTLS secure connection with the local server on port 443, but it seems unable to recognize its cipher.


$ /opt/tongsuo/bin/tongsuo s_client -connect localhost:443 -enable_ntls -ntls -trace
CONNECTED(00000003)
Sent Record
Header:
  Version = NTLS (0x101)
  Content Type = Handshake (22)
  Length = 67
    ClientHello, Length=63
      client_version=0x101 (NTLS)
      Random:
        gmt_unix_time=0x8904AB72
        random_bytes (len=28): 3A683D8788E57E5175BEFEC63C97CD2DF8D811A02275D66BFFA99D8C
      session_id (len=0):
      cipher_suites (len=18)
        {0xE0, 0x53} ECC_SM4_GCM_SM3
        {0xE0, 0x51} ECDHE_SM4_GCM_SM3
        {0xE0, 0x5A} RSA_SM4_GCM_SHA256
        {0xE0, 0x59} RSA_SM4_GCM_SM3
        {0xE0, 0x13} ECC_SM4_CBC_SM3
        {0xE0, 0x11} ECDHE_SM4_CBC_SM3
        {0xE0, 0x1C} RSA_SM4_CBC_SHA256
        {0xE0, 0x19} RSA_SM4_CBC_SM3
        {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
      compression_methods (len=1)
        No Compression (0x00)
      extensions, length = 4
        extension_type=session_ticket(35), length=0

Sent Record
Header:
  Version = NTLS (0x101)
  Content Type = Alert (21)
  Length = 2
    Level=fatal(2), description=decode error(50)

40D7F0492C7F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:306:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 79 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : NTLSv1.1
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1729157646
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    QUIC: no
---

Refer to Tongsuo Docs , I tested the server.c file with the Tongsuo-generated key certificates, and the results were successful as documented.

Testing Process

![image](https://github.com/user-attachments/assets/731b2289-54d0-48f6-96ec-a800a47ed888) ```c // server.c #include #include #include #include #include #include #include int main(int argc, char **argv) { struct sockaddr_in addr; unsigned int addr_len = sizeof(addr); const SSL_METHOD *method; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; int fd = -1, conn_fd = -1; char *txbuf = NULL; size_t txcap = 0; int txlen; char rxbuf[128]; size_t rxcap = sizeof(rxbuf); int rxlen; char *server_ip = "127.0.0.1"; char *server_port = "443"; int server_running = 1; int optval = 1; if (argc == 2) { server_ip = argv[1]; server_port = strstr(argv[1], ":"); if (server_port != NULL) *server_port++ = '\0'; else server_port = "443"; } method = NTLS_server_method(); ssl_ctx = SSL_CTX_new(method); if (ssl_ctx == NULL) { perror("Unable to create SSL context"); ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } SSL_CTX_enable_ntls(ssl_ctx); /* Set the key and cert */ if (!SSL_CTX_use_sign_certificate_file(ssl_ctx, "certs/server/sm2_sign.crt", SSL_FILETYPE_PEM) || !SSL_CTX_use_sign_PrivateKey_file(ssl_ctx, "certs/server/sm2_sign.key", SSL_FILETYPE_PEM) || !SSL_CTX_use_enc_certificate_file(ssl_ctx, "certs/server/sm2_enc.crt", SSL_FILETYPE_PEM) || !SSL_CTX_use_enc_PrivateKey_file(ssl_ctx, "certs/server/sm2_enc.key", SSL_FILETYPE_PEM)) { ERR_print_errors_fp(stderr); exit(EXIT_FAILURE); } fd = socket(AF_INET, SOCK_STREAM, 0); if (fd < 0) { perror("Unable to create socket"); exit(EXIT_FAILURE); } addr.sin_family = AF_INET; inet_pton(AF_INET, server_ip, &addr.sin_addr.s_addr); addr.sin_port = htons(atoi(server_port)); /* Reuse the address; good for quick restarts */ if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval)) < 0) { perror("setsockopt(SO_REUSEADDR) failed"); exit(EXIT_FAILURE); } if (bind(fd, (struct sockaddr*) &addr, sizeof(addr)) < 0) { perror("Unable to bind"); exit(EXIT_FAILURE); } if (listen(fd, 1) < 0) { perror("Unable to listen"); exit(EXIT_FAILURE); } printf("We are the server on port: %d\n\n", atoi(server_port)); /* * Loop to accept clients. * Need to implement timeouts on TCP & SSL connect/read functions * before we can catch a CTRL-C and kill the server. */ while (server_running) { /* Wait for TCP connection from client */ conn_fd= accept(fd, (struct sockaddr*) &addr, &addr_len); if (conn_fd < 0) { perror("Unable to accept"); exit(EXIT_FAILURE); } printf("Client TCP connection accepted\n"); /* Create server SSL structure using newly accepted client socket */ ssl = SSL_new(ssl_ctx); SSL_set_fd(ssl, conn_fd); /* Wait for SSL connection from the client */ if (SSL_accept(ssl) <= 0) { ERR_print_errors_fp(stderr); server_running = 0; } else { printf("Client TLCP connection accepted\n\n"); /* Echo loop */ while (1) { /* Get message from client; will fail if client closes connection */ if ((rxlen = SSL_read(ssl, rxbuf, rxcap)) <= 0) { if (rxlen == 0) { printf("Client closed connection\n"); } ERR_print_errors_fp(stderr); break; } /* Insure null terminated input */ rxbuf[rxlen] = 0; /* Look for kill switch */ if (strcmp(rxbuf, "kill\n") == 0) { /* Terminate...with extreme prejudice */ printf("Server received 'kill' command\n"); server_running = 0; break; } /* Show received message */ printf("Received: %s", rxbuf); /* Echo it back */ if (SSL_write(ssl, rxbuf, rxlen) <= 0) { ERR_print_errors_fp(stderr); } } } if (server_running) { /* Cleanup for next client */ SSL_shutdown(ssl); SSL_free(ssl); close(conn_fd); conn_fd = -1; } } printf("Server exiting...\n"); exit: /* Close up */ if (ssl != NULL) { SSL_shutdown(ssl); SSL_free(ssl); } SSL_CTX_free(ssl_ctx); if (conn_fd != -1) close(conn_fd); if (fd != -1) close(fd); if (txbuf != NULL && txcap > 0) free(txbuf); return 0; } // gcc server.c -I/opt/tongsuo/include/ -L/opt/tongsuo/lib64/ -lssl -lcrypto -Wl,-rpath=/opt/tongsuo/lib64 -o server ``` ![image](https://github.com/user-attachments/assets/995ab142-7d77-4bd5-ba31-7683788d215e) success message ```powershell /opt/tongsuo/bin/tongsuo s_client -connect localhost:443 -enable_ntls -ntls -trace CONNECTED(00000003) Sent Record Header: Version = NTLS (0x101) Content Type = Handshake (22) Length = 67 ClientHello, Length=63 client_version=0x101 (NTLS) Random: gmt_unix_time=0x2097FEF7 random_bytes (len=28): 3E44C3F20263F63665430367722FAD07729CF3BB92384598750E3422 session_id (len=0): cipher_suites (len=18) {0xE0, 0x53} ECC_SM4_GCM_SM3 {0xE0, 0x51} ECDHE_SM4_GCM_SM3 {0xE0, 0x5A} RSA_SM4_GCM_SHA256 {0xE0, 0x59} RSA_SM4_GCM_SM3 {0xE0, 0x13} ECC_SM4_CBC_SM3 {0xE0, 0x11} ECDHE_SM4_CBC_SM3 {0xE0, 0x1C} RSA_SM4_CBC_SHA256 {0xE0, 0x19} RSA_SM4_CBC_SM3 {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV compression_methods (len=1) No Compression (0x00) extensions, length = 4 extension_type=session_ticket(35), length=0 Received Record Header: Version = NTLS (0x101) Content Type = Handshake (22) Length = 48 ServerHello, Length=44 server_version=0x101 (NTLS) Random: gmt_unix_time=0x90852DE0 random_bytes (len=28): 1B84AE8426B120771C6771F57E1F1184D02F2F3FDFBC3E11FC843077 session_id (len=0): cipher_suite {0xE0, 0x53} ECC_SM4_GCM_SM3 compression_method: No Compression (0x00) extensions, length = 4 extension_type=session_ticket(35), length=0 Can't use SSL_get_servername Received Record Header: Version = NTLS (0x101) Content Type = Handshake (22) Length = 1418 Certificate, Length=1414 certificate_list, length=1411 ASN.1Cert, length=713 ------details----- Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: SM2-with-SM3 Issuer: C = AB, ST = CD, O = GH, OU = IJ, CN = SUBCA SM2 Validity Not Before: Oct 17 06:52:14 2024 GMT Not After : Oct 17 06:52:14 2025 GMT Subject: C = AB, ST = CD, O = GH, OU = IJ, CN = SERVER Sign SM2 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:ef:44:04:68:a3:99:80:b6:ab:6b:e5:6f:e3:91: d6:24:93:55:c4:9c:ed:9e:67:69:ac:b8:9b:85:93: 32:1b:07:aa:46:07:fb:a0:0e:2a:91:b7:c2:6f:78: 6c:ab:3f:1c:1b:97:bf:e1:c1:01:67:c3:df:f9:80: f5:61:59:a2:4e ASN1 OID: SM2 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: SSL Server Netscape Comment: Tongsuo Generated Server Certificate X509v3 Subject Key Identifier: 5B:16:CB:E1:95:02:B2:FC:78:37:DF:A9:88:35:DA:9C:B3:08:DA:48 X509v3 Authority Key Identifier: keyid:54:70:9A:20:12:88:AF:86:0B:FF:71:AB:83:57:AC:D7:CD:82:5B:38 DirName:/C=AB/ST=CD/O=GH/OU=IJ/CN=CA SM2 serial:00 X509v3 Key Usage: Digital Signature, Non Repudiation X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Subject Alternative Name: DNS:localhost, DNS:localhost.localdomain, DNS:127.0.0.1 Signature Algorithm: SM2-with-SM3 Signature Value: 30:44:02:20:6f:65:67:e0:87:61:c7:19:f9:8b:99:53:77:85: 80:6d:40:f8:12:c5:52:d4:18:83:47:d2:26:fa:b2:7a:aa:4d: 02:20:5f:0d:82:f0:0f:65:1d:e4:03:be:e7:5c:9d:3a:12:47: ee:34:a6:68:8a:5f:4e:fe:db:bd:e3:30:1c:25:e8:fa -----BEGIN CERTIFICATE----- MIICxTCCAmygAwIBAgIBATAKBggqgRzPVQGDdTBIMQswCQYDVQQGEwJBQjELMAkG A1UECAwCQ0QxCzAJBgNVBAoMAkdIMQswCQYDVQQLDAJJSjESMBAGA1UEAwwJU1VC Q0EgU00yMB4XDTI0MTAxNzA2NTIxNFoXDTI1MTAxNzA2NTIxNFowTjELMAkGA1UE BhMCQUIxCzAJBgNVBAgMAkNEMQswCQYDVQQKDAJHSDELMAkGA1UECwwCSUoxGDAW BgNVBAMMD1NFUlZFUiBTaWduIFNNMjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IA BO9EBGijmYC2q2vlb+OR1iSTVcSc7Z5naay4m4WTMhsHqkYH+6AOKpG3wm94bKs/ HBuXv+HBAWfD3/mA9WFZok6jggE/MIIBOzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIB AQQEAwIGQDAzBglghkgBhvhCAQ0EJhYkVG9uZ3N1byBHZW5lcmF0ZWQgU2VydmVy IENlcnRpZmljYXRlMB0GA1UdDgQWBBRbFsvhlQKy/Hg336mINdqcswjaSDBtBgNV HSMEZjBkgBRUcJogEoivhgv/cauDV6zXzYJbOKFJpEcwRTELMAkGA1UEBhMCQUIx CzAJBgNVBAgMAkNEMQswCQYDVQQKDAJHSDELMAkGA1UECwwCSUoxDzANBgNVBAMM BkNBIFNNMoIBADALBgNVHQ8EBAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNgYD VR0RBC8wLYIJbG9jYWxob3N0ghVsb2NhbGhvc3QubG9jYWxkb21haW6CCTEyNy4w LjAuMTAKBggqgRzPVQGDdQNHADBEAiBvZWfgh2HHGfmLmVN3hYBtQPgSxVLUGINH 0ib6snqqTQIgXw2C8A9lHeQDvudcnToSR+40pmiKX07+273jMBwl6Po= -----END CERTIFICATE----- ------------------ ASN.1Cert, length=692 ------details----- Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: SM2-with-SM3 Issuer: C = AB, ST = CD, O = GH, OU = IJ, CN = SUBCA SM2 Validity Not Before: Oct 17 06:52:25 2024 GMT Not After : Oct 17 06:52:25 2025 GMT Subject: C = AB, ST = CD, O = GH, OU = IJ, CN = SERVER Enc SM2 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:71:db:a9:fe:e1:f3:e2:18:ab:99:7e:73:68:c7: 14:91:63:bc:2a:d7:3a:4c:7a:a4:3e:ce:c0:9a:08: 5b:96:ec:13:99:8d:57:43:a4:4b:81:b3:09:8a:25: 99:d1:e6:8c:da:21:ab:3a:1c:74:cb:af:6f:48:95: 07:34:a9:1c:6f ASN1 OID: SM2 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: SSL Server Netscape Comment: Tongsuo Generated Server Certificate X509v3 Subject Key Identifier: C2:85:7B:3B:56:98:83:65:48:51:37:42:D8:35:55:62:DB:E3:25:2F X509v3 Authority Key Identifier: keyid:54:70:9A:20:12:88:AF:86:0B:FF:71:AB:83:57:AC:D7:CD:82:5B:38 DirName:/C=AB/ST=CD/O=GH/OU=IJ/CN=CA SM2 serial:00 X509v3 Key Usage: Key Encipherment, Data Encipherment, Key Agreement X509v3 Subject Alternative Name: DNS:localhost, DNS:localhost.localdomain, DNS:127.0.0.1 Signature Algorithm: SM2-with-SM3 Signature Value: 30:45:02:21:00:d0:85:b6:78:6b:06:45:52:3d:94:e9:8b:19: 49:f4:ab:a4:81:ee:db:83:9c:9b:46:e5:93:30:8b:d2:37:4c: c7:02:20:3c:f1:64:d1:ac:b6:8e:f3:58:4f:d3:71:13:f0:03: 2b:aa:80:02:14:f8:7c:c6:c9:3b:e9:d7:0f:0f:c3:b5:d6 -----BEGIN CERTIFICATE----- MIICsDCCAlagAwIBAgIBAjAKBggqgRzPVQGDdTBIMQswCQYDVQQGEwJBQjELMAkG A1UECAwCQ0QxCzAJBgNVBAoMAkdIMQswCQYDVQQLDAJJSjESMBAGA1UEAwwJU1VC Q0EgU00yMB4XDTI0MTAxNzA2NTIyNVoXDTI1MTAxNzA2NTIyNVowTTELMAkGA1UE BhMCQUIxCzAJBgNVBAgMAkNEMQswCQYDVQQKDAJHSDELMAkGA1UECwwCSUoxFzAV BgNVBAMMDlNFUlZFUiBFbmMgU00yMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE cdup/uHz4hirmX5zaMcUkWO8Ktc6THqkPs7AmghbluwTmY1XQ6RLgbMJiiWZ0eaM 2iGrOhx0y69vSJUHNKkcb6OCASowggEmMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEB BAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRUb25nc3VvIEdlbmVyYXRlZCBTZXJ2ZXIg Q2VydGlmaWNhdGUwHQYDVR0OBBYEFMKFeztWmINlSFE3Qtg1VWLb4yUvMG0GA1Ud IwRmMGSAFFRwmiASiK+GC/9xq4NXrNfNgls4oUmkRzBFMQswCQYDVQQGEwJBQjEL MAkGA1UECAwCQ0QxCzAJBgNVBAoMAkdIMQswCQYDVQQLDAJJSjEPMA0GA1UEAwwG Q0EgU00yggEAMAsGA1UdDwQEAwIDODA2BgNVHREELzAtgglsb2NhbGhvc3SCFWxv Y2FsaG9zdC5sb2NhbGRvbWFpboIJMTI3LjAuMC4xMAoGCCqBHM9VAYN1A0gAMEUC IQDQhbZ4awZFUj2U6YsZSfSrpIHu24Ocm0blkzCL0jdMxwIgPPFk0ay2jvNYT9Nx E/ADK6qAAhT4fMbJO+nXDw/DtdY= -----END CERTIFICATE----- ------------------ depth=0 C = AB, ST = CD, O = GH, OU = IJ, CN = SERVER Enc SM2 verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = AB, ST = CD, O = GH, OU = IJ, CN = SERVER Enc SM2 verify error:num=21:unable to verify the first certificate verify return:1 depth=0 C = AB, ST = CD, O = GH, OU = IJ, CN = SERVER Enc SM2 verify return:1 depth=0 C = AB, ST = CD, O = GH, OU = IJ, CN = SERVER Sign SM2 verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = AB, ST = CD, O = GH, OU = IJ, CN = SERVER Sign SM2 verify error:num=21:unable to verify the first certificate verify return:1 depth=0 C = AB, ST = CD, O = GH, OU = IJ, CN = SERVER Sign SM2 verify return:1 Received Record Header: Version = NTLS (0x101) Content Type = Handshake (22) Length = 78 ServerKeyExchange, Length=74 KeyExchangeAlgorithm=SM2 Signature (len=72): 3046022100D9381F207E866779BE34CEACD450CB7F7471625E4684D25D23D5A78C23351AEA022100C811CF68D9A22E88AE174603D91B7FB6CB4F9F393109B69000CB32217DFE5C6E Received Record Header: Version = NTLS (0x101) Content Type = Handshake (22) Length = 4 ServerHelloDone, Length=0 Sent Record Header: Version = NTLS (0x101) Content Type = Handshake (22) Length = 162 ClientKeyExchange, Length=158 KeyExchangeAlgorithm=SM2 EncryptedPreMasterSecret (len=156): 3081990220443C312A98970C42C187BF26614962CE2DF7BC500ACF30A8E38AA9E88E2AC6DD0221008FCA2EB5EF896746D01C07E405EA118E1ABC6DFB765154495DFBB8118644DF320420C8C36947510894545B9548F2467B4F5FA85437CF637BD6CB7D314AB1A7C62A9304304465D1BFEBB70B22C08773B7A838C061D7690CC99BFCC69A52BF85972CFB78D19487DDDC32609A73F0240CF38BC4D11F Sent Record Header: Version = NTLS (0x101) Content Type = ChangeCipherSpec (20) Length = 1 change_cipher_spec (1) Sent Record Header: Version = NTLS (0x101) Content Type = Handshake (22) Length = 40 Finished, Length=12 verify_data (len=12): B34432C65827D3456ABA2AEC Received Record Header: Version = NTLS (0x101) Content Type = Handshake (22) Length = 170 NewSessionTicket, Length=166 ticket_lifetime_hint=7200 ticket (len=160): 4953F04BEE6E506BA4A9322622880C8AF7CC62AADACF83A733E0A3D1BDCBF287382EE78D960C212040D66E894C0550EA552A5E88CF6B8C75B65EF924E60A9A3E540A8F2D81EFAD83A5E8018C10C04E8E6406B8BA4379DACFED83A4B56381AD66429DDC73F9A9DA20696A4D9BE3283ABB1C95B525BAD27A8EFB5C970DEE5FDC1FE4604D63711E11A3DF26D84089BF2B2CE62C3933F9C573D0B75B562C56BDED69 Received Record Header: Version = NTLS (0x101) Content Type = ChangeCipherSpec (20) Length = 1 Received Record Header: Version = NTLS (0x101) Content Type = Handshake (22) Length = 40 Finished, Length=12 verify_data (len=12): 9AA16CEF5CF1AFB8EE9DCEE8 --- Certificate chain 0 s:C = AB, ST = CD, O = GH, OU = IJ, CN = SERVER Sign SM2 i:C = AB, ST = CD, O = GH, OU = IJ, CN = SUBCA SM2 a:PKEY: id-ecPublicKey, 256 (bit); sigalg: SM2-SM3 v:NotBefore: Oct 17 06:52:14 2024 GMT; NotAfter: Oct 17 06:52:14 2025 GMT 1 s:C = AB, ST = CD, O = GH, OU = IJ, CN = SERVER Enc SM2 i:C = AB, ST = CD, O = GH, OU = IJ, CN = SUBCA SM2 a:PKEY: id-ecPublicKey, 256 (bit); sigalg: SM2-SM3 v:NotBefore: Oct 17 06:52:25 2024 GMT; NotAfter: Oct 17 06:52:25 2025 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICxTCCAmygAwIBAgIBATAKBggqgRzPVQGDdTBIMQswCQYDVQQGEwJBQjELMAkG A1UECAwCQ0QxCzAJBgNVBAoMAkdIMQswCQYDVQQLDAJJSjESMBAGA1UEAwwJU1VC Q0EgU00yMB4XDTI0MTAxNzA2NTIxNFoXDTI1MTAxNzA2NTIxNFowTjELMAkGA1UE BhMCQUIxCzAJBgNVBAgMAkNEMQswCQYDVQQKDAJHSDELMAkGA1UECwwCSUoxGDAW BgNVBAMMD1NFUlZFUiBTaWduIFNNMjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IA BO9EBGijmYC2q2vlb+OR1iSTVcSc7Z5naay4m4WTMhsHqkYH+6AOKpG3wm94bKs/ HBuXv+HBAWfD3/mA9WFZok6jggE/MIIBOzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIB AQQEAwIGQDAzBglghkgBhvhCAQ0EJhYkVG9uZ3N1byBHZW5lcmF0ZWQgU2VydmVy IENlcnRpZmljYXRlMB0GA1UdDgQWBBRbFsvhlQKy/Hg336mINdqcswjaSDBtBgNV HSMEZjBkgBRUcJogEoivhgv/cauDV6zXzYJbOKFJpEcwRTELMAkGA1UEBhMCQUIx CzAJBgNVBAgMAkNEMQswCQYDVQQKDAJHSDELMAkGA1UECwwCSUoxDzANBgNVBAMM BkNBIFNNMoIBADALBgNVHQ8EBAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNgYD VR0RBC8wLYIJbG9jYWxob3N0ghVsb2NhbGhvc3QubG9jYWxkb21haW6CCTEyNy4w LjAuMTAKBggqgRzPVQGDdQNHADBEAiBvZWfgh2HHGfmLmVN3hYBtQPgSxVLUGINH 0ib6snqqTQIgXw2C8A9lHeQDvudcnToSR+40pmiKX07+273jMBwl6Po= -----END CERTIFICATE----- subject=C = AB, ST = CD, O = GH, OU = IJ, CN = SERVER Sign SM2 issuer=C = AB, ST = CD, O = GH, OU = IJ, CN = SUBCA SM2 --- No client certificate CA names sent Peer signing digest: SM3 Peer signature type: SM2 --- SSL handshake has read 1794 bytes and written 290 bytes Verification error: unable to verify the first certificate --- New, NTLSv1.1, Cipher is ECC-SM2-SM4-GCM-SM3 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : NTLSv1.1 Cipher : ECC-SM2-SM4-GCM-SM3 Session-ID: 212B0F5776BBC2A10057973F8922E86669C442732BF1587E709CA45544B28CBD Session-ID-ctx: Master-Key: 963D3AABEC333DB080600123FF14057949903CC9E032F475E057A8880BA8A3DE69A9CD62D81C98C5E94EDF4EEE739742 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 49 53 f0 4b ee 6e 50 6b-a4 a9 32 26 22 88 0c 8a IS.K.nPk..2&"... 0010 - f7 cc 62 aa da cf 83 a7-33 e0 a3 d1 bd cb f2 87 ..b.....3....... 0020 - 38 2e e7 8d 96 0c 21 20-40 d6 6e 89 4c 05 50 ea 8.....! @.n.L.P. 0030 - 55 2a 5e 88 cf 6b 8c 75-b6 5e f9 24 e6 0a 9a 3e U*^..k.u.^.$...> 0040 - 54 0a 8f 2d 81 ef ad 83-a5 e8 01 8c 10 c0 4e 8e T..-..........N. 0050 - 64 06 b8 ba 43 79 da cf-ed 83 a4 b5 63 81 ad 66 d...Cy......c..f 0060 - 42 9d dc 73 f9 a9 da 20-69 6a 4d 9b e3 28 3a bb B..s... ijM..(:. 0070 - 1c 95 b5 25 ba d2 7a 8e-fb 5c 97 0d ee 5f dc 1f ...%..z..\..._.. 0080 - e4 60 4d 63 71 1e 11 a3-df 26 d8 40 89 bf 2b 2c .`Mcq....&.@..+, 0090 - e6 2c 39 33 f9 c5 73 d0-b7 5b 56 2c 56 bd ed 69 .,93..s..[V,V..i Start Time: 1729158605 Timeout : 7200 (sec) Verify return code: 21 (unable to verify the first certificate) Extended master secret: no QUIC: no --- ```

I noticed that this time the cipher was successfully recognized.

New, NTLSv1.1, Cipher is ECC-SM2-SM4-GCM-SM3

Based on this, I have a few questions:

Does pipy fully support the national encryption standard?
Maybe there are some errors in main.js ?

Thank you very much!

ruhuang2001 commented 1 month ago

I try to use pipy debug mode show this output

$ ./pipy ../../certs/server/main.js --log-level=debug
2024-10-18 10:20:26.442 [DBG] [worker   0x7f6b78006690] ++
2024-10-18 10:20:26.442 [DBG] [module   0x7f6b78077f10] ++ index = 0
2024-10-18 10:20:26.443 [DBG] [context  0x7f6b78071e60] ++ id = 1
2024-10-18 10:20:26.451 [DBG] [context  0x7f6b78071e60] -- id = 1
2024-10-18 10:20:26.452 [INF] [config]
2024-10-18 10:20:26.452 [INF] [config] Module /main.js
2024-10-18 10:20:26.452 [INF] [config] ===============
2024-10-18 10:20:26.452 [INF] [config]
2024-10-18 10:20:26.452 [INF] [config]  [Listen on 443 at 0.0.0.0]
2024-10-18 10:20:26.452 [INF] [config]  ----->|
2024-10-18 10:20:26.452 [INF] [config]        |
2024-10-18 10:20:26.452 [INF] [config]       acceptTLS
2024-10-18 10:20:26.452 [INF] [config]        |
2024-10-18 10:20:26.452 [INF] [config]        |--> []
2024-10-18 10:20:26.452 [INF] [config]              replaceMessage -->|
2024-10-18 10:20:26.452 [INF] [config]                                |
2024-10-18 10:20:26.452 [INF] [config]  <-----------------------------|
2024-10-18 10:20:26.452 [INF] [config]
2024-10-18 10:20:26.452 [DBG] [pipeline] create layout: Pipeline at line 39
2024-10-18 10:20:26.452 [DBG] [pipeline] create layout: [0.0.0.0]:443
2024-10-18 10:20:26.452 [DBG] [inbound  0x7f6b78121010] ++
2024-10-18 10:20:26.452 [INF] [listener] Listening on TCP port 443 at 0.0.0.0
2024-10-18 10:20:26.452 [DBG] [thread] Thread 0 started
2024-10-18 10:20:44.116 [DBG] [inbound] [127.0.0.1]:36132 -> [127.0.0.1]:443 connection accepted
2024-10-18 10:20:44.116 [DBG] [context  0x7f6b78071e60] ++ id = 2
2024-10-18 10:20:44.116 [DBG] [pipeline] ++ [0.0.0.0]:443, active = 1, pooled = 0, context = 2
2024-10-18 10:20:44.116 [DBG] [inbound  0x7f6b78131640] ++
2024-10-18 10:20:44.116 [DBG] [listener] [accept] thread 0 port [0.0.0.0]:443 state: [open] local 1/-1 global 1/-1
T+0         tcp >>>> recv 58
2024-10-18 10:20:44.117 [DBG] [pipeline] ++ Pipeline at line 39, active = 1, pooled = 0, context = 2
2024-10-18 10:20:44.118 [WRN] [tls] handshake failed (error = 1)
2024-10-18 10:20:44.118 [WRN] [tls] error:0A0000C1:SSL routines::no shared cipher
2024-10-18 10:20:44.118 [DBG] [inbound] [127.0.0.1]:36132 -> [127.0.0.1]:443 socket shutdown
T+1.81ms    tcp >>>> recv 7
2024-10-18 10:20:44.118 [WRN] [tls] handshake failed (error = 5)
2024-10-18 10:20:44.119 [DBG] [inbound] [127.0.0.1]:36132 -> [127.0.0.1]:443 EOF from peer
2024-10-18 10:20:44.119 [DBG] [inbound] [127.0.0.1]:36132 -> [127.0.0.1]:443 socket closed
2024-10-18 10:20:44.119 [DBG] [listener] [finish] thread 0 port [0.0.0.0]:443 state: [open] local 0/-1 global 0/-1
2024-10-18 10:20:44.119 [DBG] [inbound  0x7f6b78121010] --
2024-10-18 10:20:44.119 [DBG] [pipeline] -- Pipeline at line 39, active = 0, pooled = 1
2024-10-18 10:20:44.119 [DBG] [context  0x7f6b78071e60] -- id = 2
2024-10-18 10:20:44.119 [DBG] [pipeline] -- [0.0.0.0]:443, active = 0, pooled = 1

$ /opt/tongsuo/bin/tongsuo s_client -connect localhost:443 -cipher ECC-SM2-SM4-CBC-SM3 -enable_ntls -ntls -trace
CONNECTED(00000003)
Sent Record
Header:
  Version = NTLS (0x101)
  Content Type = Handshake (22)
  Length = 53
    ClientHello, Length=49
      client_version=0x101 (NTLS)
      Random:
        gmt_unix_time=0x40F1DE70
        random_bytes (len=28): 5AA50B0D17187D55C4B4CA589A311819E2FBF7B1910253A3CFE1684D
      session_id (len=0):
      cipher_suites (len=4)
        {0xE0, 0x13} ECC_SM4_CBC_SM3
        {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
      compression_methods (len=1)
        No Compression (0x00)
      extensions, length = 4
        extension_type=session_ticket(35), length=0

Sent Record
Header:
  Version = NTLS (0x101)
  Content Type = Alert (21)
  Length = 2
    Level=fatal(2), description=decode error(50)

40A762DF7B7F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:306:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 65 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : NTLSv1.1
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1729218044
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    QUIC: no
---

naqvis commented 1 month ago

@ruhuang2001 please help to share the pipy version you are using.

pipy -v

ruhuang2001 commented 1 month ago

ok, by the way wsl ubuntu version is 22.04

$ ./pipy -v
Version          : 1.5.1
Commit           : 71e490e084cf887aeb0010cbe430a384e6effb67
Commit Date      : Sun, 13 Oct 2024 11:07:36 +0800
Host             : Linux-5.15.153.1-microsoft-standard-WSL2 x86_64
Tongsuo          : Tongsuo 8.5.0-dev
Builtin GUI      : No
Builtin Codebases: No

naqvis commented 1 month ago

Codebase to work with NTLS is located under macro PIPY_USE_NTLS in file tls.cpp

would appreciate if you can help to review and contribute changes (if required).

naqvis commented 1 month ago

I tried to reproduce that but seems I'm getting different results than you

PS: openssl is tongsuo

❯ apps/openssl s_client -connect localhost:8443  -enable_ntls -ntls -trace
CONNECTED(00000005)
Sent Record
Header:
  Version = NTLS (0x101)
  Content Type = Handshake (22)
  Length = 67
    ClientHello, Length=63
      client_version=0x101 (NTLS)
      Random:
        gmt_unix_time=0x91999F19
        random_bytes (len=28): B817A5FD20B4849DA017AEC62D96C139F818D613B45F596088EC62A2
      session_id (len=0):
      cipher_suites (len=18)
        {0xE0, 0x53} ECC_SM4_GCM_SM3
        {0xE0, 0x51} ECDHE_SM4_GCM_SM3
        {0xE0, 0x5A} RSA_SM4_GCM_SHA256
        {0xE0, 0x59} RSA_SM4_GCM_SM3
        {0xE0, 0x13} ECC_SM4_CBC_SM3
        {0xE0, 0x11} ECDHE_SM4_CBC_SM3
        {0xE0, 0x1C} RSA_SM4_CBC_SHA256
        {0xE0, 0x19} RSA_SM4_CBC_SM3
        {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
      compression_methods (len=1)
        No Compression (0x00)
      extensions, length = 4
        extension_type=session_ticket(35), length=0

Received Record
Header:
  Version = NTLS (0x101)
  Content Type = Handshake (22)
  Length = 48
    ServerHello, Length=44
      server_version=0x101 (NTLS)
      Random:
        gmt_unix_time=0x95817C1F
        random_bytes (len=28): E37767885A75F34E42A101478E9A6827BB812F0D87D20AFCF69DCA6B
      session_id (len=0):
      cipher_suite {0xE0, 0x53} ECC_SM4_GCM_SM3
      compression_method: No Compression (0x00)
      extensions, length = 4
        extension_type=session_ticket(35), length=0

Can't use SSL_get_servername
Received Record
Header:
  Version = NTLS (0x101)
  Content Type = Handshake (22)
  Length = 1006
    Certificate, Length=1002
      certificate_list, length=999
        ASN.1Cert, length=498
------details-----
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:b2:93:95:ce:be:08:da:07:82:59:84:93:ec:66:f9:62:2a:65:c0
        Signature Algorithm: SM2-with-SM3
        Issuer: C = AA, ST = BB, O = CC, OU = DD, CN = sub ca
        Validity
            Not Before: Feb 22 02:30:14 2023 GMT
            Not After : Jan 29 02:30:14 2123 GMT
        Subject: C = AA, ST = BB, O = CC, OU = DD, CN = server sign
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:05:bf:fa:ee:c4:06:c8:f3:f5:80:a6:e3:9c:52:
                    84:76:c0:df:2b:61:06:5d:4a:74:f4:76:af:0f:b6:
                    68:90:f8:96:ac:c4:b2:1d:8b:03:6d:13:f1:7b:d4:
                    d3:82:34:90:8b:ed:b7:7f:8e:3e:ae:87:06:54:fc:
                    6f:a8:04:8d:0c
                ASN1 OID: SM2
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Non Repudiation
            X509v3 Subject Key Identifier:
                7D:EE:06:A9:1D:A3:02:2F:93:FF:CF:EE:7E:54:B6:7A:55:F5:34:7A
            X509v3 Authority Key Identifier:
                AC:61:EB:22:80:62:59:08:3E:96:C8:D1:7F:CE:74:5C:02:AF:3C:99
    Signature Algorithm: SM2-with-SM3
    Signature Value:
        30:46:02:21:00:b3:5b:fe:99:fd:df:c8:25:44:eb:3b:4a:3c:
        9c:2c:4d:95:ee:91:d0:09:11:08:a5:05:85:6f:73:6c:84:65:
        37:02:21:00:96:71:83:88:2c:d9:c5:76:40:5d:fb:a0:7b:3a:
        f5:30:fe:32:44:5b:aa:5e:18:6f:8e:fe:8c:b7:fc:7f:6e:3b
-----BEGIN CERTIFICATE-----
MIIB7jCCAZOgAwIBAgIUcbKTlc6+CNoHglmEk+xm+WIqZcAwCgYIKoEcz1UBg3Uw
RTELMAkGA1UEBhMCQUExCzAJBgNVBAgMAkJCMQswCQYDVQQKDAJDQzELMAkGA1UE
CwwCREQxDzANBgNVBAMMBnN1YiBjYTAgFw0yMzAyMjIwMjMwMTRaGA8yMTIzMDEy
OTAyMzAxNFowSjELMAkGA1UEBhMCQUExCzAJBgNVBAgMAkJCMQswCQYDVQQKDAJD
QzELMAkGA1UECwwCREQxFDASBgNVBAMMC3NlcnZlciBzaWduMFkwEwYHKoZIzj0C
AQYIKoEcz1UBgi0DQgAEBb/67sQGyPP1gKbjnFKEdsDfK2EGXUp09HavD7ZokPiW
rMSyHYsDbRPxe9TTgjSQi+23f44+rocGVPxvqASNDKNaMFgwCQYDVR0TBAIwADAL
BgNVHQ8EBAMCBsAwHQYDVR0OBBYEFH3uBqkdowIvk//P7n5UtnpV9TR6MB8GA1Ud
IwQYMBaAFKxh6yKAYlkIPpbI0X/OdFwCrzyZMAoGCCqBHM9VAYN1A0kAMEYCIQCz
W/6Z/d/IJUTrO0o8nCxNle6R0AkRCKUFhW9zbIRlNwIhAJZxg4gs2cV2QF37oHs6
9TD+MkRbql4Yb47+jLf8f247
-----END CERTIFICATE-----
------------------
        ASN.1Cert, length=495
------details-----
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:d8:92:e9:63:ac:a0:45:62:0e:79:9d:6f:c3:1d:93:74:33:e5:7c
        Signature Algorithm: SM2-with-SM3
        Issuer: C = AA, ST = BB, O = CC, OU = DD, CN = sub ca
        Validity
            Not Before: Feb 22 02:30:14 2023 GMT
            Not After : Jan 29 02:30:14 2123 GMT
        Subject: C = AA, ST = BB, O = CC, OU = DD, CN = server enc
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:7d:be:a5:45:43:45:81:72:bd:3b:68:8e:50:9c:
                    2d:f5:45:86:ac:e0:0b:58:ec:94:14:99:f9:4a:50:
                    a5:8c:67:5d:6f:9a:da:ff:08:9e:81:37:a7:63:43:
                    ac:d2:f3:5c:a3:0a:8a:5c:cf:81:b7:cd:ce:52:66:
                    a0:16:b9:e3:64
                ASN1 OID: SM2
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Key Encipherment, Data Encipherment, Key Agreement
            X509v3 Subject Key Identifier:
                67:A5:AD:D5:94:76:E0:5A:9C:5E:56:B8:86:0F:F1:3B:28:EE:EC:54
            X509v3 Authority Key Identifier:
                AC:61:EB:22:80:62:59:08:3E:96:C8:D1:7F:CE:74:5C:02:AF:3C:99
    Signature Algorithm: SM2-with-SM3
    Signature Value:
        30:44:02:20:47:59:35:79:c4:ad:ec:8d:b7:df:98:c4:aa:e1:
        66:1c:11:39:a5:ef:12:93:f2:2a:3a:a4:12:d0:9b:ec:d6:e6:
        02:20:6e:57:30:1d:17:79:46:95:6f:d3:9c:b5:ac:60:39:02:
        cd:17:c7:51:7e:d8:94:1e:cc:98:5e:a7:db:69:58:c8
-----BEGIN CERTIFICATE-----
MIIB6zCCAZKgAwIBAgIUaNiS6WOsoEViDnmdb8Mdk3Qz5XwwCgYIKoEcz1UBg3Uw
RTELMAkGA1UEBhMCQUExCzAJBgNVBAgMAkJCMQswCQYDVQQKDAJDQzELMAkGA1UE
CwwCREQxDzANBgNVBAMMBnN1YiBjYTAgFw0yMzAyMjIwMjMwMTRaGA8yMTIzMDEy
OTAyMzAxNFowSTELMAkGA1UEBhMCQUExCzAJBgNVBAgMAkJCMQswCQYDVQQKDAJD
QzELMAkGA1UECwwCREQxEzARBgNVBAMMCnNlcnZlciBlbmMwWTATBgcqhkjOPQIB
BggqgRzPVQGCLQNCAAR9vqVFQ0WBcr07aI5QnC31RYas4AtY7JQUmflKUKWMZ11v
mtr/CJ6BN6djQ6zS81yjCopcz4G3zc5SZqAWueNko1owWDAJBgNVHRMEAjAAMAsG
A1UdDwQEAwIDODAdBgNVHQ4EFgQUZ6Wt1ZR24FqcXla4hg/xOyju7FQwHwYDVR0j
BBgwFoAUrGHrIoBiWQg+lsjRf850XAKvPJkwCgYIKoEcz1UBg3UDRwAwRAIgR1k1
ecSt7I2335jEquFmHBE5pe8Sk/IqOqQS0Jvs1uYCIG5XMB0XeUaVb9OctaxgOQLN
F8dRftiUHsyYXqfbaVjI
-----END CERTIFICATE-----
------------------

depth=0 C = AA, ST = BB, O = CC, OU = DD, CN = server enc
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = AA, ST = BB, O = CC, OU = DD, CN = server enc
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C = AA, ST = BB, O = CC, OU = DD, CN = server enc
verify return:1
depth=0 C = AA, ST = BB, O = CC, OU = DD, CN = server sign
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = AA, ST = BB, O = CC, OU = DD, CN = server sign
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C = AA, ST = BB, O = CC, OU = DD, CN = server sign
verify return:1
Received Record
Header:
  Version = NTLS (0x101)
  Content Type = Handshake (22)
  Length = 78
    ServerKeyExchange, Length=74
      KeyExchangeAlgorithm=SM2
      Signature (len=72): 3046022100E0D20EBA5713FEB1217306CB7BEB26D0AF61E49E73C30679A94D47B5F622F231022100B621E47B130D7380978C62DECA1BD6B6A6DF3157A5A13FFFA18C242E5932529D

Received Record
Header:
  Version = NTLS (0x101)
  Content Type = Handshake (22)
  Length = 4
    ServerHelloDone, Length=0

Sent Record
Header:
  Version = NTLS (0x101)
  Content Type = Handshake (22)
  Length = 162
    ClientKeyExchange, Length=158
      KeyExchangeAlgorithm=SM2
        EncryptedPreMasterSecret (len=156): 30819902210096F70B37084138F772A6DEEFF763812A258DA51FFDF1B12AEB0DA58722827F7102200260B229420CADAF5350A0CD98EFC26ED088E0B642EC72E49A32AC69BD3AF75B04205D0EC8FAD05137A4F8B1E8027839DE81DCEC2163483247DD8CAF6BABECF4324D0430A9BE9DFCD1045C1828B6B204230B88FDEBA6F4C5EDF23D803E9C0F41D571AEE0FBE0F89F366C668CD353FC15044070DB

Sent Record
Header:
  Version = NTLS (0x101)
  Content Type = ChangeCipherSpec (20)
  Length = 1
    change_cipher_spec (1)

Sent Record
Header:
  Version = NTLS (0x101)
  Content Type = Handshake (22)
  Length = 40
    Finished, Length=12
      verify_data (len=12): 65CA08B0E10E5E98CDF2CF42

Received Record
Header:
  Version = NTLS (0x101)
  Content Type = Handshake (22)
  Length = 170
    NewSessionTicket, Length=166
        ticket_lifetime_hint=7200
        ticket (len=160): 2671CE7987205F49BD589E578F145551351159B72032E167292C1E44F1FE6D7A6887BB1FCCAC2E81430E72EE5FDE9A336D3953912DF52CF87BFAB1BC69323B5003436A27122CD68547A7BCE60C1ACA43FD1CE9DD5B34E880597533919D24A0F0CFD331464514E516E9A8ADD21354E68A0BAF9693CAC74BE6C8ED8021F6CC802A11CEB105D18B9B049F05B5275E24C9DAA0FF7608FC39DB2D08BF25A0AADA94FB

Received Record
Header:
  Version = NTLS (0x101)
  Content Type = ChangeCipherSpec (20)
  Length = 1
Received Record
Header:
  Version = NTLS (0x101)
  Content Type = Handshake (22)
  Length = 40
    Finished, Length=12
      verify_data (len=12): 1CCEC571471DDBD1BE6CB1AF

---
Certificate chain
 0 s:C = AA, ST = BB, O = CC, OU = DD, CN = server sign
   i:C = AA, ST = BB, O = CC, OU = DD, CN = sub ca
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: SM2-SM3
   v:NotBefore: Feb 22 02:30:14 2023 GMT; NotAfter: Jan 29 02:30:14 2123 GMT
 1 s:C = AA, ST = BB, O = CC, OU = DD, CN = server enc
   i:C = AA, ST = BB, O = CC, OU = DD, CN = sub ca
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: SM2-SM3
   v:NotBefore: Feb 22 02:30:14 2023 GMT; NotAfter: Jan 29 02:30:14 2123 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIB7jCCAZOgAwIBAgIUcbKTlc6+CNoHglmEk+xm+WIqZcAwCgYIKoEcz1UBg3Uw
RTELMAkGA1UEBhMCQUExCzAJBgNVBAgMAkJCMQswCQYDVQQKDAJDQzELMAkGA1UE
CwwCREQxDzANBgNVBAMMBnN1YiBjYTAgFw0yMzAyMjIwMjMwMTRaGA8yMTIzMDEy
OTAyMzAxNFowSjELMAkGA1UEBhMCQUExCzAJBgNVBAgMAkJCMQswCQYDVQQKDAJD
QzELMAkGA1UECwwCREQxFDASBgNVBAMMC3NlcnZlciBzaWduMFkwEwYHKoZIzj0C
AQYIKoEcz1UBgi0DQgAEBb/67sQGyPP1gKbjnFKEdsDfK2EGXUp09HavD7ZokPiW
rMSyHYsDbRPxe9TTgjSQi+23f44+rocGVPxvqASNDKNaMFgwCQYDVR0TBAIwADAL
BgNVHQ8EBAMCBsAwHQYDVR0OBBYEFH3uBqkdowIvk//P7n5UtnpV9TR6MB8GA1Ud
IwQYMBaAFKxh6yKAYlkIPpbI0X/OdFwCrzyZMAoGCCqBHM9VAYN1A0kAMEYCIQCz
W/6Z/d/IJUTrO0o8nCxNle6R0AkRCKUFhW9zbIRlNwIhAJZxg4gs2cV2QF37oHs6
9TD+MkRbql4Yb47+jLf8f247
-----END CERTIFICATE-----
subject=C = AA, ST = BB, O = CC, OU = DD, CN = server sign
issuer=C = AA, ST = BB, O = CC, OU = DD, CN = sub ca
---
No client certificate CA names sent
Peer signing digest: SM3
Peer signature type: SM2
---
SSL handshake has read 1382 bytes and written 290 bytes
Verification error: unable to verify the first certificate
---
New, NTLSv1.1, Cipher is ECC-SM2-SM4-GCM-SM3
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : NTLSv1.1
    Cipher    : ECC-SM2-SM4-GCM-SM3
    Session-ID: CA3136135E78560955CF4D4208A5B52F815F63B85123BA82131239A702ADEE66
    Session-ID-ctx:
    Master-Key: AA050F946E4E9D65DEB8D32ACB252715B83FF5BA2B25018065C6ECF6B34905C92BAD15AF73FE072DC5481EA7E43FFF74
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 26 71 ce 79 87 20 5f 49-bd 58 9e 57 8f 14 55 51   &q.y. _I.X.W..UQ
    0010 - 35 11 59 b7 20 32 e1 67-29 2c 1e 44 f1 fe 6d 7a   5.Y. 2.g),.D..mz
    0020 - 68 87 bb 1f cc ac 2e 81-43 0e 72 ee 5f de 9a 33   h.......C.r._..3
    0030 - 6d 39 53 91 2d f5 2c f8-7b fa b1 bc 69 32 3b 50   m9S.-.,.{...i2;P
    0040 - 03 43 6a 27 12 2c d6 85-47 a7 bc e6 0c 1a ca 43   .Cj'.,..G......C
    0050 - fd 1c e9 dd 5b 34 e8 80-59 75 33 91 9d 24 a0 f0   ....[4..Yu3..$..
    0060 - cf d3 31 46 45 14 e5 16-e9 a8 ad d2 13 54 e6 8a   ..1FE........T..
    0070 - 0b af 96 93 ca c7 4b e6-c8 ed 80 21 f6 cc 80 2a   ......K....!...*
    0080 - 11 ce b1 05 d1 8b 9b 04-9f 05 b5 27 5e 24 c9 da   ...........'^$..
    0090 - a0 ff 76 08 fc 39 db 2d-08 bf 25 a0 aa da 94 fb   ..v..9.-..%.....

    Start Time: 1729220594
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
    QUIC: no
---

naqvis commented 1 month ago

and here is excerpt from sample i've used

ruhuang2001 commented 1 month ago

and here is excerpt from sample i've used

I am a newcomer to cryptography.

I noticed that it seems like you're passing six arguments (cert, key, certSign, certEnc, keySign, keyEnc) to it. Could it be that my failure is due to the fact that I only passing four arguments (certSign, certEnc, keySign, keyEnc) to it like #192 ? I referenced the Tongsuo documentation to generate the file as follows:

I tried to reproduce that but seems I'm getting different results than you

PS: openssl is tongsuo

❯ apps/openssl s_client -connect localhost:8443  -enable_ntls -ntls -trace
CONNECTED(00000005)
Sent Record
Header:
  Version = NTLS (0x101)
  Content Type = Handshake (22)
  Length = 67
    ClientHello, Length=63
·······················
No client certificate CA names sent
Peer signing digest: SM3
Peer signature type: SM2
---
SSL handshake has read 1382 bytes and written 290 bytes
Verification error: unable to verify the first certificate
---
New, NTLSv1.1, Cipher is ECC-SM2-SM4-GCM-SM3
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : NTLSv1.1
    Cipher    : ECC-SM2-SM4-GCM-SM3
    Session-ID: CA3136135E78560955CF4D4208A5B52F815F63B85123BA82131239A702ADEE66
    Session-ID-ctx:
    Master-Key: AA050F946E4E9D65DEB8D32ACB252715B83FF5BA2B25018065C6ECF6B34905C92BAD15AF73FE072DC5481EA7E43FFF74
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 26 71 ce 79 87 20 5f 49-bd 58 9e 57 8f 14 55 51   &q.y. _I.X.W..UQ
    0010 - 35 11 59 b7 20 32 e1 67-29 2c 1e 44 f1 fe 6d 7a   5.Y. 2.g),.D..mz
    0020 - 68 87 bb 1f cc ac 2e 81-43 0e 72 ee 5f de 9a 33   h.......C.r._..3
    0030 - 6d 39 53 91 2d f5 2c f8-7b fa b1 bc 69 32 3b 50   m9S.-.,.{...i2;P
    0040 - 03 43 6a 27 12 2c d6 85-47 a7 bc e6 0c 1a ca 43   .Cj'.,..G......C
    0050 - fd 1c e9 dd 5b 34 e8 80-59 75 33 91 9d 24 a0 f0   ....[4..Yu3..$..
    0060 - cf d3 31 46 45 14 e5 16-e9 a8 ad d2 13 54 e6 8a   ..1FE........T..
    0070 - 0b af 96 93 ca c7 4b e6-c8 ed 80 21 f6 cc 80 2a   ......K....!...*
    0080 - 11 ce b1 05 d1 8b 9b 04-9f 05 b5 27 5e 24 c9 da   ...........'^$..
    0090 - a0 ff 76 08 fc 39 db 2d-08 bf 25 a0 aa da 94 fb   ..v..9.-..%.....

    Start Time: 1729220594
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
    QUIC: no
---

you used the same main.js for testing, right?

naqvis commented 1 month ago

you used the same main.js for testing, right?

I used modified sample, but below is your provided sample script (with some minor tweaks)

var certSign = new crypto.Certificate(pipy.load('ntls/server_sign.crt'));
var keySign = new crypto.PrivateKey(pipy.load('ntls/server_sign.key'));

var certEnc = new crypto.Certificate(pipy.load('ntls/server_enc.crt'));
var keyEnc = new crypto.PrivateKey(pipy.load('ntls/server_enc.key'));

var cert = new crypto.Certificate(pipy.load("secret/server-cert.pem"));
var key = new crypto.PrivateKey(pipy.load("secret/server-key.pem"));

pipy()
    .listen(443)
    .acceptTLS({
        ntls: true,
        certificate: {
            cert,
            key,
            certSign,
            certEnc,
            keySign,
            keyEnc
        },
        ciphers: 'ECC-SM2-SM4-CBC-SM3',
    })
    .to(
        $ => $.replaceMessage(
            new Message({
                status: 200,
                headers: {
                    'Content-Type': 'text/html'
                },
                body: `<h1>TLS handshake successful with SM2! Welcome to the server.</h1>`
            })
        )
    );

ruhuang2001 commented 1 month ago

The error might be caused by this :

I noticed that it seems like you're passing six arguments (cert, key, certSign, certEnc, keySign, keyEnc) to it. Could it be that my failure is due to the fact that I only passing four arguments (certSign, certEnc, keySign, keyEnc) to it like https://github.com/flomesh-io/pipy/issues/192 ?

After adding cert and key auguments , it success recognize.

I used modified sample, but below is your provided sample script (with some minor tweaks)

var cert = new crypto.Certificate(pipy.load("secret/server-cert.pem"));
var key = new crypto.PrivateKey(pipy.load("secret/server-key.pem"));
···
    .acceptTLS({
        ntls: true,
        certificate: {
            cert,
            key,
            certSign,
            certEnc,
            keySign,
            keyEnc
        },
        ciphers: 'ECC-SM2-SM4-CBC-SM3',
    })

Thanks a lot!

naqvis commented 1 month ago

Glad it helped. Feel free to close this issue

flomesh-io / pipy

SM2 Cipher Suite Not Recognized in Pipy's NTLS Configuration with SM2 Certificates #197