|
Packit Service |
4684c1 |
/*
|
|
Packit Service |
4684c1 |
* Copyright (C) 2001-2012 Free Software Foundation, Inc.
|
|
Packit Service |
4684c1 |
* Copyright (C) 2017 Red Hat, Inc.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Author: Nikos Mavrogiannopoulos
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This file is part of GnuTLS.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit Service |
4684c1 |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit Service |
4684c1 |
* the License, or (at your option) any later version.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This library is distributed in the hope that it will be useful, but
|
|
Packit Service |
4684c1 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
4684c1 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
4684c1 |
* Lesser General Public License for more details.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include "gnutls_int.h"
|
|
Packit Service |
4684c1 |
#include "errors.h"
|
|
Packit Service |
4684c1 |
#include <x509_b64.h>
|
|
Packit Service |
4684c1 |
#include <auth/cert.h>
|
|
Packit Service |
4684c1 |
#include <algorithms.h>
|
|
Packit Service |
4684c1 |
#include <datum.h>
|
|
Packit Service |
4684c1 |
#include <mpi.h>
|
|
Packit Service |
4684c1 |
#include <global.h>
|
|
Packit Service |
4684c1 |
#include <pk.h>
|
|
Packit Service |
4684c1 |
#include <debug.h>
|
|
Packit Service |
4684c1 |
#include <buffers.h>
|
|
Packit Service |
4684c1 |
#include <tls-sig.h>
|
|
Packit Service |
4684c1 |
#include <kx.h>
|
|
Packit Service |
4684c1 |
#include <libtasn1.h>
|
|
Packit Service |
4684c1 |
#include <ext/signature.h>
|
|
Packit Service |
4684c1 |
#include <state.h>
|
|
Packit Service |
4684c1 |
#include <x509/common.h>
|
|
Packit Service |
4684c1 |
#include <abstract_int.h>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_check_key_usage_for_sig(gnutls_session_t session, unsigned key_usage, unsigned our_cert)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
const char *lstr;
|
|
Packit Service |
4684c1 |
unsigned allow_key_usage_violation;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (our_cert) {
|
|
Packit Service |
4684c1 |
lstr = "Local";
|
|
Packit Service |
4684c1 |
allow_key_usage_violation = session->internals.priorities->allow_server_key_usage_violation;
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
lstr = "Peer's";
|
|
Packit Service |
4684c1 |
allow_key_usage_violation = session->internals.allow_key_usage_violation;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (key_usage != 0) {
|
|
Packit Service |
4684c1 |
if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
if (likely(allow_key_usage_violation == 0)) {
|
|
Packit Service |
4684c1 |
_gnutls_audit_log(session,
|
|
Packit Service |
4684c1 |
"%s certificate does not allow digital signatures. Key usage violation detected.\n", lstr);
|
|
Packit Service |
4684c1 |
return GNUTLS_E_KEY_USAGE_VIOLATION;
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
_gnutls_audit_log(session,
|
|
Packit Service |
4684c1 |
"%s certificate does not allow digital signatures. Key usage violation detected (ignored).\n", lstr);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Generates a signature of all the random data and the parameters.
|
|
Packit Service |
4684c1 |
* Used in *DHE_* ciphersuites for TLS 1.2.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_sign_data12(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert, gnutls_privkey_t pkey,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * params,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature,
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_t sign_algo)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dconcat;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_handshake_log
|
|
Packit Service |
4684c1 |
("HSK[%p]: signing TLS 1.2 handshake data: using %s\n", session,
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_get_name(sign_algo));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (unlikely(gnutls_sign_supports_pk_algorithm(sign_algo, pkey->pk_algorithm) == 0))
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dconcat.size = GNUTLS_RANDOM_SIZE*2 + params->size;
|
|
Packit Service |
4684c1 |
dconcat.data = gnutls_malloc(dconcat.size);
|
|
Packit Service |
4684c1 |
if (dconcat.data == NULL)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memcpy(dconcat.data, session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
|
|
Packit Service |
4684c1 |
memcpy(dconcat.data+GNUTLS_RANDOM_SIZE, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
|
|
Packit Service |
4684c1 |
memcpy(dconcat.data+GNUTLS_RANDOM_SIZE*2, params->data, params->size);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_privkey_sign_data2(pkey, sign_algo,
|
|
Packit Service |
4684c1 |
0, &dconcat, signature);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
gnutls_free(dconcat.data);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_sign_data10(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert, gnutls_privkey_t pkey,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * params,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature,
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_t sign_algo)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dconcat;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
digest_hd_st td_sha;
|
|
Packit Service |
4684c1 |
uint8_t concat[MAX_SIG_SIZE];
|
|
Packit Service |
4684c1 |
const mac_entry_st *me;
|
|
Packit Service |
4684c1 |
gnutls_pk_algorithm_t pk_algo;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pk_algo = gnutls_privkey_get_pk_algorithm(pkey, NULL);
|
|
Packit Service |
4684c1 |
if (pk_algo == GNUTLS_PK_RSA)
|
|
Packit Service |
4684c1 |
me = hash_to_entry(GNUTLS_DIG_MD5_SHA1);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
me = hash_to_entry(
|
|
Packit Service |
4684c1 |
gnutls_sign_get_hash_algorithm(sign_algo));
|
|
Packit Service |
4684c1 |
if (me == NULL)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (unlikely(gnutls_sign_supports_pk_algorithm(sign_algo, pk_algo) == 0))
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pk_algo = gnutls_sign_get_pk_algorithm(sign_algo);
|
|
Packit Service |
4684c1 |
if (pk_algo == GNUTLS_PK_UNKNOWN)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_handshake_log
|
|
Packit Service |
4684c1 |
("HSK[%p]: signing handshake data: using %s\n", session,
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_get_name(sign_algo));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_hash_init(&td_sha, me);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_hash(&td_sha, session->security_parameters.client_random,
|
|
Packit Service |
4684c1 |
GNUTLS_RANDOM_SIZE);
|
|
Packit Service |
4684c1 |
_gnutls_hash(&td_sha, session->security_parameters.server_random,
|
|
Packit Service |
4684c1 |
GNUTLS_RANDOM_SIZE);
|
|
Packit Service |
4684c1 |
_gnutls_hash(&td_sha, params->data, params->size);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_hash_deinit(&td_sha, concat);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dconcat.data = concat;
|
|
Packit Service |
4684c1 |
dconcat.size = _gnutls_hash_get_algo_len(me);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_privkey_sign_hash(pkey, me->id, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
|
|
Packit Service |
4684c1 |
&dconcat, signature);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Generates a signature of all the random data and the parameters.
|
|
Packit Service |
4684c1 |
* Used in DHE_* ciphersuites.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_sign_data(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert, gnutls_privkey_t pkey,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * params,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature,
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_t * sign_algo)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
const version_entry_st *ver = get_version(session);
|
|
Packit Service |
4684c1 |
unsigned key_usage = 0;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
*sign_algo = session->security_parameters.server_sign_algo;
|
|
Packit Service |
4684c1 |
if (*sign_algo == GNUTLS_SIGN_UNKNOWN) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_UNWANTED_ALGORITHM;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_check_key_usage_for_sig(session, key_usage, 1);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (_gnutls_version_has_selectable_sighash(ver))
|
|
Packit Service |
4684c1 |
return _gnutls_handshake_sign_data12(session, cert, pkey, params, signature, *sign_algo);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
return _gnutls_handshake_sign_data10(session, cert, pkey, params, signature, *sign_algo);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Generates a signature of all the random data and the parameters.
|
|
Packit Service |
4684c1 |
* Used in DHE_* ciphersuites.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_verify_data10(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
unsigned verify_flags,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * params,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature,
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_t sign_algo)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dconcat;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
digest_hd_st td_sha;
|
|
Packit Service |
4684c1 |
uint8_t concat[MAX_SIG_SIZE];
|
|
Packit Service |
4684c1 |
gnutls_digest_algorithm_t hash_algo;
|
|
Packit Service |
4684c1 |
const mac_entry_st *me;
|
|
Packit Service |
4684c1 |
gnutls_pk_algorithm_t pk_algo;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
pk_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
|
|
Packit Service |
4684c1 |
if (pk_algo == GNUTLS_PK_RSA) {
|
|
Packit Service |
4684c1 |
hash_algo = GNUTLS_DIG_MD5_SHA1;
|
|
Packit Service |
4684c1 |
verify_flags |= GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA;
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
hash_algo = GNUTLS_DIG_SHA1;
|
|
Packit Service |
4684c1 |
if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
|
|
Packit Service |
4684c1 |
sign_algo = gnutls_pk_to_sign(pk_algo, hash_algo);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
me = hash_to_entry(hash_algo);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_hash_init(&td_sha, me);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_hash(&td_sha, session->security_parameters.client_random,
|
|
Packit Service |
4684c1 |
GNUTLS_RANDOM_SIZE);
|
|
Packit Service |
4684c1 |
_gnutls_hash(&td_sha, session->security_parameters.server_random,
|
|
Packit Service |
4684c1 |
GNUTLS_RANDOM_SIZE);
|
|
Packit Service |
4684c1 |
_gnutls_hash(&td_sha, params->data, params->size);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_hash_deinit(&td_sha, concat);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dconcat.data = concat;
|
|
Packit Service |
4684c1 |
dconcat.size = _gnutls_hash_get_algo_len(me);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo,
|
|
Packit Service |
4684c1 |
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1|verify_flags,
|
|
Packit Service |
4684c1 |
&dconcat, signature);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_verify_data12(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
unsigned verify_flags,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * params,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature,
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_t sign_algo)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dconcat;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
const version_entry_st *ver = get_version(session);
|
|
Packit Service |
4684c1 |
const gnutls_sign_entry_st *se = _gnutls_sign_to_entry(sign_algo);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_handshake_log
|
|
Packit Service |
4684c1 |
("HSK[%p]: verify TLS 1.2 handshake data: using %s\n", session,
|
|
Packit Service |
4684c1 |
se->name);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
_gnutls_pubkey_compatible_with_sig(session,
|
|
Packit Service |
4684c1 |
cert->pubkey, ver,
|
|
Packit Service |
4684c1 |
sign_algo);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (unlikely(sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == 0)) {
|
|
Packit Service |
4684c1 |
_gnutls_handshake_log("HSK[%p]: certificate of %s cannot be combined with %s sig\n",
|
|
Packit Service |
4684c1 |
session, gnutls_pk_get_name(cert->pubkey->params.algo), se->name);
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
_gnutls_session_sign_algo_enabled(session, sign_algo);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dconcat.size = GNUTLS_RANDOM_SIZE*2+params->size;
|
|
Packit Service |
4684c1 |
dconcat.data = gnutls_malloc(dconcat.size);
|
|
Packit Service |
4684c1 |
if (dconcat.data == NULL)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memcpy(dconcat.data, session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
|
|
Packit Service |
4684c1 |
memcpy(dconcat.data+GNUTLS_RANDOM_SIZE, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
|
|
Packit Service |
4684c1 |
memcpy(dconcat.data+GNUTLS_RANDOM_SIZE*2, params->data, params->size);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Here we intentionally enable flag GNUTLS_VERIFY_ALLOW_BROKEN
|
|
Packit Service |
4684c1 |
* because we have checked whether the currently used signature
|
|
Packit Service |
4684c1 |
* algorithm is allowed in the session. */
|
|
Packit Service |
4684c1 |
ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags|GNUTLS_VERIFY_ALLOW_BROKEN,
|
|
Packit Service |
4684c1 |
&dconcat, signature);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_free(dconcat.data);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_verify_data(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
unsigned verify_flags,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * params,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature,
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_t sign_algo)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned key_usage;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
const version_entry_st *ver = get_version(session);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (cert == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_CERTIFICATE_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_check_key_usage_for_sig(session, key_usage, 0);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_set_server(session, sign_algo);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (_gnutls_version_has_selectable_sighash(ver))
|
|
Packit Service |
4684c1 |
return _gnutls_handshake_verify_data12(session, verify_flags, cert, params, signature, sign_algo);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
return _gnutls_handshake_verify_data10(session, verify_flags, cert, params, signature, sign_algo);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Client certificate verify calculations
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void
|
|
Packit Service |
4684c1 |
_gnutls_reverse_datum(gnutls_datum_t * d)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned i;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (i = 0; i < d->size / 2; i ++) {
|
|
Packit Service |
4684c1 |
uint8_t t = d->data[i];
|
|
Packit Service |
4684c1 |
d->data[i] = d->data[d->size - 1 - i];
|
|
Packit Service |
4684c1 |
d->data[d->size - 1 - i] = t;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
_gnutls_create_reverse(const gnutls_datum_t *src, gnutls_datum_t *dst)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned int i;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dst->size = src->size;
|
|
Packit Service |
4684c1 |
dst->data = gnutls_malloc(dst->size);
|
|
Packit Service |
4684c1 |
if (!dst->data)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (i = 0; i < dst->size; i++)
|
|
Packit Service |
4684c1 |
dst->data[i] = src->data[dst->size - 1 - i];
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* this is _gnutls_handshake_verify_crt_vrfy for TLS 1.2
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_verify_crt_vrfy12(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
unsigned verify_flags,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature,
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_t sign_algo)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
gnutls_datum_t dconcat;
|
|
Packit Service |
4684c1 |
const gnutls_sign_entry_st *se = _gnutls_sign_to_entry(sign_algo);
|
|
Packit Service |
4684c1 |
gnutls_datum_t sig_rev = {NULL, 0};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (unlikely(sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == 0)) {
|
|
Packit Service |
4684c1 |
_gnutls_handshake_log("HSK[%p]: certificate of %s cannot be combined with %s sig\n",
|
|
Packit Service |
4684c1 |
session, gnutls_pk_get_name(cert->pubkey->params.algo), se->name);
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (se->flags & GNUTLS_SIGN_FLAG_CRT_VRFY_REVERSE) {
|
|
Packit Service |
4684c1 |
ret = _gnutls_create_reverse(signature, &sig_rev);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dconcat.data = session->internals.handshake_hash_buffer.data;
|
|
Packit Service |
4684c1 |
dconcat.size = session->internals.handshake_hash_buffer_prev_len;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Here we intentionally enable flag GNUTLS_VERIFY_ALLOW_BROKEN
|
|
Packit Service |
4684c1 |
* because we have checked whether the currently used signature
|
|
Packit Service |
4684c1 |
* algorithm is allowed in the session. */
|
|
Packit Service |
4684c1 |
ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags|GNUTLS_VERIFY_ALLOW_BROKEN,
|
|
Packit Service |
4684c1 |
&dconcat,
|
|
Packit Service |
4684c1 |
sig_rev.data ? &sig_rev : signature);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(&sig_rev);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Verifies a SSL 3.0 signature (like the one in the client certificate
|
|
Packit Service |
4684c1 |
* verify message).
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
#ifdef ENABLE_SSL3
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_verify_crt_vrfy3(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
unsigned verify_flags,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature,
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_t sign_algo)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
uint8_t concat[MAX_SIG_SIZE];
|
|
Packit Service |
4684c1 |
digest_hd_st td_sha;
|
|
Packit Service |
4684c1 |
gnutls_datum_t dconcat;
|
|
Packit Service |
4684c1 |
gnutls_pk_algorithm_t pk =
|
|
Packit Service |
4684c1 |
gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_generate_master(session, 1);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dconcat.data = concat;
|
|
Packit Service |
4684c1 |
dconcat.size = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (pk == GNUTLS_PK_RSA) {
|
|
Packit Service |
4684c1 |
digest_hd_st td_md5;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_hash_init(&td_md5,
|
|
Packit Service |
4684c1 |
hash_to_entry(GNUTLS_DIG_MD5));
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_hash(&td_md5,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer.data,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer_prev_len);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_mac_deinit_ssl3_handshake(&td_md5, concat,
|
|
Packit Service |
4684c1 |
session->security_parameters.
|
|
Packit Service |
4684c1 |
master_secret,
|
|
Packit Service |
4684c1 |
GNUTLS_MASTER_SIZE);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
verify_flags |= GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA;
|
|
Packit Service |
4684c1 |
dconcat.size = 16;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_hash_init(&td_sha, hash_to_entry(GNUTLS_DIG_SHA1));
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_HASH_FAILED;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_hash(&td_sha,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer.data,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer_prev_len);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
_gnutls_mac_deinit_ssl3_handshake(&td_sha,
|
|
Packit Service |
4684c1 |
dconcat.data + dconcat.size,
|
|
Packit Service |
4684c1 |
session->security_parameters.
|
|
Packit Service |
4684c1 |
master_secret,
|
|
Packit Service |
4684c1 |
GNUTLS_MASTER_SIZE);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dconcat.size += 20;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_pubkey_verify_hash2(cert->pubkey, GNUTLS_SIGN_UNKNOWN,
|
|
Packit Service |
4684c1 |
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1|verify_flags,
|
|
Packit Service |
4684c1 |
&dconcat, signature);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_verify_crt_vrfy10(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
unsigned verify_flags,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature,
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_t sign_algo)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
uint8_t concat[MAX_SIG_SIZE];
|
|
Packit Service |
4684c1 |
digest_hd_st td_sha;
|
|
Packit Service |
4684c1 |
gnutls_datum_t dconcat;
|
|
Packit Service |
4684c1 |
gnutls_pk_algorithm_t pk_algo;
|
|
Packit Service |
4684c1 |
const mac_entry_st *me;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* TLS 1.0 and TLS 1.1 */
|
|
Packit Service |
4684c1 |
pk_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
|
|
Packit Service |
4684c1 |
if (pk_algo == GNUTLS_PK_RSA) {
|
|
Packit Service |
4684c1 |
me = hash_to_entry(GNUTLS_DIG_MD5_SHA1);
|
|
Packit Service |
4684c1 |
verify_flags |= GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA;
|
|
Packit Service |
4684c1 |
sign_algo = GNUTLS_SIGN_UNKNOWN;
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
me = hash_to_entry(GNUTLS_DIG_SHA1);
|
|
Packit Service |
4684c1 |
sign_algo = gnutls_pk_to_sign(pk_algo, GNUTLS_DIG_SHA1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
ret = _gnutls_hash_init(&td_sha, me);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_hash(&td_sha,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer.data,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer_prev_len);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_hash_deinit(&td_sha, concat);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dconcat.data = concat;
|
|
Packit Service |
4684c1 |
dconcat.size = _gnutls_hash_get_algo_len(me);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo,
|
|
Packit Service |
4684c1 |
GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1|verify_flags,
|
|
Packit Service |
4684c1 |
&dconcat, signature);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Verifies a TLS signature (like the one in the client certificate
|
|
Packit Service |
4684c1 |
* verify message).
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_verify_crt_vrfy(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
unsigned verify_flags,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature,
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_t sign_algo)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
const version_entry_st *ver = get_version(session);
|
|
Packit Service |
4684c1 |
unsigned key_usage;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (cert == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_CERTIFICATE_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_check_key_usage_for_sig(session, key_usage, 0);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_handshake_log("HSK[%p]: verify cert vrfy: using %s\n",
|
|
Packit Service |
4684c1 |
session,
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_get_name(sign_algo));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (unlikely(ver == NULL))
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_set_client(session, sign_algo);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* TLS 1.2 */
|
|
Packit Service |
4684c1 |
if (_gnutls_version_has_selectable_sighash(ver))
|
|
Packit Service |
4684c1 |
return _gnutls_handshake_verify_crt_vrfy12(session,
|
|
Packit Service |
4684c1 |
verify_flags,
|
|
Packit Service |
4684c1 |
cert,
|
|
Packit Service |
4684c1 |
signature,
|
|
Packit Service |
4684c1 |
sign_algo);
|
|
Packit Service |
4684c1 |
#ifdef ENABLE_SSL3
|
|
Packit Service |
4684c1 |
if (ver->id == GNUTLS_SSL3)
|
|
Packit Service |
4684c1 |
return _gnutls_handshake_verify_crt_vrfy3(session,
|
|
Packit Service |
4684c1 |
verify_flags,
|
|
Packit Service |
4684c1 |
cert,
|
|
Packit Service |
4684c1 |
signature,
|
|
Packit Service |
4684c1 |
sign_algo);
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* TLS 1.0 and TLS 1.1 */
|
|
Packit Service |
4684c1 |
return _gnutls_handshake_verify_crt_vrfy10(session,
|
|
Packit Service |
4684c1 |
verify_flags,
|
|
Packit Service |
4684c1 |
cert,
|
|
Packit Service |
4684c1 |
signature,
|
|
Packit Service |
4684c1 |
sign_algo);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* the same as _gnutls_handshake_sign_crt_vrfy except that it is made for TLS 1.2.
|
|
Packit Service |
4684c1 |
* Returns the used signature algorithm, or a negative error code.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert,
|
|
Packit Service |
4684c1 |
gnutls_privkey_t pkey,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dconcat;
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_t sign_algo;
|
|
Packit Service |
4684c1 |
const gnutls_sign_entry_st *se;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
sign_algo = _gnutls_session_get_sign_algo(session, cert, pkey, 1, GNUTLS_KX_UNKNOWN);
|
|
Packit Service |
4684c1 |
if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_UNWANTED_ALGORITHM;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
se = _gnutls_sign_to_entry(sign_algo);
|
|
Packit Service |
4684c1 |
if (se == NULL)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_set_client(session, sign_algo);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (unlikely(gnutls_sign_supports_pk_algorithm(sign_algo, pkey->pk_algorithm) == 0))
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_debug_log("sign handshake cert vrfy: picked %s\n",
|
|
Packit Service |
4684c1 |
gnutls_sign_algorithm_get_name(sign_algo));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dconcat.data = session->internals.handshake_hash_buffer.data;
|
|
Packit Service |
4684c1 |
dconcat.size = session->internals.handshake_hash_buffer.length;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_privkey_sign_data2(pkey, sign_algo,
|
|
Packit Service |
4684c1 |
0, &dconcat, signature);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (se->flags & GNUTLS_SIGN_FLAG_CRT_VRFY_REVERSE)
|
|
Packit Service |
4684c1 |
_gnutls_reverse_datum(signature);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return sign_algo;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#ifdef ENABLE_SSL3
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_sign_crt_vrfy3(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert,
|
|
Packit Service |
4684c1 |
const version_entry_st *ver,
|
|
Packit Service |
4684c1 |
gnutls_privkey_t pkey,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dconcat;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
uint8_t concat[MAX_SIG_SIZE];
|
|
Packit Service |
4684c1 |
digest_hd_st td_sha;
|
|
Packit Service |
4684c1 |
gnutls_pk_algorithm_t pk =
|
|
Packit Service |
4684c1 |
gnutls_privkey_get_pk_algorithm(pkey, NULL);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* ensure 1024 bit DSA keys are used */
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
_gnutls_pubkey_compatible_with_sig(session, cert->pubkey, ver,
|
|
Packit Service |
4684c1 |
GNUTLS_SIGN_UNKNOWN);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_generate_master(session, 1);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dconcat.data = concat;
|
|
Packit Service |
4684c1 |
dconcat.size = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (pk == GNUTLS_PK_RSA) {
|
|
Packit Service |
4684c1 |
digest_hd_st td_md5;
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
_gnutls_hash_init(&td_md5,
|
|
Packit Service |
4684c1 |
hash_to_entry(GNUTLS_DIG_MD5));
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_hash(&td_md5,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer.data,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer.
|
|
Packit Service |
4684c1 |
length);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_mac_deinit_ssl3_handshake(&td_md5,
|
|
Packit Service |
4684c1 |
dconcat.data,
|
|
Packit Service |
4684c1 |
session->security_parameters.
|
|
Packit Service |
4684c1 |
master_secret,
|
|
Packit Service |
4684c1 |
GNUTLS_MASTER_SIZE);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dconcat.size = 16;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_hash_init(&td_sha, hash_to_entry(GNUTLS_DIG_SHA1));
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_hash(&td_sha,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer.data,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer.length);
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
_gnutls_mac_deinit_ssl3_handshake(&td_sha,
|
|
Packit Service |
4684c1 |
dconcat.data + dconcat.size,
|
|
Packit Service |
4684c1 |
session->security_parameters.
|
|
Packit Service |
4684c1 |
master_secret,
|
|
Packit Service |
4684c1 |
GNUTLS_MASTER_SIZE);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dconcat.size += 20;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_privkey_sign_hash(pkey, GNUTLS_DIG_SHA1,
|
|
Packit Service |
4684c1 |
GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
|
|
Packit Service |
4684c1 |
&dconcat, signature);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return GNUTLS_SIGN_UNKNOWN;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_sign_crt_vrfy10(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert,
|
|
Packit Service |
4684c1 |
const version_entry_st *ver,
|
|
Packit Service |
4684c1 |
gnutls_privkey_t pkey,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t dconcat;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
uint8_t concat[MAX_SIG_SIZE];
|
|
Packit Service |
4684c1 |
digest_hd_st td_sha;
|
|
Packit Service |
4684c1 |
gnutls_pk_algorithm_t pk =
|
|
Packit Service |
4684c1 |
gnutls_privkey_get_pk_algorithm(pkey, NULL);
|
|
Packit Service |
4684c1 |
const mac_entry_st *me;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* ensure 1024 bit DSA keys are used */
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
_gnutls_pubkey_compatible_with_sig(session, cert->pubkey, ver,
|
|
Packit Service |
4684c1 |
GNUTLS_SIGN_UNKNOWN);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (pk == GNUTLS_PK_RSA)
|
|
Packit Service |
4684c1 |
me = hash_to_entry(GNUTLS_DIG_MD5_SHA1);
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
me = hash_to_entry(GNUTLS_DIG_SHA1);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_hash_init(&td_sha, me);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_hash(&td_sha,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer.data,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer.length);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_hash_deinit(&td_sha, concat);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dconcat.data = concat;
|
|
Packit Service |
4684c1 |
dconcat.size = _gnutls_hash_get_algo_len(me);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_privkey_sign_hash(pkey, me->id, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
|
|
Packit Service |
4684c1 |
&dconcat, signature);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return GNUTLS_SIGN_UNKNOWN;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Generates a signature of all the previous sent packets in the
|
|
Packit Service |
4684c1 |
* handshake procedure.
|
|
Packit Service |
4684c1 |
* 20040227: now it works for SSL 3.0 as well
|
|
Packit Service |
4684c1 |
* 20091031: works for TLS 1.2 too!
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* For TLS1.x, x<2 returns negative for failure and zero or unspecified for success.
|
|
Packit Service |
4684c1 |
* For TLS1.2 returns the signature algorithm used on success, or a negative error code;
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns the used signature algorithm, or a negative error code.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_handshake_sign_crt_vrfy(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert,
|
|
Packit Service |
4684c1 |
gnutls_privkey_t pkey,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
const version_entry_st *ver = get_version(session);
|
|
Packit Service |
4684c1 |
unsigned key_usage = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (unlikely(ver == NULL))
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_check_key_usage_for_sig(session, key_usage, 1);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* TLS 1.2 */
|
|
Packit Service |
4684c1 |
if (_gnutls_version_has_selectable_sighash(ver))
|
|
Packit Service |
4684c1 |
return _gnutls_handshake_sign_crt_vrfy12(session, cert,
|
|
Packit Service |
4684c1 |
pkey, signature);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* TLS 1.1 or earlier */
|
|
Packit Service |
4684c1 |
#ifdef ENABLE_SSL3
|
|
Packit Service |
4684c1 |
if (ver->id == GNUTLS_SSL3)
|
|
Packit Service |
4684c1 |
return _gnutls_handshake_sign_crt_vrfy3(session, cert, ver,
|
|
Packit Service |
4684c1 |
pkey, signature);
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return _gnutls_handshake_sign_crt_vrfy10(session, cert, ver,
|
|
Packit Service |
4684c1 |
pkey, signature);
|
|
Packit Service |
4684c1 |
}
|