|
Packit Service |
4684c1 |
/*
|
|
Packit Service |
4684c1 |
* Copyright (C) 2017-2019 Red Hat, Inc.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Author: Nikos Mavrogiannopoulos
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This file is part of GnuTLS.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit Service |
4684c1 |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit Service |
4684c1 |
* the License, or (at your option) any later version.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This library is distributed in the hope that it will be useful, but
|
|
Packit Service |
4684c1 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
4684c1 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
4684c1 |
* Lesser General Public License for more details.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include "gnutls_int.h"
|
|
Packit Service |
4684c1 |
#include "errors.h"
|
|
Packit Service |
4684c1 |
#include <auth/cert.h>
|
|
Packit Service |
4684c1 |
#include <algorithms.h>
|
|
Packit Service |
4684c1 |
#include <ext/signature.h>
|
|
Packit Service |
4684c1 |
#include <abstract_int.h>
|
|
Packit Service |
4684c1 |
#include "tls13-sig.h"
|
|
Packit Service |
4684c1 |
#include "tls-sig.h"
|
|
Packit Service |
4684c1 |
#include "hash_int.h"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#undef PREFIX_SIZE
|
|
Packit Service |
4684c1 |
#define PREFIX_SIZE 64
|
|
Packit Service |
4684c1 |
#if PREFIX_SIZE < MAX_HASH_SIZE
|
|
Packit Service |
4684c1 |
/* we assume later that prefix is sufficient to store hash output */
|
|
Packit Service |
4684c1 |
# error Need to modify code
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls13_handshake_verify_data(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
unsigned verify_flags,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st *cert,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t *context,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t *signature,
|
|
Packit Service |
4684c1 |
const gnutls_sign_entry_st *se)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
const version_entry_st *ver = get_version(session);
|
|
Packit Service |
4684c1 |
gnutls_buffer_st buf;
|
|
Packit Service |
4684c1 |
uint8_t prefix[PREFIX_SIZE];
|
|
Packit Service |
4684c1 |
unsigned key_usage = 0;
|
|
Packit Service |
4684c1 |
gnutls_datum_t p;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_handshake_log
|
|
Packit Service |
4684c1 |
("HSK[%p]: verifying TLS 1.3 handshake data using %s\n", session,
|
|
Packit Service |
4684c1 |
se->name);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
_gnutls_pubkey_compatible_with_sig(session,
|
|
Packit Service |
4684c1 |
cert->pubkey, ver,
|
|
Packit Service |
4684c1 |
se->id);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (unlikely(sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == 0)) {
|
|
Packit Service |
4684c1 |
_gnutls_handshake_log("HSK[%p]: certificate of %s cannot be combined with %s sig\n",
|
|
Packit Service |
4684c1 |
session, gnutls_pk_get_name(cert->pubkey->params.algo), se->name);
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
_gnutls_session_sign_algo_enabled(session, se->id);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((se->flags & GNUTLS_SIGN_FLAG_TLS13_OK) == 0) /* explicitly prohibited */
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_check_key_usage_for_sig(session, key_usage, 0);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_buffer_init(&buf;;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memset(prefix, 0x20, sizeof(prefix));
|
|
Packit Service |
4684c1 |
ret = _gnutls_buffer_append_data(&buf, prefix, sizeof(prefix));
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_buffer_append_data(&buf, context->data, context->size);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_buffer_append_data(&buf, "\x00", 1);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_hash_fast(session->security_parameters.prf->id,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer.data,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer_prev_len,
|
|
Packit Service |
4684c1 |
prefix);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_buffer_append_data(&buf, prefix, session->security_parameters.prf->output_size);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
p.data = buf.data;
|
|
Packit Service |
4684c1 |
p.size = buf.length;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Here we intentionally enable flag GNUTLS_VERIFY_ALLOW_BROKEN
|
|
Packit Service |
4684c1 |
* because we have checked whether the currently used signature
|
|
Packit Service |
4684c1 |
* algorithm is allowed in the session. */
|
|
Packit Service |
4684c1 |
ret = gnutls_pubkey_verify_data2(cert->pubkey, se->id,
|
|
Packit Service |
4684c1 |
verify_flags|GNUTLS_VERIFY_ALLOW_BROKEN,
|
|
Packit Service |
4684c1 |
&p, signature);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = 0;
|
|
Packit Service |
4684c1 |
cleanup:
|
|
Packit Service |
4684c1 |
_gnutls_buffer_clear(&buf;;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls13_handshake_sign_data(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st * cert, gnutls_privkey_t pkey,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t *context,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * signature,
|
|
Packit Service |
4684c1 |
const gnutls_sign_entry_st *se)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
gnutls_datum_t p;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
gnutls_buffer_st buf;
|
|
Packit Service |
4684c1 |
uint8_t tmp[MAX_HASH_SIZE];
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (unlikely(se == NULL || (se->flags & GNUTLS_SIGN_FLAG_TLS13_OK) == 0))
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (unlikely(sign_supports_priv_pk_algorithm(se, pkey->pk_algorithm) == 0))
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* when we reach here we know we have a signing certificate */
|
|
Packit Service |
4684c1 |
_gnutls_handshake_log
|
|
Packit Service |
4684c1 |
("HSK[%p]: signing TLS 1.3 handshake data: using %s and PRF: %s\n", session, se->name,
|
|
Packit Service |
4684c1 |
session->security_parameters.prf->name);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_buffer_init(&buf;;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_buffer_resize(&buf, PREFIX_SIZE);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memset(buf.data, 0x20, PREFIX_SIZE);
|
|
Packit Service |
4684c1 |
buf.length += PREFIX_SIZE;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_buffer_append_data(&buf, context->data, context->size);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_buffer_append_data(&buf, "\x00", 1);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_hash_fast(session->security_parameters.prf->id,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer.data,
|
|
Packit Service |
4684c1 |
session->internals.handshake_hash_buffer.length,
|
|
Packit Service |
4684c1 |
tmp);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_buffer_append_data(&buf, tmp, session->security_parameters.prf->output_size);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
p.data = buf.data;
|
|
Packit Service |
4684c1 |
p.size = buf.length;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_privkey_sign_data2(pkey, se->id, 0, &p, signature);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = 0;
|
|
Packit Service |
4684c1 |
cleanup:
|
|
Packit Service |
4684c1 |
_gnutls_buffer_clear(&buf;;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|