/*
* Copyright (C) 2001-2012 Free Software Foundation, Inc.
* Copyright (C) 2017 Red Hat, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
* This file is part of GnuTLS.
*
* The GnuTLS is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
/* The certificate authentication functions which are needed in the handshake,
* and are common to RSA and DHE key exchange, are in this file.
*/
#include "gnutls_int.h"
#include "auth.h"
#include "errors.h"
#include <auth/cert.h>
#include "dh.h"
#include "num.h"
#include "libtasn1.h"
#include "datum.h"
#include "ext/signature.h"
#include <pk.h>
#include <algorithms.h>
#include <global.h>
#include <record.h>
#include <tls-sig.h>
#include <state.h>
#include <pk.h>
#include <x509.h>
#include <x509/verify-high.h>
#include <gnutls/abstract.h>
#include "abstract_int.h"
#include "debug.h"
static gnutls_pcert_st *alloc_and_load_x509_certs(gnutls_x509_crt_t *
certs, unsigned);
static gnutls_privkey_t alloc_and_load_x509_key(gnutls_x509_privkey_t key,
int deinit);
#ifdef ENABLE_PKCS11
static gnutls_privkey_t alloc_and_load_pkcs11_key(gnutls_pkcs11_privkey_t
key, int deinit);
#endif
static void
_gnutls_selected_certs_set(gnutls_session_t session,
gnutls_pcert_st * certs, int ncerts,
gnutls_privkey_t key, int need_free,
gnutls_status_request_ocsp_func ocsp_func,
void *ocsp_func_ptr);
#define MAX_CLIENT_SIGN_ALGOS 3
#define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1)
typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
} CertificateSigType;
/* Copies data from a internal certificate struct (gnutls_pcert_st) to
* exported certificate struct (cert_auth_info_t)
*/
static int copy_certificate_auth_info(cert_auth_info_t info, gnutls_pcert_st * certs, size_t ncerts, /* openpgp only */
void *keyid)
{
/* Copy peer's information to auth_info_t
*/
int ret;
size_t i, j;
if (info->raw_certificate_list != NULL) {
for (j = 0; j < info->ncerts; j++)
_gnutls_free_datum(&info->raw_certificate_list[j]);
gnutls_free(info->raw_certificate_list);
}
if (ncerts == 0) {
info->raw_certificate_list = NULL;
info->ncerts = 0;
return 0;
}
info->raw_certificate_list =
gnutls_calloc(ncerts, sizeof(gnutls_datum_t));
if (info->raw_certificate_list == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
for (i = 0; i < ncerts; i++) {
if (certs[i].cert.size > 0) {
ret =
_gnutls_set_datum(&info->raw_certificate_list[i],
certs[i].cert.data,
certs[i].cert.size);
if (ret < 0) {
gnutls_assert();
goto clear;
}
}
}
info->ncerts = ncerts;
info->cert_type = certs[0].type;
return 0;
clear:
for (j = 0; j < i; j++)
_gnutls_free_datum(&info->raw_certificate_list[j]);
gnutls_free(info->raw_certificate_list);
info->raw_certificate_list = NULL;
return ret;
}
/* returns 0 if the algo_to-check exists in the pk_algos list,
* -1 otherwise.
*/
inline static int
check_pk_algo_in_list(const gnutls_pk_algorithm_t *
pk_algos, int pk_algos_length,
gnutls_pk_algorithm_t algo_to_check)
{
int i;
for (i = 0; i < pk_algos_length; i++) {
if (algo_to_check == pk_algos[i]) {
return 0;
}
}
return -1;
}
/* Returns the issuer's Distinguished name in odn, of the certificate
* specified in cert.
*/
static int cert_get_issuer_dn(gnutls_pcert_st * cert, gnutls_datum_t * odn)
{
ASN1_TYPE dn;
int len, result;
int start, end;
if ((result = asn1_create_element
(_gnutls_get_pkix(), "PKIX1.Certificate", &dn)) != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
result = asn1_der_decoding(&dn, cert->cert.data, cert->cert.size, NULL);
if (result != ASN1_SUCCESS) {
/* couldn't decode DER */
gnutls_assert();
asn1_delete_structure(&dn);
return _gnutls_asn2err(result);
}
result =
asn1_der_decoding_startEnd(dn, cert->cert.data,
cert->cert.size,
"tbsCertificate.issuer", &start, &end);
if (result != ASN1_SUCCESS) {
/* couldn't decode DER */
gnutls_assert();
asn1_delete_structure(&dn);
return _gnutls_asn2err(result);
}
asn1_delete_structure(&dn);
len = end - start + 1;
odn->size = len;
odn->data = &cert->cert.data[start];
return 0;
}
/* Locates the most appropriate x509 certificate using the
* given DN. If indx == -1 then no certificate was found.
*
* That is to guess which certificate to use, based on the
* CAs and sign algorithms supported by the peer server.
*/
static int
find_x509_client_cert(gnutls_session_t session,
const gnutls_certificate_credentials_t cred,
uint8_t * _data, size_t _data_size,
const gnutls_pk_algorithm_t * pk_algos,
int pk_algos_length, int *indx)
{
unsigned size;
gnutls_datum_t odn = { NULL, 0 }, asked_dn;
uint8_t *data = _data;
ssize_t data_size = _data_size;
unsigned i, j;
int result, cert_pk;
*indx = -1;
/* If peer doesn't send any issuers and we have a single certificate
* then send that one.
*/
if (cred->ncerts == 1 &&
(data_size == 0 || (session->internals.flags & GNUTLS_FORCE_CLIENT_CERT))) {
*indx = 0;
return 0;
}
do {
DECR_LENGTH_RET(data_size, 2, 0);
size = _gnutls_read_uint16(data);
DECR_LENGTH_RET(data_size, size, 0);
data += 2;
asked_dn.data = data;
asked_dn.size = size;
_gnutls_dn_log("Peer requested CA", &asked_dn);
for (i = 0; i < cred->ncerts; i++) {
for (j = 0; j < cred->certs[i].cert_list_length; j++) {
if ((result =
cert_get_issuer_dn(&cred->certs
[i].cert_list
[j], &odn)) < 0) {
gnutls_assert();
return result;
}
if (odn.size == 0 || odn.size != asked_dn.size)
continue;
/* If the DN matches and
* the *_SIGN algorithm matches
* the cert is our cert!
*/
cert_pk =
gnutls_pubkey_get_pk_algorithm(cred->certs
[i].cert_list
[0].pubkey,
NULL);
if ((memcmp(odn.data, asked_dn.data, asked_dn.size) == 0) &&
(check_pk_algo_in_list
(pk_algos, pk_algos_length,
cert_pk) == 0)) {
*indx = i;
break;
}
}
if (*indx != -1)
break;
}
if (*indx != -1)
break;
/* move to next record */
data += size;
}
while (1);
return 0;
}
/* Returns the number of issuers in the server's
* certificate request packet.
*/
static int
get_issuers_num(gnutls_session_t session, uint8_t * data, ssize_t data_size)
{
int issuers_dn_len = 0, result;
unsigned size;
/* Count the number of the given issuers;
* This is used to allocate the issuers_dn without
* using realloc().
*/
if (data_size == 0 || data == NULL)
return 0;
if (data_size > 0)
do {
/* This works like DECR_LEN()
*/
result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
DECR_LENGTH_COM(data_size, 2, goto error);
size = _gnutls_read_uint16(data);
result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
DECR_LENGTH_COM(data_size, size, goto error);
data += 2;
if (size > 0) {
issuers_dn_len++;
data += size;
}
if (data_size == 0)
break;
}
while (1);
return issuers_dn_len;
error:
return result;
}
/* Returns the issuers in the server's certificate request
* packet.
*/
static int
get_issuers(gnutls_session_t session,
gnutls_datum_t * issuers_dn, int issuers_len,
uint8_t * data, size_t data_size)
{
int i;
unsigned size;
if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
return 0;
/* put the requested DNs to req_dn, only in case
* of X509 certificates.
*/
if (issuers_len > 0) {
for (i = 0; i < issuers_len; i++) {
/* The checks here for the buffer boundaries
* are not needed since the buffer has been
* parsed above.
*/
data_size -= 2;
size = _gnutls_read_uint16(data);
data += 2;
issuers_dn[i].data = data;
issuers_dn[i].size = size;
_gnutls_dn_log("Peer requested CA", &issuers_dn[i]);
data += size;
}
}
return 0;
}
/* Calls the client or server get callback.
*/
static int
call_get_cert_callback(gnutls_session_t session,
const gnutls_datum_t * issuers_dn,
int issuers_dn_length,
gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
{
unsigned i;
gnutls_pcert_st *local_certs = NULL;
gnutls_privkey_t local_key = NULL;
int ret = GNUTLS_E_INTERNAL_ERROR;
gnutls_certificate_type_t type = gnutls_certificate_type_get(session);
gnutls_certificate_credentials_t cred;
gnutls_retr2_st st2;
gnutls_pcert_st *pcert = NULL;
unsigned int pcert_length = 0;
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
if (cred == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
memset(&st2, 0, sizeof(st2));
if (cred->get_cert_callback2) {
/* we avoid all allocations and transformations */
ret =
cred->get_cert_callback2(session, issuers_dn,
issuers_dn_length, pk_algos,
pk_algos_length, &pcert,
&pcert_length, &local_key);
if (ret < 0)
return gnutls_assert_val(GNUTLS_E_USER_ERROR);
if (pcert_length > 0 && type != pcert[0].type)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
if (pcert_length == 0) {
pcert = NULL;
local_key = NULL;
}
_gnutls_selected_certs_set(session, pcert, pcert_length,
local_key, 0, NULL, NULL);
return 0;
} else if (cred->get_cert_callback) {
ret =
cred->get_cert_callback(session, issuers_dn,
issuers_dn_length, pk_algos,
pk_algos_length, &st2);
} else { /* compatibility mode */
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
if (ret < 0) {
gnutls_assert();
return GNUTLS_E_USER_ERROR;
}
if (st2.ncerts == 0)
return 0; /* no certificate was selected */
if (type != st2.cert_type) {
gnutls_assert();
ret = GNUTLS_E_INVALID_REQUEST;
goto cleanup;
}
if (type == GNUTLS_CRT_X509) {
local_certs =
alloc_and_load_x509_certs(st2.cert.x509, st2.ncerts);
} else { /* PGP */
ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
goto cleanup;
}
if (local_certs == NULL) {
gnutls_assert();
ret = GNUTLS_E_MEMORY_ERROR;
goto cleanup;
}
switch (st2.key_type) {
case GNUTLS_PRIVKEY_PKCS11:
#ifdef ENABLE_PKCS11
if (st2.key.pkcs11 != NULL) {
local_key =
alloc_and_load_pkcs11_key(st2.key.pkcs11,
st2.deinit_all);
if (local_key == NULL) {
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
}
#endif
break;
case GNUTLS_PRIVKEY_X509:
if (st2.key.x509 != NULL) {
local_key =
alloc_and_load_x509_key(st2.key.x509,
st2.deinit_all);
if (local_key == NULL) {
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
}
break;
default:
gnutls_assert();
ret = GNUTLS_E_INVALID_REQUEST;
goto cleanup;
}
_gnutls_selected_certs_set(session, local_certs,
st2.ncerts, local_key, 1,
NULL, NULL);
ret = 0;
cleanup:
if (st2.cert_type == GNUTLS_CRT_X509) {
if (st2.deinit_all) {
for (i = 0; i < st2.ncerts; i++) {
gnutls_x509_crt_deinit(st2.cert.x509[i]);
}
gnutls_free(st2.cert.x509);
}
}
return ret;
}
/* Finds the appropriate certificate depending on the cA Distinguished name
* advertized by the server. If none matches then returns 0 and -1 as index.
* In case of an error a negative error code, is returned.
*
* 20020128: added ability to select a certificate depending on the SIGN
* algorithm (only in automatic mode).
*/
static int
select_client_cert(gnutls_session_t session,
uint8_t * _data, size_t _data_size,
gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
{
int result;
int indx = -1;
gnutls_certificate_credentials_t cred;
uint8_t *data = _data;
ssize_t data_size = _data_size;
int issuers_dn_length;
gnutls_datum_t *issuers_dn = NULL;
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
if (cred == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
if (cred->get_cert_callback != NULL
|| cred->get_cert_callback2 != NULL) {
/* use a callback to get certificate
*/
if (session->security_parameters.cert_type == GNUTLS_CRT_X509) {
issuers_dn_length =
get_issuers_num(session, data, data_size);
if (issuers_dn_length < 0) {
gnutls_assert();
return issuers_dn_length;
}
if (issuers_dn_length > 0) {
issuers_dn =
gnutls_malloc(sizeof(gnutls_datum_t) *
issuers_dn_length);
if (issuers_dn == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
result =
get_issuers(session, issuers_dn,
issuers_dn_length, data,
data_size);
if (result < 0) {
gnutls_assert();
goto cleanup;
}
}
} else {
issuers_dn_length = 0;
}
result =
call_get_cert_callback(session, issuers_dn,
issuers_dn_length, pk_algos,
pk_algos_length);
goto cleanup;
} else {
/* If we have no callbacks, try to guess.
*/
if (session->security_parameters.cert_type == GNUTLS_CRT_X509) {
result =
find_x509_client_cert(session, cred, _data, _data_size,
pk_algos, pk_algos_length, &indx);
} else {
result = GNUTLS_E_UNIMPLEMENTED_FEATURE;
}
if (result < 0) {
gnutls_assert();
return result;
}
if (indx >= 0) {
_gnutls_selected_certs_set(session,
&cred->certs[indx].
cert_list[0],
cred->certs[indx].
cert_list_length,
cred->certs[indx].pkey, 0,
NULL, NULL);
} else {
_gnutls_selected_certs_set(session, NULL, 0, NULL, 0,
NULL, NULL);
}
result = 0;
}
cleanup:
gnutls_free(issuers_dn);
return result;
}
/* Generate certificate message
*/
static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data)
{
int ret, i;
gnutls_pcert_st *apr_cert_list;
gnutls_privkey_t apr_pkey;
int apr_cert_list_length;
/* find the appropriate certificate
*/
if ((ret =
_gnutls_get_selected_cert(session, &apr_cert_list,
&apr_cert_list_length, &apr_pkey)) < 0) {
gnutls_assert();
return ret;
}
ret = 3;
for (i = 0; i < apr_cert_list_length; i++) {
ret += apr_cert_list[i].cert.size + 3;
/* hold size
* for uint24 */
}
/* if no certificates were found then send:
* 0B 00 00 03 00 00 00 // Certificate with no certs
* instead of:
* 0B 00 00 00 // empty certificate handshake
*
* ( the above is the whole handshake message, not
* the one produced here )
*/
ret = _gnutls_buffer_append_prefix(data, 24, ret - 3);
if (ret < 0)
return gnutls_assert_val(ret);
for (i = 0; i < apr_cert_list_length; i++) {
ret =
_gnutls_buffer_append_data_prefix(data, 24,
apr_cert_list[i].
cert.data,
apr_cert_list[i].
cert.size);
if (ret < 0)
return gnutls_assert_val(ret);
}
return data->length;
}
int
_gnutls_gen_cert_client_crt(gnutls_session_t session, gnutls_buffer_st * data)
{
switch (session->security_parameters.cert_type) {
case GNUTLS_CRT_X509:
return gen_x509_crt(session, data);
default:
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
}
int
_gnutls_gen_cert_server_crt(gnutls_session_t session, gnutls_buffer_st * data)
{
switch (session->security_parameters.cert_type) {
case GNUTLS_CRT_X509:
return gen_x509_crt(session, data);
default:
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
}
static
int check_pk_compat(gnutls_session_t session, gnutls_pubkey_t pubkey)
{
unsigned cert_pk;
unsigned kx;
if (session->security_parameters.entity != GNUTLS_CLIENT)
return 0;
cert_pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL);
if (cert_pk == GNUTLS_PK_UNKNOWN) {
gnutls_assert();
return GNUTLS_E_CERTIFICATE_ERROR;
}
kx = session->security_parameters.cs->kx_algorithm;
if (_gnutls_map_kx_get_cred(kx, 1) == GNUTLS_CRD_CERTIFICATE &&
!_gnutls_kx_supports_pk(kx, cert_pk)) {
gnutls_assert();
return GNUTLS_E_CERTIFICATE_ERROR;
}
return 0;
}
/* Process server certificate
*/
#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) gnutls_pcert_deinit(&peer_certificate_list[x])
static int
_gnutls_proc_x509_server_crt(gnutls_session_t session,
uint8_t * data, size_t data_size)
{
int size, len, ret;
uint8_t *p = data;
cert_auth_info_t info;
gnutls_certificate_credentials_t cred;
ssize_t dsize = data_size;
int i;
gnutls_pcert_st *peer_certificate_list;
size_t peer_certificate_list_size = 0, j, x;
gnutls_datum_t tmp;
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
if (cred == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
if ((ret =
_gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
sizeof(cert_auth_info_st), 1)) < 0) {
gnutls_assert();
return ret;
}
info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
if (data == NULL || data_size == 0) {
gnutls_assert();
/* no certificate was sent */
return GNUTLS_E_NO_CERTIFICATE_FOUND;
}
DECR_LEN(dsize, 3);
size = _gnutls_read_uint24(p);
p += 3;
/* ensure no discrepancy in data */
if (size != dsize)
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
/* some implementations send 0B 00 00 06 00 00 03 00 00 00
* instead of just 0B 00 00 03 00 00 00 as an empty certificate message.
*/
if (size == 0 || (size == 3 && memcmp(p, "\x00\x00\x00", 3) == 0)) {
gnutls_assert();
/* no certificate was sent */
return GNUTLS_E_NO_CERTIFICATE_FOUND;
}
i = dsize;
while (i > 0) {
DECR_LEN(dsize, 3);
len = _gnutls_read_uint24(p);
p += 3;
DECR_LEN(dsize, len);
peer_certificate_list_size++;
p += len;
i -= len + 3;
}
if (dsize != 0)
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
if (peer_certificate_list_size == 0) {
gnutls_assert();
return GNUTLS_E_NO_CERTIFICATE_FOUND;
}
/* Ok we now allocate the memory to hold the
* certificate list
*/
peer_certificate_list =
gnutls_calloc(1,
sizeof(gnutls_pcert_st) *
(peer_certificate_list_size));
if (peer_certificate_list == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
p = data + 3;
/* Now we start parsing the list (again).
* We don't use DECR_LEN since the list has
* been parsed before.
*/
for (j = 0; j < peer_certificate_list_size; j++) {
len = _gnutls_read_uint24(p);
p += 3;
tmp.size = len;
tmp.data = p;
ret =
gnutls_pcert_import_x509_raw(&peer_certificate_list
[j], &tmp,
GNUTLS_X509_FMT_DER, 0);
if (ret < 0) {
gnutls_assert();
peer_certificate_list_size = j;
ret = GNUTLS_E_CERTIFICATE_ERROR;
goto cleanup;
}
p += len;
}
ret = check_pk_compat(session, peer_certificate_list[0].pubkey);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
if ((ret =
copy_certificate_auth_info(info,
peer_certificate_list,
peer_certificate_list_size,
NULL)) < 0) {
gnutls_assert();
goto cleanup;
}
ret = 0;
cleanup:
CLEAR_CERTS;
gnutls_free(peer_certificate_list);
return ret;
}
int _gnutls_proc_crt(gnutls_session_t session, uint8_t * data, size_t data_size)
{
int ret;
gnutls_certificate_credentials_t cred;
cred =
(gnutls_certificate_credentials_t) _gnutls_get_cred(session,
GNUTLS_CRD_CERTIFICATE);
if (cred == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
switch (session->security_parameters.cert_type) {
case GNUTLS_CRT_X509:
ret = _gnutls_proc_x509_server_crt(session, data, data_size);
break;
default:
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
return ret;
}
/* Checks if we support the given signature algorithm
* (RSA or DSA). Returns the corresponding gnutls_pk_algorithm_t
* if true;
*/
inline static int _gnutls_check_supported_sign_algo(CertificateSigType algo)
{
switch (algo) {
case RSA_SIGN:
return GNUTLS_PK_RSA;
case DSA_SIGN:
return GNUTLS_PK_DSA;
case ECDSA_SIGN:
return GNUTLS_PK_EC;
}
return -1;
}
int
_gnutls_proc_cert_cert_req(gnutls_session_t session, uint8_t * data,
size_t data_size)
{
int size, ret;
uint8_t *p;
gnutls_certificate_credentials_t cred;
ssize_t dsize;
int i;
gnutls_pk_algorithm_t pk_algos[MAX_CLIENT_SIGN_ALGOS];
int pk_algos_length;
const version_entry_st *ver = get_version(session);
if (unlikely(ver == NULL))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
if (cred == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
if ((ret =
_gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
sizeof(cert_auth_info_st), 0)) < 0) {
gnutls_assert();
return ret;
}
p = data;
dsize = data_size;
DECR_LEN(dsize, 1);
size = p[0];
p++;
/* check if the sign algorithm is supported.
*/
pk_algos_length = 0;
for (i = 0; i < size; i++, p++) {
DECR_LEN(dsize, 1);
if ((ret = _gnutls_check_supported_sign_algo(*p)) > 0) {
if (pk_algos_length < MAX_CLIENT_SIGN_ALGOS) {
pk_algos[pk_algos_length++] = ret;
}
}
}
if (pk_algos_length == 0) {
gnutls_assert();
return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
}
if (_gnutls_version_has_selectable_sighash(ver)) {
/* read supported hashes */
int hash_num;
DECR_LEN(dsize, 2);
hash_num = _gnutls_read_uint16(p);
p += 2;
DECR_LEN(dsize, hash_num);
ret = _gnutls_sign_algorithm_parse_data(session, p, hash_num);
if (ret < 0) {
gnutls_assert();
return ret;
}
p += hash_num;
}
/* read the certificate authorities */
DECR_LEN(dsize, 2);
size = _gnutls_read_uint16(p);
p += 2;
DECR_LEN_FINAL(dsize, size);
/* We should reply with a certificate message,
* even if we have no certificate to send.
*/
session->internals.crt_requested = 1;
/* now we ask the user to tell which one
* he wants to use.
*/
if ((ret =
select_client_cert(session, p, size, pk_algos,
pk_algos_length)) < 0) {
gnutls_assert();
return ret;
}
return 0;
}
int
_gnutls_gen_cert_client_crt_vrfy(gnutls_session_t session,
gnutls_buffer_st * data)
{
int ret;
gnutls_pcert_st *apr_cert_list;
gnutls_privkey_t apr_pkey;
int apr_cert_list_length;
gnutls_datum_t signature = { NULL, 0 };
gnutls_sign_algorithm_t sign_algo;
const version_entry_st *ver = get_version(session);
if (unlikely(ver == NULL))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
/* find the appropriate certificate */
if ((ret =
_gnutls_get_selected_cert(session, &apr_cert_list,
&apr_cert_list_length, &apr_pkey)) < 0) {
gnutls_assert();
return ret;
}
if (apr_cert_list_length > 0) {
if ((ret =
_gnutls_handshake_sign_crt_vrfy(session,
&apr_cert_list[0],
apr_pkey,
&signature)) < 0) {
gnutls_assert();
return ret;
}
sign_algo = ret;
} else {
return 0;
}
if (_gnutls_version_has_selectable_sighash(ver)) {
const sign_algorithm_st *aid;
uint8_t p[2];
/* error checking is not needed here since we have used those algorithms */
aid = _gnutls_sign_to_tls_aid(sign_algo);
if (aid == NULL)
return gnutls_assert_val(GNUTLS_E_UNKNOWN_ALGORITHM);
p[0] = aid->id[0];
p[1] = aid->id[1];
ret = _gnutls_buffer_append_data(data, p, 2);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
}
ret =
_gnutls_buffer_append_data_prefix(data, 16, signature.data,
signature.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = data->length;
cleanup:
_gnutls_free_datum(&signature);
return ret;
}
int
_gnutls_proc_cert_client_crt_vrfy(gnutls_session_t session,
uint8_t * data, size_t data_size)
{
int size, ret;
ssize_t dsize = data_size;
uint8_t *pdata = data;
gnutls_datum_t sig;
cert_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
gnutls_pcert_st peer_cert;
gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
const version_entry_st *ver = get_version(session);
gnutls_certificate_credentials_t cred;
unsigned vflags;
if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL)) {
gnutls_assert();
/* we need this in order to get peer's certificate */
return GNUTLS_E_INTERNAL_ERROR;
}
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
if (cred == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
vflags = cred->verify_flags | session->internals.additional_verify_flags;
if (_gnutls_version_has_selectable_sighash(ver)) {
sign_algorithm_st aid;
DECR_LEN(dsize, 2);
aid.id[0] = pdata[0];
aid.id[1] = pdata[1];
sign_algo = _gnutls_tls_aid_to_sign(&aid);
if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
gnutls_assert();
return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
}
pdata += 2;
}
ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
if (ret < 0)
return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM);
DECR_LEN(dsize, 2);
size = _gnutls_read_uint16(pdata);
pdata += 2;
DECR_LEN_FINAL(dsize, size);
sig.data = pdata;
sig.size = size;
ret = _gnutls_get_auth_info_pcert(&peer_cert,
session->security_parameters.
cert_type, info);
if (ret < 0) {
gnutls_assert();
return ret;
}
if ((ret =
_gnutls_handshake_verify_crt_vrfy(session, vflags, &peer_cert, &sig,
sign_algo)) < 0) {
gnutls_assert();
gnutls_pcert_deinit(&peer_cert);
return ret;
}
gnutls_pcert_deinit(&peer_cert);
return 0;
}
int
_gnutls_gen_cert_server_cert_req(gnutls_session_t session,
gnutls_buffer_st * data)
{
gnutls_certificate_credentials_t cred;
int ret;
uint8_t tmp_data[CERTTYPE_SIZE];
const version_entry_st *ver = get_version(session);
if (unlikely(ver == NULL))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
/* Now we need to generate the RDN sequence. This is
* already in the CERTIFICATE_CRED structure, to improve
* performance.
*/
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
if (cred == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
tmp_data[0] = CERTTYPE_SIZE - 1;
tmp_data[1] = RSA_SIGN;
tmp_data[2] = DSA_SIGN;
tmp_data[3] = ECDSA_SIGN; /* only these for now */
ret = _gnutls_buffer_append_data(data, tmp_data, CERTTYPE_SIZE);
if (ret < 0)
return gnutls_assert_val(ret);
if (_gnutls_version_has_selectable_sighash(ver)) {
ret =
_gnutls_sign_algorithm_write_params(session, data);
if (ret < 0) {
gnutls_assert();
return ret;
}
}
if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
session->internals.ignore_rdn_sequence == 0) {
ret =
_gnutls_buffer_append_data_prefix(data, 16,
cred->
tlist->x509_rdn_sequence.
data,
cred->
tlist->x509_rdn_sequence.
size);
if (ret < 0)
return gnutls_assert_val(ret);
} else {
ret = _gnutls_buffer_append_prefix(data, 16, 0);
if (ret < 0)
return gnutls_assert_val(ret);
}
return data->length;
}
/* This function will return the appropriate certificate to use.
* Fills in the apr_cert_list, apr_cert_list_length and apr_pkey.
* The return value is a negative error code on error.
*
* It is normal to return 0 with no certificates in client side.
*
*/
int
_gnutls_get_selected_cert(gnutls_session_t session,
gnutls_pcert_st ** apr_cert_list,
int *apr_cert_list_length,
gnutls_privkey_t * apr_pkey)
{
if (session->security_parameters.entity == GNUTLS_SERVER) {
/* select_client_cert() has been called before.
*/
*apr_cert_list = session->internals.selected_cert_list;
*apr_pkey = session->internals.selected_key;
*apr_cert_list_length =
session->internals.selected_cert_list_length;
if (*apr_cert_list_length == 0 || *apr_cert_list == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
} else { /* CLIENT SIDE
*/
/* we have already decided which certificate
* to send.
*/
*apr_cert_list = session->internals.selected_cert_list;
*apr_cert_list_length =
session->internals.selected_cert_list_length;
*apr_pkey = session->internals.selected_key;
}
return 0;
}
/* converts the given x509 certificate list to gnutls_pcert_st* and allocates
* space for them.
*/
static gnutls_pcert_st *alloc_and_load_x509_certs(gnutls_x509_crt_t *
certs, unsigned ncerts)
{
gnutls_pcert_st *local_certs;
int ret = 0;
unsigned i, j;
if (certs == NULL)
return NULL;
local_certs = gnutls_malloc(sizeof(gnutls_pcert_st) * ncerts);
if (local_certs == NULL) {
gnutls_assert();
return NULL;
}
for (i = 0; i < ncerts; i++) {
ret = gnutls_pcert_import_x509(&local_certs[i], certs[i], 0);
if (ret < 0)
break;
}
if (ret < 0) {
gnutls_assert();
for (j = 0; j < i; j++) {
gnutls_pcert_deinit(&local_certs[j]);
}
gnutls_free(local_certs);
return NULL;
}
return local_certs;
}
/* converts the given x509 key to gnutls_privkey* and allocates
* space for it.
*/
static gnutls_privkey_t
alloc_and_load_x509_key(gnutls_x509_privkey_t key, int deinit)
{
gnutls_privkey_t local_key;
int ret = 0;
if (key == NULL)
return NULL;
ret = gnutls_privkey_init(&local_key);
if (ret < 0) {
gnutls_assert();
return NULL;
}
ret =
gnutls_privkey_import_x509(local_key, key,
deinit ?
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE : 0);
if (ret < 0) {
gnutls_assert();
gnutls_privkey_deinit(local_key);
return NULL;
}
return local_key;
}
#ifdef ENABLE_PKCS11
/* converts the given raw key to gnutls_privkey* and allocates
* space for it.
*/
static gnutls_privkey_t
alloc_and_load_pkcs11_key(gnutls_pkcs11_privkey_t key, int deinit)
{
gnutls_privkey_t local_key;
int ret = 0;
if (key == NULL)
return NULL;
ret = gnutls_privkey_init(&local_key);
if (ret < 0) {
gnutls_assert();
return NULL;
}
ret =
gnutls_privkey_import_pkcs11(local_key, key,
deinit ?
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
: 0);
if (ret < 0) {
gnutls_assert();
gnutls_privkey_deinit(local_key);
return NULL;
}
return local_key;
}
#endif
void _gnutls_selected_certs_deinit(gnutls_session_t session)
{
if (session->internals.selected_need_free != 0) {
int i;
for (i = 0;
i < session->internals.selected_cert_list_length; i++) {
gnutls_pcert_deinit(&session->internals.
selected_cert_list[i]);
}
gnutls_free(session->internals.selected_cert_list);
gnutls_privkey_deinit(session->internals.selected_key);
}
session->internals.selected_ocsp_func = NULL;
session->internals.selected_cert_list = NULL;
session->internals.selected_cert_list_length = 0;
session->internals.selected_key = NULL;
return;
}
static void
_gnutls_selected_certs_set(gnutls_session_t session,
gnutls_pcert_st * certs, int ncerts,
gnutls_privkey_t key, int need_free,
gnutls_status_request_ocsp_func ocsp_func,
void *ocsp_func_ptr)
{
_gnutls_selected_certs_deinit(session);
session->internals.selected_cert_list = certs;
session->internals.selected_cert_list_length = ncerts;
session->internals.selected_key = key;
session->internals.selected_need_free = need_free;
session->internals.selected_ocsp_func = ocsp_func;
session->internals.selected_ocsp_func_ptr = ocsp_func_ptr;
}
static void get_server_name(gnutls_session_t session, uint8_t * name,
size_t max_name_size)
{
int ret, i;
size_t max_name;
unsigned int type;
ret = 0;
for (i = 0; !(ret < 0); i++) {
max_name = max_name_size;
ret =
gnutls_server_name_get(session, name, &max_name, &type, i);
if (ret >= 0 && type == GNUTLS_NAME_DNS)
return;
}
name[0] = 0;
return;
}
static
unsigned pubkey_is_compat_with_cs(gnutls_session_t session,
gnutls_pubkey_t pubkey,
gnutls_certificate_type_t cert_type,
const gnutls_cipher_suite_entry_st *cs)
{
unsigned pk = pubkey->params.algo;
unsigned key_usage;
if (session->security_parameters.cert_type != cert_type) {
return 0;
}
if (unlikely(session->internals.priorities->allow_server_key_usage_violation)) {
key_usage = 0;
} else {
key_usage = pubkey->key_usage;
}
if (!_gnutls_kx_supports_pk_usage(cs->kx_algorithm, pk, key_usage)) {
return 0;
}
return 1;
}
/* Selects a signature algorithm (if required by the ciphersuite and TLS
* version), appropriate for the certificate. If none can be selected
* returns an error.
*/
static
int select_sign_algorithm(gnutls_session_t session,
gnutls_pcert_st * cert,
gnutls_privkey_t pkey,
const gnutls_cipher_suite_entry_st *cs)
{
gnutls_sign_algorithm_t algo;
const version_entry_st *ver = get_version(session);
if (_gnutls_kx_encipher_type(cs->kx_algorithm) != CIPHER_SIGN)
return 0;
if (!_gnutls_version_has_selectable_sighash(ver)) {
/* For SSL3.0 and TLS1.0 we lie as we cannot express md5-sha1 as
* signature algorithm. */
algo = gnutls_pk_to_sign(cert->pubkey->params.algo, GNUTLS_DIG_SHA1);
gnutls_sign_algorithm_set_server(session, algo);
return 0;
}
algo = _gnutls_session_get_sign_algo(session, cert, pkey, 0);
if (algo == GNUTLS_SIGN_UNKNOWN)
return gnutls_assert_val(GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY);
gnutls_sign_algorithm_set_server(session, algo);
_gnutls_handshake_log("Selected signature algorithm: %s\n", gnutls_sign_algorithm_get_name(algo));
return 0;
}
/* finds the most appropriate certificate in the cert list.
* The 'appropriate' is defined by the user.
*
* requested_algo holds the parameters required by the peer (RSA, DSA
* or -1 for any).
*
* Returns 0 on success and a negative error code on error. The
* selected certificate will be in session->internals.selected_*.
*
*/
int
_gnutls_server_select_cert(gnutls_session_t session, const gnutls_cipher_suite_entry_st *cs)
{
unsigned i, j;
int idx, ret;
gnutls_certificate_credentials_t cred;
char server_name[MAX_CN];
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
if (cred == NULL) {
gnutls_assert(); /* we don't need to select a cert */
return 0;
}
/* When a callback is set, we call it once to get the
* certificate and then check its compatibility with
* the ciphersuites.
*/
/* If the callback which retrieves certificate has been set,
* use it and leave. We make sure that this is called once.
*/
if (cred->get_cert_callback
|| cred->get_cert_callback2) {
if (session->internals.selected_cert_list_length == 0) {
ret = call_get_cert_callback(session, NULL, 0, NULL, 0);
if (ret < 0)
return gnutls_assert_val(ret);
_gnutls_debug_log("Selected (%s) cert\n",
gnutls_pk_get_name(session->internals.selected_cert_list[0].pubkey->params.algo));
}
if (!pubkey_is_compat_with_cs(session,
session->internals.selected_cert_list[0].pubkey,
session->internals.selected_cert_list[0].type,
cs)) {
return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
}
ret = select_sign_algorithm(session,
&session->internals.selected_cert_list[0],
session->internals.selected_key,
cs);
if (ret < 0) {
return gnutls_assert_val(ret);
}
return 0;
}
/* Otherwise... we check the compatibility of the ciphersuite
* with all the certificates available. */
get_server_name(session, (unsigned char *)server_name,
sizeof(server_name));
_gnutls_handshake_log ("HSK[%p]: Requested server name: '%s'\n",
session, server_name);
idx = -1; /* default is use no certificate */
/* find certificates that match the requested server_name
*/
if (server_name[0] != 0) {
for (j = 0; j < cred->ncerts; j++) {
i = cred->sorted_cert_idx[j];
if (cred->certs[i].names != NULL
&& _gnutls_str_array_match(cred->certs[i].names,
server_name) != 0) {
/* if requested algorithms are also compatible select it */
if (!pubkey_is_compat_with_cs(session,
cred->certs[i].cert_list[0].pubkey,
cred->certs[i].cert_list[0].type,
cs)) {
continue;
}
ret = select_sign_algorithm(session,
&cred->certs[i].cert_list[0],
cred->certs[i].pkey,
cs);
if (ret >= 0) {
idx = i;
_gnutls_debug_log("Selected (%s) cert based on ciphersuite %x.%x: %s\n",
gnutls_pk_get_name(cred->certs[i].cert_list[0].pubkey->params.algo),
(unsigned)cs->id[0],
(unsigned)cs->id[1],
cs->name);
/* found */
goto finished;
}
}
}
}
/* no name match */
for (j = 0; j < cred->ncerts; j++) {
i = cred->sorted_cert_idx[j];
_gnutls_handshake_log
("HSK[%p]: checking compat of %s with certificate[%d] (%s/%s)\n",
session, cs->name, i,
gnutls_pk_get_name(cred->certs[i].cert_list[0].pubkey->params.algo),
gnutls_certificate_type_get_name(cred->certs
[i].cert_list
[0].type));
if (!pubkey_is_compat_with_cs(session,
cred->certs[i].cert_list[0].pubkey,
cred->certs[i].cert_list[0].type,
cs)) {
continue;
}
ret = select_sign_algorithm(session,
&cred->certs[i].cert_list[0],
cred->certs[i].pkey,
cs);
if (ret >= 0) {
idx = i;
_gnutls_debug_log("Selected (%s) cert based on ciphersuite %x.%x: %s\n",
gnutls_pk_get_name(cred->certs[i].cert_list[0].pubkey->params.algo),
(unsigned)cs->id[0],
(unsigned)cs->id[1],
cs->name);
/* found */
goto finished;
}
}
/* store the certificate pointer for future use, in the handshake.
* (This will allow not calling this callback again.)
*/
finished:
if (idx >= 0) {
_gnutls_selected_certs_set(session,
&cred->certs[idx].cert_list[0],
cred->certs[idx].cert_list_length,
cred->certs[idx].pkey, 0,
cred->certs[idx].ocsp_func,
cred->certs[idx].ocsp_func_ptr);
} else {
gnutls_assert();
/* Certificate does not support REQUESTED_ALGO. */
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
return 0;
}
/* Frees the rsa_info_st structure.
*/
void _gnutls_free_rsa_info(rsa_info_st * rsa)
{
_gnutls_free_datum(&rsa->modulus);
_gnutls_free_datum(&rsa->exponent);
}
int _gnutls_gen_dhe_signature(gnutls_session_t session,
gnutls_buffer_st * data, uint8_t * plain,
unsigned plain_size)
{
gnutls_pcert_st *apr_cert_list;
gnutls_privkey_t apr_pkey;
int apr_cert_list_length;
gnutls_datum_t signature = { NULL, 0 }, ddata;
gnutls_sign_algorithm_t sign_algo;
const version_entry_st *ver = get_version(session);
int ret;
if (unlikely(ver == NULL))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
ddata.data = plain;
ddata.size = plain_size;
/* find the appropriate certificate */
if ((ret =
_gnutls_get_selected_cert(session, &apr_cert_list,
&apr_cert_list_length, &apr_pkey)) < 0) {
gnutls_assert();
return ret;
}
if (apr_cert_list_length > 0) {
if ((ret =
_gnutls_handshake_sign_data(session,
&apr_cert_list[0],
apr_pkey, &ddata,
&signature, &sign_algo)) < 0) {
gnutls_assert();
goto cleanup;
}
} else {
gnutls_assert();
ret = 0; /* ANON-DH, do not put a signature - ILLEGAL! */
goto cleanup;
}
if (_gnutls_version_has_selectable_sighash(ver)) {
const sign_algorithm_st *aid;
uint8_t p[2];
if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
ret = GNUTLS_E_UNKNOWN_ALGORITHM;
goto cleanup;
}
aid = _gnutls_sign_to_tls_aid(sign_algo);
if (aid == NULL) {
gnutls_assert();
ret = GNUTLS_E_UNKNOWN_ALGORITHM;
goto cleanup;
}
p[0] = aid->id[0];
p[1] = aid->id[1];
ret = _gnutls_buffer_append_data(data, p, 2);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
}
ret =
_gnutls_buffer_append_data_prefix(data, 16, signature.data,
signature.size);
if (ret < 0) {
gnutls_assert();
}
ret = 0;
cleanup:
_gnutls_free_datum(&signature);
return ret;
}
int
_gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t * data,
size_t _data_size, gnutls_datum_t * vparams)
{
int sigsize;
gnutls_datum_t signature;
int ret;
cert_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
ssize_t data_size = _data_size;
gnutls_pcert_st peer_cert;
gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
const version_entry_st *ver = get_version(session);
gnutls_certificate_credentials_t cred;
unsigned vflags;
if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL)) {
gnutls_assert();
/* we need this in order to get peer's certificate */
return GNUTLS_E_INTERNAL_ERROR;
}
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE);
if (cred == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
vflags = cred->verify_flags | session->internals.additional_verify_flags;
/* VERIFY SIGNATURE */
if (_gnutls_version_has_selectable_sighash(ver)) {
sign_algorithm_st aid;
DECR_LEN(data_size, 1);
aid.id[0] = *data++;
DECR_LEN(data_size, 1);
aid.id[1] = *data++;
sign_algo = _gnutls_tls_aid_to_sign(&aid);
if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
_gnutls_debug_log("unknown signature %d.%d\n",
aid.id[0], aid.id[1]);
gnutls_assert();
return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
}
}
DECR_LEN(data_size, 2);
sigsize = _gnutls_read_uint16(data);
data += 2;
DECR_LEN_FINAL(data_size, sigsize);
signature.data = data;
signature.size = sigsize;
if ((ret =
_gnutls_get_auth_info_pcert(&peer_cert,
session->security_parameters.cert_type,
info)) < 0) {
gnutls_assert();
return ret;
}
ret =
_gnutls_handshake_verify_data(session, vflags, &peer_cert, vparams,
&signature, sign_algo);
gnutls_pcert_deinit(&peer_cert);
if (ret < 0) {
gnutls_assert();
return ret;
}
return 0;
}