diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-01-21 20:33:00 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-01-22 09:50:48 +0100 |
| commit | aef00dae5c55919e9a36e61c0db00869067dd285 (patch) | |
| tree | ebc427259f60079c9e76b6021e845a1c585b50f3 | |
| parent | 69bd75e39d0ddd4e86630facf38e7bf3186f3b06 (diff) | |
| download | gnutls-tmp-key-rsa-pss.tar.gz | |
gnutls_pkcs11_privkey_import_url: enable RSA-PSS only when an RSA key can signtmp-key-rsa-pss
In gnutls_pkcs11_privkey_import_url() we only enabled RSA-PSS functionality to
the key if the CKM_RSA_PKCS_PSS mechanism is available to the token. However,
if the specific key is not marked for use with digital signatures (CKA_SIGN
set), then we may have still ended-up using it and fail when using it. We
now test whether CKA_SIGN is set prior to enabling such keys for PSS.
Resolves: #667
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | lib/pkcs11_privkey.c | 12 | ||||
| -rw-r--r-- | tests/pkcs11/tls-neg-pkcs11-key.c | 8 |
3 files changed, 21 insertions, 2 deletions
@@ -20,6 +20,9 @@ See the end for copying conditions. This solves a regression since 3.5.x and improves compatibility of the server side with certain clients. +** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if + the CKA_SIGN is not set (#667). + ** GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous definition was buggy and non-functional. diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index bf69b69ce4..53a2d8a937 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -581,17 +581,25 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey, if (pkey->pk_algorithm == GNUTLS_PK_RSA) { /* determine whether it can do rsa-pss */ + ck_bool_t tval = 0; + a[0].type = CKA_MODULUS; a[0].value = NULL; a[0].value_len = 0; - if (pkcs11_get_attribute_value(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, a, 1) + a[1].type = CKA_SIGN; + a[1].value = &tval; + a[1].value_len = sizeof(tval); + if (pkcs11_get_attribute_value(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, a, 2) == CKR_OK) { pkey->bits = a[0].value_len*8; } ret = gnutls_pkcs11_token_check_mechanism(url, CKM_RSA_PKCS_PSS, NULL, 0, 0); - if (ret != 0) + if (ret != 0 && tval) { pkey->rsa_pss_ok = 1; + } else { + _gnutls_debug_log("Detected incompatible with TLS1.3 RSA key! (%s)\n", url); + } } a[0].type = CKA_ALWAYS_AUTHENTICATE; diff --git a/tests/pkcs11/tls-neg-pkcs11-key.c b/tests/pkcs11/tls-neg-pkcs11-key.c index 764e93b6ad..f91414a6af 100644 --- a/tests/pkcs11/tls-neg-pkcs11-key.c +++ b/tests/pkcs11/tls-neg-pkcs11-key.c @@ -280,6 +280,14 @@ static const test_st tests[] = { .exp_kx = GNUTLS_KX_RSA, .needs_decryption = 1 }, + {.name = "tls1.2: rsa-decryption key, signatures prioritized", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+RSA:-VERS-TLS-ALL:+VERS-TLS1.2:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .exp_kx = GNUTLS_KX_RSA, + .needs_decryption = 1 + }, {.name = "tls1.2: ecc key", .pk = GNUTLS_PK_ECDSA, .prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2", |