raw public keys: apply the key usage bits the same way as X.509

That is, we require a signing certificate when negotiating TLS1.3, or when sending a client certificate (on all cases). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2019-02-03 08:47:50 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2019-02-06 12:52:44 +0100
commit: 29f875cae21bcf5139801ed8c8cb78c4fa61a9f0 (patch)
tree: 06132ed361675246231d1ca948dca290481a36fc
parent: aaf286293050a4a2dbcd98d9eb2d69eca99c502a (diff)
download: gnutls-29f875cae21bcf5139801ed8c8cb78c4fa61a9f0.tar.gz
5 files changed, 142 insertions, 6 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 53ad91df6d..6522a9850a 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -287,6 +287,7 @@ find_rawpk_client_cert(gnutls_session_t session,
 			int pk_algos_length, int* indx)
 {
 	unsigned i;
+	int ret;
 	gnutls_pk_algorithm_t pk;
 
 	*indx = -1;
@@ -295,15 +296,22 @@ find_rawpk_client_cert(gnutls_session_t session,
 		/* We know that our list length will be 1, therefore we can
 		 * ignore the rest.
 		 */
-		if (cred->certs[i].cert_list_length == 1) {
-			pk = gnutls_pubkey_get_pk_algorithm(cred->certs[i].
-																					cert_list[0].pubkey, NULL);
+		if (cred->certs[i].cert_list_length == 1 && cred->certs[i].cert_list[0].type == GNUTLS_CRT_RAWPK) {
+			pk = gnutls_pubkey_get_pk_algorithm(cred->certs[i].cert_list[0].pubkey, NULL);
+
+			/* For client certificates we require signatures */
+			ret = _gnutls_check_key_usage_for_sig(session, get_key_usage(session, cred->certs[i].cert_list[0].pubkey), 1);
+			if (ret < 0) {
+				/* we return an error instead of skipping so that the user is notified about
+				 * the key incompatibility */
+				_gnutls_debug_log("Client certificate is not suitable for signing\n");
+				return gnutls_assert_val(ret);
+			}
 
 			/* Check whether the public-key algorithm of our credential is in
 			 * the list with supported public-key algorithms and whether the
 			 * cert type matches. */
-			if ((check_pk_algo_in_list(pk_algos, pk_algos_length, pk) == 0)
-			   && (cred->certs[i].cert_list[0].type == GNUTLS_CRT_RAWPK))	{
+			if ((check_pk_algo_in_list(pk_algos, pk_algos_length, pk) == 0)) {
 				// We found a compatible credential
 				*indx = i;
 				break;
@@ -666,7 +674,7 @@ _gnutls_gen_rawpk_crt(gnutls_session_t session, gnutls_buffer_st* data)
 	 * be an impossible situation.
 	 */
 	assert(apr_cert_list_length == 1);
-	
+
 	/* Write our certificate containing only the SubjectPublicKeyInfo to
 	 * the output buffer. We always have exactly one certificate that
 	 * contains our raw public key. Our message looks like:
diff --git a/tests/common-cert-key-exchange.c b/tests/common-cert-key-exchange.c
index c0c27a4064..de4b57ac4c 100644
--- a/tests/common-cert-key-exchange.c
+++ b/tests/common-cert-key-exchange.c
@@ -137,6 +137,98 @@ void try_with_key_fail(const char *name, const char *client_prio,
 	gnutls_certificate_free_credentials(clientx509cred);
 }
 
+void try_with_rawpk_key_fail(const char *name, const char *client_prio,
+			     int server_err, int client_err,
+			     const gnutls_datum_t *serv_cert,
+			     const gnutls_datum_t *serv_key,
+			     unsigned server_ku,
+			     const gnutls_datum_t *cli_cert,
+			     const gnutls_datum_t *cli_key,
+			     unsigned client_ku)
+{
+	int ret;
+	/* Server stuff. */
+	gnutls_certificate_credentials_t server_cred;
+	gnutls_session_t server;
+	int sret = GNUTLS_E_AGAIN;
+	/* Client stuff. */
+	gnutls_certificate_credentials_t client_cred;
+	gnutls_session_t client;
+	int cret = GNUTLS_E_AGAIN;
+	const char *err;
+
+	/* General init. */
+	gnutls_global_set_log_function(tls_log_func);
+	if (debug)
+		gnutls_global_set_log_level(6);
+
+	reset_buffers();
+	/* Init server */
+	gnutls_certificate_allocate_credentials(&server_cred);
+
+	ret = gnutls_certificate_set_rawpk_key_mem(server_cred,
+						   serv_cert, serv_key, GNUTLS_X509_FMT_PEM, NULL, server_ku,
+						   NULL, 0, 0);
+	if (ret < 0)
+		fail("Could not set key/cert: %s\n", gnutls_strerror(ret));
+
+	assert(gnutls_init(&server, GNUTLS_SERVER | GNUTLS_ENABLE_RAWPK) >= 0);
+	if (server_priority)
+		assert(gnutls_priority_set_direct(server, server_priority, NULL) >= 0);
+	else
+		assert(gnutls_priority_set_direct(server, client_prio, NULL) >= 0);
+
+	gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
+			       server_cred);
+
+	gnutls_transport_set_push_function(server, server_push);
+	gnutls_transport_set_pull_function(server, server_pull);
+	gnutls_transport_set_ptr(server, server);
+
+	/* Init client */
+	ret = gnutls_certificate_allocate_credentials(&client_cred);
+	if (ret < 0)
+		exit(1);
+
+	if (cli_cert) {
+		ret = gnutls_certificate_set_rawpk_key_mem(client_cred,
+							   cli_cert, cli_key, GNUTLS_X509_FMT_PEM, NULL, client_ku,
+							   NULL, 0, 0);
+		if (ret < 0)
+			fail("Could not set key/cert: %s\n", gnutls_strerror(ret));
+		gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE);
+	}
+
+	ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_ENABLE_RAWPK);
+	if (ret < 0)
+		exit(1);
+
+	gnutls_transport_set_push_function(client, client_push);
+	gnutls_transport_set_pull_function(client, client_pull);
+	gnutls_transport_set_ptr(client, client);
+
+	ret = gnutls_priority_set_direct(client, client_prio, &err);
+	if (ret < 0) {
+		if (ret == GNUTLS_E_INVALID_REQUEST)
+			fprintf(stderr, "Error in %s\n", err);
+		exit(1);
+	}
+
+	ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
+				client_cred);
+	if (ret < 0)
+		exit(1);
+
+	success("negotiating %s\n", name);
+	HANDSHAKE_EXPECT(client, server, client_err, server_err);
+
+	gnutls_deinit(client);
+	gnutls_deinit(server);
+
+	gnutls_certificate_free_credentials(server_cred);
+	gnutls_certificate_free_credentials(client_cred);
+}
+
 void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algorithm_t client_kx,
 		gnutls_sign_algorithm_t server_sign_algo,
 		gnutls_sign_algorithm_t client_sign_algo,
diff --git a/tests/common-cert-key-exchange.h b/tests/common-cert-key-exchange.h
index 8fb5ab754e..5d68d72ff8 100644
--- a/tests/common-cert-key-exchange.h
+++ b/tests/common-cert-key-exchange.h
@@ -51,6 +51,14 @@ extern const char *server_priority;
 	try_with_key(name, client_prio, client_kx, server_sign_algo, client_sign_algo, \
 		&rawpk_public_key1, &rawpk_private_key1, &rawpk_public_key2, &rawpk_private_key2, client_cert, GNUTLS_CRT_RAWPK, GNUTLS_CRT_RAWPK)
 
+void try_with_rawpk_key_fail(const char *name, const char *client_prio,
+			     int server_err, int client_err,
+			     const gnutls_datum_t *serv_cert,
+			     const gnutls_datum_t *serv_key,
+			     unsigned server_ku,
+			     const gnutls_datum_t *cli_cert,
+			     const gnutls_datum_t *cli_key,
+			     unsigned client_ku);
 
 void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algorithm_t client_kx,
 		gnutls_sign_algorithm_t server_sign_algo,
diff --git a/tests/tls12-cert-key-exchange.c b/tests/tls12-cert-key-exchange.c
index da26e87a3b..d8563c0943 100644
--- a/tests/tls12-cert-key-exchange.c
+++ b/tests/tls12-cert-key-exchange.c
@@ -140,5 +140,15 @@ void doit(void)
 			GNUTLS_E_KEY_USAGE_VIOLATION, GNUTLS_E_AGAIN,
 			&server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key);
 
+	try_with_rawpk_key_fail("rawpk TLS 1.2 with rsa encryption cert without KX-RSA",
+			"NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-RAWPK:-RSA",
+			GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN,
+			&rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT, NULL, NULL, 0);
+
+	try_with_rawpk_key_fail("rawpk TLS 1.2 with client rsa encryption cert without KX-RSA",
+			"NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-RAWPK:-RSA",
+			GNUTLS_E_AGAIN, GNUTLS_E_KEY_USAGE_VIOLATION,
+			&rawpk_public_key2, &rawpk_private_key2, 0, &rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT);
+
 	gnutls_global_deinit();
 }
diff --git a/tests/tls13-cert-key-exchange.c b/tests/tls13-cert-key-exchange.c
index 3a214f9ad1..2b3d581ffd 100644
--- a/tests/tls13-cert-key-exchange.c
+++ b/tests/tls13-cert-key-exchange.c
@@ -163,5 +163,23 @@ void doit(void)
 			GNUTLS_E_KEY_USAGE_VIOLATION, GNUTLS_E_SUCCESS,
 			&server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key);
 
+	try_with_rawpk_key_fail("rawpk TLS 1.3 with rsa encryption cert",
+			"NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-RAWPK",
+			GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN,
+			&rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT, NULL, NULL, 0);
+
+	try_with_rawpk_key_fail("rawpk TLS 1.3 and TLS 1.2 with rsa encryption cert",
+			"NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+CTYPE-RAWPK",
+			GNUTLS_E_SUCCESS, GNUTLS_E_SUCCESS,
+			&rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT, NULL, NULL, 0);
+
+	try_with_rawpk_key_fail("rawpk TLS 1.3 with client rsa encryption cert",
+			"NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-RAWPK",
+			GNUTLS_E_AGAIN, GNUTLS_E_INSUFFICIENT_CREDENTIALS,
+			&rawpk_public_key2, &rawpk_private_key2, 0, &rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT);
+
+	/* we do not test TLS 1.3 with (forced) rsa encryption cert - client should detect, because
+	 * there is no way under raw public keys for the client or server  to know the intended type. */
+
 	gnutls_global_deinit();
 }
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-02-03 08:47:50 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2019-02-06 12:52:44 +0100
commit	29f875cae21bcf5139801ed8c8cb78c4fa61a9f0 (patch)
tree	06132ed361675246231d1ca948dca290481a36fc
parent	aaf286293050a4a2dbcd98d9eb2d69eca99c502a (diff)
download	gnutls-29f875cae21bcf5139801ed8c8cb78c4fa61a9f0.tar.gz