summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2019-01-21 20:33:00 +0100
committerNikos Mavrogiannopoulos <nmav@redhat.com>2019-01-22 09:50:48 +0100
commitaef00dae5c55919e9a36e61c0db00869067dd285 (patch)
treeebc427259f60079c9e76b6021e845a1c585b50f3
parent69bd75e39d0ddd4e86630facf38e7bf3186f3b06 (diff)
downloadgnutls-aef00dae5c55919e9a36e61c0db00869067dd285.tar.gz
gnutls_pkcs11_privkey_import_url: enable RSA-PSS only when an RSA key can signtmp-key-rsa-pss
In gnutls_pkcs11_privkey_import_url() we only enabled RSA-PSS functionality to the key if the CKM_RSA_PKCS_PSS mechanism is available to the token. However, if the specific key is not marked for use with digital signatures (CKA_SIGN set), then we may have still ended-up using it and fail when using it. We now test whether CKA_SIGN is set prior to enabling such keys for PSS. Resolves: #667 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r--NEWS3
-rw-r--r--lib/pkcs11_privkey.c12
-rw-r--r--tests/pkcs11/tls-neg-pkcs11-key.c8
3 files changed, 21 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index b109e78b6e..9d3a7d8c65 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,9 @@ See the end for copying conditions.
This solves a regression since 3.5.x and improves compatibility of the server
side with certain clients.
+** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if
+ the CKA_SIGN is not set (#667).
+
** GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous
definition was buggy and non-functional.
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index bf69b69ce4..53a2d8a937 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -581,17 +581,25 @@ gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
if (pkey->pk_algorithm == GNUTLS_PK_RSA) { /* determine whether it can do rsa-pss */
+ ck_bool_t tval = 0;
+
a[0].type = CKA_MODULUS;
a[0].value = NULL;
a[0].value_len = 0;
- if (pkcs11_get_attribute_value(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, a, 1)
+ a[1].type = CKA_SIGN;
+ a[1].value = &tval;
+ a[1].value_len = sizeof(tval);
+ if (pkcs11_get_attribute_value(pkey->sinfo.module, pkey->sinfo.pks, pkey->ref, a, 2)
== CKR_OK) {
pkey->bits = a[0].value_len*8;
}
ret = gnutls_pkcs11_token_check_mechanism(url, CKM_RSA_PKCS_PSS, NULL, 0, 0);
- if (ret != 0)
+ if (ret != 0 && tval) {
pkey->rsa_pss_ok = 1;
+ } else {
+ _gnutls_debug_log("Detected incompatible with TLS1.3 RSA key! (%s)\n", url);
+ }
}
a[0].type = CKA_ALWAYS_AUTHENTICATE;
diff --git a/tests/pkcs11/tls-neg-pkcs11-key.c b/tests/pkcs11/tls-neg-pkcs11-key.c
index 764e93b6ad..f91414a6af 100644
--- a/tests/pkcs11/tls-neg-pkcs11-key.c
+++ b/tests/pkcs11/tls-neg-pkcs11-key.c
@@ -280,6 +280,14 @@ static const test_st tests[] = {
.exp_kx = GNUTLS_KX_RSA,
.needs_decryption = 1
},
+ {.name = "tls1.2: rsa-decryption key, signatures prioritized",
+ .pk = GNUTLS_PK_RSA,
+ .prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+RSA:-VERS-TLS-ALL:+VERS-TLS1.2:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256",
+ .cert = &server_ca3_localhost_cert,
+ .key = &server_ca3_key,
+ .exp_kx = GNUTLS_KX_RSA,
+ .needs_decryption = 1
+ },
{.name = "tls1.2: ecc key",
.pk = GNUTLS_PK_ECDSA,
.prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2",