diff options
101 files changed, 1108 insertions, 122 deletions
diff --git a/.gitignore b/.gitignore index 2f1a40a95b..34d9af38a5 100644 --- a/.gitignore +++ b/.gitignore @@ -231,6 +231,7 @@ lib/minitasn1/libminitasn1.la lib/minitasn1/Makefile lib/minitasn1/Makefile.in lib/nettle/libcrypto.la +lib/nettle/curve448 lib/opencdk/libminiopencdk.la lib/opencdk/Makefile lib/opencdk/Makefile.in diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e72c39527d..12a56b8c05 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,7 +7,7 @@ stages: # name to allow expiration of old caches. cache: - key: "$CI_JOB_NAME-ver13" + key: "$CI_JOB_NAME-ver14" paths: - cache/ @@ -33,7 +33,7 @@ variables: FEDORA_BUILD: buildenv-fedora31 MINGW_BUILD: buildenv-mingw ALPINE_BASE_BUILD: buildenv-alpine-base - CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --suppressions-list=devel/cppcheck.suppressions --template='{id}:{file}:{line},{severity},{message}'" + CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --suppressions-list=devel/cppcheck.suppressions -i lib/nettle/curve448 --template='{id}:{file}:{line},{severity},{message}'" GET_SOURCES_ATTEMPTS: "3" ################################################## @@ -298,6 +298,7 @@ MinGW32.DLLs: - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - ./bootstrap - export CC="ccache i686-w64-mingw32-gcc" + - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin - dash ./configure --disable-gcc-warnings --host=i686-w64-mingw32 --target=i686-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-nls --disable-guile --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc - mingw32-make -j$(nproc) - mingw32-make -C tests check -j$(nproc) @@ -337,6 +338,7 @@ MinGW64.DLLs: - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - ./bootstrap - export CC="ccache x86_64-w64-mingw32-gcc" + - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin - dash ./configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc - mingw64-make -j$(nproc) - mingw64-make -C tests check -j$(nproc) @@ -374,6 +376,7 @@ MinGW64: script: - ./bootstrap - export CC="ccache x86_64-w64-mingw32-gcc" + - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register - mkdir -p build @@ -406,6 +409,7 @@ MinGW32: script: - ./bootstrap - export CC="ccache i686-w64-mingw32-gcc" + - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - mkdir -p build @@ -436,7 +440,8 @@ FreeBSD.x86_64: script: - export CC="ccache clang" - ./bootstrap - - LIBS="-L/usr/local/lib" ./configure --disable-full-test-suite + - export LDFLAGS="-L/usr/local/lib" + - ./configure --disable-full-test-suite --cache-file cache/config.cache --disable-gcc-warnings --disable-guile --disable-doc - gmake -j$(sysctl hw.ncpu | awk '{print $2}') - gmake check -j$(sysctl hw.ncpu | awk '{print $2}') @@ -609,3 +614,34 @@ Debian.cross.mips-linux-gnu: Debian.cross.aarch64-linux-gnu: <<: *Debian_cross_template + +nettle-master.Fedora: + stage: stage1-testing + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD + script: + - git clone --depth 1 --branch master https://gitlab.com/gnutls/nettle.git nettle-git + - export NETTLE_DIR=${PWD}/nettle + - pushd nettle-git + - ./.bootstrap + - ./configure --disable-documentation --prefix=$NETTLE_DIR + - make -j$(nproc) + - make -j$(nproc) install + - popd + - SUBMODULE_NOFETCH=1 ./bootstrap + - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig dash ./configure --cache-file cache/config.cache --disable-gcc-warnings --disable-doc --disable-guile --disable-gost + - make -j$(nproc) + - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig LD_LIBRARY_PATH=$NETTLE_DIR/lib64 make -j$(nproc) check + tags: + - shared + except: + - tags + artifacts: + expire_in: 1 week + when: on_failure + paths: + - ./*.log + - fuzz/*.log + - tests/*.log + - tests/*/*.log + - tests/suite/*/*.log + retry: 1 diff --git a/.gitmodules b/.gitmodules index dd05bd67df..672f483a31 100644 --- a/.gitmodules +++ b/.gitmodules @@ -13,3 +13,6 @@ [submodule "gnulib"] path = gnulib url = https://gitlab.com/libidn/gnulib-mirror.git +[submodule "devel/nettle"] + path = devel/nettle + url = https://gitlab.com/gnutls/nettle.git @@ -27,6 +27,9 @@ See the end for copying conditions. enabled both on a server and a client. It is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers. +** libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448 + signature algorithm (RFC 8032) under TLS (#984). + ** libgnutls: The min-verification-profile from system configuration applies for all certificate verifications, not only under TLS. The configuration can be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable. @@ -44,6 +47,10 @@ See the end for copying conditions. to accepting it. This addresses the problem of accepting CAs which would have been marked as insecure otherwise (#877). +** libgnutls: On client side only send OCSP staples if they have been requested + by the server, and on server side always advertise that we support OCSP stapling + (#876). + ** libgnutls: The default-priority-string added to system configuration to allow overriding compiled-in default-priority-string. @@ -59,6 +66,7 @@ See the end for copying conditions. ** API and ABI modifications: GNUTLS_SFLAGS_CLI_REQUESTED_OCSP: Added +GNUTLS_SFLAGS_SERV_REQUESTED_OCSP: Added gnutls_ocsp_req_const_t: Added diff --git a/bootstrap.conf b/bootstrap.conf index 33f19e7890..38f199a22c 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -23,7 +23,7 @@ gnulib_tool_option_extras="--with-tests --avoid=alignof-tests --avoid=lock-tests use_libtool=1 checkout_only_file= local_gl_dir=gl/override/ -required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/tlsfuzzer tests/suite/tls-fuzzer/tlslite-ng" +required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/tlsfuzzer tests/suite/tls-fuzzer/tlslite-ng devel/nettle" # Reproduce by: gnulib-tool --import --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2 --no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca byteswap c-ctype extensions func gendocs getline gettext-h gettimeofday hash-pjw-bare havelib intprops lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv snprintf stdint strcase strndup strtok_r strverscmp sys_socket sys_stat time_r unistd vasprintf vsnprintf warnings @@ -101,4 +101,6 @@ bootstrap_post_import_hook () # Automake requires that ChangeLog exist. touch ChangeLog || return 1 + + devel/import-curve448-from-nettle.sh } diff --git a/configure.ac b/configure.ac index 8aa72f443b..2e73a904d6 100644 --- a/configure.ac +++ b/configure.ac @@ -650,6 +650,16 @@ LIBS="$LIBS $NETTLE_LIBS" AC_CHECK_FUNCS(nettle_streebog512_update) LIBS=$save_LIBS +# Check for Curve448 and Ed448 +have_curve448=no +save_LIBS=$LIBS +LIBS="$LIBS $HOGWEED_LIBS $NETTLE_LIBS" +AC_CHECK_FUNCS([nettle_curve448_mul nettle_ed448_shake256_sign], + [AC_DEFINE([HAVE_CURVE448], 1, [Enable Curve448]) + have_curve448=yes]) +LIBS=$save_LIBS +AM_CONDITIONAL(NEED_CURVE448, test "$have_curve448" != "yes") + AC_MSG_CHECKING([whether to build libdane]) AC_ARG_ENABLE(libdane, AS_HELP_STRING([--disable-libdane], diff --git a/devel/import-curve448-from-nettle.sh b/devel/import-curve448-from-nettle.sh new file mode 100755 index 0000000000..7cd974302a --- /dev/null +++ b/devel/import-curve448-from-nettle.sh @@ -0,0 +1,154 @@ +#!/bin/sh + +# This script copies the Curve448 and Ed448 implementation from the +# nettle upstream, with necessary adjustments for bundling in GnuTLS. + +set +e + +: ${srcdir=.} +SRC=$srcdir/devel/nettle +DST=$srcdir/lib/nettle/curve448 + +IMPORTS=" +cnd-copy.c +curve448-eh-to-x.c +curve448.h +curve448-mul.c +curve448-mul-g.c +eccdata.c +ecc-curve448.c +ecc-add-eh.c +ecc-add-ehh.c +ecc-a-to-j.c +ecc-dup-eh.c +ecc-eh-to-a.c +ecc-internal.h +ecc-mod-arith.c +ecc-mod.c +ecc-mod-inv.c +ecc-mul-a-eh.c +ecc-mul-g-eh.c +ecc-mul-m.c +ed448-shake256.c +ed448-shake256-pubkey.c +ed448-shake256-sign.c +ed448-shake256-verify.c +eddsa-compress.c +eddsa-decompress.c +eddsa-expand.c +eddsa.h +eddsa-hash.c +eddsa-internal.h +eddsa-pubkey.c +eddsa-sign.c +eddsa-verify.c +gmp-glue.h +gmp-glue.c +nettle-write.h +sec-add-1.c +sec-tabselect.c +sha3.c +sha3.h +sha3-256.c +sha3-internal.h +sha3-permute.c +shake256.c +" + +PUBLIC=" +bignum.h +ecc-curve.h +ecc.h +macros.h +memxor.h +nettle-meta.h +nettle-types.h +" + +test -d $DST || mkdir $DST + +for f in $IMPORTS; do + src=$SRC/$f + dst=$DST/$f + if test -f $src; then + if test -f $dst; then + echo "Replacing $dst (existing file backed up in $dst~)" + mv $dst $dst~ + else + echo "Copying file $dst" + fi + cp $src $dst + # Use <nettle/*.h> for public headers. + for h in $PUBLIC; do + p=$(echo $h | sed 's/\./\\./g') + if grep '^#include "'$p'"' $dst 2>&1 >/dev/null; then + sed 's!^#include "'$p'"!#include <nettle/'$h'>!' $dst > $dst-t && \ + mv $dst-t $dst + fi + done + # Remove unused <assert.h>. + if grep '^#include <assert\.h>' $dst 2>&1 >/dev/null; then + if ! grep 'assert *(' $dst 2>&1 >/dev/null; then + sed '/^#include <assert\.h>/d' $dst > $dst-t && mv $dst-t $dst + fi + fi + case $dst in + *.h) + # Rename header guard so as not to conflict with the public ones. + if grep '^#ifndef NETTLE_.*_H\(_INCLUDED\)*' $dst 2>&1 >/dev/null; then + g=$(sed -n 's/^#ifndef NETTLE_\(.*_H\(_INCLUDED\)*\)/\1/p' $dst) + sed 's/\(NETTLE_'$g'\)/GNUTLS_LIB_NETTLE_CURVE448_\1/' $dst > $dst-t && \ + mv $dst-t $dst + fi + ;; + esac + case $dst in + *.h) + # Add prefix to function symbols avoid clashing with the public ones. + sed -e 's/^#define \(.*\) nettle_\1/#define \1 gnutls_nettle_curve448_\1/' \ + -e 's/^#define \(.*\) _nettle_\1/#define \1 _gnutls_nettle_curve448_\1/' $dst > $dst-t && \ + mv $dst-t $dst + ;; + esac + case $dst in + */eccdata.c) + sed 's/^#include "mini-gmp.c"/#include <gmp.h>/' $dst > $dst-t && \ + mv $dst-t $dst + ;; + esac + case $dst in + */ecc-curve448.c) + # The generated file is arch dependent, conditionalize the + # inclusion. + sed '/^#include "ecc-curve448\.h"/ { i\ +#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)\ +# pragma GCC diagnostic ignored "-Wunused-const-variable"\ +#endif\ +#if GMP_NUMB_BITS == 32\ +#include "curve448/ecc-curve448-32.h"\ +#elif GMP_NUMB_BITS == 64\ +#include "curve448/ecc-curve448-64.h"\ +#else\ +#error unsupported configuration\ +#endif +; d +}' $dst > $dst-t && mv $dst-t $dst + ;; + esac + case $dst in + */eddsa-hash.c) + # Known to be unnecessary. + sed '/^#include "nettle-internal\.h"/d' $dst > $dst-t && mv $dst-t $dst + ;; + esac + case $dst in + */ecc-add-eh*.c) + # Suppress whitespace errors in 'make syntax-check'. + sed 's/ * / /g' $dst > $dst-t && mv $dst-t $dst + ;; + esac + else + echo "Error: $src not found" 1>&2 + exit 1 + fi +done diff --git a/devel/libdane-latest-x86_64.abi b/devel/libdane-latest-x86_64.abi index ad8a136352..9e66a95bee 100644 --- a/devel/libdane-latest-x86_64.abi +++ b/devel/libdane-latest-x86_64.abi @@ -321,6 +321,8 @@ <enumerator name='GNUTLS_MAC_AES_GMAC_192' value='206'/> <enumerator name='GNUTLS_MAC_AES_GMAC_256' value='207'/> <enumerator name='GNUTLS_MAC_GOST28147_TC26Z_IMIT' value='208'/> + <enumerator name='GNUTLS_MAC_SHAKE_128' value='209'/> + <enumerator name='GNUTLS_MAC_SHAKE_256' value='210'/> </enum-decl> <typedef-decl name='gnutls_mac_algorithm_t' type-id='type-id-50' id='type-id-38'/> <enum-decl name='__anonymous_enum__' is-anonymous='yes' id='type-id-51'> @@ -439,6 +441,7 @@ <enumerator name='GNUTLS_GROUP_SECP384R1' value='3'/> <enumerator name='GNUTLS_GROUP_SECP521R1' value='4'/> <enumerator name='GNUTLS_GROUP_X25519' value='6'/> + <enumerator name='GNUTLS_GROUP_X448' value='20'/> <enumerator name='GNUTLS_GROUP_GC256A' value='16'/> <enumerator name='GNUTLS_GROUP_GC256B' value='17'/> <enumerator name='GNUTLS_GROUP_GC256C' value='18'/> @@ -480,7 +483,9 @@ <enumerator name='GNUTLS_ECC_CURVE_GOST256B' value='17'/> <enumerator name='GNUTLS_ECC_CURVE_GOST256C' value='18'/> <enumerator name='GNUTLS_ECC_CURVE_GOST256D' value='19'/> - <enumerator name='GNUTLS_ECC_CURVE_MAX' value='19'/> + <enumerator name='GNUTLS_ECC_CURVE_X448' value='20'/> + <enumerator name='GNUTLS_ECC_CURVE_ED448' value='21'/> + <enumerator name='GNUTLS_ECC_CURVE_MAX' value='21'/> </enum-decl> <typedef-decl name='gnutls_ecc_curve_t' type-id='type-id-71' id='type-id-66'/> <enum-decl name='__anonymous_enum__' is-anonymous='yes' id='type-id-72'> @@ -496,7 +501,9 @@ <enumerator name='GNUTLS_PK_GOST_01' value='8'/> <enumerator name='GNUTLS_PK_GOST_12_256' value='9'/> <enumerator name='GNUTLS_PK_GOST_12_512' value='10'/> - <enumerator name='GNUTLS_PK_MAX' value='10'/> + <enumerator name='GNUTLS_PK_ECDH_X448' value='11'/> + <enumerator name='GNUTLS_PK_EDDSA_ED448' value='12'/> + <enumerator name='GNUTLS_PK_MAX' value='12'/> </enum-decl> <typedef-decl name='gnutls_pk_algorithm_t' type-id='type-id-72' id='type-id-67'/> <typedef-decl name='gnutls_group_entry_st' type-id='type-id-62' id='type-id-73'/> @@ -551,7 +558,8 @@ <enumerator name='GNUTLS_SIGN_GOST_94' value='43'/> <enumerator name='GNUTLS_SIGN_GOST_256' value='44'/> <enumerator name='GNUTLS_SIGN_GOST_512' value='45'/> - <enumerator name='GNUTLS_SIGN_MAX' value='45'/> + <enumerator name='GNUTLS_SIGN_EDDSA_ED448' value='46'/> + <enumerator name='GNUTLS_SIGN_MAX' value='46'/> </enum-decl> <typedef-decl name='gnutls_sign_algorithm_t' type-id='type-id-75' id='type-id-29'/> <class-decl name='__anonymous_struct__' size-in-bits='320' is-struct='yes' is-anonymous='yes' naming-typedef-id='type-id-76' visibility='default' id='type-id-77'> @@ -1711,6 +1719,8 @@ <enumerator name='GNUTLS_DIG_GOSTR_94' value='15'/> <enumerator name='GNUTLS_DIG_STREEBOG_256' value='16'/> <enumerator name='GNUTLS_DIG_STREEBOG_512' value='17'/> + <enumerator name='GNUTLS_DIG_SHAKE_128' value='209'/> + <enumerator name='GNUTLS_DIG_SHAKE_256' value='210'/> </enum-decl> <typedef-decl name='gnutls_digest_algorithm_t' type-id='type-id-218' id='type-id-215'/> <class-decl name='__anonymous_struct__' size-in-bits='24' is-struct='yes' is-anonymous='yes' naming-typedef-id='type-id-219' visibility='default' id='type-id-220'> diff --git a/devel/libgnutls-latest-x86_64.abi b/devel/libgnutls-latest-x86_64.abi index bf45d3c5b1..cab31da9a8 100644 --- a/devel/libgnutls-latest-x86_64.abi +++ b/devel/libgnutls-latest-x86_64.abi @@ -1563,6 +1563,8 @@ <enumerator name='GNUTLS_MAC_AES_GMAC_192' value='206'/> <enumerator name='GNUTLS_MAC_AES_GMAC_256' value='207'/> <enumerator name='GNUTLS_MAC_GOST28147_TC26Z_IMIT' value='208'/> + <enumerator name='GNUTLS_MAC_SHAKE_128' value='209'/> + <enumerator name='GNUTLS_MAC_SHAKE_256' value='210'/> </enum-decl> <typedef-decl name='gnutls_mac_algorithm_t' type-id='type-id-44' id='type-id-31'/> <enum-decl name='__anonymous_enum__' is-anonymous='yes' id='type-id-45'> @@ -1680,6 +1682,7 @@ <enumerator name='GNUTLS_GROUP_SECP384R1' value='3'/> <enumerator name='GNUTLS_GROUP_SECP521R1' value='4'/> <enumerator name='GNUTLS_GROUP_X25519' value='6'/> + <enumerator name='GNUTLS_GROUP_X448' value='20'/> <enumerator name='GNUTLS_GROUP_GC256A' value='16'/> <enumerator name='GNUTLS_GROUP_GC256B' value='17'/> <enumerator name='GNUTLS_GROUP_GC256C' value='18'/> @@ -1731,7 +1734,9 @@ <enumerator name='GNUTLS_ECC_CURVE_GOST256B' value='17'/> <enumerator name='GNUTLS_ECC_CURVE_GOST256C' value='18'/> <enumerator name='GNUTLS_ECC_CURVE_GOST256D' value='19'/> - <enumerator name='GNUTLS_ECC_CURVE_MAX' value='19'/> + <enumerator name='GNUTLS_ECC_CURVE_X448' value='20'/> + <enumerator name='GNUTLS_ECC_CURVE_ED448' value='21'/> + <enumerator name='GNUTLS_ECC_CURVE_MAX' value='21'/> </enum-decl> <typedef-decl name='gnutls_ecc_curve_t' type-id='type-id-67' id='type-id-59'/> <enum-decl name='__anonymous_enum__' is-anonymous='yes' id='type-id-68'> @@ -1747,7 +1752,9 @@ <enumerator name='GNUTLS_PK_GOST_01' value='8'/> <enumerator name='GNUTLS_PK_GOST_12_256' value='9'/> <enumerator name='GNUTLS_PK_GOST_12_512' value='10'/> - <enumerator name='GNUTLS_PK_MAX' value='10'/> + <enumerator name='GNUTLS_PK_ECDH_X448' value='11'/> + <enumerator name='GNUTLS_PK_EDDSA_ED448' value='12'/> + <enumerator name='GNUTLS_PK_MAX' value='12'/> </enum-decl> <typedef-decl name='gnutls_pk_algorithm_t' type-id='type-id-68' id='type-id-60'/> <typedef-decl name='gnutls_group_entry_st' type-id='type-id-55' id='type-id-69'/> @@ -1802,7 +1809,8 @@ <enumerator name='GNUTLS_SIGN_GOST_94' value='43'/> <enumerator name='GNUTLS_SIGN_GOST_256' value='44'/> <enumerator name='GNUTLS_SIGN_GOST_512' value='45'/> - <enumerator name='GNUTLS_SIGN_MAX' value='45'/> + <enumerator name='GNUTLS_SIGN_EDDSA_ED448' value='46'/> + <enumerator name='GNUTLS_SIGN_MAX' value='46'/> </enum-decl> <typedef-decl name='gnutls_sign_algorithm_t' type-id='type-id-71' id='type-id-21'/> <type-decl name='int' size-in-bits='32' id='type-id-22'/> @@ -2963,6 +2971,8 @@ <enumerator name='GNUTLS_DIG_GOSTR_94' value='15'/> <enumerator name='GNUTLS_DIG_STREEBOG_256' value='16'/> <enumerator name='GNUTLS_DIG_STREEBOG_512' value='17'/> + <enumerator name='GNUTLS_DIG_SHAKE_128' value='209'/> + <enumerator name='GNUTLS_DIG_SHAKE_256' value='210'/> </enum-decl> <typedef-decl name='gnutls_digest_algorithm_t' type-id='type-id-214' id='type-id-211'/> <class-decl name='__anonymous_struct__' size-in-bits='24' is-struct='yes' is-anonymous='yes' naming-typedef-id='type-id-215' visibility='default' id='type-id-216'> diff --git a/devel/nettle b/devel/nettle new file mode 160000 +Subproject d1dbba1e7fcf4ad54e5d3435e381ae336c36cf2 diff --git a/doc/cha-crypto.texi b/doc/cha-crypto.texi index da2ce20528..5fad4fdf6e 100644 --- a/doc/cha-crypto.texi +++ b/doc/cha-crypto.texi @@ -90,7 +90,7 @@ structures functions such as @funcref{gnutls_privkey_set_pin_function}. @subsection Key generation -All supported key types (including RSA, DSA, ECDSA, Ed25519) can be generated +All supported key types (including RSA, DSA, ECDSA, Ed25519, Ed448) can be generated with GnuTLS. They can be generated with the simpler @funcref{gnutls_privkey_generate} or with the more advanced @funcref{gnutls_privkey_generate2}. diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 75ac509e34..ab82f14aad 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1462,7 +1462,7 @@ Shortcut which enables secure GOST algorithms is SIGN-GOST-ALL. This option is only considered for TLS 1.2 and later. @item Groups @tab -GROUP-SECP256R1, GROUP-SECP384R1, GROUP-SECP521R1, GROUP-X25519, +GROUP-SECP256R1, GROUP-SECP384R1, GROUP-SECP521R1, GROUP-X25519, GROUP-X448, GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096, GROUP-FFDHE6144, and GROUP-FFDHE8192. Groups include both elliptic curve groups, e.g., SECP256R1, as well as @@ -1473,7 +1473,7 @@ to finite fields (DH), GOST curves and generic elliptic curves. @item Elliptic curves (legacy) @tab CURVE-SECP192R1, CURVE-SECP224R1, CURVE-SECP256R1, CURVE-SECP384R1, -CURVE-SECP521R1, and CURVE-X25519. +CURVE-SECP521R1, CURVE-X25519, and CURVE-X448. Catch all which enables all curves from NORMAL priority is CURVE-ALL. Note that the CURVE keyword is kept for backwards compatibility only, for new applications see the GROUP keyword above. diff --git a/doc/credentials/x509/cert-ed448.pem b/doc/credentials/x509/cert-ed448.pem new file mode 100644 index 0000000000..5633c1c2a7 --- /dev/null +++ b/doc/credentials/x509/cert-ed448.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIChjCCAT6gAwIBAgIUcXZDPNExk2Hd9zkOd9c1QTud7Y0wDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAxMOR251VExTIFRlc3QgQ0EwIBcNMTkwNDI0MTQ1NjU4WhgP +OTk5OTEyMzEyMzU5NTlaMAAwQzAFBgMrZXEDOgCa3d5h9mjy28CsJIdK20eiqmrV +n6iIvcXUMHBe0HlqjDMHgrUYYHhb5j/Xmxx89Y/XKLK/PXc5UQCjgY0wgYowDAYD +VR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUYBo0B3El7CNa5XG8lewb +i5oZ3PswHwYDVR0jBBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcN +AQELBQADggExAC/syIXeeAirbS7Xwp8E4btQc/z1FbBIpTkMm+Bv9n/9SrIIoifn +aBs3KN7UGaTSdv8dpgIGhz0eB/x8i/fceBDJxmaT0xk8pne37uMdFdVZKNnZf0zC +bnkAr93cYWjrLpY53dZMmxBpTQWE11wDY/HjbXnYLrVAJ7g/l7Xql1t4XZ9zAPST +Y5kTNvkh74LcFvSallzpzniFSH9b/32O3rVwgSQ5jtKqYfNrVGGsJ/Yf7DXmItK4 +7x2UR44pcIcunzZTuuhPl6LNelInuPovoJp8zsHecA8se2oYO3I0fBF3CpwdLBjE +NKdYWrdY/y982nCqeKSJBlXuv1KJvxgKbwhRokdZlgbZDgFyWz9+dOlqL1QApB44 +A2ygsrT4MxZMGwwAp32EozNEMZZQmpnySt0= +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/clicert-ed448.pem b/doc/credentials/x509/clicert-ed448.pem new file mode 100644 index 0000000000..1040542fb7 --- /dev/null +++ b/doc/credentials/x509/clicert-ed448.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIChzCCAT+gAwIBAgIUIQqoC9+469QU4oVvjLFOlEXj1dowDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAxMOR251VExTIFRlc3QgQ0EwIBcNMjAwMTEzMTAyMzQwWhgP +OTk5OTEyMzEyMzU5NTlaMBkxFzAVBgNVBAMTDmVkMjU1MTkgY2xpZW50MEMwBQYD +K2VxAzoAbUzL5LCjH5iTXzngBUzpalQzDhz4lUsOpQvWiXG5/MusIzLkIDc8CrQK +xBQh6UgFC7nWVrQrQB4Ao3YwdDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsG +AQUFBwMCMA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFIsD4KoMJwNc+Cq6lEuC +tINDOBwDMB8GA1UdIwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3 +DQEBCwUAA4IBMQAGt8G7QHCEsYix0G5keG8FRtbrTdPmb7FobrRp2Mxq8LOKykap +LuCQjenVO/KOYseFGvn76NSrOpMdVef2cu4rvBdDq7Mer6bgRABugBOBTlhfrTOF +6XjNkVjSIpOZjumD1rtYmeTGWGC437FtqDOgbVHBnIrOyxduLr6NrbtC7nnRr3px +DTmeUG0Pa+AG9jGH25tRug+AI7Si9wTFEE1UZJdsyyliL3Rm+Br/XnYaVN/p97hL +MUeOIgdHS6ejPiYL281zjN3H6uRbG/9Hzv2X52uAHnRWIzJDGVL1E1jt025txW/q +toEoBRGN30M6xf1YYy7hBt6DYgZAzTdljeKPMMO/6QpiGF678uc+xoVBMlTn1bhb +/rWiMWo03Ee1W8Ymx2H3Aj2maD8h9ovps2wx +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/clikey-ed448.pem b/doc/credentials/x509/clikey-ed448.pem new file mode 100644 index 0000000000..3ccb704b5d --- /dev/null +++ b/doc/credentials/x509/clikey-ed448.pem @@ -0,0 +1,28 @@ +Public Key Info: + Public Key Algorithm: EdDSA (Ed448) + Key Security Level: Ultra (456 bits) + +curve: Ed448 +private key: + f0:c4:7b:22:dd:ef:95:e4:67:bb:d7:49:43:7f:12:56 + 44:7a:2c:53:a2:7d:1a:33:83:2f:2a:7c:54:aa:02:b5 + ed:ad:68:39:5b:6a:e6:3a:fc:9e:7f:de:08:47:a4:9c + f2:ec:bc:a1:2c:04:ad:71:fa: + +x: + 6d:4c:cb:e4:b0:a3:1f:98:93:5f:39:e0:05:4c:e9:6a + 54:33:0e:1c:f8:95:4b:0e:a5:0b:d6:89:71:b9:fc:cb + ac:23:32:e4:20:37:3c:0a:b4:0a:c4:14:21:e9:48:05 + 0b:b9:d6:56:b4:2b:40:1e:00: + + +Public Key PIN: + pin-sha256:2Rn8YAmzw19rFmh80LoUYPsqLZq7UQWpxDmGYO+J994= +Public Key ID: + sha256:d919fc6009b3c35f6b16687cd0ba1460fb2a2d9abb5105a9c4398660ef89f7de + sha1:8b03e0aa0c27035cf82aba944b82b48343381c03 + +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOfDEeyLd75XkZ7vXSUN/ElZEeixTon0aM4MvKnxUqgK1 +7a1oOVtq5jr8nn/eCEeknPLsvKEsBK1x+g== +-----END PRIVATE KEY----- diff --git a/doc/credentials/x509/key-ed448.pem b/doc/credentials/x509/key-ed448.pem new file mode 100644 index 0000000000..9f15dbdb74 --- /dev/null +++ b/doc/credentials/x509/key-ed448.pem @@ -0,0 +1,28 @@ +Public Key Info: + Public Key Algorithm: EdDSA (Ed448) + Key Security Level: Ultra (456 bits) + +curve: Ed448 +private key: + 0c:f8:7e:b0:94:bf:46:d1:61:bd:e3:b9:9d:1d:32:85 + 6f:ec:fa:e0:14:23:92:cd:98:c0:91:db:20:6d:17:4b + bf:8e:f4:76:a9:cf:74:6d:94:30:6c:56:5f:97:ac:50 + 79:6f:02:1e:ff:8d:77:9c:a5: + +x: + 9a:dd:de:61:f6:68:f2:db:c0:ac:24:87:4a:db:47:a2 + aa:6a:d5:9f:a8:88:bd:c5:d4:30:70:5e:d0:79:6a:8c + 33:07:82:b5:18:60:78:5b:e6:3f:d7:9b:1c:7c:f5:8f + d7:28:b2:bf:3d:77:39:51:00: + + +Public Key PIN: + pin-sha256:tZSB72Ha+TK+0mlTzgErm+T+WcmLAXNCqpjSbzFC8JE= +Public Key ID: + sha256:b59481ef61daf932bed26953ce012b9be4fe59c98b017342aa98d26f3142f091 + sha1:601a34077125ec235ae571bc95ec1b8b9a19dcfb + +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOQz4frCUv0bRYb3juZ0dMoVv7PrgFCOSzZjAkdsgbRdL +v470dqnPdG2UMGxWX5esUHlvAh7/jXecpQ== +-----END PRIVATE KEY----- diff --git a/fuzz/gnutls_client_fuzzer.in/5ef0df17445fb4098d15536a1195a47cb55b6845 b/fuzz/gnutls_client_fuzzer.in/5ef0df17445fb4098d15536a1195a47cb55b6845 Binary files differnew file mode 100644 index 0000000000..45eede51d0 --- /dev/null +++ b/fuzz/gnutls_client_fuzzer.in/5ef0df17445fb4098d15536a1195a47cb55b6845 diff --git a/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/1b7aa3df2ff93a851c77d0585bef787eadbfafd1 b/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/1b7aa3df2ff93a851c77d0585bef787eadbfafd1 Binary files differnew file mode 100644 index 0000000000..20a2cc3d4c --- /dev/null +++ b/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/1b7aa3df2ff93a851c77d0585bef787eadbfafd1 diff --git a/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/369ba35edf050d92fa31572bb3e98651112ea67e b/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/369ba35edf050d92fa31572bb3e98651112ea67e Binary files differnew file mode 100644 index 0000000000..7d3c0b3e6d --- /dev/null +++ b/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/369ba35edf050d92fa31572bb3e98651112ea67e diff --git a/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/8a1320975e683bfe2c82ceb4c34a15d95cff03a0 b/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/8a1320975e683bfe2c82ceb4c34a15d95cff03a0 Binary files differnew file mode 100644 index 0000000000..63f660be21 --- /dev/null +++ b/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/8a1320975e683bfe2c82ceb4c34a15d95cff03a0 diff --git a/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/a8aae3d777beab137ab6b48fb5c7140dca34fe43 b/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/a8aae3d777beab137ab6b48fb5c7140dca34fe43 Binary files differnew file mode 100644 index 0000000000..895b6f063b --- /dev/null +++ b/fuzz/gnutls_pkcs12_key_parser_fuzzer.in/a8aae3d777beab137ab6b48fb5c7140dca34fe43 diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.in/09d844fe63ca873c7348138833e04f1f160651aa b/fuzz/gnutls_pkcs7_parser_fuzzer.in/09d844fe63ca873c7348138833e04f1f160651aa Binary files differnew file mode 100644 index 0000000000..72e791e786 --- /dev/null +++ b/fuzz/gnutls_pkcs7_parser_fuzzer.in/09d844fe63ca873c7348138833e04f1f160651aa diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.in/09f357044a8ad65a369a245e703066d17c275b60 b/fuzz/gnutls_pkcs7_parser_fuzzer.in/09f357044a8ad65a369a245e703066d17c275b60 Binary files differnew file mode 100644 index 0000000000..0f2b64e81f --- /dev/null +++ b/fuzz/gnutls_pkcs7_parser_fuzzer.in/09f357044a8ad65a369a245e703066d17c275b60 diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.in/16eab262550ea4a553c31cf8b705dd82fbb420dd b/fuzz/gnutls_pkcs7_parser_fuzzer.in/16eab262550ea4a553c31cf8b705dd82fbb420dd Binary files differnew file mode 100644 index 0000000000..bde80ba844 --- /dev/null +++ b/fuzz/gnutls_pkcs7_parser_fuzzer.in/16eab262550ea4a553c31cf8b705dd82fbb420dd diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.in/198337d10286b07fc87e469ef43ed1a47a144351 b/fuzz/gnutls_pkcs7_parser_fuzzer.in/198337d10286b07fc87e469ef43ed1a47a144351 Binary files differnew file mode 100644 index 0000000000..f7465c650a --- /dev/null +++ b/fuzz/gnutls_pkcs7_parser_fuzzer.in/198337d10286b07fc87e469ef43ed1a47a144351 diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.in/1c9af21e2b948c52fa18108d9f75f4b38dd1788d b/fuzz/gnutls_pkcs7_parser_fuzzer.in/1c9af21e2b948c52fa18108d9f75f4b38dd1788d Binary files differnew file mode 100644 index 0000000000..bc1b56a29c --- /dev/null +++ b/fuzz/gnutls_pkcs7_parser_fuzzer.in/1c9af21e2b948c52fa18108d9f75f4b38dd1788d diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.in/22cc23413577e1b88e3b3a857f951e93a52636a9 b/fuzz/gnutls_pkcs7_parser_fuzzer.in/22cc23413577e1b88e3b3a857f951e93a52636a9 Binary files differnew file mode 100644 index 0000000000..8de6f8f6ea --- /dev/null +++ b/fuzz/gnutls_pkcs7_parser_fuzzer.in/22cc23413577e1b88e3b3a857f951e93a52636a9 diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.in/2d847a5ee0d02e9ce72be0847246d36307805f5f b/fuzz/gnutls_pkcs7_parser_fuzzer.in/2d847a5ee0d02e9ce72be0847246d36307805f5f Binary files differnew file mode 100644 index 0000000000..4944d5068b --- /dev/null +++ b/fuzz/gnutls_pkcs7_parser_fuzzer.in/2d847a5ee0d02e9ce72be0847246d36307805f5f diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.in/4d1ac74cf61692264b0f335eccd88643a824b250 b/fuzz/gnutls_pkcs7_parser_fuzzer.in/4d1ac74cf61692264b0f335eccd88643a824b250 Binary files differnew file mode 100644 index 0000000000..f650eae88a --- /dev/null +++ b/fuzz/gnutls_pkcs7_parser_fuzzer.in/4d1ac74cf61692264b0f335eccd88643a824b250 diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.in/516a419fab465593d859be6fed68be30b6e7e842 b/fuzz/gnutls_pkcs7_parser_fuzzer.in/516a419fab465593d859be6fed68be30b6e7e842 Binary files differnew file mode 100644 index 0000000000..13b5b26e2e --- /dev/null +++ b/fuzz/gnutls_pkcs7_parser_fuzzer.in/516a419fab465593d859be6fed68be30b6e7e842 diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.in/bd383251a4f658f1734b2e9a49b4d7e8e98cdf0f b/fuzz/gnutls_pkcs7_parser_fuzzer.in/bd383251a4f658f1734b2e9a49b4d7e8e98cdf0f Binary files differnew file mode 100644 index 0000000000..b5cdb705c7 --- /dev/null +++ b/fuzz/gnutls_pkcs7_parser_fuzzer.in/bd383251a4f658f1734b2e9a49b4d7e8e98cdf0f diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.in/c0b6cd402992896a40947b3100c59ae8b8f3d662 b/fuzz/gnutls_pkcs7_parser_fuzzer.in/c0b6cd402992896a40947b3100c59ae8b8f3d662 Binary files differnew file mode 100644 index 0000000000..956f0bcf21 --- /dev/null +++ b/fuzz/gnutls_pkcs7_parser_fuzzer.in/c0b6cd402992896a40947b3100c59ae8b8f3d662 diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.in/f62a8c5e536f3963e40df78f268ab3b405973a09 b/fuzz/gnutls_pkcs7_parser_fuzzer.in/f62a8c5e536f3963e40df78f268ab3b405973a09 Binary files differnew file mode 100644 index 0000000000..b7da47f335 --- /dev/null +++ b/fuzz/gnutls_pkcs7_parser_fuzzer.in/f62a8c5e536f3963e40df78f268ab3b405973a09 diff --git a/fuzz/gnutls_pkcs7_parser_fuzzer.in/fed888903b0e9af3d95b1904dbddf6cc88fdcea2 b/fuzz/gnutls_pkcs7_parser_fuzzer.in/fed888903b0e9af3d95b1904dbddf6cc88fdcea2 Binary files differnew file mode 100644 index 0000000000..c6979804b8 --- /dev/null +++ b/fuzz/gnutls_pkcs7_parser_fuzzer.in/fed888903b0e9af3d95b1904dbddf6cc88fdcea2 diff --git a/fuzz/gnutls_pkcs8_key_parser_fuzzer.in/4b33790b8f739639aa8867f55245a5152889738a b/fuzz/gnutls_pkcs8_key_parser_fuzzer.in/4b33790b8f739639aa8867f55245a5152889738a Binary files differnew file mode 100644 index 0000000000..4389c9cc4a --- /dev/null +++ b/fuzz/gnutls_pkcs8_key_parser_fuzzer.in/4b33790b8f739639aa8867f55245a5152889738a diff --git a/fuzz/gnutls_pkcs8_key_parser_fuzzer.in/c2cf384dff485c778b0d4bf480cde56f22b0c278 b/fuzz/gnutls_pkcs8_key_parser_fuzzer.in/c2cf384dff485c778b0d4bf480cde56f22b0c278 Binary files differnew file mode 100644 index 0000000000..c798950ad2 --- /dev/null +++ b/fuzz/gnutls_pkcs8_key_parser_fuzzer.in/c2cf384dff485c778b0d4bf480cde56f22b0c278 diff --git a/fuzz/gnutls_pkcs8_key_parser_fuzzer.in/cd39456de3dfba9c20878500c671c5b0328cfe25 b/fuzz/gnutls_pkcs8_key_parser_fuzzer.in/cd39456de3dfba9c20878500c671c5b0328cfe25 Binary files differnew file mode 100644 index 0000000000..491c348cb6 --- /dev/null +++ b/fuzz/gnutls_pkcs8_key_parser_fuzzer.in/cd39456de3dfba9c20878500c671c5b0328cfe25 diff --git a/fuzz/gnutls_server_fuzzer.in/96c552adcacf4108c319533ea61c33f4240ad0fd b/fuzz/gnutls_server_fuzzer.in/96c552adcacf4108c319533ea61c33f4240ad0fd Binary files differnew file mode 100644 index 0000000000..feceb0a220 --- /dev/null +++ b/fuzz/gnutls_server_fuzzer.in/96c552adcacf4108c319533ea61c33f4240ad0fd diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/01865dcfe78cf1e2da38b79b4731b87c590492e1 b/fuzz/gnutls_x509_parser_fuzzer.in/01865dcfe78cf1e2da38b79b4731b87c590492e1 Binary files differnew file mode 100644 index 0000000000..b0a1e6e776 --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/01865dcfe78cf1e2da38b79b4731b87c590492e1 diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/0953fdd45bb46478f2cbf7df2764d2c2b9433387 b/fuzz/gnutls_x509_parser_fuzzer.in/0953fdd45bb46478f2cbf7df2764d2c2b9433387 Binary files differnew file mode 100644 index 0000000000..1ad16d47bc --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/0953fdd45bb46478f2cbf7df2764d2c2b9433387 diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/1185bb0f3aed7dfc21aeb8b951c2bc5344bc73e0 b/fuzz/gnutls_x509_parser_fuzzer.in/1185bb0f3aed7dfc21aeb8b951c2bc5344bc73e0 Binary files differnew file mode 100644 index 0000000000..1bd161aa04 --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/1185bb0f3aed7dfc21aeb8b951c2bc5344bc73e0 diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/152f4d903dc51d79cb864b56a037d631e9277deb b/fuzz/gnutls_x509_parser_fuzzer.in/152f4d903dc51d79cb864b56a037d631e9277deb Binary files differnew file mode 100644 index 0000000000..d9fdea2c8a --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/152f4d903dc51d79cb864b56a037d631e9277deb diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/19c4ff5b7bd2756ef6aa3f7333cb54b427bdfb5b b/fuzz/gnutls_x509_parser_fuzzer.in/19c4ff5b7bd2756ef6aa3f7333cb54b427bdfb5b Binary files differnew file mode 100644 index 0000000000..8d3e820bcc --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/19c4ff5b7bd2756ef6aa3f7333cb54b427bdfb5b diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/3399de0770467a07b3a2bdd0cdd6874d5d9391be b/fuzz/gnutls_x509_parser_fuzzer.in/3399de0770467a07b3a2bdd0cdd6874d5d9391be Binary files differnew file mode 100644 index 0000000000..71564dad0c --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/3399de0770467a07b3a2bdd0cdd6874d5d9391be diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/428e6e5042f8a04e74e1affb8dabd676563b0979 b/fuzz/gnutls_x509_parser_fuzzer.in/428e6e5042f8a04e74e1affb8dabd676563b0979 Binary files differnew file mode 100644 index 0000000000..33328140a8 --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/428e6e5042f8a04e74e1affb8dabd676563b0979 diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/58fb953ce8f894d4f58d9000145214e6c1e119de b/fuzz/gnutls_x509_parser_fuzzer.in/58fb953ce8f894d4f58d9000145214e6c1e119de Binary files differnew file mode 100644 index 0000000000..d08770c32d --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/58fb953ce8f894d4f58d9000145214e6c1e119de diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/5de8f9db720d083b1e319ec8bb9223520ecc4bba b/fuzz/gnutls_x509_parser_fuzzer.in/5de8f9db720d083b1e319ec8bb9223520ecc4bba Binary files differnew file mode 100644 index 0000000000..554c114cbc --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/5de8f9db720d083b1e319ec8bb9223520ecc4bba diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/655d50379e1854166164cb6de57eebeb58b5b73a b/fuzz/gnutls_x509_parser_fuzzer.in/655d50379e1854166164cb6de57eebeb58b5b73a Binary files differnew file mode 100644 index 0000000000..c6791563ca --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/655d50379e1854166164cb6de57eebeb58b5b73a diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/68a06d22fcd02410e1afa763645155d7d7239a27 b/fuzz/gnutls_x509_parser_fuzzer.in/68a06d22fcd02410e1afa763645155d7d7239a27 Binary files differnew file mode 100644 index 0000000000..933b842b94 --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/68a06d22fcd02410e1afa763645155d7d7239a27 diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/7ebfa2fe8a0cefa830241d47963a5f80168fe15e b/fuzz/gnutls_x509_parser_fuzzer.in/7ebfa2fe8a0cefa830241d47963a5f80168fe15e Binary files differnew file mode 100644 index 0000000000..f78a2b2c28 --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/7ebfa2fe8a0cefa830241d47963a5f80168fe15e diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/c2e84dbccc11c6f1de7332fff740c93ecdd37769 b/fuzz/gnutls_x509_parser_fuzzer.in/c2e84dbccc11c6f1de7332fff740c93ecdd37769 Binary files differnew file mode 100644 index 0000000000..92aa6f36b7 --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/c2e84dbccc11c6f1de7332fff740c93ecdd37769 diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/cba0e4e585f5dc40d93a32ccefe2ccd1937122c5 b/fuzz/gnutls_x509_parser_fuzzer.in/cba0e4e585f5dc40d93a32ccefe2ccd1937122c5 Binary files differnew file mode 100644 index 0000000000..80c5abebcb --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/cba0e4e585f5dc40d93a32ccefe2ccd1937122c5 diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/cddda9519a46e64ca98ee83385eeb748b4b25e97 b/fuzz/gnutls_x509_parser_fuzzer.in/cddda9519a46e64ca98ee83385eeb748b4b25e97 Binary files differnew file mode 100644 index 0000000000..388dd43679 --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/cddda9519a46e64ca98ee83385eeb748b4b25e97 diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/d43782a1f943a966f4ea1ac96bd048fe68d4d951 b/fuzz/gnutls_x509_parser_fuzzer.in/d43782a1f943a966f4ea1ac96bd048fe68d4d951 Binary files differnew file mode 100644 index 0000000000..fe152851f6 --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/d43782a1f943a966f4ea1ac96bd048fe68d4d951 diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/d9658f8a95f423df24d7ba47a3bc33abea643fa8 b/fuzz/gnutls_x509_parser_fuzzer.in/d9658f8a95f423df24d7ba47a3bc33abea643fa8 Binary files differnew file mode 100644 index 0000000000..d040c1bc4e --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/d9658f8a95f423df24d7ba47a3bc33abea643fa8 diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/db83a5af5244ddb18bb26bb187e0b5ca1ea627a8 b/fuzz/gnutls_x509_parser_fuzzer.in/db83a5af5244ddb18bb26bb187e0b5ca1ea627a8 Binary files differnew file mode 100644 index 0000000000..f64390741d --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/db83a5af5244ddb18bb26bb187e0b5ca1ea627a8 diff --git a/fuzz/gnutls_x509_parser_fuzzer.in/eb7100f31cd1529dcae4e2666d09da01191a4699 b/fuzz/gnutls_x509_parser_fuzzer.in/eb7100f31cd1529dcae4e2666d09da01191a4699 Binary files differnew file mode 100644 index 0000000000..c1760db7d6 --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.in/eb7100f31cd1529dcae4e2666d09da01191a4699 diff --git a/lib/algorithms.h b/lib/algorithms.h index fadf269871..c68a266cc9 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -44,7 +44,9 @@ ((x)==GNUTLS_PK_GOST_12_256)|| \ ((x)==GNUTLS_PK_GOST_12_512)) -#define IS_EC(x) (((x)==GNUTLS_PK_ECDSA)||((x)==GNUTLS_PK_ECDH_X25519)||((x)==GNUTLS_PK_EDDSA_ED25519)) +#define IS_EC(x) (((x)==GNUTLS_PK_ECDSA)|| \ + ((x)==GNUTLS_PK_ECDH_X25519)||((x)==GNUTLS_PK_EDDSA_ED25519)|| \ + ((x)==GNUTLS_PK_ECDH_X448)||((x)==GNUTLS_PK_EDDSA_ED448)) #define SIG_SEM_PRE_TLS12 (1<<1) #define SIG_SEM_TLS13 (1<<2) @@ -450,7 +452,8 @@ inline static int _curve_is_eddsa(const gnutls_ecc_curve_entry_st * e) { if (unlikely(e == NULL)) return 0; - if (e->pk == GNUTLS_PK_EDDSA_ED25519) + if (e->pk == GNUTLS_PK_EDDSA_ED25519 || + e->pk == GNUTLS_PK_EDDSA_ED448) return 1; return 0; } diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c index 8b4b78f67d..14351b87ad 100644 --- a/lib/algorithms/ecc.c +++ b/lib/algorithms/ecc.c @@ -96,6 +96,22 @@ gnutls_ecc_curve_entry_st ecc_curves[] = { .sig_size = 64, .supported = 1, }, + { + .name = "X448", + .id = GNUTLS_ECC_CURVE_X448, + .pk = GNUTLS_PK_ECDH_X448, + .size = 56, + .supported = 1, + }, + { + .name = "Ed448", + .oid = SIG_ED448_OID, + .id = GNUTLS_ECC_CURVE_ED448, + .pk = GNUTLS_PK_EDDSA_ED448, + .size = 57, + .sig_size = 114, + .supported = 1, + }, #if ENABLE_GOST /* Curves for usage in GOST digital signature algorithm (GOST R * 34.10-2001/-2012) and key agreement (VKO GOST R 34.10-2001/-2012). diff --git a/lib/algorithms/groups.c b/lib/algorithms/groups.c index 6e1326666a..d4b77beb2a 100644 --- a/lib/algorithms/groups.c +++ b/lib/algorithms/groups.c @@ -125,6 +125,13 @@ static const gnutls_group_entry_st supported_groups[] = { .tls_id = 40, }, #endif + { + .name = "X448", + .id = GNUTLS_GROUP_X448, + .curve = GNUTLS_ECC_CURVE_X448, + .tls_id = 30, + .pk = GNUTLS_PK_ECDH_X448 + }, #ifdef ENABLE_DHE { .name = "FFDHE2048", diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c index 376c76df06..edd6e10acc 100644 --- a/lib/algorithms/mac.c +++ b/lib/algorithms/mac.c @@ -183,6 +183,14 @@ mac_entry_st hash_algorithms[] = { .key_size = 32, .block_size = 8, .flags = GNUTLS_MAC_FLAG_CONTINUOUS_MAC}, + {.name = "SHAKE-128", + .oid = HASH_OID_SHAKE_128, + .id = GNUTLS_MAC_SHAKE_128, + .block_size = 168}, + {.name = "SHAKE-256", + .oid = HASH_OID_SHAKE_256, + .id = GNUTLS_MAC_SHAKE_256, + .block_size = 136}, {.name = "MAC-NULL", .id = GNUTLS_MAC_NULL}, {0, 0, 0, 0, 0, 0, 0, 0, 0} diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c index dc535c2f65..c298a38936 100644 --- a/lib/algorithms/publickey.c +++ b/lib/algorithms/publickey.c @@ -51,6 +51,7 @@ static const gnutls_pk_map pk_mappings[] = { {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN}, {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EDDSA_ED25519, CIPHER_SIGN}, + {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EDDSA_ED448, CIPHER_SIGN}, {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA_PSS, CIPHER_SIGN}, {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA_PSS, CIPHER_SIGN}, @@ -141,10 +142,14 @@ static const gnutls_pk_entry pk_algorithms[] = { .curve = GNUTLS_ECC_CURVE_INVALID }, { .name = "EdDSA (Ed25519)", .oid = SIG_EDDSA_SHA512_OID, .id = GNUTLS_PK_EDDSA_ED25519, .curve = GNUTLS_ECC_CURVE_ED25519, .no_prehashed = 1 }, + { .name = "EdDSA (Ed448)", .oid = SIG_ED448_OID, .id = GNUTLS_PK_EDDSA_ED448, + .curve = GNUTLS_ECC_CURVE_ED448, .no_prehashed = 1 }, { .name = "DH", .oid = NULL, .id = GNUTLS_PK_DH, .curve = GNUTLS_ECC_CURVE_INVALID }, { .name = "ECDH (X25519)", .oid = "1.3.101.110", .id = GNUTLS_PK_ECDH_X25519, .curve = GNUTLS_ECC_CURVE_X25519 }, + { .name = "ECDH (X448)", .oid = "1.3.101.111", .id = GNUTLS_PK_ECDH_X448, + .curve = GNUTLS_ECC_CURVE_X448 }, { .name = "UNKNOWN", .oid = NULL, .id = GNUTLS_PK_UNKNOWN, .curve = GNUTLS_ECC_CURVE_INVALID }, {0, 0, 0, 0} diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index 167c5fb51b..9c95e388ae 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -125,6 +125,17 @@ gnutls_sign_entry_st sign_algorithms[] = { .flags = GNUTLS_SIGN_FLAG_TLS13_OK, .aid = {{8, 7}, SIG_SEM_DEFAULT}}, + /* Ed448: The hash algorithm here is set to be SHAKE256, although that is + * an internal detail of Ed448; we set it, because CMS/PKCS#7 requires + * that mapping. */ + {.name = "EdDSA-Ed448", + .oid = SIG_ED448_OID, + .id = GNUTLS_SIGN_EDDSA_ED448, + .pk = GNUTLS_PK_EDDSA_ED448, + .hash = GNUTLS_DIG_SHAKE_256, + .flags = GNUTLS_SIGN_FLAG_TLS13_OK, + .aid = {{8, 8}, SIG_SEM_DEFAULT}}, + /* ECDSA */ /* The following three signature algorithms * have different semantics when used under TLS 1.2 diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c index 8c20d6c1cc..883f6cd046 100644 --- a/lib/auth/ecdhe.c +++ b/lib/auth/ecdhe.c @@ -172,7 +172,8 @@ int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, gnutls_assert(); goto cleanup; } - } else if (ecurve->pk == GNUTLS_PK_ECDH_X25519) { + } else if (ecurve->pk == GNUTLS_PK_ECDH_X25519 || + ecurve->pk == GNUTLS_PK_ECDH_X448) { if (ecurve->size != point_size) return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); @@ -183,7 +184,8 @@ int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, goto cleanup; } - /* RFC7748 requires to mask the MSB in the final byte */ + /* RFC7748 requires to mask the MSB in the final byte + * for X25519 (not X448) */ if (ecurve->id == GNUTLS_ECC_CURVE_X25519) { session->key.proto.tls12.ecdh.raw.data[point_size-1] &= 0x7f; } @@ -282,7 +284,7 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, gnutls_assert(); goto cleanup; } - } else if (pk == GNUTLS_PK_ECDH_X25519) { + } else if (pk == GNUTLS_PK_ECDH_X25519 || pk == GNUTLS_PK_ECDH_X448) { ret = _gnutls_buffer_append_data_prefix(data, 8, session->key.proto.tls12.ecdh.params.raw_pub.data, @@ -382,7 +384,8 @@ _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); - } else if (ecurve->pk == GNUTLS_PK_ECDH_X25519) { + } else if (ecurve->pk == GNUTLS_PK_ECDH_X25519 || + ecurve->pk == GNUTLS_PK_ECDH_X448) { if (ecurve->size != point_size) return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); @@ -391,7 +394,8 @@ _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); - /* RFC7748 requires to mask the MSB in the final byte */ + /* RFC7748 requires to mask the MSB in the final byte + * for X25519 (not X448) */ if (ecurve->id == GNUTLS_ECC_CURVE_X25519) { session->key.proto.tls12.ecdh.raw.data[point_size-1] &= 0x7f; } @@ -462,7 +466,8 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); - } else if (group->pk == GNUTLS_PK_ECDH_X25519) { + } else if (group->pk == GNUTLS_PK_ECDH_X25519 || + group->pk == GNUTLS_PK_ECDH_X448) { ret = _gnutls_buffer_append_data_prefix(data, 8, session->key.proto.tls12.ecdh.params.raw_pub.data, diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c index 4ae12c96b5..41dd1b7326 100644 --- a/lib/ext/key_share.c +++ b/lib/ext/key_share.c @@ -75,6 +75,7 @@ static int client_gen_key_share(gnutls_session_t session, const gnutls_group_ent int ret; if (group->pk != GNUTLS_PK_EC && group->pk != GNUTLS_PK_ECDH_X25519 && + group->pk != GNUTLS_PK_ECDH_X448 && group->pk != GNUTLS_PK_DH) { _gnutls_debug_log("Cannot send key share for group %s!\n", group->name); return GNUTLS_E_INT_RET_0; @@ -115,7 +116,8 @@ static int client_gen_key_share(gnutls_session_t session, const gnutls_group_ent ret = 0; - } else if (group->pk == GNUTLS_PK_ECDH_X25519) { + } else if (group->pk == GNUTLS_PK_ECDH_X25519 || + group->pk == GNUTLS_PK_ECDH_X448) { gnutls_pk_params_release(&session->key.kshare.ecdhx_params); gnutls_pk_params_init(&session->key.kshare.ecdhx_params); @@ -195,6 +197,7 @@ static int server_gen_key_share(gnutls_session_t session, const gnutls_group_ent int ret; if (group->pk != GNUTLS_PK_EC && group->pk != GNUTLS_PK_ECDH_X25519 && + group->pk != GNUTLS_PK_ECDH_X448 && group->pk != GNUTLS_PK_DH) { _gnutls_debug_log("Cannot send key share for group %s!\n", group->name); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; @@ -224,7 +227,8 @@ static int server_gen_key_share(gnutls_session_t session, const gnutls_group_ent ret = 0; - } else if (group->pk == GNUTLS_PK_ECDH_X25519) { + } else if (group->pk == GNUTLS_PK_ECDH_X25519 || + group->pk == GNUTLS_PK_ECDH_X448) { ret = _gnutls_buffer_append_data_prefix(extdata, 16, session->key.kshare.ecdhx_params.raw_pub.data, @@ -300,7 +304,8 @@ server_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou ret = 0; - } else if (group->pk == GNUTLS_PK_ECDH_X25519) { + } else if (group->pk == GNUTLS_PK_ECDH_X25519 || + group->pk == GNUTLS_PK_ECDH_X448) { gnutls_pk_params_st pub; gnutls_pk_params_release(&session->key.kshare.ecdhx_params); @@ -438,7 +443,8 @@ client_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou ret = 0; - } else if (group->pk == GNUTLS_PK_ECDH_X25519) { + } else if (group->pk == GNUTLS_PK_ECDH_X25519 || + group->pk == GNUTLS_PK_ECDH_X448) { gnutls_pk_params_st pub; curve = _gnutls_ecc_curve_get_params(group->curve); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index f7cf830ca1..b48805190a 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1383,6 +1383,7 @@ typedef struct { #define HSK_RECORD_SIZE_LIMIT_SENT (1<<25) /* record_size_limit extension was sent */ #define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */ #define HSK_OCSP_REQUESTED (1<<27) /* server: client requested OCSP stapling */ +#define HSK_CLIENT_OCSP_REQUESTED (1<<28) /* client: server requested OCSP stapling */ /* The hsk_flags are for use within the ongoing handshake; * they are reset to zero prior to handshake start by gnutls_handshake. */ diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 1d0f924c26..d05ef8e5a9 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -294,6 +294,8 @@ typedef enum { * @GNUTLS_MAC_SHA3_384: Reserved; unimplemented. * @GNUTLS_MAC_SHA3_512: Reserved; unimplemented. * @GNUTLS_MAC_GOST28147_TC26Z_IMIT: The GOST 28147-89 working in IMIT mode with TC26 Z S-box. + * @GNUTLS_MAC_SHAKE_128: Reserved; unimplemented. + * @GNUTLS_MAC_SHAKE_256: Reserved; unimplemented. * * Enumeration of different Message Authentication Code (MAC) * algorithms. @@ -328,6 +330,8 @@ typedef enum { GNUTLS_MAC_AES_GMAC_192 = 206, GNUTLS_MAC_AES_GMAC_256 = 207, GNUTLS_MAC_GOST28147_TC26Z_IMIT = 208, + GNUTLS_MAC_SHAKE_128 = 209, + GNUTLS_MAC_SHAKE_256 = 210 } gnutls_mac_algorithm_t; /** @@ -350,6 +354,8 @@ typedef enum { * @GNUTLS_DIG_GOSTR_94: GOST R 34.11-94 algorithm. * @GNUTLS_DIG_STREEBOG_256: GOST R 34.11-2001 (Streebog) algorithm, 256 bit. * @GNUTLS_DIG_STREEBOG_512: GOST R 34.11-2001 (Streebog) algorithm, 512 bit. + * @GNUTLS_DIG_SHAKE_128: Reserved; unimplemented. + * @GNUTLS_DIG_SHAKE_256: Reserved; unimplemented. * * Enumeration of different digest (hash) algorithms. */ @@ -371,7 +377,9 @@ typedef enum { GNUTLS_DIG_MD5_SHA1 = GNUTLS_MAC_MD5_SHA1, GNUTLS_DIG_GOSTR_94 = GNUTLS_MAC_GOSTR_94, GNUTLS_DIG_STREEBOG_256 = GNUTLS_MAC_STREEBOG_256, - GNUTLS_DIG_STREEBOG_512 = GNUTLS_MAC_STREEBOG_512 + GNUTLS_DIG_STREEBOG_512 = GNUTLS_MAC_STREEBOG_512, + GNUTLS_DIG_SHAKE_128 = GNUTLS_MAC_SHAKE_128, + GNUTLS_DIG_SHAKE_256 = GNUTLS_MAC_SHAKE_256 /* If you add anything here, make sure you align with gnutls_mac_algorithm_t. */ } gnutls_digest_algorithm_t; @@ -833,6 +841,8 @@ typedef enum gnutls_certificate_print_formats { * @GNUTLS_PK_GOST_01: GOST R 34.10-2001 algorithm per rfc5832. * @GNUTLS_PK_GOST_12_256: GOST R 34.10-2012 algorithm, 256-bit key per rfc7091. * @GNUTLS_PK_GOST_12_512: GOST R 34.10-2012 algorithm, 512-bit key per rfc7091. + * @GNUTLS_PK_ECDH_X448: Elliptic curve algorithm, restricted to ECDH as per rfc7748. + * @GNUTLS_PK_EDDSA_ED448: Edwards curve Digital signature algorithm. Used with SHAKE256 on signatures. * * Enumeration of different public-key algorithms. */ @@ -848,7 +858,9 @@ typedef enum { GNUTLS_PK_GOST_01 = 8, GNUTLS_PK_GOST_12_256 = 9, GNUTLS_PK_GOST_12_512 = 10, - GNUTLS_PK_MAX = GNUTLS_PK_GOST_12_512 + GNUTLS_PK_ECDH_X448 = 11, + GNUTLS_PK_EDDSA_ED448 = 12, + GNUTLS_PK_MAX = GNUTLS_PK_EDDSA_ED448 } gnutls_pk_algorithm_t; @@ -912,6 +924,7 @@ const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm); * @GNUTLS_SIGN_GOST_94: Digital signature algorithm GOST R 34.10-2001 with GOST R 34.11-94 * @GNUTLS_SIGN_GOST_256: Digital signature algorithm GOST R 34.10-2012 with GOST R 34.11-2012 256 bit * @GNUTLS_SIGN_GOST_512: Digital signature algorithm GOST R 34.10-2012 with GOST R 34.11-2012 512 bit + * @GNUTLS_SIGN_EDDSA_ED448: Digital signature algorithm EdDSA with Ed448 curve. * * Enumeration of different digital signature algorithms. */ @@ -968,7 +981,8 @@ typedef enum { GNUTLS_SIGN_GOST_94 = 43, GNUTLS_SIGN_GOST_256 = 44, GNUTLS_SIGN_GOST_512 = 45, - GNUTLS_SIGN_MAX = GNUTLS_SIGN_GOST_512 + GNUTLS_SIGN_EDDSA_ED448 = 46, + GNUTLS_SIGN_MAX = GNUTLS_SIGN_EDDSA_ED448 } gnutls_sign_algorithm_t; /** @@ -993,6 +1007,8 @@ typedef enum { * @GNUTLS_ECC_CURVE_GOST256B: GOST R 34.10 TC26 256 B curve * @GNUTLS_ECC_CURVE_GOST256C: GOST R 34.10 TC26 256 C curve * @GNUTLS_ECC_CURVE_GOST256D: GOST R 34.10 TC26 256 D curve + * @GNUTLS_ECC_CURVE_X448: the X448 curve (ECDH only) + * @GNUTLS_ECC_CURVE_ED448: the Ed448 curve * * Enumeration of ECC curves. */ @@ -1017,7 +1033,9 @@ typedef enum { GNUTLS_ECC_CURVE_GOST256B, GNUTLS_ECC_CURVE_GOST256C, GNUTLS_ECC_CURVE_GOST256D, - GNUTLS_ECC_CURVE_MAX = GNUTLS_ECC_CURVE_GOST256D + GNUTLS_ECC_CURVE_X448, + GNUTLS_ECC_CURVE_ED448, + GNUTLS_ECC_CURVE_MAX = GNUTLS_ECC_CURVE_ED448 } gnutls_ecc_curve_t; /** @@ -1041,6 +1059,7 @@ typedef enum { * @GNUTLS_GROUP_FFDHE4096: the FFDHE4096 group * @GNUTLS_GROUP_FFDHE6144: the FFDHE6144 group * @GNUTLS_GROUP_FFDHE8192: the FFDHE8192 group + * @GNUTLS_GROUP_X448: the X448 curve group * * Enumeration of supported groups. It is intended to be backwards * compatible with the enumerations in %gnutls_ecc_curve_t for the groups @@ -1054,6 +1073,7 @@ typedef enum { GNUTLS_GROUP_SECP384R1 = GNUTLS_ECC_CURVE_SECP384R1, GNUTLS_GROUP_SECP521R1 = GNUTLS_ECC_CURVE_SECP521R1, GNUTLS_GROUP_X25519 = GNUTLS_ECC_CURVE_X25519, + GNUTLS_GROUP_X448 = GNUTLS_ECC_CURVE_X448, GNUTLS_GROUP_GC256A = GNUTLS_ECC_CURVE_GOST256A, GNUTLS_GROUP_GC256B = GNUTLS_ECC_CURVE_GOST256B, @@ -1570,6 +1590,7 @@ unsigned gnutls_session_etm_status(gnutls_session_t session); * @GNUTLS_SFLAGS_EARLY_START: The TLS1.3 server session returned early. * @GNUTLS_SFLAGS_EARLY_DATA: The TLS1.3 early data has been received by the server. * @GNUTLS_SFLAGS_CLI_REQUESTED_OCSP: Set when the client has requested OCSP staple during handshake. + * @GNUTLS_SFLAGS_SERV_REQUESTED_OCSP: Set when the server has requested OCSP staple during handshake. * * Enumeration of different session parameters. */ @@ -1585,7 +1606,8 @@ typedef enum { GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH = 1<<8, GNUTLS_SFLAGS_EARLY_START = 1<<9, GNUTLS_SFLAGS_EARLY_DATA = 1<<10, - GNUTLS_SFLAGS_CLI_REQUESTED_OCSP = 1<<11 + GNUTLS_SFLAGS_CLI_REQUESTED_OCSP = 1<<11, + GNUTLS_SFLAGS_SERV_REQUESTED_OCSP = 1<<12 } gnutls_session_flags_t; unsigned gnutls_session_get_flags(gnutls_session_t session); diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am index c1ac2b2125..8c1a2d17ee 100644 --- a/lib/nettle/Makefile.am +++ b/lib/nettle/Makefile.am @@ -97,3 +97,53 @@ libcrypto_la_SOURCES += \ libcrypto_la_SOURCES += gost_keywrap.c endif + +if NEED_CURVE448 +curve448_generated_headers = \ + curve448/ecc-curve448-32.h curve448/ecc-curve448-64.h + +BUILT_SOURCES = $(curve448_generated_headers) +EXTRA_DIST = $(curve448_generated_headers) curve448/eccdata.stamp + +noinst_PROGRAMS = curve448/eccdata$(EXEEXT) + +curve448_eccdata_SOURCES = curve448/eccdata.c +curve448_eccdata_CFLAGS = $(GMP_CFLAGS) +curve448_eccdata_LDADD = $(GMP_LIBS) ../../gl/libgnu.la + +curve448/eccdata.stamp: $(curve448_eccdata_SOURCES) + $(AM_V_GEN)$(MAKE) $(AM_MAKEFLAGS) curve448/eccdata$(EXEEXT) && touch $@ + +curve448/ecc-curve448-32.h: curve448/eccdata.stamp + $(AM_V_GEN)curve448/eccdata$(EXEEXT) curve448 38 6 32 > $@T && mv $@T $@ + +curve448/ecc-curve448-64.h: curve448/eccdata.stamp + $(AM_V_GEN)curve448/eccdata$(EXEEXT) curve448 38 6 64 > $@T && mv $@T $@ + +libcrypto_la_SOURCES += \ + curve448/nettle-write.h curve448/gmp-glue.h curve448/gmp-glue.c + +libcrypto_la_SOURCES += \ + curve448/sha3.c curve448/sha3.h curve448/sha3-256.c \ + curve448/sha3-permute.c curve448/sha3-internal.h \ + curve448/shake256.c + +libcrypto_la_SOURCES += \ + curve448/ecc-internal.h \ + curve448/ecc-add-eh.c curve448/ecc-add-ehh.c curve448/ecc-dup-eh.c \ + curve448/ecc-eh-to-a.c curve448/ecc-mul-a-eh.c curve448/ecc-mul-g-eh.c \ + curve448/ecc-mul-m.c curve448/ecc-mod.c curve448/ecc-mod-arith.c \ + curve448/ecc-mod-inv.c \ + curve448/ecc-a-to-j.c \ + curve448/sec-tabselect.c curve448/cnd-copy.c curve448/sec-add-1.c \ + curve448/ecc-curve448.c $(curve448_genereated_headers) \ + curve448/curve448-eh-to-x.c curve448/curve448.h curve448/curve448-mul.c \ + curve448/curve448-mul-g.c + +libcrypto_la_SOURCES += \ + curve448/eddsa.h curve448/eddsa-compress.c curve448/eddsa-decompress.c \ + curve448/eddsa-expand.c curve448/eddsa-hash.c curve448/eddsa-internal.h \ + curve448/eddsa-pubkey.c curve448/eddsa-sign.c curve448/eddsa-verify.c \ + curve448/ed448-shake256.c curve448/ed448-shake256-pubkey.c \ + curve448/ed448-shake256-sign.c curve448/ed448-shake256-verify.c +endif diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 823c9b9809..4be8dc7eda 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -48,6 +48,12 @@ #include <nettle/ecdsa.h> #include <nettle/ecc-curve.h> #include <nettle/curve25519.h> +#if HAVE_CURVE448 +#include <nettle/curve448.h> +#else +#include "curve448/curve448.h" +#include "curve448/eddsa.h" +#endif #include <nettle/eddsa.h> #include <nettle/version.h> #if ENABLE_GOST @@ -235,6 +241,22 @@ ecc_shared_secret(struct ecc_scalar *private_key, */ #define DH_EXPONENT_SIZE(p_size) (2*_gnutls_pk_bits_to_subgroup_bits(p_size)) +static inline int +edwards_curve_mul(gnutls_pk_algorithm_t algo, + uint8_t *q, const uint8_t *n, const uint8_t *p) +{ + switch (algo) { + case GNUTLS_PK_ECDH_X25519: + curve25519_mul(q, n, p); + return 0; + case GNUTLS_PK_ECDH_X448: + curve448_mul(q, n, p); + return 0; + default: + return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); + } +} + /* This is used for DH or ECDH key derivation. In DH for example * it is given the peers Y and our x, and calculates Y^x */ @@ -388,6 +410,7 @@ dh_cleanup: break; } case GNUTLS_PK_ECDH_X25519: + case GNUTLS_PK_ECDH_X448: { unsigned size = gnutls_ecc_curve_get_size(priv->curve); @@ -407,7 +430,9 @@ dh_cleanup: out->size = size; - curve25519_mul(out->data, priv->raw_priv.data, pub->raw_pub.data); + ret = edwards_curve_mul(algo, out->data, priv->raw_priv.data, pub->raw_pub.data); + if (ret < 0) + goto cleanup; if (_gnutls_mem_is_zero(out->data, out->size)) { gnutls_free(out->data); @@ -739,11 +764,43 @@ _rsa_pss_sign_digest_tr(gnutls_digest_algorithm_t dig, return ret; } +static inline gnutls_ecc_curve_t +get_eddsa_curve(gnutls_pk_algorithm_t algo) +{ + switch (algo) { + case GNUTLS_PK_EDDSA_ED25519: + return GNUTLS_ECC_CURVE_ED25519; + case GNUTLS_PK_EDDSA_ED448: + return GNUTLS_ECC_CURVE_ED448; + default: + return gnutls_assert_val(GNUTLS_ECC_CURVE_INVALID); + } +} + +static inline int +eddsa_sign(gnutls_pk_algorithm_t algo, + const uint8_t *pub, + const uint8_t *priv, + size_t length, const uint8_t *msg, + uint8_t *signature) +{ + switch (algo) { + case GNUTLS_PK_EDDSA_ED25519: + ed25519_sha512_sign(pub, priv, length, msg, signature); + return 0; + case GNUTLS_PK_EDDSA_ED448: + ed448_shake256_sign(pub, priv, length, msg, signature); + return 0; + default: + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); + } +} + /* This is the lower-level part of privkey_sign_raw_data(). * * It accepts data in the appropriate hash form, i.e., DigestInfo * for PK_RSA, hash for PK_ECDSA, PK_DSA, PK_RSA_PSS, and raw data - * for Ed25519. + * for Ed25519 and Ed448. * * in case of EC/DSA, signed data are encoded into r,s values */ @@ -774,10 +831,11 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, switch (algo) { case GNUTLS_PK_EDDSA_ED25519: /* we do EdDSA */ + case GNUTLS_PK_EDDSA_ED448: { const gnutls_ecc_curve_entry_st *e; - if (pk_params->curve != GNUTLS_ECC_CURVE_ED25519) + if (unlikely(get_eddsa_curve(algo) != pk_params->curve)) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); e = _gnutls_ecc_curve_get_params(pk_params->curve); @@ -792,12 +850,18 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, signature->size = e->sig_size; - if (pk_params->raw_pub.size != e->size || pk_params->raw_priv.size != e->size) - return gnutls_assert_val(GNUTLS_E_PK_SIGN_FAILED); + if (pk_params->raw_pub.size != e->size || pk_params->raw_priv.size != e->size) { + ret = gnutls_assert_val(GNUTLS_E_PK_SIGN_FAILED); + goto cleanup; + } - ed25519_sha512_sign(pk_params->raw_pub.data, - pk_params->raw_priv.data, - vdata->size, vdata->data, signature->data); + ret = eddsa_sign(algo, + pk_params->raw_pub.data, + pk_params->raw_priv.data, + vdata->size, vdata->data, + signature->data); + if (ret < 0) + goto cleanup; break; } @@ -1130,6 +1194,30 @@ _rsa_pss_verify_digest(gnutls_digest_algorithm_t dig, return verify_func(pub, salt_size, digest, s); } +static inline int +eddsa_verify(gnutls_pk_algorithm_t algo, + const uint8_t *pub, + size_t length, const uint8_t *msg, + const uint8_t *signature) +{ + int ret; + + switch (algo) { + case GNUTLS_PK_EDDSA_ED25519: + ret = ed25519_sha512_verify(pub, length, msg, signature); + if (ret == 0) + return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED); + return 0; + case GNUTLS_PK_EDDSA_ED448: + ret = ed448_shake256_verify(pub, length, msg, signature); + if (ret == 0) + return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED); + return 0; + default: + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); + } +} + static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, const gnutls_datum_t * vdata, @@ -1149,10 +1237,11 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, switch (algo) { case GNUTLS_PK_EDDSA_ED25519: /* we do EdDSA */ + case GNUTLS_PK_EDDSA_ED448: { const gnutls_ecc_curve_entry_st *e; - if (pk_params->curve != GNUTLS_ECC_CURVE_ED25519) + if (unlikely(get_eddsa_curve(algo) != pk_params->curve)) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); e = _gnutls_ecc_curve_get_params(pk_params->curve); @@ -1165,13 +1254,10 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, if (pk_params->raw_pub.size != e->size) return gnutls_assert_val(GNUTLS_E_PK_SIGN_FAILED); - ret = ed25519_sha512_verify(pk_params->raw_pub.data, vdata->size, vdata->data, signature->data); - if (ret == 0) { - gnutls_assert(); - ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; - } else { - ret = 0; - } + ret = eddsa_verify(algo, + pk_params->raw_pub.data, + vdata->size, vdata->data, + signature->data); break; } #if ENABLE_GOST @@ -1431,6 +1517,8 @@ static int _wrap_nettle_pk_curve_exists(gnutls_ecc_curve_t curve) switch (curve) { case GNUTLS_ECC_CURVE_ED25519: case GNUTLS_ECC_CURVE_X25519: + case GNUTLS_ECC_CURVE_ED448: + case GNUTLS_ECC_CURVE_X448: return 1; default: return ((get_supported_nist_curve(curve)!=NULL || @@ -1556,6 +1644,7 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo, case GNUTLS_PK_RSA: case GNUTLS_PK_ECDSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: #if ENABLE_GOST case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: @@ -1914,6 +2003,7 @@ gnutls_x509_spki_st spki; FALLTHROUGH; case GNUTLS_PK_EC: /* we only do keys for ECDSA */ case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: case GNUTLS_PK_DSA: case GNUTLS_PK_RSA_PSS: case GNUTLS_PK_GOST_01: @@ -1934,6 +2024,7 @@ gnutls_x509_spki_st spki; break; case GNUTLS_PK_DH: case GNUTLS_PK_ECDH_X25519: + case GNUTLS_PK_ECDH_X448: ret = 0; goto cleanup; default: @@ -1953,6 +2044,38 @@ cleanup: } #endif +static inline int +eddsa_public_key(gnutls_pk_algorithm_t algo, + uint8_t *pub, const uint8_t *priv) +{ + switch (algo) { + case GNUTLS_PK_EDDSA_ED25519: + ed25519_sha512_public_key(pub, priv); + return 0; + case GNUTLS_PK_EDDSA_ED448: + ed448_shake256_public_key(pub, priv); + return 0; + default: + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); + } +} + +static inline int +edwards_curve_mul_g(gnutls_pk_algorithm_t algo, + uint8_t *q, const uint8_t *n) +{ + switch (algo) { + case GNUTLS_PK_ECDH_X25519: + curve25519_mul_g(q, n); + return 0; + case GNUTLS_PK_ECDH_X448: + curve448_mul_g(q, n); + return 0; + default: + return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); + } +} + /* To generate a DH key either q must be set in the params or * level should be set to the number of required bits. */ @@ -2190,13 +2313,14 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, break; } case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: { unsigned size = gnutls_ecc_curve_get_size(level); if (params->pkflags & GNUTLS_PK_FLAG_PROVABLE) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if (level != GNUTLS_ECC_CURVE_ED25519) + if (unlikely(get_eddsa_curve(algo) != level)) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); if (size == 0) @@ -2222,7 +2346,11 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, params->raw_pub.size = size; params->raw_priv.size = size; - ed25519_sha512_public_key(params->raw_pub.data, params->raw_priv.data); + ret = eddsa_public_key(algo, + params->raw_pub.data, + params->raw_priv.data); + if (ret < 0) + goto fail; break; } @@ -2335,6 +2463,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, } #endif case GNUTLS_PK_ECDH_X25519: + case GNUTLS_PK_ECDH_X448: { unsigned size = gnutls_ecc_curve_get_size(level); @@ -2361,7 +2490,9 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, params->raw_pub.size = size; params->raw_priv.size = size; - curve25519_mul_g(params->raw_pub.data, params->raw_priv.data); + ret = edwards_curve_mul_g(algo, params->raw_pub.data, params->raw_priv.data); + if (ret < 0) + goto fail; break; } default: @@ -2595,18 +2726,29 @@ wrap_nettle_pk_verify_priv_params(gnutls_pk_algorithm_t algo, mpz_clear(y2); } break; - case GNUTLS_PK_EDDSA_ED25519: { - uint8_t pub[32]; + case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: { + gnutls_ecc_curve_t curve; + const gnutls_ecc_curve_entry_st *e; + uint8_t pub[57]; /* can accommodate both curves */ + + curve = get_eddsa_curve(algo); + e = _gnutls_ecc_curve_get_params(curve); + if (e == NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (params->raw_pub.data == NULL) { return 0; /* nothing to verify */ } - if (params->raw_pub.size != 32) + if (params->raw_pub.size != e->size) return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); - ed25519_sha512_public_key(pub, params->raw_priv.data); - if (memcmp(params->raw_pub.data, pub, 32) != 0) + ret = eddsa_public_key(algo, pub, params->raw_priv.data); + if (ret < 0) + return ret; + + if (memcmp(params->raw_pub.data, pub, e->size) != 0) return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); ret = 0; @@ -2707,6 +2849,7 @@ wrap_nettle_pk_verify_pub_params(gnutls_pk_algorithm_t algo, case GNUTLS_PK_RSA_PSS: case GNUTLS_PK_DSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: return 0; case GNUTLS_PK_ECDSA: { @@ -2892,8 +3035,9 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, if (ret == 0) { return gnutls_assert_val(GNUTLS_E_PK_INVALID_PRIVKEY); } - } else if (algo == GNUTLS_PK_EDDSA_ED25519) { - if (params->curve != GNUTLS_ECC_CURVE_ED25519) + } else if (algo == GNUTLS_PK_EDDSA_ED25519 || + algo == GNUTLS_PK_EDDSA_ED448) { + if (unlikely(get_eddsa_curve(algo) != params->curve)) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); if (params->raw_priv.data == NULL) @@ -2906,7 +3050,14 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, if (params->raw_pub.data == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - ed25519_sha512_public_key(params->raw_pub.data, params->raw_priv.data); + ret = eddsa_public_key(algo, + params->raw_pub.data, + params->raw_priv.data); + if (ret < 0) { + gnutls_free(params->raw_pub.data); + return ret; + } + params->raw_pub.size = params->raw_priv.size; } else if (algo == GNUTLS_PK_RSA_PSS) { if (params->params_nr < RSA_PRIVATE_PARAMS - 3) @@ -1215,6 +1215,7 @@ pk_prepare_hash(gnutls_pk_algorithm_t pk, case GNUTLS_PK_DSA: case GNUTLS_PK_ECDSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: diff --git a/lib/priority.c b/lib/priority.c index bcabee9018..ad99459adb 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -132,7 +132,8 @@ static const int _supported_groups_ecdh[] = { GNUTLS_GROUP_SECP256R1, GNUTLS_GROUP_SECP384R1, GNUTLS_GROUP_SECP521R1, - GNUTLS_GROUP_X25519, /* draft-ietf-tls-rfc4492bis */ + GNUTLS_GROUP_X25519, /* RFC 8422 */ + GNUTLS_GROUP_X448, /* RFC 8422 */ 0 }; @@ -153,7 +154,8 @@ static const int _supported_groups_normal[] = { GNUTLS_GROUP_SECP256R1, GNUTLS_GROUP_SECP384R1, GNUTLS_GROUP_SECP521R1, - GNUTLS_GROUP_X25519, /* draft-ietf-tls-rfc4492bis */ + GNUTLS_GROUP_X25519, /* RFC 8422 */ + GNUTLS_GROUP_X448, /* RFC 8422 */ /* These should stay last as our default behavior * is to send key shares for two top types (GNUTLS_KEY_SHARE_TOP2) @@ -172,7 +174,8 @@ static const int _supported_groups_secure128[] = { GNUTLS_GROUP_SECP256R1, GNUTLS_GROUP_SECP384R1, GNUTLS_GROUP_SECP521R1, - GNUTLS_GROUP_X25519, /* draft-ietf-tls-rfc4492bis */ + GNUTLS_GROUP_X25519, /* RFC 8422 */ + GNUTLS_GROUP_X448, /* RFC 8422 */ GNUTLS_GROUP_FFDHE2048, GNUTLS_GROUP_FFDHE3072, GNUTLS_GROUP_FFDHE4096, @@ -419,6 +422,8 @@ static const int _sign_priority_default[] = { GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, + GNUTLS_SIGN_EDDSA_ED448, + GNUTLS_SIGN_RSA_SHA512, GNUTLS_SIGN_RSA_PSS_SHA512, GNUTLS_SIGN_RSA_PSS_RSAE_SHA512, @@ -455,6 +460,7 @@ static const int _sign_priority_secure128[] = { GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, + GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_RSA_SHA384, @@ -463,6 +469,8 @@ static const int _sign_priority_secure128[] = { GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, + GNUTLS_SIGN_EDDSA_ED448, + GNUTLS_SIGN_RSA_SHA512, GNUTLS_SIGN_RSA_PSS_SHA512, GNUTLS_SIGN_RSA_PSS_RSAE_SHA512, diff --git a/lib/privkey.c b/lib/privkey.c index 425cc3e7c6..4114e2ca18 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -205,6 +205,7 @@ privkey_to_pubkey(gnutls_pk_algorithm_t pk, break; case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: ret = _gnutls_set_datum(&pub->raw_pub, priv->raw_pub.data, priv->raw_pub.size); if (ret < 0) return gnutls_assert_val(ret); diff --git a/lib/pubkey.c b/lib/pubkey.c index 3b4d7f9003..eb7fdbaa82 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -61,6 +61,7 @@ unsigned pubkey_to_bits(const gnutls_pk_params_st * params) return _gnutls_mpi_get_nbits(params->params[DSA_P]); case GNUTLS_PK_ECDSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: @@ -316,6 +317,12 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, ret = 0; break; + case GNUTLS_PK_EDDSA_ED448: + if (hash) + *hash = GNUTLS_DIG_SHAKE_256; + + ret = 0; + break; case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: @@ -891,7 +898,8 @@ gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key, if (curve) *curve = key->params.curve; - if (key->params.algo == GNUTLS_PK_EDDSA_ED25519) { + if (key->params.algo == GNUTLS_PK_EDDSA_ED25519 || + key->params.algo == GNUTLS_PK_EDDSA_ED448) { if (x) { ret = _gnutls_set_datum(x, key->params.raw_pub.data, key->params.raw_pub.size); if (ret < 0) @@ -1429,7 +1437,16 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, goto cleanup; } - key->params.algo = GNUTLS_PK_EDDSA_ED25519; + switch (curve) { + case GNUTLS_ECC_CURVE_ED25519: + key->params.algo = GNUTLS_PK_EDDSA_ED25519; + break; + case GNUTLS_ECC_CURVE_ED448: + key->params.algo = GNUTLS_PK_EDDSA_ED448; + break; + default: + break; + } key->params.curve = curve; key->bits = pubkey_to_bits(&key->params); @@ -2232,6 +2249,7 @@ pubkey_verify_data(const gnutls_sign_entry_st *se, break; case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: if (_gnutls_pk_verify(se->pk, data, signature, params, sign_params) != 0) { gnutls_assert(); return GNUTLS_E_PK_SIG_VERIFY_FAILED; diff --git a/lib/state.c b/lib/state.c index 5e3a7f95aa..dff7312a87 100644 --- a/lib/state.c +++ b/lib/state.c @@ -1576,6 +1576,8 @@ unsigned gnutls_session_get_flags(gnutls_session_t session) flags |= GNUTLS_SFLAGS_EARLY_DATA; if (session->internals.hsk_flags & HSK_OCSP_REQUESTED) flags |= GNUTLS_SFLAGS_CLI_REQUESTED_OCSP; + if (session->internals.hsk_flags & HSK_CLIENT_OCSP_REQUESTED) + flags |= GNUTLS_SFLAGS_SERV_REQUESTED_OCSP; return flags; } diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c index 82a45af336..7483251a53 100644 --- a/lib/tls13/certificate.c +++ b/lib/tls13/certificate.c @@ -273,7 +273,8 @@ int _gnutls13_send_certificate(gnutls_session_t session, unsigned again) #ifdef ENABLE_OCSP if ((session->internals.selected_ocsp_length > 0 || session->internals.selected_ocsp_func) && - (session->internals.hsk_flags & HSK_OCSP_REQUESTED)) { + (((session->internals.hsk_flags & HSK_OCSP_REQUESTED) && IS_SERVER(session)) || + ((session->internals.hsk_flags & HSK_CLIENT_OCSP_REQUESTED) && !IS_SERVER(session)))) { /* append status response if available */ ret = _gnutls_extv_append_init(&buf); if (ret < 0) { diff --git a/lib/tls13/certificate_request.c b/lib/tls13/certificate_request.c index 58fdbbc187..37e7b41049 100644 --- a/lib/tls13/certificate_request.c +++ b/lib/tls13/certificate_request.c @@ -26,6 +26,7 @@ #include "handshake.h" #include "tls13/certificate_request.h" #include "ext/signature.h" +#include "ext/status_request.h" #include "mbuffers.h" #include "algorithms.h" #include "auth/cert.h" @@ -108,6 +109,14 @@ int parse_cert_extension(void *_ctx, unsigned tls_id, const uint8_t *data, unsig ctx->pk_algos[ctx->pk_algos_length++] = se->pk; } +#ifdef ENABLE_OCSP + } else if (tls_id == ext_mod_status_request.tls_id) { + if (data_size != 0) + return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR); + + /* we are now allowed to send OCSP staples */ + session->internals.hsk_flags |= HSK_CLIENT_OCSP_REQUESTED; +#endif } else if (tls_id == EXTID_CERTIFICATE_AUTHORITIES) { if (data_size < 3) { return gnutls_assert_val(GNUTLS_E_TLS_PACKET_DECODING_ERROR); @@ -257,6 +266,11 @@ int write_certificate_authorities(void *ctx, gnutls_buffer_st *buf) size); } +static int append_empty_ext(void *ctx, gnutls_buffer_st *buf) +{ + return GNUTLS_E_INT_RET_0; +} + int _gnutls13_send_certificate_request(gnutls_session_t session, unsigned again) { gnutls_certificate_credentials_t cred; @@ -332,6 +346,17 @@ int _gnutls13_send_certificate_request(gnutls_session_t session, unsigned again) goto cleanup; } +#ifdef ENABLE_OCSP + /* We always advertise our support for OCSP stapling */ + ret = _gnutls_extv_append(&buf, ext_mod_status_request.tls_id, session, + append_empty_ext); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + session->internals.hsk_flags |= HSK_CLIENT_OCSP_REQUESTED; +#endif + ret = _gnutls_extv_append_final(&buf, init_pos, 0); if (ret < 0) { gnutls_assert(); diff --git a/lib/x509/common.c b/lib/x509/common.c index 04a984253e..4939d07d2b 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -136,6 +136,8 @@ static const struct oid_to_string _oid2str[] = { ENTRY("1.2.643.100.1", "OGRN", NULL, ASN1_ETYPE_NUMERIC_STRING), /* Individual insurance account number */ ENTRY("1.2.643.100.3", "SNILS", NULL, ASN1_ETYPE_NUMERIC_STRING), + /* Main state registration number for individual enterpreneurs */ + ENTRY("1.2.643.100.5", "OGRNIP", NULL, ASN1_ETYPE_NUMERIC_STRING), /* VAT identification number */ ENTRY("1.2.643.3.131.1.1", "INN", NULL, ASN1_ETYPE_NUMERIC_STRING), diff --git a/lib/x509/common.h b/lib/x509/common.h index d36c263a58..498ccc4e97 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -98,6 +98,7 @@ #define SIG_RSA_SHA3_512_OID "2.16.840.1.101.3.4.3.16" #define SIG_EDDSA_SHA512_OID "1.3.101.112" +#define SIG_ED448_OID "1.3.101.113" #define XMPP_OID "1.3.6.1.5.5.7.8.5" #define KRB5_PRINCIPAL_OID "1.3.6.1.5.2.2" diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index e42f5e0962..c79f6eee37 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -565,6 +565,9 @@ int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t * der, case GNUTLS_PK_EDDSA_ED25519: ret = _gnutls_x509_read_eddsa_pubkey(GNUTLS_ECC_CURVE_ED25519, der, dersize, params); break; + case GNUTLS_PK_EDDSA_ED448: + ret = _gnutls_x509_read_eddsa_pubkey(GNUTLS_ECC_CURVE_ED448, der, dersize, params); + break; case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: @@ -590,6 +593,7 @@ int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t algo, switch (algo) { case GNUTLS_PK_RSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: return 0; case GNUTLS_PK_RSA_PSS: return _gnutls_x509_read_rsa_pss_params(der, dersize, ¶ms->spki); @@ -634,6 +638,7 @@ int _gnutls_x509_check_pubkey_params(gnutls_pk_params_st * params) case GNUTLS_PK_DSA: case GNUTLS_PK_ECDSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index c2bc89aad1..18668c8ad2 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -150,7 +150,8 @@ _gnutls_x509_write_eddsa_pubkey(const gnutls_pk_params_st * params, if (params->raw_pub.size == 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if (params->curve != GNUTLS_ECC_CURVE_ED25519) + if (params->curve != GNUTLS_ECC_CURVE_ED25519 && + params->curve != GNUTLS_ECC_CURVE_ED448) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); ret = _gnutls_set_datum(raw, params->raw_pub.data, params->raw_pub.size); @@ -252,6 +253,7 @@ _gnutls_x509_write_pubkey_params(const gnutls_pk_params_st * params, case GNUTLS_PK_ECDSA: return _gnutls_x509_write_ecc_params(params->curve, der); case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: der->data = NULL; der->size = 0; @@ -278,6 +280,7 @@ _gnutls_x509_write_pubkey(const gnutls_pk_params_st * params, case GNUTLS_PK_ECDSA: return _gnutls_x509_write_ecc_pubkey(params, der); case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: return _gnutls_x509_write_eddsa_pubkey(params, der); case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: @@ -1035,6 +1038,7 @@ int _gnutls_asn1_encode_privkey(ASN1_TYPE * c2, return _gnutls_asn1_encode_dsa(c2, params); case GNUTLS_PK_ECDSA: case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: return _gnutls_asn1_encode_ecc(c2, params); case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index 1be3da484e..a0bdfab9f7 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -134,7 +134,9 @@ _gnutls_get_asn_mpis(ASN1_TYPE asn, const char *root, _asnstr_append_name(name, sizeof(name), root, ".algorithm.parameters"); - if (pk_algorithm != GNUTLS_PK_RSA && pk_algorithm != GNUTLS_PK_EDDSA_ED25519 && pk_algorithm != GNUTLS_PK_ECDH_X25519) { + if (pk_algorithm != GNUTLS_PK_RSA && + pk_algorithm != GNUTLS_PK_EDDSA_ED25519 && pk_algorithm != GNUTLS_PK_ECDH_X25519 && + pk_algorithm != GNUTLS_PK_EDDSA_ED448 && pk_algorithm != GNUTLS_PK_ECDH_X448) { /* RSA and EdDSA do not use parameters */ result = _gnutls_x509_read_value(asn, name, &tmp); if (pk_algorithm == GNUTLS_PK_RSA_PSS && diff --git a/lib/x509/output.c b/lib/x509/output.c index da45917753..2aa78b478b 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -1406,6 +1406,7 @@ print_pubkey(gnutls_buffer_st * str, const char *key_name, break; case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: case GNUTLS_PK_ECDSA: { gnutls_datum_t x, y; diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 200d1de908..8c3310d066 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -970,7 +970,7 @@ int gnutls_pkcs12_generate_mac2(gnutls_pkcs12_t pkcs12, gnutls_mac_algorithm_t m sizeof(salt), iter, pass, - mac_size, + key_len, key); } else #endif diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index a9579914f8..b26295e51b 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1116,7 +1116,17 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, if (curve_is_eddsa(curve)) { unsigned size; - key->params.algo = GNUTLS_PK_EDDSA_ED25519; + switch (curve) { + case GNUTLS_ECC_CURVE_ED25519: + key->params.algo = GNUTLS_PK_EDDSA_ED25519; + break; + case GNUTLS_ECC_CURVE_ED448: + key->params.algo = GNUTLS_PK_EDDSA_ED448; + break; + default: + ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + goto cleanup; + } size = gnutls_ecc_curve_get_size(curve); if (x->size != size || k->size != size) { diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index bcc6dd24ec..f23008fbe5 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -69,6 +69,7 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) switch (pkey->params.algo) { case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: /* we encode as octet string (which is going to be stored inside * another octet string). No comments. */ ret = _gnutls_x509_encode_string(ASN1_ETYPE_OCTET_STRING, @@ -1115,7 +1116,16 @@ _decode_pkcs8_eddsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey, const c return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); } gnutls_free(pkey->params.raw_priv.data); - pkey->params.algo = GNUTLS_PK_EDDSA_ED25519; + switch (curve) { + case GNUTLS_ECC_CURVE_ED25519: + pkey->params.algo = GNUTLS_PK_EDDSA_ED25519; + break; + case GNUTLS_ECC_CURVE_ED448: + pkey->params.algo = GNUTLS_PK_EDDSA_ED448; + break; + default: + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + } pkey->params.raw_priv.data = tmp.data; pkey->params.raw_priv.size = tmp.size; pkey->params.curve = curve; @@ -1449,6 +1459,7 @@ decode_private_key_info(const gnutls_datum_t * der, result = _decode_pkcs8_ecc_key(pkcs8_asn, pkey); break; case GNUTLS_PK_EDDSA_ED25519: + case GNUTLS_PK_EDDSA_ED448: result = _decode_pkcs8_eddsa_key(pkcs8_asn, pkey, oid); break; case GNUTLS_PK_GOST_01: diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index 39a25307a0..050e95059e 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -48,6 +48,8 @@ #define HASH_OID_SHA3_256 "2.16.840.1.101.3.4.2.8" #define HASH_OID_SHA3_384 "2.16.840.1.101.3.4.2.9" #define HASH_OID_SHA3_512 "2.16.840.1.101.3.4.2.10" +#define HASH_OID_SHAKE_128 "2.16.840.1.101.3.4.2.11" +#define HASH_OID_SHAKE_256 "2.16.840.1.101.3.4.2.12" #define HASH_OID_GOST_R_3411_94 "1.2.643.2.2.9" #define HASH_OID_STREEBOG_256 "1.2.643.7.1.1.2.2" #define HASH_OID_STREEBOG_512 "1.2.643.7.1.1.2.3" diff --git a/src/certtool-args.def b/src/certtool-args.def index f10f57bdbb..645dc563cc 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -200,7 +200,7 @@ flag = { arg-type = string; descrip = "Specify the key type to use on key generation"; doc = "This option can be combined with --generate-privkey, to specify -the key type to be generated. Valid options are, 'rsa', 'rsa-pss', 'dsa', 'ecdsa', and 'ed25519'. +the key type to be generated. Valid options are, 'rsa', 'rsa-pss', 'dsa', 'ecdsa', 'ed25519, and 'ed448'.'. When combined with certificate generation it can be used to specify an RSA-PSS certificate when an RSA key is given."; }; diff --git a/src/certtool-common.c b/src/certtool-common.c index 3fafa5977c..c76352c9d8 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -1287,7 +1287,9 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo, gnutls_free(q.data); gnutls_free(g.data); } - } else if (key_type == GNUTLS_PK_ECDSA || key_type == GNUTLS_PK_EDDSA_ED25519) { + } else if (key_type == GNUTLS_PK_ECDSA || + key_type == GNUTLS_PK_EDDSA_ED25519 || + key_type == GNUTLS_PK_EDDSA_ED448) { gnutls_datum_t y, x, k; gnutls_ecc_curve_t curve; @@ -1641,6 +1643,8 @@ gnutls_pk_algorithm_t figure_key_type(const char *key_type) return GNUTLS_PK_RSA_PSS; else if (strcasecmp(key_type, "ed25519") == 0 || strcasecmp(key_type, "eddsa") == 0) return GNUTLS_PK_EDDSA_ED25519; + else if (strcasecmp(key_type, "ed448") == 0) + return GNUTLS_PK_EDDSA_ED448; else if (strcasecmp(key_type, "dsa") == 0) return GNUTLS_PK_DSA; else if (strcasecmp(key_type, "ecdsa") == 0 || strcasecmp(key_type, "ecc") == 0) diff --git a/src/certtool-common.h b/src/certtool-common.h index bfeb66b2da..04c7a3e91a 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -90,7 +90,7 @@ void switch_to_pkcs8_when_needed(common_info_st *cinfo, gnutls_x509_privkey_t ke if (cinfo->pkcs8) return; - if (key_type == GNUTLS_PK_RSA_PSS || key_type == GNUTLS_PK_EDDSA_ED25519 || + if (key_type == GNUTLS_PK_RSA_PSS || key_type == GNUTLS_PK_EDDSA_ED25519 || key_type == GNUTLS_PK_EDDSA_ED448 || key_type == GNUTLS_PK_GOST_01 || key_type == GNUTLS_PK_GOST_12_256 || key_type == GNUTLS_PK_GOST_12_512) { if (cinfo->verbose) diff --git a/src/certtool.c b/src/certtool.c index 35438daafa..b65359c27c 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -168,6 +168,7 @@ generate_private_key_int(common_info_st * cinfo) if (key_type == GNUTLS_PK_ECDSA || key_type == GNUTLS_PK_EDDSA_ED25519 || + key_type == GNUTLS_PK_EDDSA_ED448 || key_type == GNUTLS_PK_GOST_01 || key_type == GNUTLS_PK_GOST_12_256 || key_type == GNUTLS_PK_GOST_12_512) { diff --git a/src/tests.c b/src/tests.c index 9b608119f5..82474b0995 100644 --- a/src/tests.c +++ b/src/tests.c @@ -134,20 +134,31 @@ char prio_str[768] = ""; #define INIT_STR "NONE:" char rest[384] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL" GOST_REST; -#define _gnutls_priority_set_direct(s, str) __gnutls_priority_set_direct(s, str, __LINE__) +#define _gnutls_priority_set_direct(s, str) { \ + int _ret; \ + if ((_ret=__gnutls_priority_set_direct(s, str, __LINE__)) != TEST_SUCCEED) { \ + return _ret; \ + } \ + } -static inline void +static inline int __gnutls_priority_set_direct(gnutls_session_t session, const char *str, int line) { const char *err; int ret = gnutls_priority_set_direct(session, str, &err); if (ret < 0) { + /* this can happen when some cipher is disabled system-wide */ + if (ret == GNUTLS_E_NO_PRIORITIES_WERE_SET) + return TEST_IGNORE; + fprintf(stderr, "Error at %d with string %s\n", line, str); fprintf(stderr, "Error at %s: %s\n", err, gnutls_strerror(ret)); exit(1); } + + return TEST_SUCCEED; } test_code_t test_server(gnutls_session_t session) diff --git a/tests/Makefile.am b/tests/Makefile.am index c3c1780ad1..4e12bc802e 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -216,7 +216,8 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei resume-with-stek-expiration resume-with-previous-stek rawpk-api \ tls-record-size-limit-asym dh-compute ecdh-compute sign-verify-data-newapi \ sign-verify-newapi sign-verify-deterministic iov aead-cipher-vec \ - tls13-without-timeout-func buffer status-request-revoked + tls13-without-timeout-func buffer status-request-revoked \ + set_x509_ocsp_multi_cli if HAVE_SECCOMP_TESTS ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp diff --git a/tests/cert-tests/pkcs12-gost b/tests/cert-tests/pkcs12-gost index ee9318f750..2b5b6bfd79 100755 --- a/tests/cert-tests/pkcs12-gost +++ b/tests/cert-tests/pkcs12-gost @@ -81,6 +81,20 @@ if test ${rc} != 0; then exit 1 fi +${VALGRIND} "${CERTTOOL}" --pkcs-cipher=gost28147-tc26z --hash streebog-512 --to-p12 --password "Пароль для PFX" --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile $TMPFILE >/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL encoding" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "Пароль для PFX" --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL decrypting/decoding" + exit 1 +fi + rm -f "$TMPFILE" "$TMPFILE_PEM" exit 0 diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh index 51f77bb565..0ab6069b8f 100755 --- a/tests/gnutls-cli-debug.sh +++ b/tests/gnutls-cli-debug.sh @@ -24,6 +24,7 @@ srcdir="${srcdir:-.}" SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" DCLI="${DCLI:-../src/gnutls-cli-debug${EXEEXT}}" OUTFILE=cli-debug.$$.tmp +TMPFILE=config.$$.tmp unset RETCODE if ! test -x "${SERV}"; then @@ -169,7 +170,36 @@ check_text "whether the server accepts default record size (512 bytes)... no" check_text "whether %ALLOW_SMALL_RECORDS is required... yes" check_text "for RSA key exchange support... no" +echo "" +echo "Checking output of gnutls-cli-debug when algorithms are disabled" +eval "${GETPORT}" +launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ + --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} >/dev/null 2>&1 +PID=$! +wait_server ${PID} + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +tls-disabled-cipher = CAMELLIA-128-CBC +tls-disabled-cipher = CAMELLIA-256-CBC +_EOF_ +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +timeout 1800 datefudge "2017-08-9" \ +"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +kill ${PID} +wait + +check_text "for AES-GCM cipher (RFC5288) support... yes" +check_text "for RSA key exchange support... yes" +check_text "for SHA1 MAC support... yes" + rm -f ${OUTFILE} +rm -f ${TMPFILE} if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != 1 ; then # GOST_CNT test diff --git a/tests/gnutls-strcodes.c b/tests/gnutls-strcodes.c index 0d3f14b600..952fc5fbb4 100644 --- a/tests/gnutls-strcodes.c +++ b/tests/gnutls-strcodes.c @@ -129,6 +129,8 @@ void doit(void) check_unique_non_null(gnutls_ecc_curve_get_name(i)); if (i == GNUTLS_ECC_CURVE_X25519) continue; /* no oid yet */ + if (i == GNUTLS_ECC_CURVE_X448) + continue; /* no oid yet */ check_unique_non_null(gnutls_ecc_curve_get_oid(i)); } diff --git a/tests/privkey-keygen.c b/tests/privkey-keygen.c index 7491e3cf33..31634bd095 100644 --- a/tests/privkey-keygen.c +++ b/tests/privkey-keygen.c @@ -65,36 +65,29 @@ static void sign_verify_data(gnutls_pk_algorithm_t algorithm, gnutls_x509_privke gnutls_datum_t signature; gnutls_digest_algorithm_t digest; - if (algorithm == GNUTLS_PK_EDDSA_ED25519) - digest = GNUTLS_DIG_SHA512; - else if (algorithm == GNUTLS_PK_GOST_01) - digest = GNUTLS_DIG_GOSTR_94; - else if (algorithm == GNUTLS_PK_GOST_12_256) - digest = GNUTLS_DIG_STREEBOG_256; - else if (algorithm == GNUTLS_PK_GOST_12_512) - digest = GNUTLS_DIG_STREEBOG_512; - else - digest = GNUTLS_DIG_SHA256; - - /* sign arbitrary data */ assert(gnutls_privkey_init(&privkey) >= 0); ret = gnutls_privkey_import_x509(privkey, pkey, 0); if (ret < 0) fail("gnutls_privkey_import_x509\n"); - ret = gnutls_privkey_sign_data(privkey, digest, 0, - &raw_data, &signature); - if (ret < 0) - fail("gnutls_x509_privkey_sign_data\n"); - - /* verify data */ assert(gnutls_pubkey_init(&pubkey) >= 0); ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0); if (ret < 0) fail("gnutls_pubkey_import_privkey\n"); + ret = gnutls_pubkey_get_preferred_hash_algorithm (pubkey, &digest, NULL); + if (ret < 0) + fail("gnutls_pubkey_get_preferred_hash_algorithm\n"); + + /* sign arbitrary data */ + ret = gnutls_privkey_sign_data(privkey, digest, 0, + &raw_data, &signature); + if (ret < 0) + fail("gnutls_privkey_sign_data\n"); + + /* verify data */ ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm(pubkey, NULL),digest), 0, &raw_data, &signature); if (ret < 0) @@ -122,7 +115,8 @@ void doit(void) for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_MAX; algorithm++) { if (algorithm == GNUTLS_PK_DH || - algorithm == GNUTLS_PK_ECDH_X25519) + algorithm == GNUTLS_PK_ECDH_X25519 || + algorithm == GNUTLS_PK_ECDH_X448) continue; if (algorithm == GNUTLS_PK_GOST_01 || diff --git a/tests/set_x509_ocsp_multi_cli.c b/tests/set_x509_ocsp_multi_cli.c new file mode 100644 index 0000000000..ae80ca3b0b --- /dev/null +++ b/tests/set_x509_ocsp_multi_cli.c @@ -0,0 +1,218 @@ +/* + * Copyright (C) 2020 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/> + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <assert.h> +#include <gnutls/gnutls.h> +#include <gnutls/x509.h> + +#ifdef ENABLE_OCSP + +#include "cert-common.h" +#include "ocsp-common.h" +#include "utils.h" + +/* Tests whether setting an OCSP response to a client + * is working as expected */ + +static time_t mytime(time_t * t) +{ + time_t then = OCSP_RESP_DATE; + if (t) + *t = then; + + return then; +} + +static void check_cli(gnutls_session_t session, void *priv) +{ + assert((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SERV_REQUESTED_OCSP) != 0); +} + +static void check_serv(gnutls_session_t session, void *priv) +{ + int ret; + unsigned int status; + gnutls_datum_t resp; + gnutls_datum_t *exp_resp = priv; + + assert((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SERV_REQUESTED_OCSP) != 0); + + ret = gnutls_ocsp_status_request_get(session, &resp); + if (ret < 0) { + if (priv == NULL) + return; + fail("no response was received\n"); + } + + if (priv == NULL) { + fail("not expected response, but received one\n"); + } + + if (resp.size != exp_resp->size || memcmp(resp.data, exp_resp->data, resp.size) != 0) { + fail("did not receive the expected response\n"); + } + + /* Check intermediate response */ + if (gnutls_protocol_get_version(session) == GNUTLS_TLS1_3) { + ret = gnutls_ocsp_status_request_get2(session, 1, &resp); + if (ret < 0) { + fail("no intermediate response was received\n"); + } + + if (resp.size != ocsp_subca3_unknown.size || memcmp(resp.data, ocsp_subca3_unknown.data, resp.size) != 0) { + fail("did not receive the expected intermediate response\n"); + } + } + + ret = gnutls_certificate_verify_peers2(session, &status); + if (ret != 0) + fail("error in verification (%s)\n", gnutls_strerror(ret)); + + ret = gnutls_ocsp_status_request_is_checked(session, GNUTLS_OCSP_SR_IS_AVAIL); + if (ret == 0) { + fail("did not receive the expected value (%d)\n", ret); + } + + ret = gnutls_ocsp_status_request_is_checked(session, 0); + if (ret == 0) { + fail("did not receive the expected value (%d)\n", ret); + } +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred; + gnutls_certificate_credentials_t clicred; + const char *certfile1; + const char *ocspfile1; + char certname1[TMPNAME_SIZE], ocspname1[TMPNAME_SIZE]; + FILE *fp; + unsigned index1; + time_t t; + + global_init(); + gnutls_global_set_time_function(mytime); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + gnutls_certificate_set_flags(xcred, GNUTLS_CERTIFICATE_API_V2); + + certfile1 = get_tmpname(certname1); + + /* set cert with localhost name */ + fp = fopen(certfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost_ca3_cert_chain_pem, 1, strlen(server_localhost_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile1, certfile1, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_x509_key_file2(clicred, certfile1, certfile1, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index1 = ret; + + /* set OCSP response1, include an unrelated OCSP response */ + ocspfile1 = get_tmpname(ocspname1); + fp = fopen(ocspfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_subca3_unknown_pem.data, 1, ocsp_subca3_unknown_pem.size, fp)>0); + assert(fwrite(ocsp_ca3_localhost_unknown_pem.data, 1, ocsp_ca3_localhost_unknown_pem.size, fp)>0); + assert(fwrite(ocsp_ca3_localhost6_unknown_pem.data, 1, ocsp_ca3_localhost6_unknown_pem.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file2(clicred, ocspfile1, index1, + GNUTLS_X509_FMT_PEM); + if (ret != GNUTLS_E_OCSP_MISMATCH_WITH_CERTS) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* set OCSP response1, include correct responses */ + remove(ocspfile1); + fp = fopen(ocspfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_subca3_unknown_pem.data, 1, ocsp_subca3_unknown_pem.size, fp)>0); + assert(fwrite(ocsp_ca3_localhost_unknown_pem.data, 1, ocsp_ca3_localhost_unknown_pem.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file2(clicred, ocspfile1, index1, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in setting trust cert: %s\n", gnutls_strerror(ret)); + } + + t = gnutls_certificate_get_ocsp_expiration(clicred, 0, 0, 0); + if (t != 1509625639) + fail("error in OCSP validity time: %ld\n", (long int)t); + + t = gnutls_certificate_get_ocsp_expiration(clicred, 0, 1, 0); + if (t != 1509625639) + fail("error in OCSP validity time: %ld\n", (long int)t); + + t = gnutls_certificate_get_ocsp_expiration(clicred, 0, -1, 0); + if (t != 1509625639) + fail("error in OCSP validity time: %ld\n", (long int)t); + +#define PRIO "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3" + _test_cli_serv(xcred, clicred, PRIO, PRIO, "localhost", &ocsp_ca3_localhost_unknown, check_cli, + check_serv, 0, 1, 0, 0); + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); + remove(ocspfile1); + remove(certfile1); +} + +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/suite/testcompat-common b/tests/suite/testcompat-common index c351662319..6ed5dba27f 100644 --- a/tests/suite/testcompat-common +++ b/tests/suite/testcompat-common @@ -43,6 +43,9 @@ RSA_PSS_CLI_KEY="${srcdir}/../../doc/credentials/x509/clikey-rsa-pss.pem" ED25519_CLI_CERT="${srcdir}/../../doc/credentials/x509/clicert-ed25519.pem" ED25519_CLI_KEY="${srcdir}/../../doc/credentials/x509/clikey-ed25519.pem" +ED448_CLI_CERT="${srcdir}/../../doc/credentials/x509/clicert-ed448.pem" +ED448_CLI_KEY="${srcdir}/../../doc/credentials/x509/clikey-ed448.pem" + RSA_PSS_CERT="${srcdir}/../../doc/credentials/x509/cert-rsa-pss.pem" RSA_PSS_KEY="${srcdir}/../../doc/credentials/x509/key-rsa-pss.pem" @@ -52,6 +55,9 @@ RSA_KEY="${srcdir}/../../doc/credentials/x509/key-rsa.pem" ED25519_CERT="${srcdir}/../../doc/credentials/x509/cert-ed25519.pem" ED25519_KEY="${srcdir}/../../doc/credentials/x509/key-ed25519.pem" +ED448_CERT="${srcdir}/../../doc/credentials/x509/cert-ed448.pem" +ED448_KEY="${srcdir}/../../doc/credentials/x509/key-ed448.pem" + ECC_CERT="${srcdir}/../../doc/credentials/x509/cert-ecc.pem" ECC_KEY="${srcdir}/../../doc/credentials/x509/key-ecc.pem" diff --git a/tests/suite/testcompat-tls13-openssl.sh b/tests/suite/testcompat-tls13-openssl.sh index 6d17941b8e..128873ab23 100755 --- a/tests/suite/testcompat-tls13-openssl.sh +++ b/tests/suite/testcompat-tls13-openssl.sh @@ -177,6 +177,18 @@ run_client_suite() { kill ${PID} wait + echo_cmd "${PREFIX}Checking TLS 1.3 with Ed448 certificate..." + eval "${GETPORT}" + launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ED448_KEY}" -cert "${ED448_CERT}" -CAfile "${CA_CERT}" + PID=$! + wait_server ${PID} + + ${VALGRIND} "${CLI}" ${DEBUG} -p "${PORT}" 127.0.0.1 --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --insecure </dev/null >>${OUTPUT} || \ + fail ${PID} "Failed" + + kill ${PID} + wait + echo_cmd "${PREFIX}Checking TLS 1.3 with secp256r1 certificate..." eval "${GETPORT}" launch_bare_server $$ s_server -quiet -www -accept "${PORT}" -keyform pem -certform pem ${OPENSSL_DH_PARAMS_OPT} -key "${ECC_KEY}" -cert "${ECC_CERT}" -CAfile "${CA_CERT}" @@ -324,7 +336,8 @@ run_server_suite() { wait done - for i in GROUP-X25519 GROUP-SECP256R1 GROUP-SECP384R1 GROUP-SECP521R1;do + GROUPS="GROUP-X25519 GROUP-X448 GROUP-SECP256R1 GROUP-SECP384R1 GROUP-SECP521R1" + for i in $GROUPS;do echo_cmd "${PREFIX}Checking TLS 1.3 with ${i}..." eval "${GETPORT}" @@ -395,6 +408,10 @@ _EOF_ ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${ED25519_CLI_CERT}" -key "${ED25519_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ fail ${PID} "Failed" + echo_cmd "${PREFIX}Checking TLS 1.3 with Ed448 client certificate..." + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${ED448_CLI_CERT}" -key "${ED448_CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" + kill ${PID} wait @@ -452,6 +469,19 @@ _EOF_ kill ${PID} wait + echo_cmd "${PREFIX}Checking TLS 1.3 with Ed448 certificate..." + + eval "${GETPORT}" + launch_server $$ --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3${ADD}" --x509certfile "${ED448_CERT}" --x509keyfile "${ED448_KEY}" --x509cafile "${CA_CERT}" >>${OUTPUT} 2>&1 + PID=$! + wait_server ${PID} + + ${OPENSSL_CLI} s_client -host localhost -port "${PORT}" -cert "${CLI_CERT}" -key "${CLI_KEY}" -CAfile "${CA_CERT}" </dev/null 2>&1 | grep "\:error\:" && \ + fail ${PID} "Failed" + + kill ${PID} + wait + echo_cmd "${PREFIX}Checking TLS 1.3 with secp256r1 certificate..." eval "${GETPORT}" diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json index 31f63e5398..e293b1ce78 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json @@ -43,16 +43,7 @@ {"name" : "test-tls13-ccs.py", "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-crfg-curves.py", - "comment": "We do not support x448", - "arguments": ["-p", "@PORT@", - "-e", "empty x448 key share", - "-e", "sanity x448 with compression ansiX962_compressed_char2", - "-e", "sanity x448 with compression ansiX962_compressed_prime", - "-e", "sanity x448 with compression uncompressed", - "-e", "too big x448 key share", - "-e", "too small x448 key share", - "-e", "x448 key share of \"1\"", - "-e", "all zero x448 key share"]}, + "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-conversation.py", "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-count-tickets.py", diff --git a/tests/suite/tls-fuzzer/gnutls-nocert.json b/tests/suite/tls-fuzzer/gnutls-nocert.json index bc3c7a88b2..bef461789f 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert.json @@ -42,15 +42,7 @@ "arguments" : ["-p", "@PORT@", "-e", "Encrypt-then-MAC renegotiation crash"]}, {"name" : "test-x25519.py", - "comment" : "x448 is not supported", - "arguments" : ["-p", "@PORT@", - "-e", "all zero x448 key share", - "-e", "empty x448 key share", - "-e", "sanity - negotiate x448", - "-e", "too big x448 key share", - "-e", "too small x448 key share", - "-e", "x448 key share of \"1\"" - ]}, + "arguments" : ["-p", "@PORT@"]}, {"name" : "test-cve-2016-7054.py", "arguments" : ["-p", "@PORT@", "-e", "sanity"]}, @@ -130,9 +122,6 @@ "arguments" : ["-p", "@PORT@", "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", - "-e", "Protocol (3, 1) with x448 group", - "-e", "Protocol (3, 2) with x448 group", - "-e", "Protocol (3, 3) with x448 group", "-e", "Protocol (3, 0)", "-z", "-n", "6"]}, @@ -144,9 +133,6 @@ "arguments" : ["-p", "@PORT@", "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello", - "-e", "Protocol (3, 1) with x448 group", - "-e", "Protocol (3, 2) with x448 group", - "-e", "Protocol (3, 3) with x448 group", "-e", "Protocol (3, 0)", "-z", "-n", "6"]}, @@ -263,9 +249,6 @@ {"name" : "test-serverhello-random.py", "arguments" : ["-p", "@PORT@", "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello", - "-e", "Protocol (3, 1) with x448 group", - "-e", "Protocol (3, 2) with x448 group", - "-e", "Protocol (3, 3) with x448 group", "-e", "Protocol (3, 0)", "-z", "-n", "6"]}, |