diff options
Diffstat (limited to 'lib/gnutls_sig.c')
-rw-r--r-- | lib/gnutls_sig.c | 538 |
1 files changed, 284 insertions, 254 deletions
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index ac4fa7704e..67a4928531 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -38,145 +38,156 @@ #include <gnutls_kx.h> static -int _gnutls_tls_sign(gnutls_cert * cert, gnutls_privkey * pkey, - const gnutls_datum_t * hash_concat, - gnutls_datum_t * signature); + int _gnutls_tls_sign (gnutls_cert * cert, gnutls_privkey * pkey, + const gnutls_datum_t * hash_concat, + gnutls_datum_t * signature); /* Generates a signature of all the previous sent packets in the * handshake procedure. (20040227: now it works for SSL 3.0 as well) */ -int _gnutls_tls_sign_hdata(gnutls_session_t session, - gnutls_cert * cert, gnutls_privkey * pkey, - gnutls_datum_t * signature) +int +_gnutls_tls_sign_hdata (gnutls_session_t session, + gnutls_cert * cert, gnutls_privkey * pkey, + gnutls_datum_t * signature) { - gnutls_datum_t dconcat; - int ret; - opaque concat[36]; - mac_hd_t td_md5; - mac_hd_t td_sha; - gnutls_protocol_t ver = gnutls_protocol_get_version(session); - - td_sha = - _gnutls_hash_copy(session->internals.handshake_mac_handle_sha); - if (td_sha == NULL) { - gnutls_assert(); - return GNUTLS_E_HASH_FAILED; + gnutls_datum_t dconcat; + int ret; + opaque concat[36]; + mac_hd_t td_md5; + mac_hd_t td_sha; + gnutls_protocol_t ver = gnutls_protocol_get_version (session); + + td_sha = _gnutls_hash_copy (session->internals.handshake_mac_handle_sha); + if (td_sha == NULL) + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; } - if (ver == GNUTLS_SSL3) { - ret = _gnutls_generate_master(session, 1); - if (ret < 0) { - gnutls_assert(); - return ret; + if (ver == GNUTLS_SSL3) + { + ret = _gnutls_generate_master (session, 1); + if (ret < 0) + { + gnutls_assert (); + return ret; } - _gnutls_mac_deinit_ssl3_handshake(td_sha, &concat[16], - session->security_parameters. - master_secret, TLS_MASTER_SIZE); - } else - _gnutls_hash_deinit(td_sha, &concat[16]); + _gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], + session->security_parameters. + master_secret, TLS_MASTER_SIZE); + } + else + _gnutls_hash_deinit (td_sha, &concat[16]); - switch (cert->subject_pk_algorithm) { + switch (cert->subject_pk_algorithm) + { case GNUTLS_PK_RSA: - td_md5 = - _gnutls_hash_copy(session->internals.handshake_mac_handle_md5); - if (td_md5 == NULL) { - gnutls_assert(); - return GNUTLS_E_HASH_FAILED; + td_md5 = + _gnutls_hash_copy (session->internals.handshake_mac_handle_md5); + if (td_md5 == NULL) + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; } - if (ver == GNUTLS_SSL3) - _gnutls_mac_deinit_ssl3_handshake(td_md5, concat, - session->security_parameters. - master_secret, - TLS_MASTER_SIZE); - else - _gnutls_hash_deinit(td_md5, concat); - - dconcat.data = concat; - dconcat.size = 36; - break; + if (ver == GNUTLS_SSL3) + _gnutls_mac_deinit_ssl3_handshake (td_md5, concat, + session->security_parameters. + master_secret, TLS_MASTER_SIZE); + else + _gnutls_hash_deinit (td_md5, concat); + + dconcat.data = concat; + dconcat.size = 36; + break; case GNUTLS_PK_DSA: - dconcat.data = &concat[16]; - dconcat.size = 20; - break; + dconcat.data = &concat[16]; + dconcat.size = 20; + break; default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - ret = _gnutls_tls_sign(cert, pkey, &dconcat, signature); - if (ret < 0) { - gnutls_assert(); + ret = _gnutls_tls_sign (cert, pkey, &dconcat, signature); + if (ret < 0) + { + gnutls_assert (); } - return ret; + return ret; } /* Generates a signature of all the random data and the parameters. * Used in DHE_* ciphersuites. */ -int _gnutls_tls_sign_params(gnutls_session_t session, gnutls_cert * cert, - gnutls_privkey * pkey, gnutls_datum_t * params, - gnutls_datum_t * signature) +int +_gnutls_tls_sign_params (gnutls_session_t session, gnutls_cert * cert, + gnutls_privkey * pkey, gnutls_datum_t * params, + gnutls_datum_t * signature) { - gnutls_datum_t dconcat; - int ret; - mac_hd_t td_md5; - mac_hd_t td_sha; - opaque concat[36]; - - - td_sha = _gnutls_hash_init(GNUTLS_MAC_SHA1); - if (td_sha == NULL) { - gnutls_assert(); - return GNUTLS_E_HASH_FAILED; + gnutls_datum_t dconcat; + int ret; + mac_hd_t td_md5; + mac_hd_t td_sha; + opaque concat[36]; + + + td_sha = _gnutls_hash_init (GNUTLS_MAC_SHA1); + if (td_sha == NULL) + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; } - _gnutls_hash(td_sha, session->security_parameters.client_random, - TLS_RANDOM_SIZE); - _gnutls_hash(td_sha, session->security_parameters.server_random, - TLS_RANDOM_SIZE); - _gnutls_hash(td_sha, params->data, params->size); + _gnutls_hash (td_sha, session->security_parameters.client_random, + TLS_RANDOM_SIZE); + _gnutls_hash (td_sha, session->security_parameters.server_random, + TLS_RANDOM_SIZE); + _gnutls_hash (td_sha, params->data, params->size); - _gnutls_hash_deinit(td_sha, &concat[16]); + _gnutls_hash_deinit (td_sha, &concat[16]); - switch (cert->subject_pk_algorithm) { + switch (cert->subject_pk_algorithm) + { case GNUTLS_PK_RSA: - td_md5 = _gnutls_hash_init(GNUTLS_MAC_MD5); - if (td_md5 == NULL) { - gnutls_assert(); - return GNUTLS_E_HASH_FAILED; + td_md5 = _gnutls_hash_init (GNUTLS_MAC_MD5); + if (td_md5 == NULL) + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; } - _gnutls_hash(td_md5, session->security_parameters.client_random, - TLS_RANDOM_SIZE); - _gnutls_hash(td_md5, session->security_parameters.server_random, - TLS_RANDOM_SIZE); - _gnutls_hash(td_md5, params->data, params->size); + _gnutls_hash (td_md5, session->security_parameters.client_random, + TLS_RANDOM_SIZE); + _gnutls_hash (td_md5, session->security_parameters.server_random, + TLS_RANDOM_SIZE); + _gnutls_hash (td_md5, params->data, params->size); - _gnutls_hash_deinit(td_md5, concat); + _gnutls_hash_deinit (td_md5, concat); - dconcat.data = concat; - dconcat.size = 36; - break; + dconcat.data = concat; + dconcat.size = 36; + break; case GNUTLS_PK_DSA: - dconcat.data = &concat[16]; - dconcat.size = 20; - break; + dconcat.data = &concat[16]; + dconcat.size = 20; + break; default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - ret = _gnutls_tls_sign(cert, pkey, &dconcat, signature); - if (ret < 0) { - gnutls_assert(); + ret = _gnutls_tls_sign (cert, pkey, &dconcat, signature); + if (ret < 0) + { + gnutls_assert (); } - return ret; + return ret; } @@ -184,237 +195,256 @@ int _gnutls_tls_sign_params(gnutls_session_t session, gnutls_cert * cert, /* This will create a PKCS1 or DSA signature, using the given parameters, and the * given data. The output will be allocated and be put in signature. */ -int _gnutls_sign(gnutls_pk_algorithm_t algo, mpi_t * params, - int params_size, const gnutls_datum_t * data, - gnutls_datum_t * signature) +int +_gnutls_sign (gnutls_pk_algorithm_t algo, mpi_t * params, + int params_size, const gnutls_datum_t * data, + gnutls_datum_t * signature) { - int ret; + int ret; - switch (algo) { + switch (algo) + { case GNUTLS_PK_RSA: - /* encrypt */ - if ((ret = _gnutls_pkcs1_rsa_encrypt(signature, data, params, - params_size, 1)) < 0) { - gnutls_assert(); - return ret; + /* encrypt */ + if ((ret = _gnutls_pkcs1_rsa_encrypt (signature, data, params, + params_size, 1)) < 0) + { + gnutls_assert (); + return ret; } - break; + break; case GNUTLS_PK_DSA: - /* sign */ - if ((ret = _gnutls_dsa_sign(signature, data, params, - params_size)) < 0) { - gnutls_assert(); - return ret; + /* sign */ + if ((ret = _gnutls_dsa_sign (signature, data, params, params_size)) < 0) + { + gnutls_assert (); + return ret; } - break; + break; default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - break; + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + break; } - return 0; + return 0; } /* This will create a PKCS1 or DSA signature, as defined in the TLS protocol. * Cert is the certificate of the corresponding private key. It is only checked if * it supports signing. */ -static -int _gnutls_tls_sign(gnutls_cert * cert, gnutls_privkey * pkey, - const gnutls_datum_t * hash_concat, - gnutls_datum_t * signature) +static int +_gnutls_tls_sign (gnutls_cert * cert, gnutls_privkey * pkey, + const gnutls_datum_t * hash_concat, + gnutls_datum_t * signature) { - /* If our certificate supports signing - */ + /* If our certificate supports signing + */ - if (cert != NULL) - if (cert->key_usage != 0) - if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE)) { - gnutls_assert(); - return GNUTLS_E_KEY_USAGE_VIOLATION; - } + if (cert != NULL) + if (cert->key_usage != 0) + if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE)) + { + gnutls_assert (); + return GNUTLS_E_KEY_USAGE_VIOLATION; + } - return _gnutls_sign(pkey->pk_algorithm, pkey->params, - pkey->params_size, hash_concat, signature); + return _gnutls_sign (pkey->pk_algorithm, pkey->params, + pkey->params_size, hash_concat, signature); } -static -int _gnutls_pkcs1_rsa_verify_sig(gnutls_cert * cert, - const gnutls_datum_t * hash_concat, - gnutls_datum_t * signature) +static int +_gnutls_pkcs1_rsa_verify_sig (gnutls_cert * cert, + const gnutls_datum_t * hash_concat, + gnutls_datum_t * signature) { - int ret; - gnutls_datum_t vdata; - - if (cert->version == 0 || cert == NULL) { /* this is the only way to check - * if it is initialized - */ - gnutls_assert(); - return GNUTLS_E_CERTIFICATE_ERROR; + int ret; + gnutls_datum_t vdata; + + if (cert->version == 0 || cert == NULL) + { /* this is the only way to check + * if it is initialized + */ + gnutls_assert (); + return GNUTLS_E_CERTIFICATE_ERROR; } - /* If the certificate supports signing continue. - */ - if (cert != NULL) - if (cert->key_usage != 0) - if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE)) { - gnutls_assert(); - return GNUTLS_E_KEY_USAGE_VIOLATION; - } + /* If the certificate supports signing continue. + */ + if (cert != NULL) + if (cert->key_usage != 0) + if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE)) + { + gnutls_assert (); + return GNUTLS_E_KEY_USAGE_VIOLATION; + } - switch (cert->subject_pk_algorithm) { + switch (cert->subject_pk_algorithm) + { case GNUTLS_PK_RSA: - vdata.data = hash_concat->data; - vdata.size = hash_concat->size; + vdata.data = hash_concat->data; + vdata.size = hash_concat->size; - /* verify signature */ - if ((ret = _gnutls_rsa_verify(&vdata, signature, cert->params, - cert->params_size, 1)) < 0) { - gnutls_assert(); - return ret; + /* verify signature */ + if ((ret = _gnutls_rsa_verify (&vdata, signature, cert->params, + cert->params_size, 1)) < 0) + { + gnutls_assert (); + return ret; } - break; + break; case GNUTLS_PK_DSA: - vdata.data = &hash_concat->data[16]; - vdata.size = 20; /* sha1 */ + vdata.data = &hash_concat->data[16]; + vdata.size = 20; /* sha1 */ - /* verify signature */ - if ((ret = _gnutls_dsa_verify(&vdata, signature, cert->params, - cert->params_size)) < 0) { - gnutls_assert(); - return ret; + /* verify signature */ + if ((ret = _gnutls_dsa_verify (&vdata, signature, cert->params, + cert->params_size)) < 0) + { + gnutls_assert (); + return ret; } - break; + break; default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - return 0; + return 0; } /* Verifies a TLS signature (like the one in the client certificate * verify message). */ -int _gnutls_verify_sig_hdata(gnutls_session_t session, gnutls_cert * cert, - gnutls_datum_t * signature) +int +_gnutls_verify_sig_hdata (gnutls_session_t session, gnutls_cert * cert, + gnutls_datum_t * signature) { - int ret; - opaque concat[36]; - mac_hd_t td_md5; - mac_hd_t td_sha; - gnutls_datum_t dconcat; - gnutls_protocol_t ver = gnutls_protocol_get_version(session); - - td_md5 = - _gnutls_hash_copy(session->internals.handshake_mac_handle_md5); - if (td_md5 == NULL) { - gnutls_assert(); - return GNUTLS_E_HASH_FAILED; + int ret; + opaque concat[36]; + mac_hd_t td_md5; + mac_hd_t td_sha; + gnutls_datum_t dconcat; + gnutls_protocol_t ver = gnutls_protocol_get_version (session); + + td_md5 = _gnutls_hash_copy (session->internals.handshake_mac_handle_md5); + if (td_md5 == NULL) + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; } - td_sha = - _gnutls_hash_copy(session->internals.handshake_mac_handle_sha); - if (td_sha == NULL) { - gnutls_assert(); - _gnutls_hash_deinit(td_md5, NULL); - return GNUTLS_E_HASH_FAILED; + td_sha = _gnutls_hash_copy (session->internals.handshake_mac_handle_sha); + if (td_sha == NULL) + { + gnutls_assert (); + _gnutls_hash_deinit (td_md5, NULL); + return GNUTLS_E_HASH_FAILED; } - if (ver == GNUTLS_SSL3) { - ret = _gnutls_generate_master(session, 1); - if (ret < 0) { - gnutls_assert(); - return ret; + if (ver == GNUTLS_SSL3) + { + ret = _gnutls_generate_master (session, 1); + if (ret < 0) + { + gnutls_assert (); + return ret; } - _gnutls_mac_deinit_ssl3_handshake(td_md5, concat, - session->security_parameters. - master_secret, TLS_MASTER_SIZE); - _gnutls_mac_deinit_ssl3_handshake(td_sha, &concat[16], - session->security_parameters. - master_secret, TLS_MASTER_SIZE); - } else { - _gnutls_hash_deinit(td_md5, concat); - _gnutls_hash_deinit(td_sha, &concat[16]); + _gnutls_mac_deinit_ssl3_handshake (td_md5, concat, + session->security_parameters. + master_secret, TLS_MASTER_SIZE); + _gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], + session->security_parameters. + master_secret, TLS_MASTER_SIZE); + } + else + { + _gnutls_hash_deinit (td_md5, concat); + _gnutls_hash_deinit (td_sha, &concat[16]); } - dconcat.data = concat; - dconcat.size = 20 + 16; /* md5+ sha */ + dconcat.data = concat; + dconcat.size = 20 + 16; /* md5+ sha */ - ret = _gnutls_pkcs1_rsa_verify_sig(cert, &dconcat, signature); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _gnutls_pkcs1_rsa_verify_sig (cert, &dconcat, signature); + if (ret < 0) + { + gnutls_assert (); + return ret; } - return ret; + return ret; } /* Generates a signature of all the random data and the parameters. * Used in DHE_* ciphersuites. */ -int _gnutls_verify_sig_params(gnutls_session_t session, gnutls_cert * cert, - const gnutls_datum_t * params, - gnutls_datum_t * signature) +int +_gnutls_verify_sig_params (gnutls_session_t session, gnutls_cert * cert, + const gnutls_datum_t * params, + gnutls_datum_t * signature) { - gnutls_datum_t dconcat; - int ret; - mac_hd_t td_md5; - mac_hd_t td_sha; - opaque concat[36]; - - td_md5 = _gnutls_hash_init(GNUTLS_MAC_MD5); - if (td_md5 == NULL) { - gnutls_assert(); - return GNUTLS_E_HASH_FAILED; + gnutls_datum_t dconcat; + int ret; + mac_hd_t td_md5; + mac_hd_t td_sha; + opaque concat[36]; + + td_md5 = _gnutls_hash_init (GNUTLS_MAC_MD5); + if (td_md5 == NULL) + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; } - td_sha = _gnutls_hash_init(GNUTLS_MAC_SHA1); - if (td_sha == NULL) { - gnutls_assert(); - _gnutls_hash_deinit(td_md5, NULL); - return GNUTLS_E_HASH_FAILED; + td_sha = _gnutls_hash_init (GNUTLS_MAC_SHA1); + if (td_sha == NULL) + { + gnutls_assert (); + _gnutls_hash_deinit (td_md5, NULL); + return GNUTLS_E_HASH_FAILED; } - _gnutls_hash(td_md5, session->security_parameters.client_random, - TLS_RANDOM_SIZE); - _gnutls_hash(td_md5, session->security_parameters.server_random, - TLS_RANDOM_SIZE); - _gnutls_hash(td_md5, params->data, params->size); - - _gnutls_hash(td_sha, session->security_parameters.client_random, - TLS_RANDOM_SIZE); - _gnutls_hash(td_sha, session->security_parameters.server_random, - TLS_RANDOM_SIZE); - _gnutls_hash(td_sha, params->data, params->size); - - _gnutls_hash_deinit(td_md5, concat); - _gnutls_hash_deinit(td_sha, &concat[16]); - - dconcat.data = concat; - dconcat.size = 36; - - ret = _gnutls_pkcs1_rsa_verify_sig(cert, &dconcat, signature); - if (ret < 0) { - gnutls_assert(); - return ret; + _gnutls_hash (td_md5, session->security_parameters.client_random, + TLS_RANDOM_SIZE); + _gnutls_hash (td_md5, session->security_parameters.server_random, + TLS_RANDOM_SIZE); + _gnutls_hash (td_md5, params->data, params->size); + + _gnutls_hash (td_sha, session->security_parameters.client_random, + TLS_RANDOM_SIZE); + _gnutls_hash (td_sha, session->security_parameters.server_random, + TLS_RANDOM_SIZE); + _gnutls_hash (td_sha, params->data, params->size); + + _gnutls_hash_deinit (td_md5, concat); + _gnutls_hash_deinit (td_sha, &concat[16]); + + dconcat.data = concat; + dconcat.size = 36; + + ret = _gnutls_pkcs1_rsa_verify_sig (cert, &dconcat, signature); + if (ret < 0) + { + gnutls_assert (); + return ret; } - return ret; + return ret; } |