diff options
Diffstat (limited to 'lib/tls-sig.c')
-rw-r--r-- | lib/tls-sig.c | 225 |
1 files changed, 126 insertions, 99 deletions
diff --git a/lib/tls-sig.c b/lib/tls-sig.c index 84fd57dd31..45869fd802 100644 --- a/lib/tls-sig.c +++ b/lib/tls-sig.c @@ -40,17 +40,21 @@ #include <x509/common.h> #include <abstract_int.h> -int _gnutls_check_key_usage_for_sig(gnutls_session_t session, unsigned key_usage, unsigned our_cert) +int _gnutls_check_key_usage_for_sig(gnutls_session_t session, + unsigned key_usage, unsigned our_cert) { const char *lstr; unsigned allow_key_usage_violation; if (our_cert) { lstr = "Local"; - allow_key_usage_violation = session->internals.priorities->allow_server_key_usage_violation; + allow_key_usage_violation = + session->internals. + priorities->allow_server_key_usage_violation; } else { lstr = "Peer's"; - allow_key_usage_violation = session->internals.allow_key_usage_violation; + allow_key_usage_violation = + session->internals.allow_key_usage_violation; } if (key_usage != 0) { @@ -58,11 +62,13 @@ int _gnutls_check_key_usage_for_sig(gnutls_session_t session, unsigned key_usage gnutls_assert(); if (likely(allow_key_usage_violation == 0)) { _gnutls_audit_log(session, - "%s certificate does not allow digital signatures. Key usage violation detected.\n", lstr); + "%s certificate does not allow digital signatures. Key usage violation detected.\n", + lstr); return GNUTLS_E_KEY_USAGE_VIOLATION; } else { _gnutls_audit_log(session, - "%s certificate does not allow digital signatures. Key usage violation detected (ignored).\n", lstr); + "%s certificate does not allow digital signatures. Key usage violation detected (ignored).\n", + lstr); } } } @@ -74,10 +80,10 @@ int _gnutls_check_key_usage_for_sig(gnutls_session_t session, unsigned key_usage */ static int _gnutls_handshake_sign_data12(gnutls_session_t session, - gnutls_pcert_st * cert, gnutls_privkey_t pkey, - gnutls_datum_t * params, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t sign_algo) + gnutls_pcert_st * cert, gnutls_privkey_t pkey, + gnutls_datum_t * params, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t sign_algo) { gnutls_datum_t dconcat; int ret; @@ -86,17 +92,22 @@ _gnutls_handshake_sign_data12(gnutls_session_t session, ("HSK[%p]: signing TLS 1.2 handshake data: using %s\n", session, gnutls_sign_algorithm_get_name(sign_algo)); - if (unlikely(gnutls_sign_supports_pk_algorithm(sign_algo, pkey->pk_algorithm) == 0)) + if (unlikely + (gnutls_sign_supports_pk_algorithm(sign_algo, pkey->pk_algorithm) == + 0)) return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); - dconcat.size = GNUTLS_RANDOM_SIZE*2 + params->size; + dconcat.size = GNUTLS_RANDOM_SIZE * 2 + params->size; dconcat.data = gnutls_malloc(dconcat.size); if (dconcat.data == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - memcpy(dconcat.data, session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); - memcpy(dconcat.data+GNUTLS_RANDOM_SIZE, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); - memcpy(dconcat.data+GNUTLS_RANDOM_SIZE*2, params->data, params->size); + memcpy(dconcat.data, session->security_parameters.client_random, + GNUTLS_RANDOM_SIZE); + memcpy(dconcat.data + GNUTLS_RANDOM_SIZE, + session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); + memcpy(dconcat.data + GNUTLS_RANDOM_SIZE * 2, params->data, + params->size); ret = gnutls_privkey_sign_data2(pkey, sign_algo, 0, &dconcat, signature); @@ -111,10 +122,10 @@ _gnutls_handshake_sign_data12(gnutls_session_t session, static int _gnutls_handshake_sign_data10(gnutls_session_t session, - gnutls_pcert_st * cert, gnutls_privkey_t pkey, - gnutls_datum_t * params, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t sign_algo) + gnutls_pcert_st * cert, gnutls_privkey_t pkey, + gnutls_datum_t * params, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t sign_algo) { gnutls_datum_t dconcat; int ret; @@ -127,12 +138,12 @@ _gnutls_handshake_sign_data10(gnutls_session_t session, if (pk_algo == GNUTLS_PK_RSA) me = hash_to_entry(GNUTLS_DIG_MD5_SHA1); else - me = hash_to_entry( - gnutls_sign_get_hash_algorithm(sign_algo)); + me = hash_to_entry(gnutls_sign_get_hash_algorithm(sign_algo)); if (me == NULL) return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM); - if (unlikely(gnutls_sign_supports_pk_algorithm(sign_algo, pk_algo) == 0)) + if (unlikely + (gnutls_sign_supports_pk_algorithm(sign_algo, pk_algo) == 0)) return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); pk_algo = gnutls_sign_get_pk_algorithm(sign_algo); @@ -160,8 +171,10 @@ _gnutls_handshake_sign_data10(gnutls_session_t session, dconcat.data = concat; dconcat.size = _gnutls_hash_get_algo_len(me); - ret = gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, - &dconcat, signature); + ret = + gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), + GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + &dconcat, signature); if (ret < 0) { gnutls_assert(); } @@ -196,9 +209,13 @@ _gnutls_handshake_sign_data(gnutls_session_t session, return gnutls_assert_val(ret); if (_gnutls_version_has_selectable_sighash(ver)) - return _gnutls_handshake_sign_data12(session, cert, pkey, params, signature, *sign_algo); + return _gnutls_handshake_sign_data12(session, cert, pkey, + params, signature, + *sign_algo); else - return _gnutls_handshake_sign_data10(session, cert, pkey, params, signature, *sign_algo); + return _gnutls_handshake_sign_data10(session, cert, pkey, + params, signature, + *sign_algo); } /* Generates a signature of all the random data and the parameters. @@ -206,11 +223,11 @@ _gnutls_handshake_sign_data(gnutls_session_t session, */ static int _gnutls_handshake_verify_data10(gnutls_session_t session, - unsigned verify_flags, - gnutls_pcert_st * cert, - const gnutls_datum_t * params, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t sign_algo) + unsigned verify_flags, + gnutls_pcert_st * cert, + const gnutls_datum_t * params, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t sign_algo) { gnutls_datum_t dconcat; int ret; @@ -251,8 +268,8 @@ _gnutls_handshake_verify_data10(gnutls_session_t session, dconcat.size = _gnutls_hash_get_algo_len(me); ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo, - GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1|verify_flags, - &dconcat, signature); + GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 | + verify_flags, &dconcat, signature); if (ret < 0) return gnutls_assert_val(ret); @@ -261,11 +278,11 @@ _gnutls_handshake_verify_data10(gnutls_session_t session, static int _gnutls_handshake_verify_data12(gnutls_session_t session, - unsigned verify_flags, - gnutls_pcert_st * cert, - const gnutls_datum_t * params, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t sign_algo) + unsigned verify_flags, + gnutls_pcert_st * cert, + const gnutls_datum_t * params, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t sign_algo) { gnutls_datum_t dconcat; int ret; @@ -278,30 +295,35 @@ _gnutls_handshake_verify_data12(gnutls_session_t session, ret = _gnutls_pubkey_compatible_with_sig(session, - cert->pubkey, ver, - sign_algo); + cert->pubkey, ver, sign_algo); if (ret < 0) return gnutls_assert_val(ret); - if (unlikely(sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == 0)) { - _gnutls_handshake_log("HSK[%p]: certificate of %s cannot be combined with %s sig\n", - session, gnutls_pk_get_name(cert->pubkey->params.algo), se->name); + if (unlikely + (sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == + 0)) { + _gnutls_handshake_log + ("HSK[%p]: certificate of %s cannot be combined with %s sig\n", + session, gnutls_pk_get_name(cert->pubkey->params.algo), + se->name); return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); } - ret = - _gnutls_session_sign_algo_enabled(session, sign_algo); + ret = _gnutls_session_sign_algo_enabled(session, sign_algo); if (ret < 0) return gnutls_assert_val(ret); - dconcat.size = GNUTLS_RANDOM_SIZE*2+params->size; + dconcat.size = GNUTLS_RANDOM_SIZE * 2 + params->size; dconcat.data = gnutls_malloc(dconcat.size); if (dconcat.data == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - memcpy(dconcat.data, session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); - memcpy(dconcat.data+GNUTLS_RANDOM_SIZE, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); - memcpy(dconcat.data+GNUTLS_RANDOM_SIZE*2, params->data, params->size); + memcpy(dconcat.data, session->security_parameters.client_random, + GNUTLS_RANDOM_SIZE); + memcpy(dconcat.data + GNUTLS_RANDOM_SIZE, + session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); + memcpy(dconcat.data + GNUTLS_RANDOM_SIZE * 2, params->data, + params->size); ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags, &dconcat, signature); @@ -339,21 +361,23 @@ _gnutls_handshake_verify_data(gnutls_session_t session, gnutls_sign_algorithm_set_server(session, sign_algo); if (_gnutls_version_has_selectable_sighash(ver)) - return _gnutls_handshake_verify_data12(session, verify_flags, cert, params, signature, sign_algo); + return _gnutls_handshake_verify_data12(session, verify_flags, + cert, params, signature, + sign_algo); else - return _gnutls_handshake_verify_data10(session, verify_flags, cert, params, signature, sign_algo); + return _gnutls_handshake_verify_data10(session, verify_flags, + cert, params, signature, + sign_algo); } - /* Client certificate verify calculations */ -static void -_gnutls_reverse_datum(gnutls_datum_t * d) +static void _gnutls_reverse_datum(gnutls_datum_t * d) { unsigned i; - for (i = 0; i < d->size / 2; i ++) { + for (i = 0; i < d->size / 2; i++) { uint8_t t = d->data[i]; d->data[i] = d->data[d->size - 1 - i]; d->data[d->size - 1 - i] = t; @@ -361,7 +385,7 @@ _gnutls_reverse_datum(gnutls_datum_t * d) } static int -_gnutls_create_reverse(const gnutls_datum_t *src, gnutls_datum_t *dst) +_gnutls_create_reverse(const gnutls_datum_t * src, gnutls_datum_t * dst) { unsigned int i; @@ -388,15 +412,19 @@ _gnutls_handshake_verify_crt_vrfy12(gnutls_session_t session, int ret; gnutls_datum_t dconcat; const gnutls_sign_entry_st *se = _gnutls_sign_to_entry(sign_algo); - gnutls_datum_t sig_rev = {NULL, 0}; + gnutls_datum_t sig_rev = { NULL, 0 }; ret = _gnutls_session_sign_algo_enabled(session, sign_algo); if (ret < 0) return gnutls_assert_val(ret); - if (unlikely(sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == 0)) { - _gnutls_handshake_log("HSK[%p]: certificate of %s cannot be combined with %s sig\n", - session, gnutls_pk_get_name(cert->pubkey->params.algo), se->name); + if (unlikely + (sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == + 0)) { + _gnutls_handshake_log + ("HSK[%p]: certificate of %s cannot be combined with %s sig\n", + session, gnutls_pk_get_name(cert->pubkey->params.algo), + se->name); return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); } @@ -412,9 +440,11 @@ _gnutls_handshake_verify_crt_vrfy12(gnutls_session_t session, /* Here we intentionally enable flag GNUTLS_VERIFY_ALLOW_BROKEN * because we have checked whether the currently used signature * algorithm is allowed in the session. */ - ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags|GNUTLS_VERIFY_ALLOW_BROKEN, - &dconcat, - sig_rev.data ? &sig_rev : signature); + ret = + gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, + verify_flags | + GNUTLS_VERIFY_ALLOW_BROKEN, &dconcat, + sig_rev.data ? &sig_rev : signature); _gnutls_free_datum(&sig_rev); if (ret < 0) gnutls_assert(); @@ -452,19 +482,18 @@ _gnutls_handshake_verify_crt_vrfy3(gnutls_session_t session, if (pk == GNUTLS_PK_RSA) { digest_hd_st td_md5; - ret = _gnutls_hash_init(&td_md5, - hash_to_entry(GNUTLS_DIG_MD5)); + ret = _gnutls_hash_init(&td_md5, hash_to_entry(GNUTLS_DIG_MD5)); if (ret < 0) return gnutls_assert_val(ret); _gnutls_hash(&td_md5, - session->internals.handshake_hash_buffer.data, - session->internals.handshake_hash_buffer_prev_len); + session->internals.handshake_hash_buffer.data, + session->internals.handshake_hash_buffer_prev_len); ret = _gnutls_mac_deinit_ssl3_handshake(&td_md5, concat, - session->security_parameters. - master_secret, - GNUTLS_MASTER_SIZE); + session->security_parameters. + master_secret, + GNUTLS_MASTER_SIZE); if (ret < 0) return gnutls_assert_val(ret); @@ -495,8 +524,8 @@ _gnutls_handshake_verify_crt_vrfy3(gnutls_session_t session, dconcat.size += 20; ret = gnutls_pubkey_verify_hash2(cert->pubkey, GNUTLS_SIGN_UNKNOWN, - GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1|verify_flags, - &dconcat, signature); + GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 | + verify_flags, &dconcat, signature); if (ret < 0) return gnutls_assert_val(ret); @@ -544,8 +573,8 @@ _gnutls_handshake_verify_crt_vrfy10(gnutls_session_t session, dconcat.size = _gnutls_hash_get_algo_len(me); ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo, - GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1|verify_flags, - &dconcat, signature); + GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 | + verify_flags, &dconcat, signature); if (ret < 0) gnutls_assert(); @@ -588,7 +617,7 @@ _gnutls_handshake_verify_crt_vrfy(gnutls_session_t session, /* TLS 1.2 */ if (_gnutls_version_has_selectable_sighash(ver)) - return _gnutls_handshake_verify_crt_vrfy12(session, + return _gnutls_handshake_verify_crt_vrfy12(session, verify_flags, cert, signature, @@ -598,16 +627,13 @@ _gnutls_handshake_verify_crt_vrfy(gnutls_session_t session, return _gnutls_handshake_verify_crt_vrfy3(session, verify_flags, cert, - signature, - sign_algo); + signature, sign_algo); #endif /* TLS 1.0 and TLS 1.1 */ return _gnutls_handshake_verify_crt_vrfy10(session, verify_flags, - cert, - signature, - sign_algo); + cert, signature, sign_algo); } /* the same as _gnutls_handshake_sign_crt_vrfy except that it is made for TLS 1.2. @@ -624,7 +650,9 @@ _gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session, const gnutls_sign_entry_st *se; int ret; - sign_algo = _gnutls_session_get_sign_algo(session, cert, pkey, 1, GNUTLS_KX_UNKNOWN); + sign_algo = + _gnutls_session_get_sign_algo(session, cert, pkey, 1, + GNUTLS_KX_UNKNOWN); if (sign_algo == GNUTLS_SIGN_UNKNOWN) { gnutls_assert(); return GNUTLS_E_UNWANTED_ALGORITHM; @@ -636,7 +664,9 @@ _gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session, gnutls_sign_algorithm_set_client(session, sign_algo); - if (unlikely(gnutls_sign_supports_pk_algorithm(sign_algo, pkey->pk_algorithm) == 0)) + if (unlikely + (gnutls_sign_supports_pk_algorithm(sign_algo, pkey->pk_algorithm) == + 0)) return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); _gnutls_debug_log("sign handshake cert vrfy: picked %s\n", @@ -662,7 +692,7 @@ _gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session, static int _gnutls_handshake_sign_crt_vrfy3(gnutls_session_t session, gnutls_pcert_st * cert, - const version_entry_st *ver, + const version_entry_st * ver, gnutls_privkey_t pkey, gnutls_datum_t * signature) { @@ -670,8 +700,7 @@ _gnutls_handshake_sign_crt_vrfy3(gnutls_session_t session, int ret; uint8_t concat[MAX_SIG_SIZE]; digest_hd_st td_sha; - gnutls_pk_algorithm_t pk = - gnutls_privkey_get_pk_algorithm(pkey, NULL); + gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm(pkey, NULL); /* ensure 1024 bit DSA keys are used */ ret = @@ -691,16 +720,13 @@ _gnutls_handshake_sign_crt_vrfy3(gnutls_session_t session, if (pk == GNUTLS_PK_RSA) { digest_hd_st td_md5; - ret = - _gnutls_hash_init(&td_md5, - hash_to_entry(GNUTLS_DIG_MD5)); + ret = _gnutls_hash_init(&td_md5, hash_to_entry(GNUTLS_DIG_MD5)); if (ret < 0) return gnutls_assert_val(ret); _gnutls_hash(&td_md5, session->internals.handshake_hash_buffer.data, - session->internals.handshake_hash_buffer. - length); + session->internals.handshake_hash_buffer.length); ret = _gnutls_mac_deinit_ssl3_handshake(&td_md5, dconcat.data, @@ -723,11 +749,11 @@ _gnutls_handshake_sign_crt_vrfy3(gnutls_session_t session, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer.length); ret = - _gnutls_mac_deinit_ssl3_handshake(&td_sha, - dconcat.data + dconcat.size, - session->security_parameters. - master_secret, - GNUTLS_MASTER_SIZE); + _gnutls_mac_deinit_ssl3_handshake(&td_sha, + dconcat.data + dconcat.size, + session->security_parameters. + master_secret, + GNUTLS_MASTER_SIZE); if (ret < 0) return gnutls_assert_val(ret); @@ -746,7 +772,7 @@ _gnutls_handshake_sign_crt_vrfy3(gnutls_session_t session, static int _gnutls_handshake_sign_crt_vrfy10(gnutls_session_t session, gnutls_pcert_st * cert, - const version_entry_st *ver, + const version_entry_st * ver, gnutls_privkey_t pkey, gnutls_datum_t * signature) { @@ -754,8 +780,7 @@ _gnutls_handshake_sign_crt_vrfy10(gnutls_session_t session, int ret; uint8_t concat[MAX_SIG_SIZE]; digest_hd_st td_sha; - gnutls_pk_algorithm_t pk = - gnutls_privkey_get_pk_algorithm(pkey, NULL); + gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm(pkey, NULL); const mac_entry_st *me; /* ensure 1024 bit DSA keys are used */ @@ -785,8 +810,10 @@ _gnutls_handshake_sign_crt_vrfy10(gnutls_session_t session, dconcat.data = concat; dconcat.size = _gnutls_hash_get_algo_len(me); - ret = gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, - &dconcat, signature); + ret = + gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), + GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + &dconcat, signature); if (ret < 0) { gnutls_assert(); return ret; |