summaryrefslogtreecommitdiff
path: root/lib/tls-sig.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/tls-sig.c')
-rw-r--r--lib/tls-sig.c225
1 files changed, 126 insertions, 99 deletions
diff --git a/lib/tls-sig.c b/lib/tls-sig.c
index 84fd57dd31..45869fd802 100644
--- a/lib/tls-sig.c
+++ b/lib/tls-sig.c
@@ -40,17 +40,21 @@
#include <x509/common.h>
#include <abstract_int.h>
-int _gnutls_check_key_usage_for_sig(gnutls_session_t session, unsigned key_usage, unsigned our_cert)
+int _gnutls_check_key_usage_for_sig(gnutls_session_t session,
+ unsigned key_usage, unsigned our_cert)
{
const char *lstr;
unsigned allow_key_usage_violation;
if (our_cert) {
lstr = "Local";
- allow_key_usage_violation = session->internals.priorities->allow_server_key_usage_violation;
+ allow_key_usage_violation =
+ session->internals.
+ priorities->allow_server_key_usage_violation;
} else {
lstr = "Peer's";
- allow_key_usage_violation = session->internals.allow_key_usage_violation;
+ allow_key_usage_violation =
+ session->internals.allow_key_usage_violation;
}
if (key_usage != 0) {
@@ -58,11 +62,13 @@ int _gnutls_check_key_usage_for_sig(gnutls_session_t session, unsigned key_usage
gnutls_assert();
if (likely(allow_key_usage_violation == 0)) {
_gnutls_audit_log(session,
- "%s certificate does not allow digital signatures. Key usage violation detected.\n", lstr);
+ "%s certificate does not allow digital signatures. Key usage violation detected.\n",
+ lstr);
return GNUTLS_E_KEY_USAGE_VIOLATION;
} else {
_gnutls_audit_log(session,
- "%s certificate does not allow digital signatures. Key usage violation detected (ignored).\n", lstr);
+ "%s certificate does not allow digital signatures. Key usage violation detected (ignored).\n",
+ lstr);
}
}
}
@@ -74,10 +80,10 @@ int _gnutls_check_key_usage_for_sig(gnutls_session_t session, unsigned key_usage
*/
static int
_gnutls_handshake_sign_data12(gnutls_session_t session,
- gnutls_pcert_st * cert, gnutls_privkey_t pkey,
- gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t sign_algo)
+ gnutls_pcert_st * cert, gnutls_privkey_t pkey,
+ gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
{
gnutls_datum_t dconcat;
int ret;
@@ -86,17 +92,22 @@ _gnutls_handshake_sign_data12(gnutls_session_t session,
("HSK[%p]: signing TLS 1.2 handshake data: using %s\n", session,
gnutls_sign_algorithm_get_name(sign_algo));
- if (unlikely(gnutls_sign_supports_pk_algorithm(sign_algo, pkey->pk_algorithm) == 0))
+ if (unlikely
+ (gnutls_sign_supports_pk_algorithm(sign_algo, pkey->pk_algorithm) ==
+ 0))
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- dconcat.size = GNUTLS_RANDOM_SIZE*2 + params->size;
+ dconcat.size = GNUTLS_RANDOM_SIZE * 2 + params->size;
dconcat.data = gnutls_malloc(dconcat.size);
if (dconcat.data == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- memcpy(dconcat.data, session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
- memcpy(dconcat.data+GNUTLS_RANDOM_SIZE, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
- memcpy(dconcat.data+GNUTLS_RANDOM_SIZE*2, params->data, params->size);
+ memcpy(dconcat.data, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(dconcat.data + GNUTLS_RANDOM_SIZE,
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ memcpy(dconcat.data + GNUTLS_RANDOM_SIZE * 2, params->data,
+ params->size);
ret = gnutls_privkey_sign_data2(pkey, sign_algo,
0, &dconcat, signature);
@@ -111,10 +122,10 @@ _gnutls_handshake_sign_data12(gnutls_session_t session,
static int
_gnutls_handshake_sign_data10(gnutls_session_t session,
- gnutls_pcert_st * cert, gnutls_privkey_t pkey,
- gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t sign_algo)
+ gnutls_pcert_st * cert, gnutls_privkey_t pkey,
+ gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
{
gnutls_datum_t dconcat;
int ret;
@@ -127,12 +138,12 @@ _gnutls_handshake_sign_data10(gnutls_session_t session,
if (pk_algo == GNUTLS_PK_RSA)
me = hash_to_entry(GNUTLS_DIG_MD5_SHA1);
else
- me = hash_to_entry(
- gnutls_sign_get_hash_algorithm(sign_algo));
+ me = hash_to_entry(gnutls_sign_get_hash_algorithm(sign_algo));
if (me == NULL)
return gnutls_assert_val(GNUTLS_E_UNKNOWN_HASH_ALGORITHM);
- if (unlikely(gnutls_sign_supports_pk_algorithm(sign_algo, pk_algo) == 0))
+ if (unlikely
+ (gnutls_sign_supports_pk_algorithm(sign_algo, pk_algo) == 0))
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
pk_algo = gnutls_sign_get_pk_algorithm(sign_algo);
@@ -160,8 +171,10 @@ _gnutls_handshake_sign_data10(gnutls_session_t session,
dconcat.data = concat;
dconcat.size = _gnutls_hash_get_algo_len(me);
- ret = gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
- &dconcat, signature);
+ ret =
+ gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id),
+ GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
+ &dconcat, signature);
if (ret < 0) {
gnutls_assert();
}
@@ -196,9 +209,13 @@ _gnutls_handshake_sign_data(gnutls_session_t session,
return gnutls_assert_val(ret);
if (_gnutls_version_has_selectable_sighash(ver))
- return _gnutls_handshake_sign_data12(session, cert, pkey, params, signature, *sign_algo);
+ return _gnutls_handshake_sign_data12(session, cert, pkey,
+ params, signature,
+ *sign_algo);
else
- return _gnutls_handshake_sign_data10(session, cert, pkey, params, signature, *sign_algo);
+ return _gnutls_handshake_sign_data10(session, cert, pkey,
+ params, signature,
+ *sign_algo);
}
/* Generates a signature of all the random data and the parameters.
@@ -206,11 +223,11 @@ _gnutls_handshake_sign_data(gnutls_session_t session,
*/
static int
_gnutls_handshake_verify_data10(gnutls_session_t session,
- unsigned verify_flags,
- gnutls_pcert_st * cert,
- const gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t sign_algo)
+ unsigned verify_flags,
+ gnutls_pcert_st * cert,
+ const gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
{
gnutls_datum_t dconcat;
int ret;
@@ -251,8 +268,8 @@ _gnutls_handshake_verify_data10(gnutls_session_t session,
dconcat.size = _gnutls_hash_get_algo_len(me);
ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo,
- GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1|verify_flags,
- &dconcat, signature);
+ GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 |
+ verify_flags, &dconcat, signature);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -261,11 +278,11 @@ _gnutls_handshake_verify_data10(gnutls_session_t session,
static int
_gnutls_handshake_verify_data12(gnutls_session_t session,
- unsigned verify_flags,
- gnutls_pcert_st * cert,
- const gnutls_datum_t * params,
- gnutls_datum_t * signature,
- gnutls_sign_algorithm_t sign_algo)
+ unsigned verify_flags,
+ gnutls_pcert_st * cert,
+ const gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
{
gnutls_datum_t dconcat;
int ret;
@@ -278,30 +295,35 @@ _gnutls_handshake_verify_data12(gnutls_session_t session,
ret =
_gnutls_pubkey_compatible_with_sig(session,
- cert->pubkey, ver,
- sign_algo);
+ cert->pubkey, ver, sign_algo);
if (ret < 0)
return gnutls_assert_val(ret);
- if (unlikely(sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == 0)) {
- _gnutls_handshake_log("HSK[%p]: certificate of %s cannot be combined with %s sig\n",
- session, gnutls_pk_get_name(cert->pubkey->params.algo), se->name);
+ if (unlikely
+ (sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) ==
+ 0)) {
+ _gnutls_handshake_log
+ ("HSK[%p]: certificate of %s cannot be combined with %s sig\n",
+ session, gnutls_pk_get_name(cert->pubkey->params.algo),
+ se->name);
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
}
- ret =
- _gnutls_session_sign_algo_enabled(session, sign_algo);
+ ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
if (ret < 0)
return gnutls_assert_val(ret);
- dconcat.size = GNUTLS_RANDOM_SIZE*2+params->size;
+ dconcat.size = GNUTLS_RANDOM_SIZE * 2 + params->size;
dconcat.data = gnutls_malloc(dconcat.size);
if (dconcat.data == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- memcpy(dconcat.data, session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
- memcpy(dconcat.data+GNUTLS_RANDOM_SIZE, session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
- memcpy(dconcat.data+GNUTLS_RANDOM_SIZE*2, params->data, params->size);
+ memcpy(dconcat.data, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy(dconcat.data + GNUTLS_RANDOM_SIZE,
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ memcpy(dconcat.data + GNUTLS_RANDOM_SIZE * 2, params->data,
+ params->size);
ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags,
&dconcat, signature);
@@ -339,21 +361,23 @@ _gnutls_handshake_verify_data(gnutls_session_t session,
gnutls_sign_algorithm_set_server(session, sign_algo);
if (_gnutls_version_has_selectable_sighash(ver))
- return _gnutls_handshake_verify_data12(session, verify_flags, cert, params, signature, sign_algo);
+ return _gnutls_handshake_verify_data12(session, verify_flags,
+ cert, params, signature,
+ sign_algo);
else
- return _gnutls_handshake_verify_data10(session, verify_flags, cert, params, signature, sign_algo);
+ return _gnutls_handshake_verify_data10(session, verify_flags,
+ cert, params, signature,
+ sign_algo);
}
-
/* Client certificate verify calculations
*/
-static void
-_gnutls_reverse_datum(gnutls_datum_t * d)
+static void _gnutls_reverse_datum(gnutls_datum_t * d)
{
unsigned i;
- for (i = 0; i < d->size / 2; i ++) {
+ for (i = 0; i < d->size / 2; i++) {
uint8_t t = d->data[i];
d->data[i] = d->data[d->size - 1 - i];
d->data[d->size - 1 - i] = t;
@@ -361,7 +385,7 @@ _gnutls_reverse_datum(gnutls_datum_t * d)
}
static int
-_gnutls_create_reverse(const gnutls_datum_t *src, gnutls_datum_t *dst)
+_gnutls_create_reverse(const gnutls_datum_t * src, gnutls_datum_t * dst)
{
unsigned int i;
@@ -388,15 +412,19 @@ _gnutls_handshake_verify_crt_vrfy12(gnutls_session_t session,
int ret;
gnutls_datum_t dconcat;
const gnutls_sign_entry_st *se = _gnutls_sign_to_entry(sign_algo);
- gnutls_datum_t sig_rev = {NULL, 0};
+ gnutls_datum_t sig_rev = { NULL, 0 };
ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
if (ret < 0)
return gnutls_assert_val(ret);
- if (unlikely(sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == 0)) {
- _gnutls_handshake_log("HSK[%p]: certificate of %s cannot be combined with %s sig\n",
- session, gnutls_pk_get_name(cert->pubkey->params.algo), se->name);
+ if (unlikely
+ (sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) ==
+ 0)) {
+ _gnutls_handshake_log
+ ("HSK[%p]: certificate of %s cannot be combined with %s sig\n",
+ session, gnutls_pk_get_name(cert->pubkey->params.algo),
+ se->name);
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
}
@@ -412,9 +440,11 @@ _gnutls_handshake_verify_crt_vrfy12(gnutls_session_t session,
/* Here we intentionally enable flag GNUTLS_VERIFY_ALLOW_BROKEN
* because we have checked whether the currently used signature
* algorithm is allowed in the session. */
- ret = gnutls_pubkey_verify_data2(cert->pubkey, sign_algo, verify_flags|GNUTLS_VERIFY_ALLOW_BROKEN,
- &dconcat,
- sig_rev.data ? &sig_rev : signature);
+ ret =
+ gnutls_pubkey_verify_data2(cert->pubkey, sign_algo,
+ verify_flags |
+ GNUTLS_VERIFY_ALLOW_BROKEN, &dconcat,
+ sig_rev.data ? &sig_rev : signature);
_gnutls_free_datum(&sig_rev);
if (ret < 0)
gnutls_assert();
@@ -452,19 +482,18 @@ _gnutls_handshake_verify_crt_vrfy3(gnutls_session_t session,
if (pk == GNUTLS_PK_RSA) {
digest_hd_st td_md5;
- ret = _gnutls_hash_init(&td_md5,
- hash_to_entry(GNUTLS_DIG_MD5));
+ ret = _gnutls_hash_init(&td_md5, hash_to_entry(GNUTLS_DIG_MD5));
if (ret < 0)
return gnutls_assert_val(ret);
_gnutls_hash(&td_md5,
- session->internals.handshake_hash_buffer.data,
- session->internals.handshake_hash_buffer_prev_len);
+ session->internals.handshake_hash_buffer.data,
+ session->internals.handshake_hash_buffer_prev_len);
ret = _gnutls_mac_deinit_ssl3_handshake(&td_md5, concat,
- session->security_parameters.
- master_secret,
- GNUTLS_MASTER_SIZE);
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -495,8 +524,8 @@ _gnutls_handshake_verify_crt_vrfy3(gnutls_session_t session,
dconcat.size += 20;
ret = gnutls_pubkey_verify_hash2(cert->pubkey, GNUTLS_SIGN_UNKNOWN,
- GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1|verify_flags,
- &dconcat, signature);
+ GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 |
+ verify_flags, &dconcat, signature);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -544,8 +573,8 @@ _gnutls_handshake_verify_crt_vrfy10(gnutls_session_t session,
dconcat.size = _gnutls_hash_get_algo_len(me);
ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo,
- GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1|verify_flags,
- &dconcat, signature);
+ GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 |
+ verify_flags, &dconcat, signature);
if (ret < 0)
gnutls_assert();
@@ -588,7 +617,7 @@ _gnutls_handshake_verify_crt_vrfy(gnutls_session_t session,
/* TLS 1.2 */
if (_gnutls_version_has_selectable_sighash(ver))
- return _gnutls_handshake_verify_crt_vrfy12(session,
+ return _gnutls_handshake_verify_crt_vrfy12(session,
verify_flags,
cert,
signature,
@@ -598,16 +627,13 @@ _gnutls_handshake_verify_crt_vrfy(gnutls_session_t session,
return _gnutls_handshake_verify_crt_vrfy3(session,
verify_flags,
cert,
- signature,
- sign_algo);
+ signature, sign_algo);
#endif
/* TLS 1.0 and TLS 1.1 */
return _gnutls_handshake_verify_crt_vrfy10(session,
verify_flags,
- cert,
- signature,
- sign_algo);
+ cert, signature, sign_algo);
}
/* the same as _gnutls_handshake_sign_crt_vrfy except that it is made for TLS 1.2.
@@ -624,7 +650,9 @@ _gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session,
const gnutls_sign_entry_st *se;
int ret;
- sign_algo = _gnutls_session_get_sign_algo(session, cert, pkey, 1, GNUTLS_KX_UNKNOWN);
+ sign_algo =
+ _gnutls_session_get_sign_algo(session, cert, pkey, 1,
+ GNUTLS_KX_UNKNOWN);
if (sign_algo == GNUTLS_SIGN_UNKNOWN) {
gnutls_assert();
return GNUTLS_E_UNWANTED_ALGORITHM;
@@ -636,7 +664,9 @@ _gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session,
gnutls_sign_algorithm_set_client(session, sign_algo);
- if (unlikely(gnutls_sign_supports_pk_algorithm(sign_algo, pkey->pk_algorithm) == 0))
+ if (unlikely
+ (gnutls_sign_supports_pk_algorithm(sign_algo, pkey->pk_algorithm) ==
+ 0))
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
_gnutls_debug_log("sign handshake cert vrfy: picked %s\n",
@@ -662,7 +692,7 @@ _gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session,
static int
_gnutls_handshake_sign_crt_vrfy3(gnutls_session_t session,
gnutls_pcert_st * cert,
- const version_entry_st *ver,
+ const version_entry_st * ver,
gnutls_privkey_t pkey,
gnutls_datum_t * signature)
{
@@ -670,8 +700,7 @@ _gnutls_handshake_sign_crt_vrfy3(gnutls_session_t session,
int ret;
uint8_t concat[MAX_SIG_SIZE];
digest_hd_st td_sha;
- gnutls_pk_algorithm_t pk =
- gnutls_privkey_get_pk_algorithm(pkey, NULL);
+ gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm(pkey, NULL);
/* ensure 1024 bit DSA keys are used */
ret =
@@ -691,16 +720,13 @@ _gnutls_handshake_sign_crt_vrfy3(gnutls_session_t session,
if (pk == GNUTLS_PK_RSA) {
digest_hd_st td_md5;
- ret =
- _gnutls_hash_init(&td_md5,
- hash_to_entry(GNUTLS_DIG_MD5));
+ ret = _gnutls_hash_init(&td_md5, hash_to_entry(GNUTLS_DIG_MD5));
if (ret < 0)
return gnutls_assert_val(ret);
_gnutls_hash(&td_md5,
session->internals.handshake_hash_buffer.data,
- session->internals.handshake_hash_buffer.
- length);
+ session->internals.handshake_hash_buffer.length);
ret = _gnutls_mac_deinit_ssl3_handshake(&td_md5,
dconcat.data,
@@ -723,11 +749,11 @@ _gnutls_handshake_sign_crt_vrfy3(gnutls_session_t session,
session->internals.handshake_hash_buffer.data,
session->internals.handshake_hash_buffer.length);
ret =
- _gnutls_mac_deinit_ssl3_handshake(&td_sha,
- dconcat.data + dconcat.size,
- session->security_parameters.
- master_secret,
- GNUTLS_MASTER_SIZE);
+ _gnutls_mac_deinit_ssl3_handshake(&td_sha,
+ dconcat.data + dconcat.size,
+ session->security_parameters.
+ master_secret,
+ GNUTLS_MASTER_SIZE);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -746,7 +772,7 @@ _gnutls_handshake_sign_crt_vrfy3(gnutls_session_t session,
static int
_gnutls_handshake_sign_crt_vrfy10(gnutls_session_t session,
gnutls_pcert_st * cert,
- const version_entry_st *ver,
+ const version_entry_st * ver,
gnutls_privkey_t pkey,
gnutls_datum_t * signature)
{
@@ -754,8 +780,7 @@ _gnutls_handshake_sign_crt_vrfy10(gnutls_session_t session,
int ret;
uint8_t concat[MAX_SIG_SIZE];
digest_hd_st td_sha;
- gnutls_pk_algorithm_t pk =
- gnutls_privkey_get_pk_algorithm(pkey, NULL);
+ gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm(pkey, NULL);
const mac_entry_st *me;
/* ensure 1024 bit DSA keys are used */
@@ -785,8 +810,10 @@ _gnutls_handshake_sign_crt_vrfy10(gnutls_session_t session,
dconcat.data = concat;
dconcat.size = _gnutls_hash_get_algo_len(me);
- ret = gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
- &dconcat, signature);
+ ret =
+ gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id),
+ GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
+ &dconcat, signature);
if (ret < 0) {
gnutls_assert();
return ret;
View Lorry Controller Status