Adding upstream version 3.7.9.upstream/3.7.9upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 218 insertions, 0 deletions

diff --git a/lib/tls13-sig.c b/lib/tls13-sig.c
new file mode 100644
index 0000000..3b193d7
--- /dev/null
+++ b/lib/tls13-sig.c
@@ -0,0 +1,218 @@
+/*
+ * Copyright (C) 2017-2019 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>
+ *
+ */
+
+#include "gnutls_int.h"
+#include "errors.h"
+#include <auth/cert.h>
+#include <algorithms.h>
+#include <ext/signature.h>
+#include <abstract_int.h>
+#include "tls13-sig.h"
+#include "tls-sig.h"
+#include "hash_int.h"
+
+#undef PREFIX_SIZE
+#define PREFIX_SIZE 64
+#if PREFIX_SIZE < MAX_HASH_SIZE
+/* we assume later that prefix is sufficient to store hash output */
+# error Need to modify code
+#endif
+
+int
+_gnutls13_handshake_verify_data(gnutls_session_t session,
+			      unsigned verify_flags,
+			      gnutls_pcert_st *cert,
+			      const gnutls_datum_t *context,
+			      const gnutls_datum_t *signature,
+			      const gnutls_sign_entry_st *se)
+{
+	int ret;
+	const version_entry_st *ver = get_version(session);
+	gnutls_buffer_st buf;
+	uint8_t prefix[PREFIX_SIZE];
+	unsigned key_usage = 0;
+	gnutls_datum_t p;
+
+	_gnutls_handshake_log
+	    ("HSK[%p]: verifying TLS 1.3 handshake data using %s\n", session,
+	     se->name);
+
+	ret =
+	    _gnutls_pubkey_compatible_with_sig(session,
+					       cert->pubkey, ver,
+					       se->id);
+	if (ret < 0)
+		return gnutls_assert_val(ret);
+
+	if (unlikely(sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == 0)) {
+		_gnutls_handshake_log("HSK[%p]: certificate of %s cannot be combined with %s sig\n",
+				      session, gnutls_pk_get_name(cert->pubkey->params.algo), se->name);
+		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+	}
+
+	ret =
+	    _gnutls_session_sign_algo_enabled(session, se->id);
+	if (ret < 0)
+		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+
+	if ((se->flags & GNUTLS_SIGN_FLAG_TLS13_OK) == 0) /* explicitly prohibited */
+		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+
+	gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
+
+	ret = _gnutls_check_key_usage_for_sig(session, key_usage, 0);
+	if (ret < 0)
+		return gnutls_assert_val(ret);
+
+	_gnutls_buffer_init(&buf);
+
+	memset(prefix, 0x20, sizeof(prefix));
+	ret = _gnutls_buffer_append_data(&buf, prefix, sizeof(prefix));
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = _gnutls_buffer_append_data(&buf, context->data, context->size);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = _gnutls_buffer_append_data(&buf, "\x00", 1);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id),
+			       session->internals.handshake_hash_buffer.data,
+			       session->internals.handshake_hash_buffer_prev_len,
+			       prefix);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = _gnutls_buffer_append_data(&buf, prefix, session->security_parameters.prf->output_size);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	p.data = buf.data;
+	p.size = buf.length;
+
+	verify_flags |= GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH;
+	ret = gnutls_pubkey_verify_data2(cert->pubkey, se->id, verify_flags, &p,
+					 signature);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = 0;
+ cleanup:
+	_gnutls_buffer_clear(&buf);
+
+	return ret;
+}
+
+int
+_gnutls13_handshake_sign_data(gnutls_session_t session,
+			      gnutls_pcert_st * cert, gnutls_privkey_t pkey,
+			      const gnutls_datum_t *context,
+			      gnutls_datum_t * signature,
+			      const gnutls_sign_entry_st *se)
+{
+	gnutls_datum_t p;
+	int ret;
+	gnutls_buffer_st buf;
+	uint8_t tmp[MAX_HASH_SIZE];
+
+	if (unlikely(se == NULL || (se->flags & GNUTLS_SIGN_FLAG_TLS13_OK) == 0))
+		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+
+	if (unlikely(sign_supports_priv_pk_algorithm(se, pkey->pk_algorithm) == 0))
+		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+
+	/* when we reach here we know we have a signing certificate */
+	_gnutls_handshake_log
+	    ("HSK[%p]: signing TLS 1.3 handshake data: using %s and PRF: %s\n", session, se->name,
+	     session->security_parameters.prf->name);
+
+	_gnutls_buffer_init(&buf);
+
+	ret = _gnutls_buffer_resize(&buf, PREFIX_SIZE);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	memset(buf.data, 0x20, PREFIX_SIZE);
+	buf.length += PREFIX_SIZE;
+
+	ret = _gnutls_buffer_append_data(&buf, context->data, context->size);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = _gnutls_buffer_append_data(&buf, "\x00", 1);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id),
+			       session->internals.handshake_hash_buffer.data,
+			       session->internals.handshake_hash_buffer.length,
+			       tmp);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = _gnutls_buffer_append_data(&buf, tmp, session->security_parameters.prf->output_size);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	p.data = buf.data;
+	p.size = buf.length;
+
+	ret = gnutls_privkey_sign_data2(pkey, se->id,
+					GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH,
+					&p, signature);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = 0;
+ cleanup:
+	_gnutls_buffer_clear(&buf);
+
+	return ret;
+
+}