diff options
Diffstat (limited to 'lib/cert-cred.c')
| -rw-r--r-- | lib/cert-cred.c | 1259 |
1 files changed, 1259 insertions, 0 deletions
diff --git a/lib/cert-cred.c b/lib/cert-cred.c new file mode 100644 index 0000000..71aebc9 --- /dev/null +++ b/lib/cert-cred.c @@ -0,0 +1,1259 @@ +/* + * Copyright (C) 2001-2016 Free Software Foundation, Inc. + * Copyright (C) 2015-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/> + * + */ + +/* Some of the stuff needed for Certificate authentication is contained + * in this file. + */ + +#include "gnutls_int.h" +#include "errors.h" +#include <auth/cert.h> +#include <datum.h> +#include <mpi.h> +#include <global.h> +#include <algorithms.h> +#include <dh.h> +#include "str.h" +#include <state.h> +#include <auth.h> +#include <x509.h> +#include <str_array.h> +#include <x509/verify-high.h> +#include "x509/x509_int.h" +#include "x509/common.h" +#include "dh.h" +#include "cert-cred.h" +#include "intprops.h" + + +/* + * Adds a public/private key pair to a certificate credential + */ +int +_gnutls_certificate_credential_append_keypair(gnutls_certificate_credentials_t res, + gnutls_privkey_t key, + gnutls_str_array_t names, + gnutls_pcert_st * crt, + int nr) +{ + if (unlikely(INT_ADD_OVERFLOW(res->ncerts, 1))) { + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + } + + res->sorted_cert_idx = _gnutls_reallocarray_fast(res->sorted_cert_idx, + res->ncerts + 1, + sizeof(unsigned int)); + if (res->sorted_cert_idx == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + + res->certs = _gnutls_reallocarray_fast(res->certs, + res->ncerts + 1, + sizeof(certs_st)); + if (res->certs == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + + memset(&res->certs[res->ncerts], 0, sizeof(res->certs[0])); + + res->certs[res->ncerts].cert_list = crt; + res->certs[res->ncerts].cert_list_length = nr; + res->certs[res->ncerts].names = names; + res->certs[res->ncerts].pkey = key; + + if (_gnutls13_sign_get_compatible_with_privkey(key)) + res->tls13_ok = 1; + + /* move RSA-PSS certificates before any RSA key. + * Note that we cannot assume that any previous pointers + * to sorted list are ok, due to the realloc in res->certs. */ + if (crt->pubkey->params.algo == GNUTLS_PK_RSA_PSS) { + unsigned i,ridx; + unsigned tmp; + + for (i=0;i<res->ncerts;i++) { + ridx = res->sorted_cert_idx[i]; + + if (res->certs[ridx].cert_list->pubkey->params.algo == GNUTLS_PK_RSA) { + tmp = ridx; + res->sorted_cert_idx[i] = res->ncerts; + res->sorted_cert_idx[res->ncerts] = tmp; + goto finish; + } + } + } + + /* otherwise append it normally on the end */ + res->sorted_cert_idx[res->ncerts] = res->ncerts; + + finish: + return 0; + +} + + +/** + * gnutls_certificate_set_key: + * @res: is a #gnutls_certificate_credentials_t type. + * @names: is an array of DNS names belonging to the public-key (NULL if none) + * @names_size: holds the size of the names list + * @pcert_list: contains a certificate list (chain) or raw public-key + * @pcert_list_size: holds the size of the certificate list + * @key: is a #gnutls_privkey_t key corresponding to the first public-key in pcert_list + * + * This function sets a public/private key pair in the + * gnutls_certificate_credentials_t type. The given public key may be encapsulated + * in a certificate or can be given as a raw key. This function may be + * called more than once, in case multiple key pairs exist for + * the server. For clients that want to send more than their own end- + * entity certificate (e.g., also an intermediate CA cert), the full + * certificate chain must be provided in @pcert_list. + * + * Note that the @key will become part of the credentials structure and must + * not be deallocated. It will be automatically deallocated when the @res structure + * is deinitialized. + * + * If this function fails, the @res structure is at an undefined state and it must + * not be reused to load other keys or certificates. + * + * Note that, this function by default returns zero on success and a negative value on error. + * Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set using gnutls_certificate_set_flags() + * it returns an index (greater or equal to zero). That index can be used for other functions to refer to the added key-pair. + * + * Since GnuTLS 3.6.6 this function also handles raw public keys. + * + * Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + * + * Since: 3.0 + **/ +int +gnutls_certificate_set_key(gnutls_certificate_credentials_t res, + const char **names, + int names_size, + gnutls_pcert_st * pcert_list, + int pcert_list_size, + gnutls_privkey_t key) +{ + int ret, i; + gnutls_str_array_t str_names; + gnutls_pcert_st *new_pcert_list; + + /* Sanity checks */ + // Check for a valid credential struct + if (res == NULL) { + return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + } + + // A complete key pair must be given + if (pcert_list == NULL || key == NULL) { + return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + + /* Process the names, if any */ + _gnutls_str_array_init(&str_names); + + if (names != NULL && names_size > 0) { + for (i = 0; i < names_size; i++) { + ret = + _gnutls_str_array_append_idna(&str_names, names[i], + strlen(names[i])); + if (ret < 0) { + ret = gnutls_assert_val(ret); + goto cleanup; + } + } + } else if (names == NULL && pcert_list[0].type == GNUTLS_CRT_X509) { + gnutls_x509_crt_t crt; + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = gnutls_x509_crt_import(crt, &pcert_list[0].cert, GNUTLS_X509_FMT_DER); + if (ret < 0) { + gnutls_assert(); + gnutls_x509_crt_deinit(crt); + goto cleanup; + } + + ret = _gnutls_get_x509_name(crt, &str_names); + gnutls_x509_crt_deinit(crt); + + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + } + + if (res->pin.cb) + gnutls_privkey_set_pin_function(key, res->pin.cb, + res->pin.data); + + new_pcert_list = _gnutls_reallocarray(NULL, pcert_list_size, + sizeof(gnutls_pcert_st)); + if (new_pcert_list == NULL) { + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + } + memcpy(new_pcert_list, pcert_list, sizeof(gnutls_pcert_st) * pcert_list_size); + + ret = + _gnutls_certificate_credential_append_keypair(res, key, str_names, + new_pcert_list, + pcert_list_size); + if (ret < 0) { + gnutls_assert(); + gnutls_free(new_pcert_list); + goto cleanup; + } + + res->ncerts++; + + /* Unlike gnutls_certificate_set_x509_key, we deinitialize everything + * local after a failure. That is because the caller is responsible for + * freeing these values after a failure, and if we keep references we + * lead to double freeing */ + if ((ret = _gnutls_check_key_cert_match(res)) < 0) { + gnutls_assert(); + gnutls_free(new_pcert_list); + res->ncerts--; + goto cleanup; + } + + CRED_RET_SUCCESS(res); + + cleanup: + _gnutls_str_array_clear(&str_names); + return ret; +} + +/** + * gnutls_certificate_free_keys: + * @sc: is a #gnutls_certificate_credentials_t type. + * + * This function will delete all the keys and the certificates associated + * with the given credentials. This function must not be called when a + * TLS negotiation that uses the credentials is in progress. + * + **/ +void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc) +{ + unsigned i, j; + + for (i = 0; i < sc->ncerts; i++) { + for (j = 0; j < sc->certs[i].cert_list_length; j++) { + gnutls_pcert_deinit(&sc->certs[i].cert_list[j]); + } + gnutls_free(sc->certs[i].cert_list); + + for (j = 0; j < sc->certs[i].ocsp_data_length; j++) { + gnutls_free(sc->certs[i].ocsp_data[j].response.data); + } + _gnutls_str_array_clear(&sc->certs[i].names); + gnutls_privkey_deinit(sc->certs[i].pkey); + } + + gnutls_free(sc->certs); + gnutls_free(sc->sorted_cert_idx); + + sc->ncerts = 0; +} + +/** + * gnutls_certificate_free_cas: + * @sc: is a #gnutls_certificate_credentials_t type. + * + * This function was operational on very early versions of gnutls. + * Due to internal refactorings and the fact that this was hardly ever + * used, it is currently a no-op. + * + **/ +void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc) +{ + return; +} + +/** + * gnutls_certificate_get_issuer: + * @sc: is a #gnutls_certificate_credentials_t type. + * @cert: is the certificate to find issuer for + * @issuer: Will hold the issuer if any. Should be treated as constant. + * @flags: Use zero or %GNUTLS_TL_GET_COPY + * + * This function will return the issuer of a given certificate. + * If the flag %GNUTLS_TL_GET_COPY is specified a copy of the issuer + * will be returned which must be freed using gnutls_x509_crt_deinit(). + * In that case the provided @issuer must not be initialized. + * + * As with gnutls_x509_trust_list_get_issuer() this function requires + * the %GNUTLS_TL_GET_COPY flag in order to operate with PKCS#11 trust + * lists in a thread-safe way. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.0 + **/ +int +gnutls_certificate_get_issuer(gnutls_certificate_credentials_t sc, + gnutls_x509_crt_t cert, + gnutls_x509_crt_t * issuer, + unsigned int flags) +{ + return gnutls_x509_trust_list_get_issuer(sc->tlist, cert, issuer, + flags); +} + +/** + * gnutls_certificate_get_crt_raw: + * @sc: is a #gnutls_certificate_credentials_t type. + * @idx1: the index of the certificate chain if multiple are present + * @idx2: the index of the certificate in the chain. Zero gives the server's certificate. + * @cert: Will hold the DER encoded certificate. + * + * This function will return the DER encoded certificate of the + * server or any other certificate on its certificate chain (based on @idx2). + * The returned data should be treated as constant and only accessible during the lifetime + * of @sc. The @idx1 matches the value gnutls_certificate_set_x509_key() and friends + * functions. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. In case the indexes are out of bounds %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE + * is returned. + * + * Since: 3.2.5 + **/ +int +gnutls_certificate_get_crt_raw(gnutls_certificate_credentials_t sc, + unsigned idx1, + unsigned idx2, gnutls_datum_t * cert) +{ + if (idx1 >= sc->ncerts) + return + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + if (idx2 >= sc->certs[idx1].cert_list_length) + return + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + cert->data = sc->certs[idx1].cert_list[idx2].cert.data; + cert->size = sc->certs[idx1].cert_list[idx2].cert.size; + + return 0; +} + +/** + * gnutls_certificate_free_ca_names: + * @sc: is a #gnutls_certificate_credentials_t type. + * + * This function will delete all the CA name in the given + * credentials. Clients may call this to save some memory since in + * client side the CA names are not used. Servers might want to use + * this function if a large list of trusted CAs is present and + * sending the names of it would just consume bandwidth without providing + * information to client. + * + * CA names are used by servers to advertise the CAs they support to + * clients. + **/ +void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc) +{ + _gnutls_free_datum(&sc->tlist->x509_rdn_sequence); +} + + +/** + * gnutls_certificate_free_credentials: + * @sc: is a #gnutls_certificate_credentials_t type. + * + * Free a gnutls_certificate_credentials_t structure. + * + * This function does not free any temporary parameters associated + * with this structure (ie RSA and DH parameters are not freed by this + * function). + **/ +void +gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc) +{ + // Check for valid pointer and otherwise do nothing + if (sc == NULL) + return; + + gnutls_x509_trust_list_deinit(sc->tlist, 1); + gnutls_certificate_free_keys(sc); + memset(sc->pin_tmp, 0, sizeof(sc->pin_tmp)); + + if (sc->deinit_dh_params) { + gnutls_dh_params_deinit(sc->dh_params); + } + + gnutls_free(sc); +} + + +/** + * gnutls_certificate_allocate_credentials: + * @res: is a pointer to a #gnutls_certificate_credentials_t type. + * + * Allocate a gnutls_certificate_credentials_t structure. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ +int +gnutls_certificate_allocate_credentials(gnutls_certificate_credentials_t * + res) +{ + int ret; + + *res = gnutls_calloc(1, sizeof(certificate_credentials_st)); + + if (*res == NULL) + return GNUTLS_E_MEMORY_ERROR; + + ret = gnutls_x509_trust_list_init(&(*res)->tlist, 0); + if (ret < 0) { + gnutls_assert(); + gnutls_free(*res); + return GNUTLS_E_MEMORY_ERROR; + } + (*res)->verify_bits = DEFAULT_MAX_VERIFY_BITS; + (*res)->verify_depth = DEFAULT_MAX_VERIFY_DEPTH; + + + return 0; +} + +/* converts the given x509 certificate list to gnutls_pcert_st* and allocates + * space for them. + */ +static gnutls_pcert_st *alloc_and_load_x509_certs(gnutls_x509_crt_t * + certs, unsigned ncerts) +{ + gnutls_pcert_st *local_certs; + int ret = 0; + unsigned i, j; + + if (certs == NULL) + return NULL; + + local_certs = _gnutls_reallocarray(NULL, ncerts, + sizeof(gnutls_pcert_st)); + if (local_certs == NULL) { + gnutls_assert(); + return NULL; + } + + for (i = 0; i < ncerts; i++) { + ret = gnutls_pcert_import_x509(&local_certs[i], certs[i], 0); + if (ret < 0) + break; + } + + if (ret < 0) { + gnutls_assert(); + for (j = 0; j < i; j++) { + gnutls_pcert_deinit(&local_certs[j]); + } + gnutls_free(local_certs); + return NULL; + } + + return local_certs; +} + +/* converts the given x509 key to gnutls_privkey* and allocates + * space for it. + */ +static gnutls_privkey_t +alloc_and_load_x509_key(gnutls_x509_privkey_t key, int deinit) +{ + gnutls_privkey_t local_key; + int ret = 0; + + if (key == NULL) + return NULL; + + ret = gnutls_privkey_init(&local_key); + if (ret < 0) { + gnutls_assert(); + return NULL; + } + + ret = + gnutls_privkey_import_x509(local_key, key, + deinit ? + GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE : 0); + if (ret < 0) { + gnutls_assert(); + gnutls_privkey_deinit(local_key); + return NULL; + } + + return local_key; +} + +#ifdef ENABLE_PKCS11 + +/* converts the given raw key to gnutls_privkey* and allocates + * space for it. + */ +static gnutls_privkey_t +alloc_and_load_pkcs11_key(gnutls_pkcs11_privkey_t key, int deinit) +{ + gnutls_privkey_t local_key; + int ret = 0; + + if (key == NULL) + return NULL; + + ret = gnutls_privkey_init(&local_key); + if (ret < 0) { + gnutls_assert(); + return NULL; + } + + ret = + gnutls_privkey_import_pkcs11(local_key, key, + deinit ? + GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE + : 0); + if (ret < 0) { + gnutls_assert(); + gnutls_privkey_deinit(local_key); + return NULL; + } + + return local_key; +} + +#endif + +/** + * gnutls_certificate_server_set_request: + * @session: is a #gnutls_session_t type. + * @req: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE, GNUTLS_CERT_IGNORE + * + * This function specifies if we (in case of a server) are going to + * send a certificate request message to the client. If @req is + * GNUTLS_CERT_REQUIRE then the server will return the %GNUTLS_E_NO_CERTIFICATE_FOUND + * error if the peer does not provide a certificate. If you do not call this + * function then the client will not be asked to send a certificate. Invoking + * the function with @req GNUTLS_CERT_IGNORE has the same effect. + **/ +void +gnutls_certificate_server_set_request(gnutls_session_t session, + gnutls_certificate_request_t req) +{ + session->internals.send_cert_req = req; +} + +static int call_legacy_cert_cb1(gnutls_session_t session, + const struct gnutls_cert_retr_st *info, + gnutls_pcert_st **certs, + unsigned int *pcert_length, + gnutls_ocsp_data_st **ocsp, + unsigned int *ocsp_length, + gnutls_privkey_t *privkey, + unsigned int *flags) +{ + gnutls_retr2_st st2; + gnutls_pcert_st *local_certs = NULL; + gnutls_privkey_t local_key = NULL; + unsigned i; + int ret; + + *ocsp_length = 0; + + memset(&st2, 0, sizeof(st2)); + + ret = info->cred->legacy_cert_cb1(session, info->req_ca_rdn, info->nreqs, + info->pk_algos, info->pk_algos_length, + &st2); + if (ret < 0) + return gnutls_assert_val(ret); + + if (st2.ncerts == 0) { + *pcert_length = 0; + *ocsp_length = 0; + *privkey = NULL; + return 0; + } + + if (st2.cert_type != GNUTLS_CRT_X509) { + gnutls_assert(); + ret = GNUTLS_E_INVALID_REQUEST; + goto cleanup; + } + + local_certs = + alloc_and_load_x509_certs(st2.cert.x509, st2.ncerts); + if (local_certs == NULL) { + gnutls_assert(); + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + switch (st2.key_type) { +#ifdef ENABLE_PKCS11 + case GNUTLS_PRIVKEY_PKCS11: + if (st2.key.pkcs11 != NULL) { + local_key = + alloc_and_load_pkcs11_key(st2.key.pkcs11, + st2.deinit_all); + if (local_key == NULL) { + gnutls_assert(); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + } + break; +#endif + case GNUTLS_PRIVKEY_X509: + if (st2.key.x509 != NULL) { + local_key = + alloc_and_load_x509_key(st2.key.x509, + st2.deinit_all); + if (local_key == NULL) { + gnutls_assert(); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + } + break; + default: + gnutls_assert(); + ret = GNUTLS_E_INVALID_REQUEST; + goto cleanup; + } + + *privkey = local_key; + *certs = local_certs; + *pcert_length = st2.ncerts; + + /* flag the caller to deinitialize our values */ + *flags |= GNUTLS_CERT_RETR_DEINIT_ALL; + + ret = 0; + + cleanup: + + if (st2.cert_type == GNUTLS_CRT_X509) { + if (st2.deinit_all) { + for (i = 0; i < st2.ncerts; i++) { + gnutls_x509_crt_deinit(st2.cert.x509[i]); + } + gnutls_free(st2.cert.x509); + } + } + + return ret; + +} + +/** + * gnutls_certificate_set_retrieve_function: + * @cred: is a #gnutls_certificate_credentials_t type. + * @func: is the callback function + * + * This function sets a callback to be called in order to retrieve the + * certificate to be used in the handshake. The callback will take control + * only if a certificate is requested by the peer. You are advised + * to use gnutls_certificate_set_retrieve_function2() because it + * is much more efficient in the processing it requires from gnutls. + * + * The callback's function prototype is: + * int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, + * const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st); + * + * @req_ca_dn is only used in X.509 certificates. + * Contains a list with the CA names that the server considers trusted. + * This is a hint and typically the client should send a certificate that is signed + * by one of these CAs. These names, when available, are DER encoded. To get a more + * meaningful value use the function gnutls_x509_rdn_get(). + * + * @pk_algos contains a list with server's acceptable public key algorithms. + * The certificate returned should support the server's given algorithms. + * + * @st should contain the certificates and private keys. + * + * If the callback function is provided then gnutls will call it, in the + * handshake, after the certificate request message has been received. + * + * In server side pk_algos and req_ca_dn are NULL. + * + * The callback function should set the certificate list to be sent, + * and return 0 on success. If no certificate was selected then the + * number of certificates should be set to zero. The value (-1) + * indicates error and the handshake will be terminated. If both certificates + * are set in the credentials and a callback is available, the callback + * takes predence. + * + * Since: 3.0 + **/ +void gnutls_certificate_set_retrieve_function + (gnutls_certificate_credentials_t cred, + gnutls_certificate_retrieve_function * func) +{ + cred->legacy_cert_cb1 = func; + if (!func) + cred->get_cert_callback3 = NULL; + else + cred->get_cert_callback3 = call_legacy_cert_cb1; +} + +static int call_legacy_cert_cb2(gnutls_session_t session, + const struct gnutls_cert_retr_st *info, + gnutls_pcert_st **certs, + unsigned int *pcert_length, + gnutls_ocsp_data_st **ocsp, + unsigned int *ocsp_length, + gnutls_privkey_t *privkey, + unsigned int *flags) +{ + int ret; + *ocsp_length = 0; + /* flags will be assumed to be zero */ + + ret = info->cred->legacy_cert_cb2(session, info->req_ca_rdn, info->nreqs, + info->pk_algos, info->pk_algos_length, + certs, pcert_length, privkey); + if (ret < 0) { + gnutls_assert(); + } + return ret; +} + +/** + * gnutls_certificate_set_retrieve_function2: + * @cred: is a #gnutls_certificate_credentials_t type. + * @func: is the callback function + * + * This function sets a callback to be called in order to retrieve the + * certificate to be used in the handshake. The callback will take control + * only if a certificate is requested by the peer. + * + * The callback's function prototype is: + * int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, + * const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_pcert_st** pcert, + * unsigned int *pcert_length, gnutls_privkey_t * pkey); + * + * @req_ca_dn is only used in X.509 certificates. + * Contains a list with the CA names that the server considers trusted. + * This is a hint and typically the client should send a certificate that is signed + * by one of these CAs. These names, when available, are DER encoded. To get a more + * meaningful value use the function gnutls_x509_rdn_get(). + * + * @pk_algos contains a list with server's acceptable public key algorithms. + * The certificate returned should support the server's given algorithms. + * + * @pcert should contain a single certificate and public key or a list of them. + * + * @pcert_length is the size of the previous list. + * + * @pkey is the private key. + * + * If the callback function is provided then gnutls will call it, in the + * handshake, after the certificate request message has been received. + * All the provided by the callback values will not be released or + * modified by gnutls. + * + * In server side pk_algos and req_ca_dn are NULL. + * + * The callback function should set the certificate list to be sent, + * and return 0 on success. If no certificate was selected then the + * number of certificates should be set to zero. The value (-1) + * indicates error and the handshake will be terminated. If both certificates + * are set in the credentials and a callback is available, the callback + * takes predence. + * + * Since: 3.0 + **/ +void gnutls_certificate_set_retrieve_function2 + (gnutls_certificate_credentials_t cred, + gnutls_certificate_retrieve_function2 * func) +{ + cred->legacy_cert_cb2 = func; + if (!func) + cred->get_cert_callback3 = NULL; + else + cred->get_cert_callback3 = call_legacy_cert_cb2; +} + +/** + * gnutls_certificate_set_retrieve_function3: + * @cred: is a #gnutls_certificate_credentials_t type. + * @func: is the callback function + * + * This function sets a callback to be called in order to retrieve the + * certificate and OCSP responses to be used in the handshake. @func will + * be called only if the peer requests a certificate either during handshake + * or during post-handshake authentication. + * + * The callback's function prototype is defined in `abstract.h': + * + * int gnutls_certificate_retrieve_function3( + * gnutls_session_t, + * const struct gnutls_cert_retr_st *info, + * gnutls_pcert_st **certs, + * unsigned int *certs_length, + * gnutls_ocsp_data_st **ocsp, + * unsigned int *ocsp_length, + * gnutls_privkey_t *privkey, + * unsigned int *flags); + * + * The info field of the callback contains: + * @req_ca_dn which is a list with the CA names that the server considers trusted. + * This is a hint and typically the client should send a certificate that is signed + * by one of these CAs. These names, when available, are DER encoded. To get a more + * meaningful value use the function gnutls_x509_rdn_get(). + * @pk_algos contains a list with server's acceptable public key algorithms. + * The certificate returned should support the server's given algorithms. + * + * The callback should fill-in the following values: + * + * @certs should contain an allocated list of certificates and public keys. + * @certs_length is the size of the previous list. + * @ocsp should contain an allocated list of OCSP responses. + * @ocsp_length is the size of the previous list. + * @privkey is the private key. + * + * If flags in the callback are set to %GNUTLS_CERT_RETR_DEINIT_ALL then + * all provided values must be allocated using gnutls_malloc(), and will + * be released by gnutls; otherwise they will not be touched by gnutls. + * + * The callback function should set the certificate and OCSP response + * list to be sent, and return 0 on success. If no certificates are available, + * the @certs_length and @ocsp_length should be set to zero. The return + * value (-1) indicates error and the handshake will be terminated. If both + * certificates are set in the credentials and a callback is available, the + * callback takes predence. + * + * Raw public-keys: + * In case raw public-keys are negotiated as certificate type, certificates + * that would normally hold the public-key material are not available. In that case, + * @certs contains an allocated list with only the public key. Since there is no + * certificate, there is also no certificate status. Therefore, OCSP information + * should not be set. + * + * Since: 3.6.3 + **/ +void gnutls_certificate_set_retrieve_function3 + (gnutls_certificate_credentials_t cred, + gnutls_certificate_retrieve_function3 *func) +{ + cred->get_cert_callback3 = func; +} + +/** + * gnutls_certificate_set_verify_function: + * @cred: is a #gnutls_certificate_credentials_t type. + * @func: is the callback function + * + * This function sets a callback to be called when peer's certificate + * has been received in order to verify it on receipt rather than + * doing after the handshake is completed. + * + * The callback's function prototype is: + * int (*callback)(gnutls_session_t); + * + * If the callback function is provided then gnutls will call it, in the + * handshake, just after the certificate message has been received. + * To verify or obtain the certificate the gnutls_certificate_verify_peers2(), + * gnutls_certificate_type_get(), gnutls_certificate_get_peers() functions + * can be used. + * + * The callback function should return 0 for the handshake to continue + * or non-zero to terminate. + * + * Since: 2.10.0 + **/ +void + gnutls_certificate_set_verify_function + (gnutls_certificate_credentials_t cred, + gnutls_certificate_verify_function * func) +{ + cred->verify_callback = func; +} + +/** + * gnutls_x509_trust_list_set_getissuer_function: + * @tlist: is a #gnutls_x509_trust_list_t type. + * @func: is the callback function + * + * This function sets a callback to be called when the peer's certificate + * chain is incomplete due a missing intermediate certificate. The callback + * may provide the missing certificate for use during verification. + * + * The callback's function prototype is defined in gnutls/x509.h as: + * + * int (*callback)(gnutls_x509_trust_list_t list, + * const gnutls_x509_crt_t cert, + * gnutls_x509_crt_t **issuers, + * unsigned int *issuers_size); + * + * If the callback function is provided then gnutls will call it during the + * certificate verification procedure. The callback may wish to use + * gnutls_x509_crt_get_authority_info_access() to get a URI from which + * to attempt to download the missing issuer certificate, if available. + * + * On a successful call, the callback shall allocate the 'issuers' array with + * gnutls_x509_crt_list_import2(). The ownership of both the array and the + * elements is transferred to the caller and thus the application does not need + * to maintain the memory after the call. + * + * The callback function should return 0 if the missing issuer certificate + * for 'crt' was properly populated and added to the 'issuers', or non-zero + * to continue the certificate list verification but with issuer as %NULL. + * + * Since: 3.7.0 + **/ +void gnutls_x509_trust_list_set_getissuer_function(gnutls_x509_trust_list_t tlist, + gnutls_x509_trust_list_getissuer_function * func) +{ + tlist->issuer_callback = func; +} + +/** + * gnutls_x509_trust_list_set_ptr: + * @tlist: is a #gnutls_x509_trust_list_t type. + * @ptr: is the user pointer + * + * This function will set (associate) the user given pointer @ptr to + * the tlist structure. This pointer can be accessed with + * gnutls_x509_trust_list_get_ptr(). Useful in the callback function + * gnutls_x509_trust_list_set_getissuer_function. + * + * Since: 3.7.0 + **/ +void gnutls_x509_trust_list_set_ptr(gnutls_x509_trust_list_t tlist, void *ptr) +{ + tlist->usr_ptr = ptr; +} + +/** + * gnutls_x509_trust_list_get_ptr: + * @tlist: is a #gnutls_x509_trust_list_t type. + * + * Get user pointer for tlist. Useful in callback function + * gnutls_x509_trust_list_set_getissuer_function. + * This is the pointer set with gnutls_x509_trust_list_set_ptr(). + * + * Returns: the user given pointer from the tlist structure, or + * %NULL if it was never set. + * + * Since: 3.7.0 + **/ +void *gnutls_x509_trust_list_get_ptr(gnutls_x509_trust_list_t tlist) +{ + return tlist->usr_ptr; +} + +/** + * gnutls_session_set_verify_output_function: + * @session: is a #gnutls_x509_trust_list_t type. + * @func: is the callback function + * + * This function sets a callback to be called when the peer's certificate + * chain has to be verified and full path to the trusted root has to be + * printed. + * + * The callback's function prototype is defined in `x509.h': + * int (*callback)( + * gnutls_x509_crt_t cert, + * gnutls_x509_crt_t issuer, + * gnutls_x509_crl_t crl, + * unsigned int verification_output); + * + * If the callback function is provided then gnutls will call it, in the + * certificate verification procedure. + * To verify the certificate chain and print its path uptp the trusted root, + * functions such as gnutls_certificate_verify_peers(), + * gnutls_x509_trust_list_verify_crt(), and gnutls_x509_trust_list_verify_crt2() + * can be used. The callback is set in _gnutls_verify_crt_status() and + * _gnutls_pkcs11_verify_crt_status(). + * + * Since: 3.7.0 + **/ +void gnutls_session_set_verify_output_function(gnutls_session_t session, + gnutls_verify_output_function * func) +{ + session->internals.cert_output_callback = func; +} + +#define TEST_TEXT "test text" +/* returns error if the certificate has different algorithm than + * the given key parameters. + */ +int _gnutls_check_key_cert_match(gnutls_certificate_credentials_t res) +{ + gnutls_datum_t test = {(void*)TEST_TEXT, sizeof(TEST_TEXT)-1}; + gnutls_datum_t sig = {NULL, 0}; + gnutls_digest_algorithm_t dig; + int pk, pk2, ret; + unsigned sign_algo; + + if (res->flags & GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH) + return 0; + + pk = + gnutls_pubkey_get_pk_algorithm(res->certs[res->ncerts - 1]. + cert_list[0].pubkey, NULL); + pk2 = + gnutls_privkey_get_pk_algorithm(res->certs[res->ncerts - 1].pkey, + NULL); + + if (GNUTLS_PK_IS_RSA(pk) && GNUTLS_PK_IS_RSA(pk2)) { + if (pk2 == GNUTLS_PK_RSA_PSS && pk == GNUTLS_PK_RSA) { + _gnutls_debug_log("you cannot mix an RSA-PSS key with an RSA certificate\n"); + return GNUTLS_E_CERTIFICATE_KEY_MISMATCH; + } + + if (pk2 == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_RSA_PSS) + pk = GNUTLS_PK_RSA_PSS; + } else if (pk2 != pk) { + gnutls_assert(); + _gnutls_debug_log("key is %s, certificate is %s\n", gnutls_pk_get_name(pk2), + gnutls_pk_get_name(pk)); + return GNUTLS_E_CERTIFICATE_KEY_MISMATCH; + } + + if (pk == GNUTLS_PK_GOST_01) + dig = GNUTLS_DIG_GOSTR_94; + else if (pk == GNUTLS_PK_GOST_12_256) + dig = GNUTLS_DIG_STREEBOG_256; + else if (pk == GNUTLS_PK_GOST_12_512) + dig = GNUTLS_DIG_STREEBOG_512; + else + dig = GNUTLS_DIG_SHA256; + + sign_algo = gnutls_pk_to_sign(pk, dig); + + /* now check if keys really match. We use the sign/verify approach + * because we cannot always obtain the parameters from the abstract + * keys (e.g. PKCS #11). */ + ret = gnutls_privkey_sign_data2(res->certs[res->ncerts - 1].pkey, + sign_algo, 0, &test, &sig); + if (ret < 0) { + /* for some reason we couldn't sign that. That shouldn't have + * happened, but since it did, report the issue and do not + * try the key matching test */ + _gnutls_debug_log("%s: failed signing\n", __func__); + goto finish; + } + + ret = gnutls_pubkey_verify_data2(res->certs[res->ncerts - 1].cert_list[0].pubkey, + sign_algo, + GNUTLS_VERIFY_ALLOW_BROKEN, &test, &sig); + + gnutls_free(sig.data); + + if (ret < 0) + return gnutls_assert_val(GNUTLS_E_CERTIFICATE_KEY_MISMATCH); + + finish: + return 0; +} + +/** + * gnutls_certificate_verification_status_print: + * @status: The status flags to be printed + * @type: The certificate type + * @out: Newly allocated datum with (0) terminated string. + * @flags: should be zero + * + * This function will pretty print the status of a verification + * process -- eg. the one obtained by gnutls_certificate_verify_peers3(). + * + * The output @out needs to be deallocated using gnutls_free(). + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.1.4 + **/ +int +gnutls_certificate_verification_status_print(unsigned int status, + gnutls_certificate_type_t + type, gnutls_datum_t * out, + unsigned int flags) +{ + gnutls_buffer_st str; + + _gnutls_buffer_init(&str); + + if (status == 0) + _gnutls_buffer_append_str(&str, + _ + ("The certificate is trusted. ")); + else + _gnutls_buffer_append_str(&str, + _ + ("The certificate is NOT trusted. ")); + + if (type == GNUTLS_CRT_X509) { + if (status & GNUTLS_CERT_REVOKED) + _gnutls_buffer_append_str(&str, + _ + ("The certificate chain is revoked. ")); + + if (status & GNUTLS_CERT_MISMATCH) + _gnutls_buffer_append_str(&str, + _ + ("The certificate doesn't match the local copy (TOFU). ")); + + if (status & GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED) + _gnutls_buffer_append_str(&str, + _ + ("The revocation or OCSP data are old and have been superseded. ")); + + if (status & GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE) + _gnutls_buffer_append_str(&str, + _ + ("The revocation or OCSP data are issued with a future date. ")); + + if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) + _gnutls_buffer_append_str(&str, + _ + ("The certificate issuer is unknown. ")); + + if (status & GNUTLS_CERT_SIGNER_NOT_CA) + _gnutls_buffer_append_str(&str, + _ + ("The certificate issuer is not a CA. ")); + } + + if (status & GNUTLS_CERT_INSECURE_ALGORITHM) + _gnutls_buffer_append_str(&str, + _ + ("The certificate chain uses insecure algorithm. ")); + + if (status & GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE) + _gnutls_buffer_append_str(&str, + _ + ("The certificate chain violates the signer's constraints. ")); + + if (status & GNUTLS_CERT_PURPOSE_MISMATCH) + _gnutls_buffer_append_str(&str, + _ + ("The certificate chain does not match the intended purpose. ")); + + if (status & GNUTLS_CERT_NOT_ACTIVATED) + _gnutls_buffer_append_str(&str, + _ + ("The certificate chain uses not yet valid certificate. ")); + + if (status & GNUTLS_CERT_EXPIRED) + _gnutls_buffer_append_str(&str, + _ + ("The certificate chain uses expired certificate. ")); + + if (status & GNUTLS_CERT_SIGNATURE_FAILURE) + _gnutls_buffer_append_str(&str, + _ + ("The signature in the certificate is invalid. ")); + + if (status & GNUTLS_CERT_UNEXPECTED_OWNER) + _gnutls_buffer_append_str(&str, + _ + ("The name in the certificate does not match the expected. ")); + + if (status & GNUTLS_CERT_MISSING_OCSP_STATUS) + _gnutls_buffer_append_str(&str, + _ + ("The certificate requires the server to include an OCSP status in its response, but the OCSP status is missing. ")); + + if (status & GNUTLS_CERT_INVALID_OCSP_STATUS) + _gnutls_buffer_append_str(&str, + _ + ("The received OCSP status response is invalid. ")); + + if (status & GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS) + _gnutls_buffer_append_str(&str, + _ + ("The certificate contains an unknown critical extension. ")); + + return _gnutls_buffer_to_datum(&str, out, 1); +} + +#if defined(ENABLE_DHE) || defined(ENABLE_ANON) +/** + * gnutls_certificate_set_dh_params: + * @res: is a gnutls_certificate_credentials_t type + * @dh_params: the Diffie-Hellman parameters. + * + * This function will set the Diffie-Hellman parameters for a + * certificate server to use. These parameters will be used in + * Ephemeral Diffie-Hellman cipher suites. Note that only a pointer + * to the parameters are stored in the certificate handle, so you + * must not deallocate the parameters before the certificate is deallocated. + * + * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 + * or later. Since 3.6.0, DH parameters are negotiated + * following RFC7919. + * + **/ +void +gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res, + gnutls_dh_params_t dh_params) +{ + if (res->deinit_dh_params) { + res->deinit_dh_params = 0; + gnutls_dh_params_deinit(res->dh_params); + res->dh_params = NULL; + } + + res->dh_params = dh_params; + res->dh_sec_param = gnutls_pk_bits_to_sec_param(GNUTLS_PK_DH, _gnutls_mpi_get_nbits(dh_params->params[0])); +} + + +/** + * gnutls_certificate_set_known_dh_params: + * @res: is a gnutls_certificate_credentials_t type + * @sec_param: is an option of the %gnutls_sec_param_t enumeration + * + * This function will set the Diffie-Hellman parameters for a + * certificate server to use. These parameters will be used in + * Ephemeral Diffie-Hellman cipher suites and will be selected from + * the FFDHE set of RFC7919 according to the security level provided. + * + * Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 + * or later. Since 3.6.0, DH parameters are negotiated + * following RFC7919. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.5.6 + **/ +int +gnutls_certificate_set_known_dh_params(gnutls_certificate_credentials_t res, + gnutls_sec_param_t sec_param) +{ + res->dh_sec_param = sec_param; + + return 0; +} + +#endif /* DH */ |