diff options
Diffstat (limited to '')
-rw-r--r-- | lib/tls13-sig.c | 218 |
1 files changed, 218 insertions, 0 deletions
diff --git a/lib/tls13-sig.c b/lib/tls13-sig.c new file mode 100644 index 0000000..3b193d7 --- /dev/null +++ b/lib/tls13-sig.c @@ -0,0 +1,218 @@ +/* + * Copyright (C) 2017-2019 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/> + * + */ + +#include "gnutls_int.h" +#include "errors.h" +#include <auth/cert.h> +#include <algorithms.h> +#include <ext/signature.h> +#include <abstract_int.h> +#include "tls13-sig.h" +#include "tls-sig.h" +#include "hash_int.h" + +#undef PREFIX_SIZE +#define PREFIX_SIZE 64 +#if PREFIX_SIZE < MAX_HASH_SIZE +/* we assume later that prefix is sufficient to store hash output */ +# error Need to modify code +#endif + +int +_gnutls13_handshake_verify_data(gnutls_session_t session, + unsigned verify_flags, + gnutls_pcert_st *cert, + const gnutls_datum_t *context, + const gnutls_datum_t *signature, + const gnutls_sign_entry_st *se) +{ + int ret; + const version_entry_st *ver = get_version(session); + gnutls_buffer_st buf; + uint8_t prefix[PREFIX_SIZE]; + unsigned key_usage = 0; + gnutls_datum_t p; + + _gnutls_handshake_log + ("HSK[%p]: verifying TLS 1.3 handshake data using %s\n", session, + se->name); + + ret = + _gnutls_pubkey_compatible_with_sig(session, + cert->pubkey, ver, + se->id); + if (ret < 0) + return gnutls_assert_val(ret); + + if (unlikely(sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) == 0)) { + _gnutls_handshake_log("HSK[%p]: certificate of %s cannot be combined with %s sig\n", + session, gnutls_pk_get_name(cert->pubkey->params.algo), se->name); + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + } + + ret = + _gnutls_session_sign_algo_enabled(session, se->id); + if (ret < 0) + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + + if ((se->flags & GNUTLS_SIGN_FLAG_TLS13_OK) == 0) /* explicitly prohibited */ + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + + gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage); + + ret = _gnutls_check_key_usage_for_sig(session, key_usage, 0); + if (ret < 0) + return gnutls_assert_val(ret); + + _gnutls_buffer_init(&buf); + + memset(prefix, 0x20, sizeof(prefix)); + ret = _gnutls_buffer_append_data(&buf, prefix, sizeof(prefix)); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_buffer_append_data(&buf, context->data, context->size); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_buffer_append_data(&buf, "\x00", 1); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id), + session->internals.handshake_hash_buffer.data, + session->internals.handshake_hash_buffer_prev_len, + prefix); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_buffer_append_data(&buf, prefix, session->security_parameters.prf->output_size); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + p.data = buf.data; + p.size = buf.length; + + verify_flags |= GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH; + ret = gnutls_pubkey_verify_data2(cert->pubkey, se->id, verify_flags, &p, + signature); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = 0; + cleanup: + _gnutls_buffer_clear(&buf); + + return ret; +} + +int +_gnutls13_handshake_sign_data(gnutls_session_t session, + gnutls_pcert_st * cert, gnutls_privkey_t pkey, + const gnutls_datum_t *context, + gnutls_datum_t * signature, + const gnutls_sign_entry_st *se) +{ + gnutls_datum_t p; + int ret; + gnutls_buffer_st buf; + uint8_t tmp[MAX_HASH_SIZE]; + + if (unlikely(se == NULL || (se->flags & GNUTLS_SIGN_FLAG_TLS13_OK) == 0)) + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + + if (unlikely(sign_supports_priv_pk_algorithm(se, pkey->pk_algorithm) == 0)) + return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + + /* when we reach here we know we have a signing certificate */ + _gnutls_handshake_log + ("HSK[%p]: signing TLS 1.3 handshake data: using %s and PRF: %s\n", session, se->name, + session->security_parameters.prf->name); + + _gnutls_buffer_init(&buf); + + ret = _gnutls_buffer_resize(&buf, PREFIX_SIZE); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + memset(buf.data, 0x20, PREFIX_SIZE); + buf.length += PREFIX_SIZE; + + ret = _gnutls_buffer_append_data(&buf, context->data, context->size); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_buffer_append_data(&buf, "\x00", 1); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id), + session->internals.handshake_hash_buffer.data, + session->internals.handshake_hash_buffer.length, + tmp); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_buffer_append_data(&buf, tmp, session->security_parameters.prf->output_size); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + p.data = buf.data; + p.size = buf.length; + + ret = gnutls_privkey_sign_data2(pkey, se->id, + GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH, + &p, signature); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = 0; + cleanup: + _gnutls_buffer_clear(&buf); + + return ret; + +} |