Coverage Report

Created: 2023-03-26 07:33

/src/gnutls/lib/tls13-sig.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (C) 2017-2019 Red Hat, Inc.
3
 *
4
 * Author: Nikos Mavrogiannopoulos
5
 *
6
 * This file is part of GnuTLS.
7
 *
8
 * The GnuTLS is free software; you can redistribute it and/or
9
 * modify it under the terms of the GNU Lesser General Public License
10
 * as published by the Free Software Foundation; either version 2.1 of
11
 * the License, or (at your option) any later version.
12
 *
13
 * This library is distributed in the hope that it will be useful, but
14
 * WITHOUT ANY WARRANTY; without even the implied warranty of
15
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16
 * Lesser General Public License for more details.
17
 *
18
 * You should have received a copy of the GNU Lesser General Public License
19
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
20
 *
21
 */
22
23
#include "gnutls_int.h"
24
#include "errors.h"
25
#include <auth/cert.h>
26
#include <algorithms.h>
27
#include <ext/signature.h>
28
#include <abstract_int.h>
29
#include "tls13-sig.h"
30
#include "tls-sig.h"
31
#include "hash_int.h"
32
33
#undef PREFIX_SIZE
34
0
#define PREFIX_SIZE 64
35
#if PREFIX_SIZE < MAX_HASH_SIZE
36
/* we assume later that prefix is sufficient to store hash output */
37
# error Need to modify code
38
#endif
39
40
int
41
_gnutls13_handshake_verify_data(gnutls_session_t session,
42
        unsigned verify_flags,
43
        gnutls_pcert_st * cert,
44
        const gnutls_datum_t * context,
45
        const gnutls_datum_t * signature,
46
        const gnutls_sign_entry_st * se)
47
0
{
48
0
  int ret;
49
0
  const version_entry_st *ver = get_version(session);
50
0
  gnutls_buffer_st buf;
51
0
  uint8_t prefix[PREFIX_SIZE];
52
0
  unsigned key_usage = 0;
53
0
  gnutls_datum_t p;
54
55
0
  _gnutls_handshake_log
56
0
      ("HSK[%p]: verifying TLS 1.3 handshake data using %s\n", session,
57
0
       se->name);
58
59
0
  ret =
60
0
      _gnutls_pubkey_compatible_with_sig(session,
61
0
                 cert->pubkey, ver, se->id);
62
0
  if (ret < 0)
63
0
    return gnutls_assert_val(ret);
64
65
0
  if (unlikely
66
0
      (sign_supports_cert_pk_algorithm(se, cert->pubkey->params.algo) ==
67
0
       0)) {
68
0
    _gnutls_handshake_log
69
0
        ("HSK[%p]: certificate of %s cannot be combined with %s sig\n",
70
0
         session, gnutls_pk_get_name(cert->pubkey->params.algo),
71
0
         se->name);
72
0
    return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
73
0
  }
74
75
0
  ret = _gnutls_session_sign_algo_enabled(session, se->id);
76
0
  if (ret < 0)
77
0
    return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
78
79
0
  if ((se->flags & GNUTLS_SIGN_FLAG_TLS13_OK) == 0) /* explicitly prohibited */
80
0
    return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
81
82
0
  gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
83
84
0
  ret = _gnutls_check_key_usage_for_sig(session, key_usage, 0);
85
0
  if (ret < 0)
86
0
    return gnutls_assert_val(ret);
87
88
0
  _gnutls_buffer_init(&buf);
89
90
0
  memset(prefix, 0x20, sizeof(prefix));
91
0
  ret = _gnutls_buffer_append_data(&buf, prefix, sizeof(prefix));
92
0
  if (ret < 0) {
93
0
    gnutls_assert();
94
0
    goto cleanup;
95
0
  }
96
97
0
  ret = _gnutls_buffer_append_data(&buf, context->data, context->size);
98
0
  if (ret < 0) {
99
0
    gnutls_assert();
100
0
    goto cleanup;
101
0
  }
102
103
0
  ret = _gnutls_buffer_append_data(&buf, "\x00", 1);
104
0
  if (ret < 0) {
105
0
    gnutls_assert();
106
0
    goto cleanup;
107
0
  }
108
109
0
  ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id),
110
0
             session->internals.handshake_hash_buffer.data,
111
0
             session->
112
0
             internals.handshake_hash_buffer_prev_len,
113
0
             prefix);
114
0
  if (ret < 0) {
115
0
    gnutls_assert();
116
0
    goto cleanup;
117
0
  }
118
119
0
  ret =
120
0
      _gnutls_buffer_append_data(&buf, prefix,
121
0
               session->security_parameters.
122
0
               prf->output_size);
123
0
  if (ret < 0) {
124
0
    gnutls_assert();
125
0
    goto cleanup;
126
0
  }
127
128
0
  p.data = buf.data;
129
0
  p.size = buf.length;
130
131
0
  verify_flags |= GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH;
132
0
  ret = gnutls_pubkey_verify_data2(cert->pubkey, se->id, verify_flags, &p,
133
0
           signature);
134
0
  if (ret < 0) {
135
0
    gnutls_assert();
136
0
    goto cleanup;
137
0
  }
138
139
0
  ret = 0;
140
0
 cleanup:
141
0
  _gnutls_buffer_clear(&buf);
142
143
0
  return ret;
144
0
}
145
146
int
147
_gnutls13_handshake_sign_data(gnutls_session_t session,
148
            gnutls_pcert_st * cert, gnutls_privkey_t pkey,
149
            const gnutls_datum_t * context,
150
            gnutls_datum_t * signature,
151
            const gnutls_sign_entry_st * se)
152
0
{
153
0
  gnutls_datum_t p;
154
0
  int ret;
155
0
  gnutls_buffer_st buf;
156
0
  uint8_t tmp[MAX_HASH_SIZE];
157
158
0
  if (unlikely
159
0
      (se == NULL || (se->flags & GNUTLS_SIGN_FLAG_TLS13_OK) == 0))
160
0
    return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
161
162
0
  if (unlikely
163
0
      (sign_supports_priv_pk_algorithm(se, pkey->pk_algorithm) == 0))
164
0
    return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
165
166
  /* when we reach here we know we have a signing certificate */
167
0
  _gnutls_handshake_log
168
0
      ("HSK[%p]: signing TLS 1.3 handshake data: using %s and PRF: %s\n",
169
0
       session, se->name, session->security_parameters.prf->name);
170
171
0
  _gnutls_buffer_init(&buf);
172
173
0
  ret = _gnutls_buffer_resize(&buf, PREFIX_SIZE);
174
0
  if (ret < 0) {
175
0
    gnutls_assert();
176
0
    goto cleanup;
177
0
  }
178
179
0
  memset(buf.data, 0x20, PREFIX_SIZE);
180
0
  buf.length += PREFIX_SIZE;
181
182
0
  ret = _gnutls_buffer_append_data(&buf, context->data, context->size);
183
0
  if (ret < 0) {
184
0
    gnutls_assert();
185
0
    goto cleanup;
186
0
  }
187
188
0
  ret = _gnutls_buffer_append_data(&buf, "\x00", 1);
189
0
  if (ret < 0) {
190
0
    gnutls_assert();
191
0
    goto cleanup;
192
0
  }
193
194
0
  ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id),
195
0
             session->internals.handshake_hash_buffer.data,
196
0
             session->internals.handshake_hash_buffer.length,
197
0
             tmp);
198
0
  if (ret < 0) {
199
0
    gnutls_assert();
200
0
    goto cleanup;
201
0
  }
202
203
0
  ret =
204
0
      _gnutls_buffer_append_data(&buf, tmp,
205
0
               session->security_parameters.
206
0
               prf->output_size);
207
0
  if (ret < 0) {
208
0
    gnutls_assert();
209
0
    goto cleanup;
210
0
  }
211
212
0
  p.data = buf.data;
213
0
  p.size = buf.length;
214
215
0
  ret = gnutls_privkey_sign_data2(pkey, se->id,
216
0
          GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH,
217
0
          &p, signature);
218
0
  if (ret < 0) {
219
0
    gnutls_assert();
220
0
    goto cleanup;
221
0
  }
222
223
0
  ret = 0;
224
0
 cleanup:
225
0
  _gnutls_buffer_clear(&buf);
226
227
0
  return ret;
228
229
0
}