/* this is _gnutls_handshake_verify_cert_vrfy for TLS 1.2
*/
static int
_gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session,
gnutls_cert * cert,
gnutls_datum_t * signature,
gnutls_sign_algorithm_t sign_algo)
{
int ret;
opaque concat[MAX_SIG_SIZE];
digest_hd_st td;
gnutls_datum_t dconcat;
gnutls_sign_algorithm_t _sign_algo;
gnutls_digest_algorithm_t hash_algo;
digest_hd_st *handshake_td;
handshake_td = &session->internals.handshake_mac_handle.tls12.sha1;
hash_algo = handshake_td->algorithm;
_sign_algo =
_gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo);
if (_sign_algo != sign_algo)
{
handshake_td = &session->internals.handshake_mac_handle.tls12.sha256;
hash_algo = handshake_td->algorithm;
_sign_algo =
_gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo);
if (sign_algo != _sign_algo)
{
gnutls_assert ();
return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
}
}
ret = _gnutls_hash_copy (&td, handshake_td);
if (ret < 0)
{
gnutls_assert ();
return GNUTLS_E_HASH_FAILED;
}
_gnutls_hash_deinit (&td, concat);
dconcat.data = concat;
dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
ret =
_gnutls_verify_sig (cert, &dconcat, signature, 0,
cert->subject_pk_algorithm);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
return ret;
}
/* Generates a signature of all the random data and the parameters.
* Used in DHE_* ciphersuites.
*/
int
_gnutls_verify_sig_params (gnutls_session_t session, gnutls_cert * cert,
const gnutls_datum_t * params,
gnutls_datum_t * signature)
{
gnutls_datum_t dconcat;
int ret;
digest_hd_st td_md5;
digest_hd_st td_sha;
opaque concat[36];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
if (ver < GNUTLS_TLS1_2)
{
ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
_gnutls_hash (&td_md5, session->security_parameters.client_random,
GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_md5, session->security_parameters.server_random,
GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_md5, params->data, params->size);
}
ret = _gnutls_hash_init (&td_sha, GNUTLS_MAC_SHA1);
if (ret < 0)
{
gnutls_assert ();
if (ver < GNUTLS_TLS1_2)
_gnutls_hash_deinit (&td_md5, NULL);
return ret;
}
_gnutls_hash (&td_sha, session->security_parameters.client_random,
GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_sha, session->security_parameters.server_random,
GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_sha, params->data, params->size);
if (ver < GNUTLS_TLS1_2)
{
_gnutls_hash_deinit (&td_md5, concat);
_gnutls_hash_deinit (&td_sha, &concat[16]);
dconcat.size = 36;
}
else
{
#if 1
/* Use NULL parameters. */
memcpy (concat,
"\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14",
15);
_gnutls_hash_deinit (&td_sha, &concat[15]);
dconcat.size = 35;
#else
/* No parameters field. */
memcpy (concat,
"\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14", 13);
_gnutls_hash_deinit (&td_sha, &concat[13]);
dconcat.size = 33;
#endif
}
dconcat.data = concat;
ret = _gnutls_verify_sig (cert, &dconcat, signature, dconcat.size - 20);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
return ret;
}
/* Verifies a TLS signature (like the one in the client certificate
* verify message).
*/
int
_gnutls_verify_sig_hdata (gnutls_session_t session, gnutls_cert * cert,
gnutls_datum_t * signature)
{
int ret;
opaque concat[36];
digest_hd_st td_md5;
digest_hd_st td_sha;
gnutls_datum_t dconcat;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
ret =
_gnutls_hash_copy (&td_md5, &session->internals.handshake_mac_handle_md5);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
ret =
_gnutls_hash_copy (&td_sha, &session->internals.handshake_mac_handle_sha);
if (ret < 0)
{
gnutls_assert ();
_gnutls_hash_deinit (&td_md5, NULL);
return GNUTLS_E_HASH_FAILED;
}
if (ver == GNUTLS_SSL3)
{
ret = _gnutls_generate_master (session, 1);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
_gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
session->security_parameters.
master_secret, GNUTLS_MASTER_SIZE);
_gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
session->security_parameters.
master_secret, GNUTLS_MASTER_SIZE);
}
else
{
_gnutls_hash_deinit (&td_md5, concat);
_gnutls_hash_deinit (&td_sha, &concat[16]);
}
dconcat.data = concat;
dconcat.size = 20 + 16; /* md5+ sha */
ret = _gnutls_verify_sig (cert, &dconcat, signature, 16);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
return ret;
}
/* Verifies a TLS signature (like the one in the client certificate
* verify message).
*/
int
_gnutls_handshake_verify_cert_vrfy (gnutls_session_t session,
gnutls_cert * cert,
gnutls_datum_t * signature,
gnutls_sign_algorithm_t sign_algo)
{
int ret;
opaque concat[MAX_SIG_SIZE];
digest_hd_st td_md5;
digest_hd_st td_sha;
gnutls_datum_t dconcat;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
if (session->security_parameters.handshake_mac_handle_type ==
HANDSHAKE_MAC_TYPE_12)
{
return _gnutls_handshake_verify_cert_vrfy12 (session, cert, signature,
sign_algo);
}
else if (session->security_parameters.handshake_mac_handle_type !=
HANDSHAKE_MAC_TYPE_10)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
ret =
_gnutls_hash_copy (&td_md5,
&session->internals.handshake_mac_handle.tls10.md5);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
ret =
_gnutls_hash_copy (&td_sha,
&session->internals.handshake_mac_handle.tls10.sha);
if (ret < 0)
{
gnutls_assert ();
_gnutls_hash_deinit (&td_md5, NULL);
return GNUTLS_E_HASH_FAILED;
}
if (ver == GNUTLS_SSL3)
{
ret = _gnutls_generate_master (session, 1);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
_gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
session->
security_parameters.master_secret,
GNUTLS_MASTER_SIZE);
_gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
session->
security_parameters.master_secret,
GNUTLS_MASTER_SIZE);
}
else
{
_gnutls_hash_deinit (&td_md5, concat);
_gnutls_hash_deinit (&td_sha, &concat[16]);
}
dconcat.data = concat;
dconcat.size = 20 + 16; /* md5+ sha */
ret =
_gnutls_verify_sig (cert, &dconcat, signature, 16,
cert->subject_pk_algorithm);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
return ret;
}
/* Generates a signature of all the random data and the parameters.
* Used in DHE_* ciphersuites.
*/
int
_gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert,
const gnutls_datum_t * params,
gnutls_datum_t * signature,
gnutls_sign_algorithm_t algo)
{
gnutls_datum_t dconcat;
int ret;
digest_hd_st td_md5;
digest_hd_st td_sha;
opaque concat[MAX_SIG_SIZE];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
gnutls_digest_algorithm_t hash_algo = GNUTLS_DIG_SHA1;
ret = _gnutls_session_sign_algo_enabled (session, algo);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
if (!_gnutls_version_has_selectable_prf (ver))
{
ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
_gnutls_hash (&td_md5, session->security_parameters.client_random,
GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_md5, session->security_parameters.server_random,
GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_md5, params->data, params->size);
}
if (algo != GNUTLS_SIGN_UNKNOWN)
hash_algo = _gnutls_sign_get_hash_algorithm (algo);
ret = _gnutls_hash_init (&td_sha, hash_algo);
if (ret < 0)
{
gnutls_assert ();
if (!_gnutls_version_has_selectable_prf (ver))
_gnutls_hash_deinit (&td_md5, NULL);
return ret;
}
_gnutls_hash (&td_sha, session->security_parameters.client_random,
GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_sha, session->security_parameters.server_random,
GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_sha, params->data, params->size);
if (!_gnutls_version_has_selectable_prf (ver))
{
_gnutls_hash_deinit (&td_md5, concat);
_gnutls_hash_deinit (&td_sha, &concat[16]);
dconcat.data = concat;
dconcat.size = 36;
}
else
{
gnutls_datum_t hash;
_gnutls_hash_deinit (&td_sha, concat);
hash.data = concat;
hash.size = _gnutls_hash_get_algo_len (hash_algo);
dconcat.data = concat;
dconcat.size = sizeof concat;
_gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
}
ret = _gnutls_verify_sig (cert, &dconcat, signature,
dconcat.size -
_gnutls_hash_get_algo_len (hash_algo),
_gnutls_sign_get_pk_algorithm (algo));
if (ret < 0)
{
gnutls_assert ();
return ret;
}
return ret;
}
