/* this is _gnutls_handshake_verify_cert_vrfy for TLS 1.2
*/
static int
_gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session,
gnutls_pcert_st* cert,
gnutls_datum_t * signature,
gnutls_sign_algorithm_t sign_algo)
{
int ret;
opaque concat[MAX_SIG_SIZE];
digest_hd_st td;
gnutls_datum_t dconcat;
gnutls_sign_algorithm_t _sign_algo;
gnutls_digest_algorithm_t hash_algo;
digest_hd_st *handshake_td;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
gnutls_pk_algorithm_t pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
handshake_td = &session->internals.handshake_mac_handle.tls12.sha1;
hash_algo = handshake_td->algorithm;
_sign_algo =
_gnutls_x509_pk_to_sign (pk, hash_algo);
if (_sign_algo != sign_algo)
{
handshake_td = &session->internals.handshake_mac_handle.tls12.sha256;
hash_algo = handshake_td->algorithm;
_sign_algo =
_gnutls_x509_pk_to_sign (pk, hash_algo);
if (sign_algo != _sign_algo)
{
gnutls_assert ();
return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
}
}
ret = _gnutls_hash_copy (&td, handshake_td);
if (ret < 0)
{
gnutls_assert ();
return GNUTLS_E_HASH_FAILED;
}
_gnutls_hash_deinit (&td, concat);
dconcat.data = concat;
dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
ret =
verify_tls_hash (ver, cert, &dconcat, signature, 0, pk);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
return ret;
}
/* Returns a requested by the peer signature algorithm that
* matches the given public key algorithm. Index can be increased
* to return the second choice etc.
*/
gnutls_sign_algorithm_t
_gnutls_session_get_sign_algo (gnutls_session_t session,
gnutls_pk_algorithm_t pk,
gnutls_digest_algorithm_t * hash)
{
unsigned i;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
if (!_gnutls_version_has_selectable_sighash (ver)
|| session->security_parameters.extensions.sign_algorithms_size == 0)
/* none set, allow all */
{
*hash = GNUTLS_DIG_SHA1;
return _gnutls_x509_pk_to_sign (pk, *hash);
}
for (i = 0;
i < session->security_parameters.extensions.sign_algorithms_size; i++)
{
if (_gnutls_sign_get_pk_algorithm
(session->security_parameters.extensions.sign_algorithms[i]) == pk)
{
*hash =
_gnutls_sign_get_hash_algorithm (session->security_parameters.
extensions.sign_algorithms[i]);
return session->security_parameters.extensions.sign_algorithms[i];
}
}
return GNUTLS_SIGN_UNKNOWN;
}
/* Returns a requested by the peer signature algorithm that
* matches the given certificate's public key algorithm.
*/
gnutls_sign_algorithm_t
_gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_pcert_st* cert)
{
unsigned i;
int ret;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
sig_ext_st *priv;
extension_priv_data_t epriv;
int cert_algo;
cert_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
ret =
_gnutls_ext_get_session_data (session,
GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
&epriv);
priv = epriv.ptr;
if (ret < 0 || !_gnutls_version_has_selectable_sighash (ver)
|| priv->sign_algorithms_size == 0)
/* none set, allow SHA-1 only */
{
return _gnutls_x509_pk_to_sign (cert_algo, GNUTLS_DIG_SHA1);
}
for (i = 0; i < priv->sign_algorithms_size; i++)
{
if (_gnutls_sign_get_pk_algorithm (priv->sign_algorithms[i]) == cert_algo)
{
if (_gnutls_pubkey_compatible_with_sig(cert->pubkey, ver, priv->sign_algorithms[i]) < 0)
continue;
return priv->sign_algorithms[i];
}
}
return GNUTLS_SIGN_UNKNOWN;
}
/* Returns a requested by the peer signature algorithm that
* matches the given public key algorithm. Index can be increased
* to return the second choice etc.
*/
gnutls_sign_algorithm_t
_gnutls_session_get_sign_algo (gnutls_session_t session,
gnutls_pk_algorithm_t pk,
gnutls_digest_algorithm_t * hash)
{
unsigned i;
int ret;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
sig_ext_st *priv;
extension_priv_data_t epriv;
ret =
_gnutls_ext_get_session_data (session,
GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
&epriv);
priv = epriv.ptr;
if (ret < 0 || !_gnutls_version_has_selectable_sighash (ver)
|| priv->sign_algorithms_size == 0)
/* none set, allow all */
{
*hash = GNUTLS_DIG_SHA1;
return _gnutls_x509_pk_to_sign (pk, *hash);
}
for (i = 0; i < priv->sign_algorithms_size; i++)
{
if (_gnutls_sign_get_pk_algorithm (priv->sign_algorithms[i]) == pk)
{
*hash = _gnutls_sign_get_hash_algorithm (priv->sign_algorithms[i]);
return priv->sign_algorithms[i];
}
}
return GNUTLS_SIGN_UNKNOWN;
}
/* the same as _gnutls_handshake_sign_cert_vrfy except that it is made for TLS 1.2
*/
static int
_gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session,
gnutls_cert * cert, gnutls_privkey * pkey,
gnutls_datum_t * signature)
{
gnutls_datum_t dconcat;
int ret;
opaque concat[MAX_SIG_SIZE];
digest_hd_st td;
gnutls_sign_algorithm_t sign_algo;
gnutls_digest_algorithm_t hash_algo;
digest_hd_st *handshake_td;
handshake_td = &session->internals.handshake_mac_handle.tls12.sha1;
hash_algo = handshake_td->algorithm;
sign_algo = _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo);
/* The idea here is to try signing with the one of the algorithms
* that have been initiated at handshake (SHA1, SHA256). If they
* are not requested by peer... tough luck
*/
ret = _gnutls_session_sign_algo_requested (session, sign_algo);
if (sign_algo == GNUTLS_SIGN_UNKNOWN || ret < 0)
{
handshake_td = &session->internals.handshake_mac_handle.tls12.sha256;
hash_algo = handshake_td->algorithm;
sign_algo =
_gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo);
if (sign_algo == GNUTLS_SIGN_UNKNOWN)
{
gnutls_assert ();
return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
}
ret = _gnutls_session_sign_algo_requested (session, sign_algo);
if (ret < 0)
{
gnutls_assert ();
_gnutls_x509_log
("Server did not allow either '%s' or '%s' for signing\n",
gnutls_mac_get_name (hash_algo),
gnutls_mac_get_name (session->internals.handshake_mac_handle.
tls12.sha1.algorithm));
return ret;
}
}
_gnutls_x509_log ("sign handshake cert vrfy: picked %s with %s\n",
gnutls_sign_algorithm_get_name (sign_algo),
gnutls_mac_get_name (hash_algo));
ret = _gnutls_hash_copy (&td, handshake_td);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
_gnutls_hash_deinit (&td, concat);
dconcat.data = concat;
dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
ret = _gnutls_tls_sign (session, cert, pkey, &dconcat, signature);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
return sign_algo;
}
