/* this is _gnutls_handshake_verify_cert_vrfy for TLS 1.2 */ static int _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, gnutls_pcert_st* cert, gnutls_datum_t * signature, gnutls_sign_algorithm_t sign_algo) { int ret; opaque concat[MAX_SIG_SIZE]; digest_hd_st td; gnutls_datum_t dconcat; gnutls_sign_algorithm_t _sign_algo; gnutls_digest_algorithm_t hash_algo; digest_hd_st *handshake_td; gnutls_protocol_t ver = gnutls_protocol_get_version (session); gnutls_pk_algorithm_t pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL); handshake_td = &session->internals.handshake_mac_handle.tls12.sha1; hash_algo = handshake_td->algorithm; _sign_algo = _gnutls_x509_pk_to_sign (pk, hash_algo); if (_sign_algo != sign_algo) { handshake_td = &session->internals.handshake_mac_handle.tls12.sha256; hash_algo = handshake_td->algorithm; _sign_algo = _gnutls_x509_pk_to_sign (pk, hash_algo); if (sign_algo != _sign_algo) { gnutls_assert (); return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; } } ret = _gnutls_hash_copy (&td, handshake_td); if (ret < 0) { gnutls_assert (); return GNUTLS_E_HASH_FAILED; } _gnutls_hash_deinit (&td, concat); dconcat.data = concat; dconcat.size = _gnutls_hash_get_algo_len (hash_algo); ret = verify_tls_hash (ver, cert, &dconcat, signature, 0, pk); if (ret < 0) { gnutls_assert (); return ret; } return ret; }
/* Returns a requested by the peer signature algorithm that * matches the given public key algorithm. Index can be increased * to return the second choice etc. */ gnutls_sign_algorithm_t _gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t * hash) { unsigned i; gnutls_protocol_t ver = gnutls_protocol_get_version (session); if (!_gnutls_version_has_selectable_sighash (ver) || session->security_parameters.extensions.sign_algorithms_size == 0) /* none set, allow all */ { *hash = GNUTLS_DIG_SHA1; return _gnutls_x509_pk_to_sign (pk, *hash); } for (i = 0; i < session->security_parameters.extensions.sign_algorithms_size; i++) { if (_gnutls_sign_get_pk_algorithm (session->security_parameters.extensions.sign_algorithms[i]) == pk) { *hash = _gnutls_sign_get_hash_algorithm (session->security_parameters. extensions.sign_algorithms[i]); return session->security_parameters.extensions.sign_algorithms[i]; } } return GNUTLS_SIGN_UNKNOWN; }
/* Returns a requested by the peer signature algorithm that * matches the given certificate's public key algorithm. */ gnutls_sign_algorithm_t _gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_pcert_st* cert) { unsigned i; int ret; gnutls_protocol_t ver = gnutls_protocol_get_version (session); sig_ext_st *priv; extension_priv_data_t epriv; int cert_algo; cert_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL); ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, &epriv); priv = epriv.ptr; if (ret < 0 || !_gnutls_version_has_selectable_sighash (ver) || priv->sign_algorithms_size == 0) /* none set, allow SHA-1 only */ { return _gnutls_x509_pk_to_sign (cert_algo, GNUTLS_DIG_SHA1); } for (i = 0; i < priv->sign_algorithms_size; i++) { if (_gnutls_sign_get_pk_algorithm (priv->sign_algorithms[i]) == cert_algo) { if (_gnutls_pubkey_compatible_with_sig(cert->pubkey, ver, priv->sign_algorithms[i]) < 0) continue; return priv->sign_algorithms[i]; } } return GNUTLS_SIGN_UNKNOWN; }
/* Returns a requested by the peer signature algorithm that * matches the given public key algorithm. Index can be increased * to return the second choice etc. */ gnutls_sign_algorithm_t _gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t * hash) { unsigned i; int ret; gnutls_protocol_t ver = gnutls_protocol_get_version (session); sig_ext_st *priv; extension_priv_data_t epriv; ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, &epriv); priv = epriv.ptr; if (ret < 0 || !_gnutls_version_has_selectable_sighash (ver) || priv->sign_algorithms_size == 0) /* none set, allow all */ { *hash = GNUTLS_DIG_SHA1; return _gnutls_x509_pk_to_sign (pk, *hash); } for (i = 0; i < priv->sign_algorithms_size; i++) { if (_gnutls_sign_get_pk_algorithm (priv->sign_algorithms[i]) == pk) { *hash = _gnutls_sign_get_hash_algorithm (priv->sign_algorithms[i]); return priv->sign_algorithms[i]; } } return GNUTLS_SIGN_UNKNOWN; }
/* the same as _gnutls_handshake_sign_cert_vrfy except that it is made for TLS 1.2 */ static int _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, gnutls_cert * cert, gnutls_privkey * pkey, gnutls_datum_t * signature) { gnutls_datum_t dconcat; int ret; opaque concat[MAX_SIG_SIZE]; digest_hd_st td; gnutls_sign_algorithm_t sign_algo; gnutls_digest_algorithm_t hash_algo; digest_hd_st *handshake_td; handshake_td = &session->internals.handshake_mac_handle.tls12.sha1; hash_algo = handshake_td->algorithm; sign_algo = _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); /* The idea here is to try signing with the one of the algorithms * that have been initiated at handshake (SHA1, SHA256). If they * are not requested by peer... tough luck */ ret = _gnutls_session_sign_algo_requested (session, sign_algo); if (sign_algo == GNUTLS_SIGN_UNKNOWN || ret < 0) { handshake_td = &session->internals.handshake_mac_handle.tls12.sha256; hash_algo = handshake_td->algorithm; sign_algo = _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); if (sign_algo == GNUTLS_SIGN_UNKNOWN) { gnutls_assert (); return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; } ret = _gnutls_session_sign_algo_requested (session, sign_algo); if (ret < 0) { gnutls_assert (); _gnutls_x509_log ("Server did not allow either '%s' or '%s' for signing\n", gnutls_mac_get_name (hash_algo), gnutls_mac_get_name (session->internals.handshake_mac_handle. tls12.sha1.algorithm)); return ret; } } _gnutls_x509_log ("sign handshake cert vrfy: picked %s with %s\n", gnutls_sign_algorithm_get_name (sign_algo), gnutls_mac_get_name (hash_algo)); ret = _gnutls_hash_copy (&td, handshake_td); if (ret < 0) { gnutls_assert (); return ret; } _gnutls_hash_deinit (&td, concat); dconcat.data = concat; dconcat.size = _gnutls_hash_get_algo_len (hash_algo); ret = _gnutls_tls_sign (session, cert, pkey, &dconcat, signature); if (ret < 0) { gnutls_assert (); return ret; } return sign_algo; }