/* This will create a PKCS1 or DSA signature, as defined in the TLS protocol.
* Cert is the certificate of the corresponding private key. It is only checked if
* it supports signing.
*/
static int
sign_tls_hash (gnutls_session_t session, gnutls_digest_algorithm_t hash_algo,
gnutls_pcert_st* cert, gnutls_privkey_t pkey,
const gnutls_datum_t * hash_concat,
gnutls_datum_t * signature)
{
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
unsigned int key_usage = 0;
/* If our certificate supports signing
*/
if (cert != NULL)
{
gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
if (key_usage != 0)
if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
return GNUTLS_E_KEY_USAGE_VIOLATION;
}
/* External signing. */
if (!pkey)
{
if (!session->internals.sign_func)
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
return (*session->internals.sign_func)
(session, session->internals.sign_func_userdata,
cert->type, &cert->cert, hash_concat, signature);
}
}
if (!_gnutls_version_has_selectable_sighash (ver))
return _gnutls_privkey_sign_hash (pkey, hash_concat, signature);
else
return gnutls_privkey_sign_hash (pkey, hash_algo, 0, hash_concat, signature);
}
void
sec_mod_server(struct cfg_st* config, const char* socket_file)
{
struct sockaddr_un sa;
socklen_t sa_len;
int cfd, ret, e;
unsigned i, buffer_size, type;
gnutls_privkey_t *key;
uint8_t *buffer;
unsigned key_size = config->key_size;
struct pin_st pins;
gnutls_datum_t data, out;
uint16_t length;
struct iovec iov[2];
int sd;
#if defined(SO_PEERCRED) && defined(HAVE_STRUCT_UCRED)
struct ucred cr;
socklen_t cr_len;
#endif
ocsignal(SIGHUP, SIG_IGN);
ocsignal(SIGINT, SIG_DFL);
ocsignal(SIGTERM, SIG_DFL);
#ifdef HAVE_PKCS11
ret = gnutls_pkcs11_reinit();
if (ret < 0) {
syslog(LOG_WARNING, "error in PKCS #11 reinitialization: %s", gnutls_strerror(ret));
}
#endif
buffer_size = 8*1024;
buffer = malloc(buffer_size);
if (buffer == NULL) {
syslog(LOG_ERR, "error in memory allocation");
exit(1);
}
memset(&sa, 0, sizeof(sa));
sa.sun_family = AF_UNIX;
snprintf(sa.sun_path, sizeof(sa.sun_path), "%s", socket_file);
remove(socket_file);
sd = socket(AF_UNIX, SOCK_STREAM, 0);
if (sd == -1) {
e = errno;
syslog(LOG_ERR, "could not create socket '%s': %s", socket_file, strerror(e));
exit(1);
}
umask(066);
ret = bind(sd, (struct sockaddr *)&sa, SUN_LEN(&sa));
if (ret == -1) {
e = errno;
syslog(LOG_ERR, "could not bind socket '%s': %s", socket_file, strerror(e));
exit(1);
}
ret = chown(socket_file, config->uid, config->gid);
if (ret == -1) {
e = errno;
syslog(LOG_ERR, "could not chown socket '%s': %s", socket_file, strerror(e));
}
ret = listen(sd, 1024);
if (ret == -1) {
e = errno;
syslog(LOG_ERR, "could not listen to socket '%s': %s", socket_file, strerror(e));
exit(1);
}
ret = load_pins(config, &pins);
if (ret < 0) {
syslog(LOG_ERR, "error loading PIN files");
exit(1);
}
key = malloc(sizeof(*key)*config->key_size);
if (key == NULL) {
syslog(LOG_ERR, "error in memory allocation");
exit(1);
}
/* read private keys */
for (i=0;i<key_size;i++) {
ret = gnutls_privkey_init(&key[i]);
GNUTLS_FATAL_ERR(ret);
/* load the private key */
if (gnutls_url_is_supported(config->key[i]) != 0) {
gnutls_privkey_set_pin_function (key[i], pin_callback, &pins);
ret = gnutls_privkey_import_url(key[i], config->key[i], 0);
GNUTLS_FATAL_ERR(ret);
} else {
ret = gnutls_load_file(config->key[i], &data);
if (ret < 0) {
syslog(LOG_ERR, "error loading file '%s'", config->key[i]);
GNUTLS_FATAL_ERR(ret);
}
ret = gnutls_privkey_import_x509_raw(key[i], &data, GNUTLS_X509_FMT_PEM, NULL, 0);
GNUTLS_FATAL_ERR(ret);
gnutls_free(data.data);
}
}
syslog(LOG_INFO, "sec-mod initialized (socket: %s)", socket_file);
for (;;) {
sa_len = sizeof(sa);
cfd = accept(sd, (struct sockaddr *)&sa, &sa_len);
if (cfd == -1) {
e = errno;
syslog(LOG_ERR, "sec-mod error accepting connection: %s", strerror(e));
continue;
}
#if defined(SO_PEERCRED) && defined(HAVE_STRUCT_UCRED)
cr_len = sizeof(cr);
ret = getsockopt(cfd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len);
if (ret == -1) {
e = errno;
syslog(LOG_ERR, "sec-mod error obtaining peer credentials: %s", strerror(e));
goto cont;
}
syslog(LOG_DEBUG, "sec-mod received request from pid %u and uid %u", (unsigned)cr.pid, (unsigned)cr.uid);
if (cr.uid != config->uid || cr.gid != config->gid) {
syslog(LOG_ERR, "sec-mod received unauthorized request from pid %u and uid %u", (unsigned)cr.pid, (unsigned)cr.uid);
goto cont;
}
#endif
/* read request */
ret = recv(cfd, buffer, buffer_size, 0);
if (ret == 0)
goto cont;
else if (ret <= 2) {
e = errno;
syslog(LOG_ERR, "error receiving sec-mod data: %s", strerror(e));
goto cont;
}
/* calculate */
i = buffer[0];
type = buffer[1];
if (i >= key_size) {
syslog(LOG_ERR, "sec-mod received out-of-bounds key index");
goto cont;
}
data.data = &buffer[2];
data.size = ret - 2;
if (type == 'S') {
#if GNUTLS_VERSION_NUMBER >= 0x030200
ret = gnutls_privkey_sign_hash(key[i], 0, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, &data, &out);
#else
ret = gnutls_privkey_sign_raw_data(key[i], 0, &data, &out);
#endif
} else if (type == 'D') {
ret = gnutls_privkey_decrypt_data(key[i], 0, &data, &out);
} else {
syslog(LOG_ERR, "unknown type 0x%.2x", type);
goto cont;
}
if (ret < 0) {
syslog(LOG_ERR, "sec-mod error in crypto operation: %s", gnutls_strerror(ret));
goto cont;
}
/* write reply */
length = out.size;
iov[0].iov_base = &length;
iov[0].iov_len = 2;
iov[1].iov_base = out.data;
iov[1].iov_len = out.size;
ret = writev(cfd, iov, 2);
if (ret == -1) {
e = errno;
syslog(LOG_ERR, "sec-mod error in writev: %s", strerror(e));
}
gnutls_free(out.data);
cont:
close(cfd);
}
}
char *
irc_sasl_mechanism_ecdsa_nist256p_challenge (struct t_irc_server *server,
const char *data_base64,
const char *sasl_username,
const char *sasl_key)
{
#if defined(HAVE_GNUTLS) && (LIBGNUTLS_VERSION_NUMBER >= 0x030015) /* 3.0.21 */
char *data, *string, *answer_base64;
int length_data, length_username, length, ret;
char *str_privkey;
gnutls_x509_privkey_t x509_privkey;
gnutls_privkey_t privkey;
gnutls_datum_t filedatum, decoded_data, signature;
#if LIBGNUTLS_VERSION_NUMBER >= 0x030300 /* 3.3.0 */
gnutls_ecc_curve_t curve;
gnutls_datum_t x, y, k;
char *pubkey, *pubkey_base64;
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x030300 */
answer_base64 = NULL;
string = NULL;
length = 0;
if (strcmp (data_base64, "+") == 0)
{
/* send "username" + '\0' + "username" */
answer_base64 = NULL;
length_username = strlen (sasl_username);
length = length_username + 1 + length_username;
string = malloc (length + 1);
if (string)
{
snprintf (string, length + 1, "%s|%s", sasl_username, sasl_username);
string[length_username] = '\0';
}
}
else
{
/* sign the challenge with the private key and return the result */
/* decode the challenge */
data = malloc (strlen (data_base64) + 1);
if (!data)
return NULL;
length_data = dogechat_string_decode_base64 (data_base64, data);
/* read file with private key */
str_privkey = irc_sasl_get_key_content (server, sasl_key);
if (!str_privkey)
{
free (data);
return NULL;
}
/* import key */
gnutls_x509_privkey_init (&x509_privkey);
gnutls_privkey_init (&privkey);
filedatum.data = (unsigned char *)str_privkey;
filedatum.size = strlen (str_privkey);
ret = gnutls_x509_privkey_import (x509_privkey, &filedatum,
GNUTLS_X509_FMT_PEM);
free (str_privkey);
if (ret != GNUTLS_E_SUCCESS)
{
dogechat_printf (
server->buffer,
_("%sgnutls: invalid private key file: error %d %s"),
dogechat_prefix ("error"),
ret,
gnutls_strerror (ret));
gnutls_x509_privkey_deinit (x509_privkey);
gnutls_privkey_deinit (privkey);
free (data);
return NULL;
}
#if LIBGNUTLS_VERSION_NUMBER >= 0x030300 /* 3.3.0 */
/* read raw values in key, to display public key */
ret = gnutls_x509_privkey_export_ecc_raw (x509_privkey,
&curve, &x, &y, &k);
if (ret == GNUTLS_E_SUCCESS)
{
pubkey = malloc (x.size + 1);
if (pubkey)
{
pubkey[0] = (y.data[y.size - 1] & 1) ? 0x03 : 0x02;
memcpy (pubkey + 1, x.data, x.size);
pubkey_base64 = malloc ((x.size + 1 + 1) * 4);
if (pubkey_base64)
{
dogechat_string_encode_base64 (pubkey, x.size + 1,
pubkey_base64);
dogechat_printf (
server->buffer,
_("%s%s: signing the challenge with ECC public key: "
"%s"),
dogechat_prefix ("network"),
IRC_PLUGIN_NAME,
pubkey_base64);
free (pubkey_base64);
}
free (pubkey);
}
gnutls_free (x.data);
gnutls_free (y.data);
gnutls_free (k.data);
}
#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x030300 */
/* import private key in an abstract key structure */
ret = gnutls_privkey_import_x509 (privkey, x509_privkey, 0); /* gnutls >= 2.11.0 */
if (ret != GNUTLS_E_SUCCESS)
{
dogechat_printf (
server->buffer,
_("%sgnutls: unable to import the private key: error %d %s"),
dogechat_prefix ("error"),
ret,
gnutls_strerror (ret));
gnutls_x509_privkey_deinit (x509_privkey);
gnutls_privkey_deinit (privkey);
free (data);
return NULL;
}
decoded_data.data = (unsigned char *)data;
decoded_data.size = length_data;
ret = gnutls_privkey_sign_hash (privkey, GNUTLS_DIG_SHA256, 0, /* gnutls >= 2.11.0 */
&decoded_data, &signature);
if (ret != GNUTLS_E_SUCCESS)
{
dogechat_printf (
server->buffer,
_("%sgnutls: unable to sign the hashed data: error %d %s"),
dogechat_prefix ("error"),
ret,
gnutls_strerror (ret));
gnutls_x509_privkey_deinit (x509_privkey);
gnutls_privkey_deinit (privkey);
free (data);
return NULL;
}
gnutls_x509_privkey_deinit (x509_privkey);
gnutls_privkey_deinit (privkey);
string = malloc (signature.size);
if (string)
memcpy (string, signature.data, signature.size);
length = signature.size;
gnutls_free (signature.data);
free (data);
}
if (string && (length > 0))
{
answer_base64 = malloc ((length + 1) * 4);
if (answer_base64)
dogechat_string_encode_base64 (string, length, answer_base64);
free (string);
}
return answer_base64;
#else /* no gnutls or gnutls < 3.0.21 */
/* make C compiler happy */
(void) data_base64;
(void) sasl_username;
(void) sasl_key;
dogechat_printf (server->buffer,
_("%sgnutls: version >= 3.0.21 is required for SASL "
"\"ecdsa-nist256p-challenge\""),
dogechat_prefix ("error"));
return NULL;
#endif /* defined(HAVE_GNUTLS) && (LIBGNUTLS_VERSION_NUMBER >= 0x030015) */
}
void doit(void)
{
int ret;
const char *lib;
gnutls_privkey_t key;
gnutls_pkcs11_obj_t obj;
gnutls_datum_t sig = {NULL, 0}, data;
unsigned flags = 0;
lib = getenv("P11MOCKLIB1");
if (lib == NULL)
lib = P11LIB;
{
void *dl;
unsigned int *pflags;
dl = dlopen(lib, RTLD_NOW);
if (dl == NULL) {
fail("could not dlopen %s\n", lib);
exit(1);
}
pflags = dlsym(dl, "pkcs11_mock_flags");
if (pflags == NULL) {
fail("could find pkcs11_mock_flags\n");
exit(1);
}
*pflags = MOCK_FLAG_ALWAYS_AUTH;
}
data.data = (void*)"\x38\x17\x0c\x08\xcb\x45\x8f\xd4\x87\x9c\x34\xb6\xf6\x08\x29\x4c\x50\x31\x2b\xbb";
data.size = 20;
ret = global_init();
if (ret != 0) {
fail("%d: %s\n", ret, gnutls_strerror(ret));
exit(1);
}
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(4711);
ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
if (ret != 0) {
fail("%d: %s\n", ret, gnutls_strerror(ret));
exit(1);
}
ret = gnutls_pkcs11_add_provider(lib, NULL);
if (ret != 0) {
fail("%d: %s\n", ret, gnutls_strerror(ret));
exit(1);
}
ret = gnutls_pkcs11_obj_init(&obj);
assert(ret>=0);
gnutls_pkcs11_obj_set_pin_function(obj, pin_func, NULL);
ret = gnutls_pkcs11_obj_import_url(obj, "pkcs11:object=test;type=private", GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
assert(ret>=0);
ret = gnutls_pkcs11_obj_get_flags(obj, &flags);
assert(ret>=0);
if (!(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH)) {
fail("key object doesn't have the always authenticate flag\n");
}
gnutls_pkcs11_obj_deinit(obj);
ret = gnutls_privkey_init(&key);
assert(ret>=0);
gnutls_privkey_set_pin_function(key, pin_func, NULL);
ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
if (ret < 0) {
fail("%d: %s\n", ret, gnutls_strerror(ret));
exit(1);
}
pin_called = 0;
ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig);
if (ret < 0) {
fail("%d: %s\n", ret, gnutls_strerror(ret));
exit(1);
}
if (pin_called == 0) {
fail("PIN function wasn't called!\n");
}
pin_called = 0;
gnutls_free(sig.data);
/* call again - should re-authenticate */
ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig);
if (ret < 0) {
fail("%d: %s\n", ret, gnutls_strerror(ret));
exit(1);
}
if (pin_called == 0) {
fail("PIN function wasn't called twice!\n");
}
pin_called = 0;
gnutls_free(sig.data);
if (debug)
printf("done\n\n\n");
gnutls_privkey_deinit(key);
gnutls_pkcs11_deinit();
gnutls_global_deinit();
}
void doit(void)
{
gnutls_x509_privkey_t key;
gnutls_x509_crt_t crt;
gnutls_pubkey_t pubkey;
gnutls_privkey_t privkey;
gnutls_sign_algorithm_t sign_algo;
gnutls_datum_t signature;
gnutls_datum_t signature2;
int ret;
size_t i;
global_init();
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(6);
for (i = 0; i < sizeof(key_dat) / sizeof(key_dat[0]); i++) {
if (debug)
success("loop %d\n", (int) i);
ret = gnutls_x509_privkey_init(&key);
if (ret < 0)
fail("gnutls_x509_privkey_init\n");
ret =
gnutls_x509_privkey_import(key, &key_dat[i],
GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail("gnutls_x509_privkey_import\n");
ret = gnutls_pubkey_init(&pubkey);
if (ret < 0)
fail("gnutls_privkey_init\n");
ret = gnutls_privkey_init(&privkey);
if (ret < 0)
fail("gnutls_pubkey_init\n");
ret = gnutls_privkey_import_x509(privkey, key, 0);
if (ret < 0)
fail("gnutls_privkey_import_x509\n");
ret = gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA1, 0,
&hash_data, &signature2);
if (ret < 0)
fail("gnutls_privkey_sign_hash\n");
ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0,
&raw_data, &signature);
if (ret < 0)
fail("gnutls_x509_privkey_sign_hash\n");
ret = gnutls_x509_crt_init(&crt);
if (ret < 0)
fail("gnutls_x509_crt_init\n");
ret =
gnutls_x509_crt_import(crt, &cert_dat[i],
GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail("gnutls_x509_crt_import\n");
ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
if (ret < 0)
fail("gnutls_x509_pubkey_import\n");
ret =
gnutls_x509_crt_get_signature_algorithm(crt);
if (ret != GNUTLS_SIGN_RSA_SHA1)
fail("gnutls_crt_get_signature_algorithm\n");
ret =
gnutls_pubkey_verify_hash2(pubkey, GNUTLS_SIGN_RSA_SHA1, 0, &hash_data,
&signature);
if (ret < 0)
fail("gnutls_x509_pubkey_verify_hash2\n");
ret =
gnutls_pubkey_verify_hash2(pubkey, GNUTLS_SIGN_RSA_SHA1, 0, &hash_data,
&signature2);
if (ret < 0)
fail("gnutls_x509_pubkey_verify_hash-1 (hashed data)\n");
/* should fail */
ret =
gnutls_pubkey_verify_hash2(pubkey, GNUTLS_SIGN_RSA_SHA1, 0,
&invalid_hash_data,
&signature2);
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
fail("gnutls_x509_pubkey_verify_hash-2 (hashed data)\n");
sign_algo =
gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm
(pubkey, NULL), GNUTLS_DIG_SHA1);
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
&hash_data, &signature2);
if (ret < 0)
fail("gnutls_x509_pubkey_verify_hash2-1 (hashed data)\n");
/* should fail */
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
&invalid_hash_data,
&signature2);
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
fail("gnutls_x509_pubkey_verify_hash2-2 (hashed data)\n");
/* test the raw interface */
gnutls_free(signature.data);
signature.data = NULL;
if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) ==
GNUTLS_PK_RSA) {
ret =
gnutls_privkey_sign_hash(privkey,
GNUTLS_DIG_SHA1,
GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
&hash_data,
&signature);
if (ret < 0)
fail("gnutls_privkey_sign_hash: %s\n",
gnutls_strerror(ret));
sign_algo =
gnutls_pk_to_sign
(gnutls_pubkey_get_pk_algorithm(pubkey, NULL),
GNUTLS_DIG_SHA1);
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo,
GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
&hash_data,
&signature);
if (ret < 0)
fail("gnutls_pubkey_verify_hash-3 (raw hashed data)\n");
gnutls_free(signature.data);
/* test the legacy API */
ret =
gnutls_privkey_sign_raw_data(privkey, 0,
&hash_data,
&signature);
if (ret < 0)
fail("gnutls_privkey_sign_raw_data: %s\n",
gnutls_strerror(ret));
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo,
GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
&hash_data,
&signature);
if (ret < 0)
fail("gnutls_pubkey_verify_hash-4 (legacy raw hashed data)\n");
}
gnutls_free(signature.data);
gnutls_free(signature2.data);
gnutls_x509_privkey_deinit(key);
gnutls_x509_crt_deinit(crt);
gnutls_privkey_deinit(privkey);
gnutls_pubkey_deinit(pubkey);
}
gnutls_global_deinit();
}
static
int process_worker_packet(void *pool, int cfd, pid_t pid, sec_mod_st * sec, cmd_request_t cmd,
uint8_t * buffer, size_t buffer_size)
{
unsigned i;
gnutls_datum_t data, out;
int ret;
SecOpMsg *op;
PROTOBUF_ALLOCATOR(pa, pool);
seclog(sec, LOG_DEBUG, "cmd [size=%d] %s\n", (int)buffer_size,
cmd_request_to_str(cmd));
data.data = buffer;
data.size = buffer_size;
switch (cmd) {
case CMD_SEC_SIGN:
case CMD_SEC_DECRYPT:
op = sec_op_msg__unpack(&pa, data.size, data.data);
if (op == NULL) {
seclog(sec, LOG_INFO, "error unpacking sec op\n");
return -1;
}
i = op->key_idx;
if (op->has_key_idx == 0 || i >= sec->key_size) {
seclog(sec, LOG_INFO,
"received out-of-bounds key index (%d)", i);
return -1;
}
data.data = op->data.data;
data.size = op->data.len;
if (cmd == CMD_SEC_DECRYPT) {
ret =
gnutls_privkey_decrypt_data(sec->key[i], 0, &data,
&out);
} else {
#if GNUTLS_VERSION_NUMBER >= 0x030200
ret =
gnutls_privkey_sign_hash(sec->key[i], 0,
GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
&data, &out);
#else
ret =
gnutls_privkey_sign_raw_data(sec->key[i], 0, &data,
&out);
#endif
}
sec_op_msg__free_unpacked(op, &pa);
if (ret < 0) {
seclog(sec, LOG_INFO, "error in crypto operation: %s",
gnutls_strerror(ret));
return -1;
}
ret = handle_op(pool, cfd, sec, cmd, out.data, out.size);
gnutls_free(out.data);
return ret;
case CMD_SEC_CLI_STATS:{
CliStatsMsg *tmsg;
tmsg = cli_stats_msg__unpack(&pa, data.size, data.data);
if (tmsg == NULL) {
seclog(sec, LOG_ERR, "error unpacking data");
return -1;
}
ret = handle_sec_auth_stats_cmd(sec, tmsg, pid);
cli_stats_msg__free_unpacked(tmsg, &pa);
return ret;
}
break;
case CMD_SEC_AUTH_INIT:{
SecAuthInitMsg *auth_init;
auth_init =
sec_auth_init_msg__unpack(&pa, data.size,
data.data);
if (auth_init == NULL) {
seclog(sec, LOG_INFO, "error unpacking auth init\n");
return -1;
}
ret = handle_sec_auth_init(cfd, sec, auth_init, pid);
sec_auth_init_msg__free_unpacked(auth_init, &pa);
return ret;
}
case CMD_SEC_AUTH_CONT:{
SecAuthContMsg *auth_cont;
auth_cont =
sec_auth_cont_msg__unpack(&pa, data.size,
data.data);
if (auth_cont == NULL) {
seclog(sec, LOG_INFO, "error unpacking auth cont\n");
return -1;
}
ret = handle_sec_auth_cont(cfd, sec, auth_cont);
sec_auth_cont_msg__free_unpacked(auth_cont, &pa);
return ret;
}
case RESUME_STORE_REQ:{
SessionResumeStoreReqMsg *smsg;
smsg =
session_resume_store_req_msg__unpack(&pa, buffer_size,
buffer);
if (smsg == NULL) {
seclog(sec, LOG_ERR, "error unpacking data");
return ERR_BAD_COMMAND;
}
ret = handle_resume_store_req(sec, smsg);
/* zeroize the data */
safe_memset(buffer, 0, buffer_size);
safe_memset(smsg->session_data.data, 0, smsg->session_data.len);
session_resume_store_req_msg__free_unpacked(smsg, &pa);
if (ret < 0) {
seclog(sec, LOG_DEBUG,
"could not store resumption data");
}
}
break;
case RESUME_DELETE_REQ:{
SessionResumeFetchMsg *fmsg;
fmsg =
session_resume_fetch_msg__unpack(&pa, buffer_size,
buffer);
if (fmsg == NULL) {
seclog(sec, LOG_ERR, "error unpacking data");
return ERR_BAD_COMMAND;
}
ret = handle_resume_delete_req(sec, fmsg);
session_resume_fetch_msg__free_unpacked(fmsg, &pa);
if (ret < 0) {
seclog(sec, LOG_DEBUG,
"could not delete resumption data.");
}
}
break;
case RESUME_FETCH_REQ:{
SessionResumeReplyMsg msg =
SESSION_RESUME_REPLY_MSG__INIT;
SessionResumeFetchMsg *fmsg;
/* FIXME: rate limit that */
fmsg =
session_resume_fetch_msg__unpack(&pa, buffer_size,
buffer);
if (fmsg == NULL) {
seclog(sec, LOG_ERR, "error unpacking data");
return ERR_BAD_COMMAND;
}
ret = handle_resume_fetch_req(sec, fmsg, &msg);
session_resume_fetch_msg__free_unpacked(fmsg, &pa);
if (ret < 0) {
msg.reply =
SESSION_RESUME_REPLY_MSG__RESUME__REP__FAILED;
seclog(sec, LOG_DEBUG,
"could not fetch resumption data.");
} else {
msg.reply =
SESSION_RESUME_REPLY_MSG__RESUME__REP__OK;
}
ret =
send_msg(pool, cfd, RESUME_FETCH_REP, &msg,
(pack_size_func)
session_resume_reply_msg__get_packed_size,
(pack_func)
session_resume_reply_msg__pack);
if (ret < 0) {
seclog(sec, LOG_ERR,
"could not send reply cmd %d.",
(unsigned)cmd);
return ERR_BAD_COMMAND;
}
}
break;
default:
seclog(sec, LOG_WARNING, "unknown type 0x%.2x", cmd);
return -1;
}
return 0;
}
void
doit (void)
{
gnutls_x509_privkey_t key;
gnutls_x509_crt_t crt;
gnutls_pubkey_t pubkey;
gnutls_privkey_t privkey;
gnutls_digest_algorithm_t hash_algo;
gnutls_sign_algorithm_t sign_algo;
gnutls_datum_t signature;
gnutls_datum_t signature2;
int ret;
size_t i;
gnutls_global_init ();
gnutls_global_set_log_function (tls_log_func);
if (debug)
gnutls_global_set_log_level (6);
for (i = 0; i < sizeof (key_dat) / sizeof (key_dat[0]); i++)
{
if (debug)
success ("loop %d\n", (int) i);
ret = gnutls_x509_privkey_init (&key);
if (ret < 0)
fail ("gnutls_x509_privkey_init\n");
ret =
gnutls_x509_privkey_import (key, &key_dat[i], GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail ("gnutls_x509_privkey_import\n");
ret = gnutls_pubkey_init (&pubkey);
if (ret < 0)
fail ("gnutls_privkey_init\n");
ret = gnutls_privkey_init (&privkey);
if (ret < 0)
fail ("gnutls_pubkey_init\n");
ret = gnutls_privkey_import_x509 (privkey, key, 0);
if (ret < 0)
fail ("gnutls_privkey_import_x509\n");
ret = gnutls_privkey_sign_hash (privkey, GNUTLS_DIG_SHA1, 0,
&hash_data, &signature2);
if (ret < 0)
fail ("gnutls_privkey_sign_hash\n");
ret = gnutls_privkey_sign_data (privkey, GNUTLS_DIG_SHA1, 0,
&raw_data, &signature);
if (ret < 0)
fail ("gnutls_x509_privkey_sign_hash\n");
ret = gnutls_x509_crt_init (&crt);
if (ret < 0)
fail ("gnutls_x509_crt_init\n");
ret = gnutls_x509_crt_import (crt, &cert_dat[i], GNUTLS_X509_FMT_PEM);
if (ret < 0)
fail ("gnutls_x509_crt_import\n");
ret =
gnutls_pubkey_import_x509 (pubkey, crt, 0);
if (ret < 0)
fail ("gnutls_x509_pubkey_import\n");
ret =
gnutls_pubkey_get_verify_algorithm (pubkey, &signature, &hash_algo);
if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1)
fail ("gnutls_x509_crt_get_verify_algorithm\n");
ret = gnutls_pubkey_verify_hash (pubkey, 0, &hash_data, &signature);
if (ret < 0)
fail ("gnutls_x509_pubkey_verify_hash\n");
ret =
gnutls_pubkey_get_verify_algorithm (pubkey, &signature2, &hash_algo);
if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1)
fail ("gnutls_x509_crt_get_verify_algorithm (hashed data)\n");
ret = gnutls_pubkey_verify_hash (pubkey, 0, &hash_data, &signature2);
if (ret < 0)
fail ("gnutls_x509_pubkey_verify_hash-1 (hashed data)\n");
/* should fail */
ret = gnutls_pubkey_verify_hash (pubkey, 0, &invalid_hash_data, &signature2);
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
fail ("gnutls_x509_pubkey_verify_hash-2 (hashed data)\n");
sign_algo = gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm(pubkey, NULL),
GNUTLS_DIG_SHA1);
ret = gnutls_pubkey_verify_hash2 (pubkey, sign_algo, 0, &hash_data, &signature2);
if (ret < 0)
fail ("gnutls_x509_pubkey_verify_hash2-1 (hashed data)\n");
/* should fail */
ret = gnutls_pubkey_verify_hash2 (pubkey, sign_algo, 0, &invalid_hash_data, &signature2);
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
fail ("gnutls_x509_pubkey_verify_hash2-2 (hashed data)\n");
gnutls_free(signature.data);
gnutls_free(signature2.data);
gnutls_x509_privkey_deinit (key);
gnutls_x509_crt_deinit (crt);
gnutls_privkey_deinit (privkey);
gnutls_pubkey_deinit (pubkey);
}
gnutls_global_deinit ();
}
void doit(void)
{
int ret;
const char *lib;
gnutls_privkey_t key;
gnutls_datum_t sig = {NULL, 0}, data;
pid_t pid;
data.data = (void*)"\x38\x17\x0c\x08\xcb\x45\x8f\xd4\x87\x9c\x34\xb6\xf6\x08\x29\x4c\x50\x31\x2b\xbb";
data.size = 20;
ret = global_init();
if (ret != 0) {
fail("%d: %s\n", ret, gnutls_strerror(ret));
exit(1);
}
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(4711);
lib = getenv("P11MOCKLIB1");
if (lib == NULL)
lib = P11LIB;
ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
if (ret != 0) {
fail("%d: %s\n", ret, gnutls_strerror(ret));
exit(1);
}
ret = gnutls_pkcs11_add_provider(lib, NULL);
if (ret != 0) {
fail("%d: %s\n", ret, gnutls_strerror(ret));
exit(1);
}
ret = gnutls_privkey_init(&key);
assert(ret>=0);
gnutls_privkey_set_pin_function(key, pin_func, NULL);
ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
if (ret < 0) {
fail("%d: %s\n", ret, gnutls_strerror(ret));
exit(1);
}
ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig);
if (ret < 0) {
fail("%d: %s\n", ret, gnutls_strerror(ret));
exit(1);
}
gnutls_free(sig.data);
pid = fork();
if (pid != 0) {
int status;
assert(waitpid(pid, &status, 0) >= 0);
if (WEXITSTATUS(status) != 0) {
fail("child return status was unexpected: %d\n", WEXITSTATUS(status));
exit(1);
}
} else { /* child */
ret = gnutls_pkcs11_reinit();
assert(ret == 0);
ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig);
if (ret < 0) {
fail("%d: %s\n", ret, gnutls_strerror(ret));
exit(1);
}
gnutls_free(sig.data);
gnutls_privkey_deinit(key);
gnutls_pkcs11_deinit();
gnutls_global_deinit();
exit(0);
}
if (debug)
printf("done\n\n\n");
gnutls_privkey_deinit(key);
gnutls_pkcs11_deinit();
gnutls_global_deinit();
}
/* This will create a PKCS1 or DSA signature, as defined in the TLS protocol.
* Cert is the certificate of the corresponding private key. It is only checked if
* it supports signing.
*/
static int
sign_tls_hash(gnutls_session_t session, const mac_entry_st * hash_algo,
gnutls_pcert_st * cert, gnutls_privkey_t pkey,
const gnutls_datum_t * hash_concat,
gnutls_datum_t * signature)
{
const version_entry_st *ver = get_version(session);
unsigned int key_usage = 0;
/* If our certificate supports signing
*/
if (cert != NULL) {
gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
if (key_usage != 0)
if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) {
gnutls_assert();
_gnutls_audit_log(session,
"Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n");
}
/* External signing. Deprecated. To be removed. */
if (!pkey) {
int ret;
if (!session->internals.sign_func)
return
gnutls_assert_val
(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
if (!_gnutls_version_has_selectable_sighash(ver))
return (*session->internals.sign_func)
(session,
session->internals.sign_func_userdata,
cert->type, &cert->cert, hash_concat,
signature);
else {
gnutls_datum_t digest;
ret =
_gnutls_set_datum(&digest,
hash_concat->data,
hash_concat->size);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
pk_prepare_hash
(gnutls_pubkey_get_pk_algorithm
(cert->pubkey, NULL), hash_algo,
&digest);
if (ret < 0) {
gnutls_assert();
goto es_cleanup;
}
ret = (*session->internals.sign_func)
(session,
session->internals.sign_func_userdata,
cert->type, &cert->cert, &digest,
signature);
es_cleanup:
gnutls_free(digest.data);
return ret;
}
}
}
if (!_gnutls_version_has_selectable_sighash(ver))
return gnutls_privkey_sign_raw_data(pkey, 0, hash_concat,
signature);
else
return gnutls_privkey_sign_hash(pkey,
(gnutls_digest_algorithm_t)hash_algo->id,
0, hash_concat, signature);
}
static
void test_sig(gnutls_pk_algorithm_t pk, unsigned hash, unsigned bits)
{
gnutls_pubkey_t pubkey;
gnutls_privkey_t privkey;
gnutls_sign_algorithm_t sign_algo;
gnutls_datum_t signature;
const gnutls_datum_t *hash_data;
int ret;
unsigned j;
if (hash == GNUTLS_DIG_SHA1)
hash_data = &sha1_data;
else if (hash == GNUTLS_DIG_SHA256)
hash_data = &sha256_data;
else
abort();
sign_algo =
gnutls_pk_to_sign(pk, hash);
for (j = 0; j < 100; j++) {
ret = gnutls_pubkey_init(&pubkey);
if (ret < 0)
ERR(__LINE__);
ret = gnutls_privkey_init(&privkey);
if (ret < 0)
ERR(__LINE__);
ret = gnutls_privkey_generate(privkey, pk, bits, 0);
if (ret < 0)
ERR(__LINE__);
ret =
gnutls_privkey_sign_hash(privkey, hash,
0, hash_data,
&signature);
if (ret < 0)
ERR(__LINE__);
ret = gnutls_pubkey_import_privkey(pubkey, privkey, GNUTLS_KEY_DIGITAL_SIGNATURE, 0);
if (ret < 0)
ERR(__LINE__);
ret =
gnutls_pubkey_verify_hash2(pubkey,
sign_algo, 0,
hash_data, &signature);
if (ret < 0)
ERR(__LINE__);
/* should fail */
ret =
gnutls_pubkey_verify_hash2(pubkey,
sign_algo, 0,
&invalid_hash_data,
&signature);
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
ERR(__LINE__);
sign_algo =
gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm
(pubkey, NULL), hash);
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
hash_data, &signature);
if (ret < 0)
ERR(__LINE__);
/* should fail */
ret =
gnutls_pubkey_verify_hash2(pubkey, sign_algo, 0,
&invalid_hash_data,
&signature);
if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
ERR(__LINE__);
/* test the raw interface */
gnutls_free(signature.data);
signature.data = NULL;
if (pk == GNUTLS_PK_RSA) {
ret =
gnutls_privkey_sign_hash(privkey,
hash,
GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA,
hash_data,
&signature);
if (ret < 0)
ERR(__LINE__);
sign_algo =
gnutls_pk_to_sign
(gnutls_pubkey_get_pk_algorithm
(pubkey, NULL), hash);
ret =
gnutls_pubkey_verify_hash2(pubkey,
sign_algo,
GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA,
hash_data,
&signature);
if (ret < 0)
ERR(__LINE__);
}
gnutls_free(signature.data);
gnutls_privkey_deinit(privkey);
gnutls_pubkey_deinit(pubkey);
}
}
