/* This function reads the RSA parameters from peer's certificate; */ int _gnutls_get_public_rsa_params(gnutls_session_t session, gnutls_pk_params_st * params) { int ret; cert_auth_info_t info; unsigned key_usage; gnutls_pcert_st peer_cert; /* normal non export case */ info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL || info->ncerts == 0) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } ret = _gnutls_get_auth_info_pcert(&peer_cert, session->security_parameters. cert_type, info); if (ret < 0) { gnutls_assert(); return ret; } gnutls_pubkey_get_key_usage(peer_cert.pubkey, &key_usage); ret = check_key_usage_for_enc(session, key_usage); if (ret < 0) { gnutls_assert(); goto cleanup2; } gnutls_pk_params_init(params); ret = _gnutls_pubkey_get_mpis(peer_cert.pubkey, params); if (ret < 0) { ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); goto cleanup2; } gnutls_pcert_deinit(&peer_cert); return 0; cleanup2: gnutls_pcert_deinit(&peer_cert); return ret; }
/* This will create a PKCS1 or DSA signature, as defined in the TLS protocol. * Cert is the certificate of the corresponding private key. It is only checked if * it supports signing. */ static int sign_tls_hash (gnutls_session_t session, gnutls_digest_algorithm_t hash_algo, gnutls_pcert_st* cert, gnutls_privkey_t pkey, const gnutls_datum_t * hash_concat, gnutls_datum_t * signature) { gnutls_protocol_t ver = gnutls_protocol_get_version (session); unsigned int key_usage = 0; /* If our certificate supports signing */ if (cert != NULL) { gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage); if (key_usage != 0) if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) { gnutls_assert (); return GNUTLS_E_KEY_USAGE_VIOLATION; } /* External signing. */ if (!pkey) { if (!session->internals.sign_func) return GNUTLS_E_INSUFFICIENT_CREDENTIALS; return (*session->internals.sign_func) (session, session->internals.sign_func_userdata, cert->type, &cert->cert, hash_concat, signature); } } if (!_gnutls_version_has_selectable_sighash (ver)) return _gnutls_privkey_sign_hash (pkey, hash_concat, signature); else return gnutls_privkey_sign_hash (pkey, hash_algo, 0, hash_concat, signature); }
static int verify_tls_hash(gnutls_session_t session, const version_entry_st * ver, gnutls_pcert_st * cert, const gnutls_datum_t * hash_concat, gnutls_datum_t * signature, size_t sha1pos, gnutls_sign_algorithm_t sign_algo, gnutls_pk_algorithm_t pk_algo) { int ret; gnutls_datum_t vdata; unsigned int key_usage = 0, flags; if (cert == NULL) { gnutls_assert(); return GNUTLS_E_CERTIFICATE_ERROR; } gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage); /* If the certificate supports signing continue. */ if (key_usage != 0) if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) { gnutls_assert(); _gnutls_audit_log(session, "Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n"); } if (pk_algo == GNUTLS_PK_UNKNOWN) pk_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL); switch (pk_algo) { case GNUTLS_PK_RSA: vdata.data = hash_concat->data; vdata.size = hash_concat->size; /* verify signature */ if (!_gnutls_version_has_selectable_sighash(ver)) flags = GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA; else flags = 0; break; case GNUTLS_PK_DSA: case GNUTLS_PK_EC: vdata.data = &hash_concat->data[sha1pos]; vdata.size = hash_concat->size - sha1pos; flags = 0; break; default: gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } gnutls_sign_algorithm_set_server(session, sign_algo); ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo, flags, &vdata, signature); if (ret < 0) return gnutls_assert_val(ret); return 0; }
/* This will create a PKCS1 or DSA signature, as defined in the TLS protocol. * Cert is the certificate of the corresponding private key. It is only checked if * it supports signing. */ static int sign_tls_hash(gnutls_session_t session, const mac_entry_st * hash_algo, gnutls_pcert_st * cert, gnutls_privkey_t pkey, const gnutls_datum_t * hash_concat, gnutls_datum_t * signature) { const version_entry_st *ver = get_version(session); unsigned int key_usage = 0; /* If our certificate supports signing */ if (cert != NULL) { gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage); if (key_usage != 0) if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) { gnutls_assert(); _gnutls_audit_log(session, "Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n"); } /* External signing. Deprecated. To be removed. */ if (!pkey) { int ret; if (!session->internals.sign_func) return gnutls_assert_val (GNUTLS_E_INSUFFICIENT_CREDENTIALS); if (!_gnutls_version_has_selectable_sighash(ver)) return (*session->internals.sign_func) (session, session->internals.sign_func_userdata, cert->type, &cert->cert, hash_concat, signature); else { gnutls_datum_t digest; ret = _gnutls_set_datum(&digest, hash_concat->data, hash_concat->size); if (ret < 0) return gnutls_assert_val(ret); ret = pk_prepare_hash (gnutls_pubkey_get_pk_algorithm (cert->pubkey, NULL), hash_algo, &digest); if (ret < 0) { gnutls_assert(); goto es_cleanup; } ret = (*session->internals.sign_func) (session, session->internals.sign_func_userdata, cert->type, &cert->cert, &digest, signature); es_cleanup: gnutls_free(digest.data); return ret; } } } if (!_gnutls_version_has_selectable_sighash(ver)) return gnutls_privkey_sign_raw_data(pkey, 0, hash_concat, signature); else return gnutls_privkey_sign_hash(pkey, (gnutls_digest_algorithm_t)hash_algo->id, 0, hash_concat, signature); }
static int verify_tls_hash (gnutls_protocol_t ver, gnutls_pcert_st* cert, const gnutls_datum_t * hash_concat, gnutls_datum_t * signature, size_t sha1pos, gnutls_pk_algorithm_t pk_algo) { int ret; gnutls_datum_t vdata; unsigned int key_usage = 0, flags; if (cert == NULL) { gnutls_assert (); return GNUTLS_E_CERTIFICATE_ERROR; } gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage); /* If the certificate supports signing continue. */ if (key_usage != 0) if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) { gnutls_assert (); return GNUTLS_E_KEY_USAGE_VIOLATION; } if (pk_algo == GNUTLS_PK_UNKNOWN) pk_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL); switch (pk_algo) { case GNUTLS_PK_RSA: vdata.data = hash_concat->data; vdata.size = hash_concat->size; /* verify signature */ if (!_gnutls_version_has_selectable_sighash (ver)) flags = GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA; else flags = 0; break; case GNUTLS_PK_DSA: vdata.data = &hash_concat->data[sha1pos]; vdata.size = hash_concat->size - sha1pos; flags = 0; break; default: gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } ret = gnutls_pubkey_verify_hash(cert->pubkey, flags, &vdata, signature); if (ret < 0) return gnutls_assert_val(ret); return 0; }