[v2,04/10] tls: Support peer certificates that use ECDSA

Message ID	20220718180045.5845-4-denkenz@gmail.com (mailing list archive)
State	New
Headers	show Received: from mail-ot1-f53.google.com (mail-ot1-f53.google.com [209.85.210.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2377333DE for <ell@lists.linux.dev>; Mon, 18 Jul 2022 18:07:13 +0000 (UTC) From: Denis Kenzior <denkenz@gmail.com> To: ell@lists.linux.dev Cc: Denis Kenzior <denkenz@gmail.com> Subject: [PATCH v2 04/10] tls: Support peer certificates that use ECDSA Date: Mon, 18 Jul 2022 13:00:39 -0500 Message-Id: <20220718180045.5845-4-denkenz@gmail.com> In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com> References: <20220718180045.5845-1-denkenz@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[v2,01/10] cert/key: Add support for EC based certificates \| expand [v2,01/10] cert/key: Add support for EC based certificates [v2,02/10] unit: Add basic EC-DSA verification test [v2,03/10] key: ECDSA data is given in x962 format [v2,04/10] tls: Support peer certificates that use ECDSA [v2,05/10] tls: Add helper for DigitallySigned validation [v2,06/10] tls: Add helper to find hash function by id [v2,07/10] tls-suites: Add ECDSA suites from RFC 8422 [v2,08/10] unit: Skip ECDSA cipher suite tests [v2,09/10] useful: Add maxsize() [v2,10/10] tls: Do not set verify_data_length unless needed

Message ID

20220718180045.5845-4-denkenz@gmail.com (mailing list archive)

State

New

Headers

From: Denis Kenzior <denkenz@gmail.com>
To: ell@lists.linux.dev
Cc: Denis Kenzior <denkenz@gmail.com>
Subject: [PATCH v2 04/10] tls: Support peer certificates that use ECDSA
Date: Mon, 18 Jul 2022 13:00:39 -0500
Message-Id: <20220718180045.5845-4-denkenz@gmail.com>
In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com>
References: <20220718180045.5845-1-denkenz@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[v2,01/10] cert/key: Add support for EC based certificates | expand

Context	Check	Description
tedd_an/pre-ci_am	success	Success

Context

Check

Description

tedd_an/pre-ci_am

success

Success

Commit Message

Denis Kenzior July 18, 2022, 6 p.m. UTC

---
v2 - Rework slightly to fix (false-positive) compiler warnings

 ell/tls.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/ell/tls.c b/ell/tls.c
index b2f7411f3b36..136aa8660c2a 100644
--- a/ell/tls.c
+++ b/ell/tls.c
@@ -2028,12 +2028,22 @@  static void tls_handle_certificate(struct l_tls *tls,
 		return;
 	}
 
-	if (!l_key_get_info(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5,
-					L_CHECKSUM_NONE, &tls->peer_pubkey_size,
-					&dummy)) {
+	switch (l_cert_get_pubkey_type(tls->peer_cert)) {
+	case L_CERT_KEY_RSA:
+		if (!l_key_get_info(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5,
+				L_CHECKSUM_NONE,
+				&tls->peer_pubkey_size, &dummy))
+			goto pubkey_unsupported;
+		break;
+	case L_CERT_KEY_ECC:
+		if (!l_key_get_info(tls->peer_pubkey, L_KEY_ECDSA_X962,
+				L_CHECKSUM_SHA1,
+				&tls->peer_pubkey_size, &dummy))
+			goto pubkey_unsupported;
+		break;
+	case L_CERT_KEY_UNKNOWN:
 		TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0,
-				"Can't l_key_get_info for peer public key");
-
+				"Unknown public key type");
 		return;
 	}
 
@@ -2047,6 +2057,10 @@  static void tls_handle_certificate(struct l_tls *tls,
 
 	return;
 
+pubkey_unsupported:
+	TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0,
+				"Can't l_key_get_info for peer public key");
+	return;
 decode_error:
 	TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0,
 			"TLS_CERTIFICATE decode error");

[v2,04/10] tls: Support peer certificates that use ECDSA

Checks

Commit Message

Patch