From patchwork Mon Jul 18 16:02:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921419 Received: from mail-oa1-f51.google.com (mail-oa1-f51.google.com [209.85.160.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DEC1320E for ; Mon, 18 Jul 2022 16:08:35 +0000 (UTC) Received: by mail-oa1-f51.google.com with SMTP id 586e51a60fabf-10c0430e27dso24956886fac.4 for ; Mon, 18 Jul 2022 09:08:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=rJlGaTt8c3u3xYzawmr81ynKoJj/T5ePwtuRsOr5Qu0=; b=d8RTclhwis29hL+rug7N/7WGAiaL7+3DwQx2xMF3FrteJL0a/NT9BYlYKoTpXnp7Lg lf0ZbGDHtyYxR5vPv0jBApzibStAlrFRYpQchSZXB91BOSY9QEK4GKN2AUQS4afGPZny jxjukKM5uM+/S4NliC3/g5iHBcXfoN4o1vN7tFlqowfTwK7FYmkL3Kv4MMrYsDjDhTDJ InsMqwIXfazw5tWfqv9Upe/YYtGNVqh/lfNETAxUTsCrYcv5YKkiKlb5GYW885rF4mjl rtIfj8Wj7P04KGExXJ04zYOutbOMtxrVgGmO0s5ydcihCTSdkiAlzxL/+rezpc9E8/l+ 2Oug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=rJlGaTt8c3u3xYzawmr81ynKoJj/T5ePwtuRsOr5Qu0=; b=AXz9LH5jZraz3Cr6JBfCyLEJ9uR7LR5260xCEaTK8XAfjH64H6gedpr/L7hv1+t3zL FVRqrF2dI/IAQPaAJ5hafTEHTOUtGWrcidkXR4ht2WMV18rBufPa/iUkWmmG5L8jtY1c 2zYrM3NkwXHNyN8mwoxcMBm/WubEdEZTFOFq2JPP9SNLtwJPcvJ9P9wXKGKc9NVVtFrf 3uwFjqrwcSvI+fEFuDVsxPwGlCcSJ471K8Cpx7l8EV1SCpEC4PxFbb+qcyvy79Kf8pGB ZIOUaWFpDVyYeQIA0y2T/i8Uq+Lh6lBsuGQis0lW7ZKuYAkyosVdQMW7YlIAEy0Mhjh1 cyqQ== X-Gm-Message-State: AJIora8ZgaegQ184KqGdRqiG0M+2q/Po29K15mWkw4bg0BN1IDun56wD NqsepSMS/xhYXuS2HNJzoYkOmxVhlRw= X-Google-Smtp-Source: AGRyM1sjm0kWqokyx8CS1xbPkldBXhaHyGJ+zBsRnY1yx22xVZYzkY3BDSEl5zk6tr/kZ+xb0vZ3VQ== X-Received: by 2002:a05:6808:1247:b0:335:2987:120c with SMTP id o7-20020a056808124700b003352987120cmr13704601oiv.142.1658160514504; Mon, 18 Jul 2022 09:08:34 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id t19-20020a9d5913000000b0061cae832e5dsm297941oth.3.2022.07.18.09.08.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 09:08:34 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH 1/9] cert/key: Add support for EC based certificates Date: Mon, 18 Jul 2022 11:02:14 -0500 Message-Id: <20220718160222.10634-1-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Mostly for use with Elliptic Curve (EC) Digital Signature Algorithm (DSA) based certificates. Other combinations of EC + signature algorithms are also possible. This requires your kernel to be built with CRYPTO_ECDSA support. --- NOTE: At the time this patch was created, kernel had to be patched with the following fix in order for ECDSA support to function properly from userspace: https://lore.kernel.org/linux-crypto/20220715182810.30505-1-denkenz@gmail.com/ ell/cert.c | 18 ++++++++++++++++-- ell/cert.h | 1 + ell/key.c | 1 + ell/key.h | 1 + 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/ell/cert.c b/ell/cert.c index 141ea1cec038..a158142445ec 100644 --- a/ell/cert.c +++ b/ell/cert.c @@ -77,7 +77,15 @@ static const struct pkcs1_encryption_oid { } pkcs1_encryption_oids[] = { { /* rsaEncryption */ L_CERT_KEY_RSA, - { 9, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 } }, + { .asn1_len = 9, .asn1 = { + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 } + }, + }, + { /* ecPublicKey */ + L_CERT_KEY_ECC, + { .asn1_len = 7, .asn1 = { + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01 } + }, }, }; @@ -261,8 +269,14 @@ LIB_EXPORT struct l_key *l_cert_get_pubkey(struct l_cert *cert) return NULL; /* Use kernel's ASN.1 certificate parser to find the key data for us */ - if (cert->pubkey_type == L_CERT_KEY_RSA) + switch (cert->pubkey_type) { + case L_CERT_KEY_RSA: return l_key_new(L_KEY_RSA, cert->asn1, cert->asn1_len); + case L_CERT_KEY_ECC: + return l_key_new(L_KEY_ECC, cert->asn1, cert->asn1_len); + case L_CERT_KEY_UNKNOWN: + break; + } return NULL; } diff --git a/ell/cert.h b/ell/cert.h index 605e427c3d05..f637588e6d66 100644 --- a/ell/cert.h +++ b/ell/cert.h @@ -36,6 +36,7 @@ struct l_certchain; enum l_cert_key_type { L_CERT_KEY_RSA, + L_CERT_KEY_ECC, L_CERT_KEY_UNKNOWN, }; diff --git a/ell/key.c b/ell/key.c index b28bf4dbf085..73f38581f736 100644 --- a/ell/key.c +++ b/ell/key.c @@ -108,6 +108,7 @@ struct l_keyring { static const char * const key_type_names[] = { [L_KEY_RAW] = "user", [L_KEY_RSA] = "asymmetric", + [L_KEY_ECC] = "asymmetric", }; static long kernel_add_key(const char *type, const char *description, diff --git a/ell/key.h b/ell/key.h index d25d09385b6f..f26f7ecb26c3 100644 --- a/ell/key.h +++ b/ell/key.h @@ -45,6 +45,7 @@ enum l_key_feature { enum l_key_type { L_KEY_RAW = 0, L_KEY_RSA, + L_KEY_ECC, }; enum l_keyring_restriction { From patchwork Mon Jul 18 16:02:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921422 Received: from mail-oa1-f41.google.com (mail-oa1-f41.google.com [209.85.160.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54BF6323C for ; Mon, 18 Jul 2022 16:08:36 +0000 (UTC) Received: by mail-oa1-f41.google.com with SMTP id 586e51a60fabf-10d4691a687so9637993fac.10 for ; Mon, 18 Jul 2022 09:08:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=eJv6T4eZlPUQrv96VWRsGjDiVJ2iugN0FZGR84yt/kA=; b=mm0LhdkCqaiJ3/XUmYhOU8g40KHWNuTFANUogPFfPPjTZENRsori8EWaG3dgqYcTZM gVgOWtthBKt9t/2GyPixA6hPk7qsDjacEFsgHEczEj/PhfGCDE4tmeRF/pi+Yyl0BnRL MJPRebSrbrOr/20u/PeTdwT9jSBbG7TZm/QkHgecdjGQoznxb7Yn2EgpC5wahOD6YRWE QD0W1l7yvgjB8cpwQcjInWN9sEliRIm2Uhg0JaaOxYFSYeWAg3NLmhebXWIKC7QYSJBt VAbmCRiQc7obhGrviVC7DoStacYXsa5DSHm5jnGO69+jzbeZTjpEraTBVt9YPsR/iQOJ wAng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=eJv6T4eZlPUQrv96VWRsGjDiVJ2iugN0FZGR84yt/kA=; b=dzFprZ8T1n/jP8v2ukiqLHmF8bliHjngERQ7InfUMHwB5lhzPsVqxyVXIv4kAqJU59 szSl0TIJs6Ba/6bar8gt9Ygmuj2yU8veC3hB/Pt5BMSERlUnX9jsOMvylVtpFDHqZcLy IQykKnegPPIDb2hHb5TqRkRbv82WTFVOCpqUKhuYYADeX9GXIuUiEXZB9LA0eFSV5o4C fTy/67ehy9H4QVXEiSe96ic0EeOIgli79O5FVYos3F9uVd5j6ymMF6WgJCzQsqwIwncI GmVnZvjmfuDK33S2Ivm7HFoemsjfjGm4S2lL7VmY/xatureWH1urLP5/fyqXbkJNPMZK AwgA== X-Gm-Message-State: AJIora8rbjSqI6uYz47oCI71afwV2Rll4HECk/57opF5JINjVfNof3d2 fQbn4EHXIzeymvDXXD/tV06243J6Rd8= X-Google-Smtp-Source: AGRyM1s1Axn8+rAg4B60k3GMCRAATLTLpJwIGJ/39+O0nEFMYXsZTMiIzt5XgqfkoSyd7fsJDs4mnQ== X-Received: by 2002:a05:6870:3411:b0:10c:fdf5:967a with SMTP id g17-20020a056870341100b0010cfdf5967amr11553496oah.47.1658160515234; Mon, 18 Jul 2022 09:08:35 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id t19-20020a9d5913000000b0061cae832e5dsm297941oth.3.2022.07.18.09.08.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 09:08:34 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH 2/9] unit: Add basic EC-DSA verification test Date: Mon, 18 Jul 2022 11:02:15 -0500 Message-Id: <20220718160222.10634-2-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718160222.10634-1-denkenz@gmail.com> References: <20220718160222.10634-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- .gitignore | 2 ++ Makefile.am | 39 ++++++++++++++++++++++++++++++++++++++- unit/test-tls.c | 22 +++++++++++++++++++++- 3 files changed, 61 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 346243a8f9c7..76f10aecfdd3 100644 --- a/.gitignore +++ b/.gitignore @@ -67,6 +67,8 @@ unit/cert-*.csr unit/cert-*.srl unit/cert-*.crt unit/cert-*.p12 +unit/ec-cert-*.pem +unit/ec-cert-*.csr unit/key-*.dat unit/key-*.h unit/*.log diff --git a/Makefile.am b/Makefile.am index 2bf728bbde7a..e5d7143af236 100644 --- a/Makefile.am +++ b/Makefile.am @@ -219,6 +219,7 @@ cert_tests = unit/test-pem \ cert_files = unit/cert-chain.pem \ unit/cert-entity-int.pem \ unit/cert-server.pem \ + unit/ec-cert-server.pem \ unit/cert-server-key-pkcs8.pem \ unit/cert-client.pem \ unit/cert-client.crt \ @@ -246,6 +247,7 @@ cert_files = unit/cert-chain.pem \ cert_checks = unit/cert-intca \ unit/cert-entity-int \ unit/cert-server \ + unit/ec-cert-server \ unit/cert-client \ unit/cert-no-keyid @@ -417,15 +419,30 @@ false_redirect_openssl = 2>/dev/null unit/cert-ca-key.pem: $(AM_V_GEN)openssl genrsa -out $@ 2048 $($(AM_V_P)_redirect_openssl) +unit/ec-cert-ca-key.pem: + $(AM_V_GEN)openssl ecparam -out $@ -name secp384r1 \ + -genkey $($(AM_V_P)_redirect_openssl) + + unit/cert-ca.pem: unit/cert-ca-key.pem unit/gencerts.cnf $(AM_V_GEN)openssl req -x509 -new -nodes -extensions ca_ext \ -config $(srcdir)/unit/gencerts.cnf \ -subj '/O=International Union of Example Organizations/CN=Certificate issuer guy/emailAddress=ca@mail.example' \ -key $< -sha256 -days 10000 -out $@ +unit/ec-cert-ca.pem: unit/ec-cert-ca-key.pem unit/gencerts.cnf + $(AM_V_GEN)openssl req -x509 -new -nodes -extensions ca_ext \ + -config $(srcdir)/unit/gencerts.cnf \ + -subj '/O=International Union of Example Organizations/CN=Certificate issuer guy/emailAddress=ca@mail.example' \ + -key $< -sha256 -days 10000 -out $@ + unit/cert-server-key.pem: $(AM_V_GEN)openssl genrsa -out $@ $($(AM_V_P)_redirect_openssl) +unit/ec-cert-server-key.pem: + $(AM_V_GEN)openssl ecparam -out $@ -name secp384r1 \ + -genkey $($(AM_V_P)_redirect_openssl) + unit/cert-server-key-pkcs8.pem: unit/cert-server-key.pem $(AM_V_GEN)openssl pkcs8 -topk8 -nocrypt -in $< -out $@ @@ -435,6 +452,12 @@ unit/cert-server.csr: unit/cert-server-key.pem unit/gencerts.cnf -subj '/O=Foo Example Organization/CN=Foo Example Organization/emailAddress=foo@mail.example' \ -key $< -out $@ +unit/ec-cert-server.csr: unit/ec-cert-server-key.pem unit/gencerts.cnf + $(AM_V_GEN)openssl req -new -extensions cert_ext \ + -config $(srcdir)/unit/gencerts.cnf \ + -subj '/O=Foo Example Organization/CN=Foo Example Organization/emailAddress=foo@mail.example' \ + -key $< -out $@ + unit/cert-server.pem: unit/cert-server.csr unit/cert-ca.pem unit/gencerts.cnf $(AM_V_GEN)openssl x509 -req -extensions server_ext \ -extfile $(srcdir)/unit/gencerts.cnf \ @@ -443,9 +466,22 @@ unit/cert-server.pem: unit/cert-server.csr unit/cert-ca.pem unit/gencerts.cnf -CAserial $(builddir)/unit/cert-ca.srl \ -CAcreateserial -sha256 -days 10000 -out $@ $($(AM_V_P)_redirect_openssl) +unit/ec-cert-server.pem: unit/ec-cert-server.csr unit/ec-cert-ca.pem \ + unit/gencerts.cnf + $(AM_V_GEN)openssl x509 -req -extensions server_ext \ + -extfile $(srcdir)/unit/gencerts.cnf \ + -in $< -CA $(builddir)/unit/ec-cert-ca.pem \ + -CAkey $(builddir)/unit/ec-cert-ca-key.pem \ + -CAserial $(builddir)/unit/cert-ca.srl \ + -CAcreateserial -sha256 -days 10000 \ + -out $@ $($(AM_V_P)_redirect_openssl) + unit/cert-server: unit/cert-server.pem unit/cert-ca.pem $(AM_V_GEN)openssl verify -CAfile $(builddir)/unit/cert-ca.pem $< +unit/ec-cert-server: unit/ce-cert-server.pem unit/ce-cert-ca.pem + $(AM_V_GEN)openssl verify -CAfile $(builddir)/unit/ce-cert-ca.pem $< + unit/cert-client-key-pkcs1.pem: $(AM_V_GEN)openssl genrsa -out $@ $($(AM_V_P)_redirect_openssl) @@ -623,7 +659,8 @@ check-local: $(cert_checks) endif clean-local: - -rm -f unit/cert-*.pem unit/cert-*.csr unit/cert-*.srl unit/key-*.dat + -rm -f unit/ec-cert*.pem unit/ec-cert-*.csr \ + unit/cert-*.pem unit/cert-*.csr unit/cert-*.srl unit/key-*.dat maintainer-clean-local: -rm -rf build-aux diff --git a/unit/test-tls.c b/unit/test-tls.c index 7937962cf8a0..aee5b2e36b78 100644 --- a/unit/test-tls.c +++ b/unit/test-tls.c @@ -325,6 +325,24 @@ static void test_certificates(const void *data) l_queue_destroy(twocas, (l_queue_destroy_func_t) l_cert_free); } +static void test_ec_certificates(const void *data) +{ + struct l_queue *cacert; + struct l_certchain *chain; + + cacert = l_pem_load_certificate_list(CERTDIR "ec-cert-ca.pem"); + assert(cacert && !l_queue_isempty(cacert)); + + chain = l_pem_load_certificate_chain(CERTDIR "ec-cert-server.pem"); + assert(chain); + + assert(l_certchain_verify(chain, cacert, NULL)); + assert(l_certchain_verify(chain, NULL, NULL)); + + l_certchain_free(chain); + l_queue_destroy(cacert, (l_queue_destroy_func_t) l_cert_free); +} + struct tls_conn_test { const char *server_cert_path; const char *server_key_path; @@ -948,8 +966,10 @@ int main(int argc, char *argv[]) l_test_add("TLS 1.2 PRF with SHA512", test_tls12_prf, &tls12_prf_sha512_0); - if (l_key_is_supported(L_KEY_FEATURE_RESTRICT)) + if (l_key_is_supported(L_KEY_FEATURE_RESTRICT)) { l_test_add("Certificate chains", test_certificates, NULL); + l_test_add("ECDSA Certificates", test_ec_certificates, NULL); + } if (!l_getrandom_is_supported()) { printf("getrandom missing, skipping TLS connection tests...\n"); From patchwork Mon Jul 18 16:02:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921420 Received: from mail-oo1-f50.google.com (mail-oo1-f50.google.com [209.85.161.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D90A0323F for ; Mon, 18 Jul 2022 16:08:36 +0000 (UTC) Received: by mail-oo1-f50.google.com with SMTP id d12-20020a4aeb8c000000b004214e709b72so2363334ooj.6 for ; Mon, 18 Jul 2022 09:08:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kW99CkzG/sAtLGON6i1sEngEB0b9gBWe/XHcegnda2w=; b=g5Q2Jsh3gilmNrt6JhAWqusKih5NorGK4HzpiZZZw960CXDgZ8p9s6v+qGeQ3AovWo hpz4fiPCDtBKNrKjLGGU2srU0wPbR8r3CuyWXDB8pkciTQy8h0x4AlDTcjEMY3aeTmUk U9HhXU+61R0rgL6L8IC9w7+5hvXy6JWwK1p611s9R5CtwP9InOFjk91Vz3PAS0+pyc7P 8YQ3FiMiSTemYA8Ce4KvZpw9PxT/Fb2lF1VSzKo3NKEpBybXgfzwASX1DGU8X9eFfwMn yRl3ob1WJb3+42JhsCGeOlPbH+7LTJm2JHwE+rUlZ59G3XSfxeHwYDkT8n2FnonWp8kk 3bTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kW99CkzG/sAtLGON6i1sEngEB0b9gBWe/XHcegnda2w=; b=ED3XIXeOJ+rCvxDhWsLU+dI+ArfAOCj/UyxtK6FSi8W1JMWDIEDkBWkiH9nHP4OUbc yv/HzzWqA6a+7WU8C62Re1cK5KFkcg383tF+ma3WS+Qb7CmNS2RadALZiTOm7MLuCvV+ b+qZvnfAwkU1O2i5POETn4bDI9IF9cmbCjK9V3xfVvZXEBAb4CUonqkLF34N+zniLOq6 a1Mlfygl3T157v3WgilthfxtzOHS52KIZqwu7IUn+Fe+pVUCm3YngS40vooNi8hDBO+B JYRf8OpepF7ccdujxYog7+yIr/5ZKNBpIHboz8Pfs1DPs9uNqBZGEzSH6i3OVx2q8TfN bA1Q== X-Gm-Message-State: AJIora9K44bMkNKUZzzQ7q0r2SOKxA1MrC9RVFWWycdb6DZRl34sjFyy VQ4Yv7d6MxQWRiq7w6IV5h6DWs+6Ht4= X-Google-Smtp-Source: AGRyM1tqI1fxv/l+54Cy7mUf9Qg2eBcKrMDkV9K8Zw4IJUUjdm+OuW4c2La5xymxsg5bRI1GydmPCw== X-Received: by 2002:a4a:b642:0:b0:435:46f0:8102 with SMTP id f2-20020a4ab642000000b0043546f08102mr9702127ooo.17.1658160515924; Mon, 18 Jul 2022 09:08:35 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id t19-20020a9d5913000000b0061cae832e5dsm297941oth.3.2022.07.18.09.08.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 09:08:35 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH 3/9] key: ECDSA data is given in x962 format Date: Mon, 18 Jul 2022 11:02:16 -0500 Message-Id: <20220718160222.10634-3-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718160222.10634-1-denkenz@gmail.com> References: <20220718160222.10634-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When using the verify operation with ECDSA based public keys, the new format type must be used. --- ell/key.c | 12 +++++------- ell/key.h | 1 + 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/ell/key.c b/ell/key.c index 73f38581f736..24374a5d836d 100644 --- a/ell/key.c +++ b/ell/key.c @@ -383,18 +383,16 @@ LIB_EXPORT ssize_t l_key_get_payload_size(struct l_key *key) static const char *lookup_cipher(enum l_key_cipher_type cipher) { - const char* ret = NULL; - switch (cipher) { case L_KEY_RSA_PKCS1_V1_5: - ret = "pkcs1"; - break; + return "pkcs1"; case L_KEY_RSA_RAW: - ret = "raw"; - break; + return "raw"; + case L_KEY_ECDSA_X962: + return "x962"; } - return ret; + return NULL; } static const char *lookup_checksum(enum l_checksum_type checksum) diff --git a/ell/key.h b/ell/key.h index f26f7ecb26c3..68971052ffde 100644 --- a/ell/key.h +++ b/ell/key.h @@ -56,6 +56,7 @@ enum l_keyring_restriction { enum l_key_cipher_type { L_KEY_RSA_PKCS1_V1_5, L_KEY_RSA_RAW, + L_KEY_ECDSA_X962, }; struct l_key *l_key_new(enum l_key_type type, const void *payload, From patchwork Mon Jul 18 16:02:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921421 Received: from mail-oa1-f45.google.com (mail-oa1-f45.google.com [209.85.160.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BAD133CC for ; Mon, 18 Jul 2022 16:08:37 +0000 (UTC) Received: by mail-oa1-f45.google.com with SMTP id 586e51a60fabf-10cf9f5b500so23783878fac.2 for ; Mon, 18 Jul 2022 09:08:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=T0yZmzVZsIi01ezIp6odCr2lCTUSdgwxASWd9vC9+Kg=; b=RgAdP1hwL0xD3sX72A7N9rxD76M2Oc0SoYt4BuvAOY+5YqwPG7BYZRTUehmtRLb9JD VJQG+y4eC0ZUyuXZHC4spMuHnwKh+g9x4l/nmtRnM6X4hCuFUjE/LhRNqBCZeJSNpKMp MpX3+Mz5eS3rP5xSJu31XFY0G04S37dZ5UQN9dHQEOYA5nJSqMe4FoPERNHNc9jMl1ZF dY4wY01HdpIOTEbcqfIK2F1OzTMGlKFMgsycbt8UHvv8Kzh8Tn/1ZTDOQRiPnyNIk/oU VsPwdsFNZoXrTUDgL8fOH42yZXFjJ+gxciJ/L7GBFnjk2tQG/mLjyf4mUgG1VmLLkVyu g4tQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=T0yZmzVZsIi01ezIp6odCr2lCTUSdgwxASWd9vC9+Kg=; b=np4PM3Dld9fnG7BJjyPc7iQzES56wsH+aA1YhCE7BJfAhyAHVmEbSFNuvCkerpPX1a Bz/Rd+TZsZGna4dE+S3VvWwRaBwTwF2vOiH3EhrAmMMBCAVb/bQVyAw3p7NxJQ+hWenp 56bcnJrtH55PpDdHJJS4u2tKTn59gWZH7YI9KWylEZyddfnTiGeIIjO0C3qsGCZDrN6r u/XxEjjG3XLfJASF+x7VCZR3QOEopdbLJv0ywqURSKlypCmJHIYaNR74GSC4Fdb5V2f0 614dWJuT672tp02ZfRPatqukwTwHENC3wtqeVt/rWZtAeeBWnq9QpRtLF3ZYarRwnhJ9 DFzg== X-Gm-Message-State: AJIora88ALHzR9VDjpf0JYaBvdAXgk4Zb17aBsMoRo0Fl1Ajit+cOd61 tYm697ZnNfVP/vEH+WlsWnVT2PKLw9U= X-Google-Smtp-Source: AGRyM1sRoFojpfTwp7esFbu/EXvRhfW+jK/MuWBgT1FtnmKGQ6OETc3lmPYqyyXuwq9yc+OZBVSdrg== X-Received: by 2002:aca:d9d5:0:b0:339:f84e:ff15 with SMTP id q204-20020acad9d5000000b00339f84eff15mr16661916oig.25.1658160516606; Mon, 18 Jul 2022 09:08:36 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id t19-20020a9d5913000000b0061cae832e5dsm297941oth.3.2022.07.18.09.08.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 09:08:36 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH 4/9] tls: Support peer certificates that use ECDSA Date: Mon, 18 Jul 2022 11:02:17 -0500 Message-Id: <20220718160222.10634-4-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718160222.10634-1-denkenz@gmail.com> References: <20220718160222.10634-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- ell/tls.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/ell/tls.c b/ell/tls.c index b2f7411f3b36..75b9d45c6523 100644 --- a/ell/tls.c +++ b/ell/tls.c @@ -1899,6 +1899,8 @@ static void tls_handle_certificate(struct l_tls *tls, bool dummy; const char *error_str; char *subject_str; + enum l_key_cipher_type format_type; + enum l_checksum_type checksum_type; if (len < 3) goto decode_error; @@ -2028,9 +2030,23 @@ static void tls_handle_certificate(struct l_tls *tls, return; } - if (!l_key_get_info(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5, - L_CHECKSUM_NONE, &tls->peer_pubkey_size, - &dummy)) { + switch (l_cert_get_pubkey_type(tls->peer_cert)) { + case L_CERT_KEY_RSA: + format_type = L_KEY_RSA_PKCS1_V1_5; + checksum_type = L_CHECKSUM_NONE; + break; + case L_CERT_KEY_ECC: + format_type = L_KEY_ECDSA_X962; + checksum_type = L_CHECKSUM_SHA1; + break; + case L_CERT_KEY_UNKNOWN: + TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0, + "Unknown public key type"); + return; + } + + if (!l_key_get_info(tls->peer_pubkey, format_type, checksum_type, + &tls->peer_pubkey_size, &dummy)) { TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0, "Can't l_key_get_info for peer public key"); From patchwork Mon Jul 18 16:02:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921423 Received: from mail-oo1-f41.google.com (mail-oo1-f41.google.com [209.85.161.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5897D33D1 for ; Mon, 18 Jul 2022 16:08:38 +0000 (UTC) Received: by mail-oo1-f41.google.com with SMTP id r193-20020a4a37ca000000b0043578138958so2099973oor.4 for ; Mon, 18 Jul 2022 09:08:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=UrbZzJ+osT7V9yxY2YbB20yfocYy/O08Dm5/Dv6Uer0=; b=XfupXUzNeQS/azJVWNb2bdFCLp+lbCE332Y7zgGIDrgXLCcLLUn/VVdiXv1K5gBp4K yI1Dy8IfhBQ8d5A6K+xWUAHTqVDYQuMwaROtsrogyJ45GbkQCFhT2ibiOdFHS59Eao2d 2659hfYnxipFqdUveTtK1xzYdTCfq1o8PrTkWH511VIa0tOl7ghHqsqWRw8taGIPDGtt DcCFXqDmsLouLO+NJwZLJZkRN78o3J+gj6jU0O3LLFPwnkLWAp+TOTZupbguqWQA263L 7pbjQacuDdFsanIqEVnblNwECP1IyjZ2fIPMKTH6okD4+xTK6itztiKG2ucx/0u6ikN5 NzFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=UrbZzJ+osT7V9yxY2YbB20yfocYy/O08Dm5/Dv6Uer0=; b=zJRmsDgbUGEtgqzNtYy+z5QHe0/h36a6dNx68Ds8HSQyEQiUaPg9UH+mgz4kVJurjV hKbdtVCkNc2+y9YqMyPVprDgc6S2mYdPrhR3bTcYxoTFagH1UyyN3kxkri8/vnzvR9ly UmDjQ0SBvE0OUneNLHZlta5zyPudV67rpYlUZNb1PKdwQ2WcawIibgEzlzY/gnmzjX2l 6Nlp7PDMRmlD2H3DwRn2OFTKFn817L7YNMtOLZx9kE7Kab6RlZRY8Df1V/cH1QhlQNPB Xfda3+59hx41XkjydGB9xC4JQvokI+BuKbvSBZRI7mTvz6I+bVBJfHI1qYpJmuCzG8kW NmTA== X-Gm-Message-State: AJIora/5R+eIwamjFnrLVWznW9T9tmnVXGA1n05vCa49oznsVkraiWrP lpLQmmc/10+bnC3cBmXbiJecygTFwuI= X-Google-Smtp-Source: AGRyM1uSyvx1UX3cdL7FOZGapdsjq18W7Qux6eGb5R/8QOU+3XjbgEb6b7Z+qoPS9O3Pv9W6bXlVAQ== X-Received: by 2002:a4a:b989:0:b0:425:a72a:c795 with SMTP id e9-20020a4ab989000000b00425a72ac795mr9659812oop.90.1658160517287; Mon, 18 Jul 2022 09:08:37 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id t19-20020a9d5913000000b0061cae832e5dsm297941oth.3.2022.07.18.09.08.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 09:08:37 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH 5/9] tls: Add helper for DigitallySigned validation Date: Mon, 18 Jul 2022 11:02:18 -0500 Message-Id: <20220718160222.10634-5-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718160222.10634-1-denkenz@gmail.com> References: <20220718160222.10634-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To support additional signature algorithms, move the logic that validates DigitallySigned structure to a helper function. --- ell/tls-suites.c | 87 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 60 insertions(+), 27 deletions(-) diff --git a/ell/tls-suites.c b/ell/tls-suites.c index 1c1ca078b3d8..d5d2ec8f741f 100644 --- a/ell/tls-suites.c +++ b/ell/tls-suites.c @@ -40,6 +40,57 @@ #include "ecdh.h" #include "missing.h" +enum signature_algorithm { + SIGNATURE_ALGORITHM_ANONYMOUS = 0, + SIGNATURE_ALGORITHM_RSA = 1, + SIGNATURE_ALGORITHM_DSA = 2, + SIGNATURE_ALGORITHM_ECDSA = 3, +}; + +/* + * Sanitize DigitallySigned struct input, making sure the lengths + * are valid and correspond to what we expect. + * + * Returns: start of the opaque portion + */ +static const uint8_t *validate_digitally_signed(struct l_tls *tls, + const uint8_t *in, size_t in_len, + enum signature_algorithm expected_alg, + uint16_t *opaque_len) +{ + size_t offset = 2; + uint16_t len; + + if (tls->negotiated_version < L_TLS_V12) + offset = 0; + + if (in_len < offset + 2) + goto size_error; + + len = l_get_be16(in + offset); + if (len != in_len - offset - 2) + goto size_error; + + if (tls->negotiated_version >= L_TLS_V12) { + if (in[1] != expected_alg) { + TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0, + "Unknown signature algorithm %i", + in[1]); + + return NULL; + } + } + + *opaque_len = len; + return in + offset + 2; + +size_error: + TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0, "Signature msg too " + "short (%zi) or signature length doesn't match", + in_len); + return NULL; +} + static bool tls_rsa_validate_cert_key(struct l_cert *cert) { return l_cert_get_pubkey_type(cert) == L_CERT_KEY_RSA; @@ -112,29 +163,20 @@ static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in, size_t in_len, enum l_checksum_type sign_checksum_type; uint8_t expected[HANDSHAKE_HASH_MAX_SIZE + 36]; size_t expected_len; - unsigned int offset; + const uint8_t *opaque; + uint16_t opaque_len; bool success; - /* 2 bytes for SignatureAndHashAlgorithm if version >= 1.2 */ - offset = 2; - if (tls->negotiated_version < L_TLS_V12) - offset = 0; - - if (in_len < offset + 2 || - (size_t) l_get_be16(in + offset) + offset + 2 != - in_len) { - TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0, "Signature msg too " - "short (%zi) or signature length doesn't match", - in_len); - + opaque = validate_digitally_signed(tls, in, in_len, + SIGNATURE_ALGORITHM_RSA, &opaque_len); + if (!opaque) return false; - } /* Only the default hash type supported */ - if (in_len != offset + 2 + tls->peer_pubkey_size) { + if (opaque_len != tls->peer_pubkey_size) { TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0, - "Signature length %zi not equal %zi", in_len, - offset + 2 + tls->peer_pubkey_size); + "Signature length %hu not equal %zi", + opaque_len, tls->peer_pubkey_size); return false; } @@ -142,15 +184,6 @@ static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in, size_t in_len, if (tls->negotiated_version >= L_TLS_V12) { enum handshake_hash_type hash; - /* Only RSA supported */ - if (in[1] != 1 /* RSA_sign */) { - TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0, - "Unknown signature algorithm %i", - in[1]); - - return false; - } - for (hash = 0; hash < __HANDSHAKE_HASH_COUNT; hash++) if (tls_handshake_hash_data[hash].tls_id == in[0]) break; @@ -203,7 +236,7 @@ static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in, size_t in_len, } success = l_key_verify(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5, - sign_checksum_type, expected, in + offset + 2, + sign_checksum_type, expected, opaque, expected_len, tls->peer_pubkey_size); if (!success) From patchwork Mon Jul 18 16:02:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921424 Received: from mail-oa1-f42.google.com (mail-oa1-f42.google.com [209.85.160.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0AABB33CC for ; Mon, 18 Jul 2022 16:08:38 +0000 (UTC) Received: by mail-oa1-f42.google.com with SMTP id 586e51a60fabf-10c0d96953fso24954999fac.0 for ; Mon, 18 Jul 2022 09:08:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=P8es6darHQSIrKvCc3RqVOFWWjrBgz6LjZJJi9XhwmQ=; b=aVCHnyEFF8RDAZEvpLFQNy57yAfFyDyLe6Tjp29WuvUz2XAiU2V+jtfKoKdzj34A4/ 0MZbpi41UHdcEeR6WxKtHYl3fhLPp9sCiJBjL74ltFXJnZ3F67SY/PwEwtTfsQfiBhEa u/uU7+TtImEbfWT1dXtlQLtToSfjqEDDRJaLuEjuwrllrLHLCGsImkptlge7Xlhp6gOI HvSAinmnRJmkw7tuJg3uHvV9Z7x7a6SIO3xN0VJK/OiXElhUAhaoIfC4mhusGKiB0X2V UWL6q/6dLB/X95OlHQ7DZE9dTLv++F2GETvAAptGViqYF70B3b0aQLhVEnhSw3Hmgbfu Msag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=P8es6darHQSIrKvCc3RqVOFWWjrBgz6LjZJJi9XhwmQ=; b=GMPKJWXF7LgzZrcmlW2COI/TmkX919EDYDqAsiqYcWiy52Z1eJ5R5Mp3gl/GIylvfl 7u1/9B+AVtBUgP4BfqJmjHeRxw/Fo3uG1Gu1p6rxUI9iyVUU44MXeBLie2ivb4+1ds1a QboCP/yZXhlxnDL0RPGEfhVYcdNJHclYoisIyhC/apWdETA48W1iyKBhYqOIzPPxhAt3 07sQPw5stP2AiMlxmkIQF5YuDGi80F3Dry2HqTSZLre+EMo+nHj9kkMOBSseWyFQqKDG meYkUUscVGwpMOa3BOLljzlYazuTSk2FAcT5g5b4/QrxshhIBj3tJWPuGYzN51JniOsr OnCQ== X-Gm-Message-State: AJIora+YLPrSFHXYTxCa3iSCSmK2j4Vv3D7w+sSK7ckg/hM3D0uCxOdC kD7bdXBwnKJK/sgP2Iico/XLjbLDF9I= X-Google-Smtp-Source: AGRyM1t/oiug6TZ2t6t2Djq6Pn6tnak0avBWqcBv8qsnZ98dbeCAdWn70a/lMnzgK0yXVN47a4QnWA== X-Received: by 2002:a05:6808:186:b0:33a:71a1:a753 with SMTP id w6-20020a056808018600b0033a71a1a753mr3406211oic.49.1658160517990; Mon, 18 Jul 2022 09:08:37 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id t19-20020a9d5913000000b0061cae832e5dsm297941oth.3.2022.07.18.09.08.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 09:08:37 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH 6/9] tls: Add helper to find hash function by id Date: Mon, 18 Jul 2022 11:02:19 -0500 Message-Id: <20220718160222.10634-6-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718160222.10634-1-denkenz@gmail.com> References: <20220718160222.10634-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Instead of open-coding a loop to map the hash id from SignatureAndHashAlgorithm structure to a supported hash function. --- ell/tls-suites.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/ell/tls-suites.c b/ell/tls-suites.c index d5d2ec8f741f..bc6a756422b3 100644 --- a/ell/tls-suites.c +++ b/ell/tls-suites.c @@ -47,6 +47,17 @@ enum signature_algorithm { SIGNATURE_ALGORITHM_ECDSA = 3, }; +static enum handshake_hash_type find_hash_by_id(uint8_t id) +{ + enum handshake_hash_type hash; + + for (hash = 0; hash < __HANDSHAKE_HASH_COUNT; hash++) + if (tls_handshake_hash_data[hash].tls_id == id) + break; + + return hash; +} + /* * Sanitize DigitallySigned struct input, making sure the lengths * are valid and correspond to what we expect. @@ -182,11 +193,7 @@ static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in, size_t in_len, } if (tls->negotiated_version >= L_TLS_V12) { - enum handshake_hash_type hash; - - for (hash = 0; hash < __HANDSHAKE_HASH_COUNT; hash++) - if (tls_handshake_hash_data[hash].tls_id == in[0]) - break; + enum handshake_hash_type hash = find_hash_by_id(in[0]); if (hash == __HANDSHAKE_HASH_COUNT) { TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0, From patchwork Mon Jul 18 16:02:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921425 Received: from mail-oa1-f54.google.com (mail-oa1-f54.google.com [209.85.160.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BB19733C0 for ; Mon, 18 Jul 2022 16:08:39 +0000 (UTC) Received: by mail-oa1-f54.google.com with SMTP id 586e51a60fabf-10d4691a687so9638385fac.10 for ; Mon, 18 Jul 2022 09:08:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=unu6ORPw6j+/SmyNfiGgFZxAK6xKh4SCn2G4Tz01QfQ=; b=W5ROfOEHRZML2S7rWGyQqVwT4sMUqFLPhZaA+nh0+M9eC5s7zUbRO/gwgyRq8de8jQ nUje5Dw/jfnwKWmzAccIkRwo1YpVp1ClPibWnlWE/fEOQ2KayrhsatfSUgLx7rP2JYKm Y/JeLOLFOcUye2vIC/Wdv6p7rFko0YUewMjxxyoT9I+Gug4PlS2mKyOmMdfV9EDQjvk7 j8Gc4wb8pl113m5aCVUhabqrFKhVu8zeoyRPhWG1puVVYLyhaNleY1tfn3hkkN5ncB+Z Lul8YWofSvo50GesOV879DLGy7GHPukMuk/2Qu5GwdEANIIxGedBdogOHY1QOPqmHBJz 0FUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=unu6ORPw6j+/SmyNfiGgFZxAK6xKh4SCn2G4Tz01QfQ=; b=WNAabWWDGLDDj1a38eJchAq5bqj+c2iYYMV6gBysKi4InJ0pwX255Idx/EPOCOIBzh XngvzFJegY1E/6MCf/ckHoMOYGmT9lQchpF8WJWV6GL5VdsDSj/5HjpA61957P4Wy6/6 KJVBxdSp60+kqAf3oHt4IsijfCCOkD0ADo9lc0pSZG5xOMXzxtZzWaPe1XVeH9BgMcSn /xAzOMdkQ5vlW7CVrbnjTPpMHsQhZQn4twziqEs9e2jR/1C4dTlU/Yw1pLN12tdgLuAZ ymg+FRatiotkPPYtlsxoQhIlPwplHkm1XHI9RcFw5fcoXMQucdBTlLkec9wlc0LIVuU0 TvWA== X-Gm-Message-State: AJIora8V5lJWKo9/fi5ghBRCYu07iaVzDDHPLGqWtnkmlOz21gLJwT2m DcqsSIWQjsErZ+9zfDUWVvEVD+cN+90= X-Google-Smtp-Source: AGRyM1uOYl0AGoKkvq/DMgTiMOFvubit1XnUKqUdF9Z2uKWkAQXYnvcsc2K2OoG6XDYikfcaWmaiTQ== X-Received: by 2002:a05:6808:140e:b0:33a:6e25:ac6 with SMTP id w14-20020a056808140e00b0033a6e250ac6mr3915439oiv.183.1658160518684; Mon, 18 Jul 2022 09:08:38 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id t19-20020a9d5913000000b0061cae832e5dsm297941oth.3.2022.07.18.09.08.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 09:08:38 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH 7/9] tls-suites: Add ECDSA suites from RFC 8422 Date: Mon, 18 Jul 2022 11:02:20 -0500 Message-Id: <20220718160222.10634-7-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718160222.10634-1-denkenz@gmail.com> References: <20220718160222.10634-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- ell/tls-suites.c | 119 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) diff --git a/ell/tls-suites.c b/ell/tls-suites.c index bc6a756422b3..34141ab7fa56 100644 --- a/ell/tls-suites.c +++ b/ell/tls-suites.c @@ -262,6 +262,81 @@ static struct tls_signature_algorithm tls_rsa_signature = { .verify = tls_rsa_verify, }; +static bool tls_ecdsa_validate_cert_key(struct l_cert *cert) +{ + return l_cert_get_pubkey_type(cert) == L_CERT_KEY_ECC; +} + +static bool tls_ecdsa_verify(struct l_tls *tls, + const uint8_t *in, size_t in_len, + tls_get_hash_t get_hash, + const uint8_t *data, size_t data_len) +{ + /* RFC 8422, Section 5.10: "SHA-1 is used in TLS 1.1 and earlier" */ + enum handshake_hash_type hash = HANDSHAKE_HASH_SHA1; + enum l_checksum_type sign_checksum_type; + const uint8_t *opaque; + uint16_t opaque_len; + uint8_t expected[HANDSHAKE_HASH_MAX_SIZE]; + size_t expected_len; + bool success; + + opaque = validate_digitally_signed(tls, in, in_len, + SIGNATURE_ALGORITHM_ECDSA, &opaque_len); + if (!opaque) + return false; + + if (tls->negotiated_version >= L_TLS_V12) { + hash = find_hash_by_id(in[0]); + if (hash == __HANDSHAKE_HASH_COUNT) { + TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0, + "Unknown hash type %i", in[0]); + return false; + } + + /* Hash should match the curve, refer to RFC 5480, Section 4 */ + switch (tls->peer_pubkey_size) { + case 32: + if (hash != HANDSHAKE_HASH_SHA256 && + hash != HANDSHAKE_HASH_SHA384) + goto bad_hash; + + break; + case 48: + if (hash != HANDSHAKE_HASH_SHA384) + goto bad_hash; + + break; + bad_hash: + default: + TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0, + "Invalid hash %i", + in[0]); + } + } + + get_hash(tls, hash, data, data_len, expected, &expected_len); + sign_checksum_type = tls_handshake_hash_data[hash].l_id; + + success = l_key_verify(tls->peer_pubkey, L_KEY_ECDSA_X962, + sign_checksum_type, expected, opaque, + expected_len, opaque_len); + + if (!success) + TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0, + "Peer signature verification failed"); + else + TLS_DEBUG("Peer signature verified"); + + return success; +} + +static struct tls_signature_algorithm tls_ecdsa_signature = { + .id = 3, /* SignatureAlgorithm.ecdsa */ + .validate_cert_key_type = tls_ecdsa_validate_cert_key, + .verify = tls_ecdsa_verify, +}; + static bool tls_send_rsa_client_key_xchg(struct l_tls *tls) { uint8_t buf[1024 + 32]; @@ -1350,11 +1425,52 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { .prf_hmac = L_CHECKSUM_SHA384, .signature = &tls_rsa_signature, .key_xchg = &tls_ecdhe, +}, tls_ecdhe_ecdsa_with_3des_ede_cbc_sha = { + .id = { 0xc0, 0x08 }, + .name = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + .verify_data_length = 12, + .encryption = &tls_3des_ede, + .mac = &tls_sha, + .signature = &tls_ecdsa_signature, + .key_xchg = &tls_ecdhe, +}, tls_ecdhe_ecdsa_with_aes_128_cbc_sha = { + .id = { 0xc0, 0x09 }, + .name = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + .verify_data_length = 12, + .encryption = &tls_aes128, + .mac = &tls_sha, + .signature = &tls_ecdsa_signature, + .key_xchg = &tls_ecdhe, +}, tls_ecdhe_ecdsa_with_aes_256_cbc_sha = { + .id = { 0xc0, 0x0a }, + .name = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + .verify_data_length = 12, + .encryption = &tls_aes256, + .mac = &tls_sha, + .signature = &tls_ecdsa_signature, + .key_xchg = &tls_ecdhe, +}, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256 = { + .id = { 0xc0, 0x2b }, + .name = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + .verify_data_length = 12, + .encryption = &tls_aes128_gcm, + .signature = &tls_ecdsa_signature, + .key_xchg = &tls_ecdhe, +}, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384 = { + .id = { 0xc0, 0x2c }, + .name = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + .verify_data_length = 12, + .encryption = &tls_aes256_gcm, + .prf_hmac = L_CHECKSUM_SHA384, + .signature = &tls_ecdsa_signature, + .key_xchg = &tls_ecdhe, }; struct tls_cipher_suite *tls_cipher_suite_pref[] = { &tls_ecdhe_rsa_with_aes_256_cbc_sha, + &tls_ecdhe_ecdsa_with_aes_256_cbc_sha, &tls_ecdhe_rsa_with_aes_128_cbc_sha, + &tls_ecdhe_ecdsa_with_aes_128_cbc_sha, &tls_dhe_rsa_with_aes_256_cbc_sha, &tls_dhe_rsa_with_aes_128_cbc_sha, &tls_rsa_with_aes_256_cbc_sha, @@ -1367,11 +1483,14 @@ struct tls_cipher_suite *tls_cipher_suite_pref[] = { &tls_rsa_with_aes_128_cbc_sha256, &tls_ecdhe_rsa_with_aes_256_gcm_sha384, &tls_ecdhe_rsa_with_aes_128_gcm_sha256, + &tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, + &tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, &tls_dhe_rsa_with_aes_256_gcm_sha384, &tls_dhe_rsa_with_aes_128_gcm_sha256, &tls_rsa_with_aes_256_gcm_sha384, &tls_rsa_with_aes_128_gcm_sha256, &tls_ecdhe_rsa_with_3des_ede_cbc_sha, + &tls_ecdhe_ecdsa_with_3des_ede_cbc_sha, &tls_dhe_rsa_with_3des_ede_cbc_sha, &tls_rsa_with_3des_ede_cbc_sha, NULL, From patchwork Mon Jul 18 16:02:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921426 Received: from mail-oa1-f48.google.com (mail-oa1-f48.google.com [209.85.160.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6ED1E323C for ; Mon, 18 Jul 2022 16:08:40 +0000 (UTC) Received: by mail-oa1-f48.google.com with SMTP id 586e51a60fabf-10bec750eedso24924882fac.8 for ; Mon, 18 Jul 2022 09:08:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Jj8SzOc4fPGKTCmDSCizZ0kMBR+BMY1DeLBui51Bxng=; b=FgeMsxcF/NL0f3iRNSK8TDxim38FYOYlA3VZpGmIPJejpTaF8q9UOy5W0hZZVEZNCc wl8R8IEOGN5EmmEo1rZg6JPJNcTLz/wevwLeYidSD3ZjRZJPHIPkmUPGIklO4xAKdliL VkiiQSNo7RqCG4J1jjkNV9DyONhsTKNk1DPPWYmaIqVQ4P9TzsuWoqxiVwkDL9PFnCXa zblbb4chGI/hjAvkATqL5f0El9AgATwnS8uumfzwq6fLNF+EaUN7zzdqq/iqnY/6Z5tk 2wLn+ZMPhFkytL+Jo8IbdcQhoqmLNB5p6yWpWcGOZE/UE3H4ULnQ+hjLB1b0zuz+yGPa fxog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Jj8SzOc4fPGKTCmDSCizZ0kMBR+BMY1DeLBui51Bxng=; b=CW8nrBFDsM0x8/j1Yj4jr3isUlHAEJ+JkJIyhSDeS0NDiwEc0lgCs0txh9jrbcY+pj 34IWL/K6IIivL0xSvts3NvSW/OCHdy49NhSjpv/wZBmZMmE+gFSjHCjd+eY33ZXVYh/z KTLkvUfQde9fSe4HVsYFnz88otd1MaxvXtP64/leL0GDksy3TPHl1A0nCqDseTmOdb+w 57wtVPmat7/Zrxhak0LzWvP7E5erWe3kpKG9dsM0Wj8YsYqKWYG1PoPytFzovV74HNm/ 5W4M6dWQZrjePpkC9ZzxJGS3yxG1dEuteN5dVYhzmpcfIqooX9O6dT4OWaNfg0jIgz/7 +W1Q== X-Gm-Message-State: AJIora+O9evHuU6txDDM5jHg9I1pjssS1sa+PrVtkv5INVPUrU85R44R LUgRoAphCi6wmzmSHp743SZ2+YJ3BPM= X-Google-Smtp-Source: AGRyM1sr5lgSpXi+QmU72+6JrKL04/9TD/Xx40LH9pnO0D9mPYtjgOsXuVBwRCqmaLLsP53LTzYXAg== X-Received: by 2002:a05:6870:c083:b0:10c:275b:45f3 with SMTP id c3-20020a056870c08300b0010c275b45f3mr18290148oad.206.1658160519455; Mon, 18 Jul 2022 09:08:39 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id t19-20020a9d5913000000b0061cae832e5dsm297941oth.3.2022.07.18.09.08.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 09:08:39 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH 8/9] useful: Add maxsize() Date: Mon, 18 Jul 2022 11:02:21 -0500 Message-Id: <20220718160222.10634-8-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718160222.10634-1-denkenz@gmail.com> References: <20220718160222.10634-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Similar to minsize(), but for finding the maximum of two sizes --- ell/useful.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ell/useful.h b/ell/useful.h index 791fa2006494..efd91d78b3f2 100644 --- a/ell/useful.h +++ b/ell/useful.h @@ -38,6 +38,14 @@ static inline size_t minsize(size_t a, size_t b) return b; } +static inline size_t maxsize(size_t a, size_t b) +{ + if (a >= b) + return a; + + return b; +} + static inline void set_bit(void *addr, unsigned int bit) { unsigned char *field = addr; From patchwork Mon Jul 18 16:02:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921427 Received: from mail-oa1-f41.google.com (mail-oa1-f41.google.com [209.85.160.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D12D3323F for ; Mon, 18 Jul 2022 16:08:40 +0000 (UTC) Received: by mail-oa1-f41.google.com with SMTP id 586e51a60fabf-10d4691a687so9638570fac.10 for ; Mon, 18 Jul 2022 09:08:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=AZ+FE6qrnP6Zq9i6akjQ5AGX+vnggdrL7q6BgX8QNd8=; b=nRLpp3Wcs5GlUx0lOh365HHkxZVnmvSLQ1w1ju9bHyf3gJVLE/r/cePEEKrO4tmmyD ngTDZ5QE6erxzy066ty+8z4UIlK+TyWq0M+1mHVOxFwt14HW8nDw4l2kN7H2CQgBYyIm bX0wX5XrCeerktkZQ9v9sz5qwV2QXUF6oLWcmWxdYiEQ18b7WTy81wERA/xWvz6WzxxE fiw1ogeybkcu8gTiwExUnvv0rkubNPJIp2Ffvmu4fJNR9vhe2XTEHV7eXcxRA9MR35B4 WyC47IpDsIQDQxpAIZgO4a2vMUjHDx1C5UlG3R5zEFpoSv1vyR/DNw0HxZ33Dl7sVDar sv6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AZ+FE6qrnP6Zq9i6akjQ5AGX+vnggdrL7q6BgX8QNd8=; b=J9KWozcUt7+r8gv9gxHwswQbrcZrJFFE3SFYZRhfHmMS6F5EPDhLTYkSNcO7f1AzWi mtMVwCPGtQuyVqGftr1ewqZuU1QDbiQ2ATvfrRAzBLstgxwh6XcETpkQHxXmIEPQLlN5 xdngXs3LFHNzHmPlz5RQ8cAW/ujYDuboZeiVlIU5pUpoKOaPvnwc11xK0P6BUNcx118A lBQhKfAYz6mXyvCUsMSTMI186vu19/imseN8Z2iqhG9WyC6U/GD8SyqCDIZYbTycmOJ7 DMeEvXqRNjemnDUynwqa7r/+VuKtgqNVr9Fa/wzy7kc72lS9aHpMT1IaKkXgj5Q/HwoU KrEQ== X-Gm-Message-State: AJIora/mTeEZJkvrZ0NAgBT7MgpLjIHyRNNsRQwXYYD4RWEP2WcWuPy8 eNkVhvTyfz6HEqIpRYDjz+JQDDbf2bU= X-Google-Smtp-Source: AGRyM1sDWWI6/PeZkPHs7Gdkovcv0oTAFaIi4ew+NvdvAax3pdv+69Wobfs410rJohcrvlRN5lVbTQ== X-Received: by 2002:a05:6808:144b:b0:337:aee7:b006 with SMTP id x11-20020a056808144b00b00337aee7b006mr13965313oiv.204.1658160520201; Mon, 18 Jul 2022 09:08:40 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id t19-20020a9d5913000000b0061cae832e5dsm297941oth.3.2022.07.18.09.08.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 09:08:39 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH 9/9] tls: Do not set verify_data_length unless needed Date: Mon, 18 Jul 2022 11:02:22 -0500 Message-Id: <20220718160222.10634-9-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718160222.10634-1-denkenz@gmail.com> References: <20220718160222.10634-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 All current TLS cipher suites use a verify_data_length of 12. In fact, according to RFC 5246, most cipher suites are expected to be 12 bytes unless specified otherwise. Use this fact to simplify the cipher suite definition: initialization of verify_data_length is no longer necessary unless the length is greater than 12 bytes. While here, also update struct tls_cipher_suite to use a size_t member for verify_data_length instead of an int. --- ell/tls-private.h | 2 +- ell/tls-suites.c | 26 -------------------------- ell/tls.c | 29 +++++++++++++++++++++-------- 3 files changed, 22 insertions(+), 35 deletions(-) diff --git a/ell/tls-private.h b/ell/tls-private.h index 8ceeb68df40b..8941e90d03ca 100644 --- a/ell/tls-private.h +++ b/ell/tls-private.h @@ -112,7 +112,7 @@ struct tls_mac_algorithm { struct tls_cipher_suite { uint8_t id[2]; const char *name; - int verify_data_length; + size_t verify_data_length; struct tls_bulk_encryption_algorithm *encryption; struct tls_signature_algorithm *signature; diff --git a/ell/tls-suites.c b/ell/tls-suites.c index 34141ab7fa56..ee4e7ee6c310 100644 --- a/ell/tls-suites.c +++ b/ell/tls-suites.c @@ -1262,7 +1262,6 @@ static struct tls_mac_algorithm tls_sha = { static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { .id = { 0x00, 0x0a }, .name = "TLS_RSA_WITH_3DES_EDE_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_3des_ede, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1270,7 +1269,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_dhe_rsa_with_3des_ede_cbc_sha = { .id = { 0x00, 0x16 }, .name = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_3des_ede, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1278,7 +1276,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_rsa_with_aes_128_cbc_sha = { .id = { 0x00, 0x2f }, .name = "TLS_RSA_WITH_AES_128_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1286,7 +1283,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_dhe_rsa_with_aes_128_cbc_sha = { .id = { 0x00, 0x33 }, .name = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1294,7 +1290,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_rsa_with_aes_256_cbc_sha = { .id = { 0x00, 0x35 }, .name = "TLS_RSA_WITH_AES_256_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1302,7 +1297,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_dhe_rsa_with_aes_256_cbc_sha = { .id = { 0x00, 0x39 }, .name = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1310,7 +1304,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_rsa_with_aes_128_cbc_sha256 = { .id = { 0x00, 0x3c }, .name = "TLS_RSA_WITH_AES_128_CBC_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha256, .signature = &tls_rsa_signature, @@ -1318,7 +1311,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_rsa_with_aes_256_cbc_sha256 = { .id = { 0x00, 0x3d }, .name = "TLS_RSA_WITH_AES_256_CBC_SHA256", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha256, .signature = &tls_rsa_signature, @@ -1326,7 +1318,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_dhe_rsa_with_aes_128_cbc_sha256 = { .id = { 0x00, 0x67 }, .name = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha256, .signature = &tls_rsa_signature, @@ -1334,7 +1325,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_dhe_rsa_with_aes_256_cbc_sha256 = { .id = { 0x00, 0x6b }, .name = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha256, .signature = &tls_rsa_signature, @@ -1342,14 +1332,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_rsa_with_aes_128_gcm_sha256 = { .id = { 0x00, 0x9c }, .name = "TLS_RSA_WITH_AES_128_GCM_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128_gcm, .signature = &tls_rsa_signature, .key_xchg = &tls_rsa_key_xchg, }, tls_rsa_with_aes_256_gcm_sha384 = { .id = { 0x00, 0x9d }, .name = "TLS_RSA_WITH_AES_256_GCM_SHA384", - .verify_data_length = 12, .encryption = &tls_aes256_gcm, .prf_hmac = L_CHECKSUM_SHA384, .signature = &tls_rsa_signature, @@ -1357,14 +1345,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_dhe_rsa_with_aes_128_gcm_sha256 = { .id = { 0x00, 0x9e }, .name = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128_gcm, .signature = &tls_rsa_signature, .key_xchg = &tls_dhe, }, tls_dhe_rsa_with_aes_256_gcm_sha384 = { .id = { 0x00, 0x9f }, .name = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", - .verify_data_length = 12, .encryption = &tls_aes256_gcm, .prf_hmac = L_CHECKSUM_SHA384, .signature = &tls_rsa_signature, @@ -1372,7 +1358,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_rsa_with_3des_ede_cbc_sha = { .id = { 0xc0, 0x12 }, .name = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_3des_ede, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1380,7 +1365,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_rsa_with_aes_128_cbc_sha = { .id = { 0xc0, 0x13 }, .name = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1388,7 +1372,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_rsa_with_aes_256_cbc_sha = { .id = { 0xc0, 0x14 }, .name = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1396,7 +1379,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_rsa_with_aes_128_cbc_sha256 = { .id = { 0xc0, 0x27 }, .name = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha256, .signature = &tls_rsa_signature, @@ -1404,7 +1386,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_rsa_with_aes_256_cbc_sha384 = { .id = { 0xc0, 0x28 }, .name = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha384, .prf_hmac = L_CHECKSUM_SHA384, @@ -1413,14 +1394,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_rsa_with_aes_128_gcm_sha256 = { .id = { 0xc0, 0x2f }, .name = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128_gcm, .signature = &tls_rsa_signature, .key_xchg = &tls_ecdhe, }, tls_ecdhe_rsa_with_aes_256_gcm_sha384 = { .id = { 0xc0, 0x30 }, .name = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", - .verify_data_length = 12, .encryption = &tls_aes256_gcm, .prf_hmac = L_CHECKSUM_SHA384, .signature = &tls_rsa_signature, @@ -1428,7 +1407,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_ecdsa_with_3des_ede_cbc_sha = { .id = { 0xc0, 0x08 }, .name = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_3des_ede, .mac = &tls_sha, .signature = &tls_ecdsa_signature, @@ -1436,7 +1414,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_ecdsa_with_aes_128_cbc_sha = { .id = { 0xc0, 0x09 }, .name = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha, .signature = &tls_ecdsa_signature, @@ -1444,7 +1421,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_ecdsa_with_aes_256_cbc_sha = { .id = { 0xc0, 0x0a }, .name = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha, .signature = &tls_ecdsa_signature, @@ -1452,14 +1428,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256 = { .id = { 0xc0, 0x2b }, .name = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128_gcm, .signature = &tls_ecdsa_signature, .key_xchg = &tls_ecdhe, }, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384 = { .id = { 0xc0, 0x2c }, .name = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", - .verify_data_length = 12, .encryption = &tls_aes256_gcm, .prf_hmac = L_CHECKSUM_SHA384, .signature = &tls_ecdsa_signature, diff --git a/ell/tls.c b/ell/tls.c index 75b9d45c6523..0bf647919478 100644 --- a/ell/tls.c +++ b/ell/tls.c @@ -1370,11 +1370,25 @@ static void tls_send_change_cipher_spec(struct l_tls *tls) tls_tx_record(tls, TLS_CT_CHANGE_CIPHER_SPEC, &buf, 1); } +static size_t tls_verify_data_length(struct l_tls *tls, unsigned int index) +{ + /* + * RFC 5246, Section 7.4.9: + * + * In previous versions of TLS, the verify_data was always 12 octets + * long. In the current version of TLS, it depends on the cipher + * suite. Any cipher suite which does not explicitly specify + * verify_data_length has a verify_data_length equal to 12. + */ + return maxsize(tls->cipher_suite[index]->verify_data_length, 12); +} + static void tls_send_finished(struct l_tls *tls) { uint8_t buf[512]; uint8_t *ptr = buf + TLS_HANDSHAKE_HEADER_SIZE; uint8_t seed[HANDSHAKE_HASH_MAX_SIZE * 2]; + size_t vdl = tls_verify_data_length(tls, 1); size_t seed_len; if (tls->negotiated_version >= L_TLS_V12) { @@ -1391,8 +1405,8 @@ static void tls_send_finished(struct l_tls *tls) tls->server ? "server finished" : "client finished", seed, seed_len, - ptr, tls->cipher_suite[1]->verify_data_length); - ptr += tls->cipher_suite[1]->verify_data_length; + ptr, vdl); + ptr += vdl; tls_tx_handshake(tls, TLS_FINISHED, buf, ptr - buf); } @@ -1400,14 +1414,14 @@ static void tls_send_finished(struct l_tls *tls) static bool tls_verify_finished(struct l_tls *tls, const uint8_t *received, size_t len) { - uint8_t expected[tls->cipher_suite[0]->verify_data_length]; + size_t vdl = tls_verify_data_length(tls, 0); + uint8_t expected[vdl]; uint8_t *seed; size_t seed_len; - if (len != (size_t) tls->cipher_suite[0]->verify_data_length) { + if (len != vdl) { TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0, - "TLS_FINISHED length not %i", - tls->cipher_suite[0]->verify_data_length); + "TLS_FINISHED length not %zu", vdl); return false; } @@ -1428,8 +1442,7 @@ static bool tls_verify_finished(struct l_tls *tls, const uint8_t *received, tls->server ? "client finished" : "server finished", seed, seed_len, - expected, - tls->cipher_suite[0]->verify_data_length); + expected, vdl); if (memcmp(received, expected, len)) { TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0,