diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-02-03 08:47:50 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-02-06 12:52:44 +0100 |
commit | 29f875cae21bcf5139801ed8c8cb78c4fa61a9f0 (patch) | |
tree | 06132ed361675246231d1ca948dca290481a36fc | |
parent | aaf286293050a4a2dbcd98d9eb2d69eca99c502a (diff) | |
download | gnutls-29f875cae21bcf5139801ed8c8cb78c4fa61a9f0.tar.gz |
raw public keys: apply the key usage bits the same way as X.509
That is, we require a signing certificate when negotiating
TLS1.3, or when sending a client certificate (on all cases).
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/auth/cert.c | 20 | ||||
-rw-r--r-- | tests/common-cert-key-exchange.c | 92 | ||||
-rw-r--r-- | tests/common-cert-key-exchange.h | 8 | ||||
-rw-r--r-- | tests/tls12-cert-key-exchange.c | 10 | ||||
-rw-r--r-- | tests/tls13-cert-key-exchange.c | 18 |
5 files changed, 142 insertions, 6 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c index 53ad91df6d..6522a9850a 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -287,6 +287,7 @@ find_rawpk_client_cert(gnutls_session_t session, int pk_algos_length, int* indx) { unsigned i; + int ret; gnutls_pk_algorithm_t pk; *indx = -1; @@ -295,15 +296,22 @@ find_rawpk_client_cert(gnutls_session_t session, /* We know that our list length will be 1, therefore we can * ignore the rest. */ - if (cred->certs[i].cert_list_length == 1) { - pk = gnutls_pubkey_get_pk_algorithm(cred->certs[i]. - cert_list[0].pubkey, NULL); + if (cred->certs[i].cert_list_length == 1 && cred->certs[i].cert_list[0].type == GNUTLS_CRT_RAWPK) { + pk = gnutls_pubkey_get_pk_algorithm(cred->certs[i].cert_list[0].pubkey, NULL); + + /* For client certificates we require signatures */ + ret = _gnutls_check_key_usage_for_sig(session, get_key_usage(session, cred->certs[i].cert_list[0].pubkey), 1); + if (ret < 0) { + /* we return an error instead of skipping so that the user is notified about + * the key incompatibility */ + _gnutls_debug_log("Client certificate is not suitable for signing\n"); + return gnutls_assert_val(ret); + } /* Check whether the public-key algorithm of our credential is in * the list with supported public-key algorithms and whether the * cert type matches. */ - if ((check_pk_algo_in_list(pk_algos, pk_algos_length, pk) == 0) - && (cred->certs[i].cert_list[0].type == GNUTLS_CRT_RAWPK)) { + if ((check_pk_algo_in_list(pk_algos, pk_algos_length, pk) == 0)) { // We found a compatible credential *indx = i; break; @@ -666,7 +674,7 @@ _gnutls_gen_rawpk_crt(gnutls_session_t session, gnutls_buffer_st* data) * be an impossible situation. */ assert(apr_cert_list_length == 1); - + /* Write our certificate containing only the SubjectPublicKeyInfo to * the output buffer. We always have exactly one certificate that * contains our raw public key. Our message looks like: diff --git a/tests/common-cert-key-exchange.c b/tests/common-cert-key-exchange.c index c0c27a4064..de4b57ac4c 100644 --- a/tests/common-cert-key-exchange.c +++ b/tests/common-cert-key-exchange.c @@ -137,6 +137,98 @@ void try_with_key_fail(const char *name, const char *client_prio, gnutls_certificate_free_credentials(clientx509cred); } +void try_with_rawpk_key_fail(const char *name, const char *client_prio, + int server_err, int client_err, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + unsigned server_ku, + const gnutls_datum_t *cli_cert, + const gnutls_datum_t *cli_key, + unsigned client_ku) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t server_cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t client_cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + const char *err; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + reset_buffers(); + /* Init server */ + gnutls_certificate_allocate_credentials(&server_cred); + + ret = gnutls_certificate_set_rawpk_key_mem(server_cred, + serv_cert, serv_key, GNUTLS_X509_FMT_PEM, NULL, server_ku, + NULL, 0, 0); + if (ret < 0) + fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + + assert(gnutls_init(&server, GNUTLS_SERVER | GNUTLS_ENABLE_RAWPK) >= 0); + if (server_priority) + assert(gnutls_priority_set_direct(server, server_priority, NULL) >= 0); + else + assert(gnutls_priority_set_direct(server, client_prio, NULL) >= 0); + + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + server_cred); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&client_cred); + if (ret < 0) + exit(1); + + if (cli_cert) { + ret = gnutls_certificate_set_rawpk_key_mem(client_cred, + cli_cert, cli_key, GNUTLS_X509_FMT_PEM, NULL, client_ku, + NULL, 0, 0); + if (ret < 0) + fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE); + } + + ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_ENABLE_RAWPK); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + ret = gnutls_priority_set_direct(client, client_prio, &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Error in %s\n", err); + exit(1); + } + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + client_cred); + if (ret < 0) + exit(1); + + success("negotiating %s\n", name); + HANDSHAKE_EXPECT(client, server, client_err, server_err); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(server_cred); + gnutls_certificate_free_credentials(client_cred); +} + void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algorithm_t client_kx, gnutls_sign_algorithm_t server_sign_algo, gnutls_sign_algorithm_t client_sign_algo, diff --git a/tests/common-cert-key-exchange.h b/tests/common-cert-key-exchange.h index 8fb5ab754e..5d68d72ff8 100644 --- a/tests/common-cert-key-exchange.h +++ b/tests/common-cert-key-exchange.h @@ -51,6 +51,14 @@ extern const char *server_priority; try_with_key(name, client_prio, client_kx, server_sign_algo, client_sign_algo, \ &rawpk_public_key1, &rawpk_private_key1, &rawpk_public_key2, &rawpk_private_key2, client_cert, GNUTLS_CRT_RAWPK, GNUTLS_CRT_RAWPK) +void try_with_rawpk_key_fail(const char *name, const char *client_prio, + int server_err, int client_err, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + unsigned server_ku, + const gnutls_datum_t *cli_cert, + const gnutls_datum_t *cli_key, + unsigned client_ku); void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algorithm_t client_kx, gnutls_sign_algorithm_t server_sign_algo, diff --git a/tests/tls12-cert-key-exchange.c b/tests/tls12-cert-key-exchange.c index da26e87a3b..d8563c0943 100644 --- a/tests/tls12-cert-key-exchange.c +++ b/tests/tls12-cert-key-exchange.c @@ -140,5 +140,15 @@ void doit(void) GNUTLS_E_KEY_USAGE_VIOLATION, GNUTLS_E_AGAIN, &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key); + try_with_rawpk_key_fail("rawpk TLS 1.2 with rsa encryption cert without KX-RSA", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-RAWPK:-RSA", + GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN, + &rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT, NULL, NULL, 0); + + try_with_rawpk_key_fail("rawpk TLS 1.2 with client rsa encryption cert without KX-RSA", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-RAWPK:-RSA", + GNUTLS_E_AGAIN, GNUTLS_E_KEY_USAGE_VIOLATION, + &rawpk_public_key2, &rawpk_private_key2, 0, &rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT); + gnutls_global_deinit(); } diff --git a/tests/tls13-cert-key-exchange.c b/tests/tls13-cert-key-exchange.c index 3a214f9ad1..2b3d581ffd 100644 --- a/tests/tls13-cert-key-exchange.c +++ b/tests/tls13-cert-key-exchange.c @@ -163,5 +163,23 @@ void doit(void) GNUTLS_E_KEY_USAGE_VIOLATION, GNUTLS_E_SUCCESS, &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key); + try_with_rawpk_key_fail("rawpk TLS 1.3 with rsa encryption cert", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-RAWPK", + GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN, + &rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT, NULL, NULL, 0); + + try_with_rawpk_key_fail("rawpk TLS 1.3 and TLS 1.2 with rsa encryption cert", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+CTYPE-RAWPK", + GNUTLS_E_SUCCESS, GNUTLS_E_SUCCESS, + &rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT, NULL, NULL, 0); + + try_with_rawpk_key_fail("rawpk TLS 1.3 with client rsa encryption cert", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-RAWPK", + GNUTLS_E_AGAIN, GNUTLS_E_INSUFFICIENT_CREDENTIALS, + &rawpk_public_key2, &rawpk_private_key2, 0, &rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT); + + /* we do not test TLS 1.3 with (forced) rsa encryption cert - client should detect, because + * there is no way under raw public keys for the client or server to know the intended type. */ + gnutls_global_deinit(); } |