diff options
110 files changed, 3464 insertions, 1470 deletions
diff --git a/.gitignore b/.gitignore index 2ffe7b8aab..bd0f8d6e46 100644 --- a/.gitignore +++ b/.gitignore @@ -600,6 +600,7 @@ tests/privkey-verify-broken tests/psk-file tests/pskself tests/pubkey-import-export +tests/rawpk-api tests/random-art tests/record-pad tests/record-retvals @@ -688,6 +689,7 @@ tests/sign-verify-ed25519-rfc8080 tests/sign-verify-ext tests/sign-verify-ext4 tests/simple +tests/slow/cipher-api-test tests/slow/cipher-compat tests/slow/cipher-openssl-compat tests/slow/cipher-override diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1817df1a90..0ba9f7eb52 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -515,6 +515,7 @@ Debian.cross.i686-linux-gnu: - export CC_FOR_BUILD="ccache gcc" - export CC="ccache $host-gcc" - ./bootstrap + - sed -i '/errno.==.EINVAL/d' gl/tests/test-strerror.c - mkdir -p build - cd build # Debian's softhsm package is not multiarch yet. Missing softhsm libraries diff --git a/.travis.yml b/.travis.yml index 72727c30bb..d060703983 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,5 +33,6 @@ script: - make -j$(sysctl -n hw.ncpu) check gl_public_submodule_commit= after_failure: + - find . -name 'test-suite.log' -execdir grep -il "FAILED" {} \; -exec echo {} \; -exec cat {} \; - for i in tests/*.log fuzz/*.log;do echo "" && echo $i && cat $i;done @@ -5,39 +5,63 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. Copyright (C) 2013-2017 Nikos Mavrogiannopoulos See the end for copying conditions. -* Version 3.6.5 (unreleased) +* Version 3.6.6 (unreleased) -** libgnutls: Provide the option of transparent re-handshake/reauthentication - when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init(). +** libgnutls: Added support for raw public-key authentication as defined in RFC7250. + Raw public-keys can be negotiated by enabling the corresponding certificate + types via the priority strings. The raw public-key mechanism must be explicitly + enabled via the GNUTLS_ENABLE_RAWPK init flag. -** libgnutls: Added support for AES-CFB8 cipher (#357) +** API and ABI modifications: +GNUTLS_ENABLE_RAWPK: Added +GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK) -** libgnutls: Added support for AES-CMAC MAC (#351) -** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers - have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D - S-BOXes). They are fixed now. +* Version 3.6.5 (released 2018-12-01) -** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword - in the priority string. It is only accepted as legacy option and is ignored. +** libgnutls: Provide the option of transparent re-handshake/reauthentication + when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571). ** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127) -** libgnutls: Added support for GOST key unmasking and unwrapped GOST private - keys parsing, as specified in R 50.1.112-2016. - ** libgnutls: The priority functions will ignore and not enable TLS1.3 if requested with legacy TLS versions enabled but not TLS1.2. That is because if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled) servers which do not support TLS1.3 will negotiate TLS1.2 which will be rejected by the client as disabled (#621). -** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin - option (#561) +** libgnutls: Change RSA decryption to use a new side-channel silent function. + This addresses a security issue where memory access patterns as well as timing + on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher + attacks. Side-channel resistant code is slower due to the need to mask + access and timings. When used in TLS the new functions cause RSA based + handshakes to be between 13% and 28% slower on average (Numbers are indicative, + the tests where performed on a relatively modern Intel CPU, results vary + depending on the CPU and architecture used). This change makes nettle 3.4.1 + the minimum requirement of gnutls (#630). [CVSS: medium] + +** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword + in the priority string. It is only accepted as legacy option and is ignored. + +** libgnutls: Added support for EdDSA under PKCS#11 (#417) + +** libgnutls: Added support for AES-CFB8 cipher (#357) + +** libgnutls: Added support for AES-CMAC MAC (#351) + +** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers + have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D + S-BOXes). They are fixed now. + +** libgnutls: Added support for GOST key unmasking and unwrapped GOST private + keys parsing, as specified in R 50.1.112-2016. ** gnutls-serv: It applies the default settings when no --priority option is given, using gnutls_set_default_priority(). +** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin + option (#561) + ** certtool: Add parameter --no-text that prevents certtool from outputting text before PEM-encoded private key, public key, certificate, CRL or CSR. @@ -57,6 +81,7 @@ gnutls_anti_replay_init: Added gnutls_anti_replay_deinit: Added gnutls_anti_replay_set_window: Added gnutls_anti_replay_enable: Added +gnutls_privkey_decrypt_data2: Added * Version 3.6.4 (released 2018-09-24) @@ -156,7 +181,7 @@ gnutls_ffdhe_6144_key_bits: Added ** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen and Adi Shamir reported that the existing counter-measures had certain issues and - were insufficient when the attacker has additional access to the CPU cache and + were insufficient when the attacker has additional access to the CPU cache and performs a chosen-plaintext attack. This affected the legacy CBC ciphersuites. [CVSS: medium] ** Introduced the %FORCE_ETM priority string option. This option prevents the negotiation @@ -501,7 +526,7 @@ GNUTLS_SFLAGS_RFC7919: Added a flag. ** libgnutls: Improved TPM key handling. Check authorization requirements - prior to using a key and fix issue on loop for PIN input. Patches by + prior to using a key and fix issue on loop for PIN input. Patches by James Bottomley. ** libgnutls: In all functions accepting UTF-8 passwords, ensure that @@ -579,7 +604,7 @@ gnutls_x509_crq_get_dn3: Added not identical to CVE-2016-8610, due to the difference in alert handling of the libraries (gnutls delegates that handling to applications). -** libgnutls: Reverted the change which made the gnutls_certificate_set_*key* +** libgnutls: Reverted the change which made the gnutls_certificate_set_*key* functions return an index (introduced in 3.5.5), to avoid affecting programs which explicitly check success of the function as equality to zero. In order for these functions to return an index an explicit call to gnutls_certificate_set_flags @@ -939,11 +964,11 @@ gnutls_session_get_master_secret: Added ** libgnutls: Removed support for pthread_atfork() as it has undefined semantics when used with dlopen(), and may lead to a crash. -** libgnutls: corrected failure when importing plain files +** libgnutls: corrected failure when importing plain files with gnutls_x509_privkey_import2(), and a password was provided. ** libgnutls: Don't reject certificates if a CA has the URI or IP address - name constraints, and the end certificate doesn't have an IP address + name constraints, and the end certificate doesn't have an IP address name or a URI set. ** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. @@ -1039,7 +1064,7 @@ explicitly enabled, since they reduce the overall security level. ** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. That is currently provided as technology preview and is not enabled by -default, since there are no assigned ciphersuite points by IETF and there +default, since there are no assigned ciphersuite points by IETF and there is no guarrantee of compatibility between draft versions. The ciphersuite priority string to enable it is "+CHACHA20-POLY1305". @@ -1091,14 +1116,14 @@ applications closing all open file descriptors on startup. ** libgnutls: If a key purpose (extended key usage) is specified for verification, it is applied into intermediate certificates. The verification result -GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. +GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. ** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in combination with PKCS #11, or TPM URLs, it will utilize the provided password as PIN if required. That removes the requirement for the application to set a callback for PINs in that case. -** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are +** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding protocols only, and the VERS-ALL string is introduced to catch all possible protocols. @@ -1150,14 +1175,14 @@ when available. ** gnutls-cli: added options --priority-list and --save-cert. -** guile: Deprecated priority API has been removed. The old priority API, +** guile: Deprecated priority API has been removed. The old priority API, which had been deprecated for some time, is now gone; use 'set-session-priorities!' instead. -** guile: Remove RSA parameters and related procedures. This API had been -deprecated. +** guile: Remove RSA parameters and related procedures. This API had been +deprecated. -** guile: Fix compilation on MinGW. Previously only the static version of the +** guile: Fix compilation on MinGW. Previously only the static version of the 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. ** API and ABI modifications: @@ -1287,7 +1312,7 @@ being usable after a reinitialization. ** libgnutls: fixed PKCS #11 ECDSA key generation. -** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to +** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to explicitly enable/disable the use of certain CPU capabilities. Note that CPU detection cannot be overridden, i.e., VIA options cannot be enabled on an Intel CPU. The currently available options are: @@ -1454,7 +1479,7 @@ were moved to self-test.h. different recv and send pointers have been specified. Reported and investigated by JMRecio. -** libgnutls: Fixed issue in the RSA-PSK key exchange, which would +** libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. Reported by André Klitzing. @@ -1481,7 +1506,7 @@ That avoids long delays in gnutls initialization due to broken PKCS #11 modules. ** libgnutls: The PKCS #11 subsystem is re-initialized "automatically" -on the first PKCS #11 API call after a fork. +on the first PKCS #11 API call after a fork. ** libgnutls: certificate verification profiles were introduced that can be specified as flags to verification functions. They @@ -1495,15 +1520,15 @@ specified configuration file to be used to read pre-configured priority strings from. That can be used to impose system specific policies. ** libgnutls: Increased the default security level of priority -strings (NORMAL and PFS strings require at minimum a 1008 DH prime), -and set a verification profile by default. The LEGACY keyword is +strings (NORMAL and PFS strings require at minimum a 1008 DH prime), +and set a verification profile by default. The LEGACY keyword is introduced to set the old defaults. ** libgnutls: Added support for the name constraints PKIX extension. Currently only DNS names and e-mails are supported (no URIs, IPs or DNs). -** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to +** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. ** libgnutls: Added new API in x509-ext.h to handle X.509 extensions. @@ -1560,7 +1585,7 @@ to SHA1. That option enables (when running on FIPS140-enabled system): o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. - o Self-tests on initialization on ciphers/MACs, public key algorithms + o Self-tests on initialization on ciphers/MACs, public key algorithms and the random generator. o HMAC-SHA256 verification of the library on load. o MD5 is included for TLS purposes but cannot be used by the high level @@ -1672,7 +1697,7 @@ GCM mode is prioritized over CBC in all of the default priority strings. ** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384. ** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, -GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. +GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. Reported by Stefan Buehler. ** libgnutls: Added support for ISO OID for RSA-SHA1 signatures. @@ -1714,7 +1739,7 @@ by Christian Grothoff. ** srptool: Fixed index command line option. Patch by Attila Molnar. ** gnutls-cli: Added support for inline commands, using the ---inline-commands-prefix and --inline-commands options. Patch by Raj Raman. +--inline-commands-prefix and --inline-commands options. Patch by Raj Raman. ** certtool: pathlen constraint is now read correctly. Reported by Christoph Seitz. @@ -1751,13 +1776,13 @@ gnutls_record_set_timeout: Exported ** libgnutls: Fixes in parsing of priority strings. Patch by Stefan Buehler. -** libgnutls: Solve issue with received TLS packets that exceed 2^14. +** libgnutls: Solve issue with received TLS packets that exceed 2^14. (this fixes a bug that was accidentally introduced in 3.2.2) ** libgnutls: Removed gnulib modules under LGPLv3 that could possibly be used by the library. -** libgnutls: Fixes in gnutls_record_send_range(). Report and initial fix by +** libgnutls: Fixes in gnutls_record_send_range(). Report and initial fix by Alfredo Pironti. ** API and ABI modifications: @@ -1822,7 +1847,7 @@ gnutls_session_set_id: Added ** libgnutls: Added UMAC-96 and UMAC-128 ** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96. -As they are not standardized they are defined using private ciphersuite +As they are not standardized they are defined using private ciphersuite numbers. ** libgnutls: Added support for DTLS 1.2. @@ -1843,7 +1868,7 @@ gnutls_mac_get_nonce_size: Added * Version 3.1.10 (released 2013-03-22) -** certtool: When generating PKCS #12 files use by default the +** certtool: When generating PKCS #12 files use by default the ARCFOUR (RC4) cipher to be compatible with devices that don't support AES with PKCS #12. @@ -1860,12 +1885,12 @@ cards are present. ** libgnutls: Corrected issue in the (deprecated) external key signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen. -** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by +** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by Joke de Buhr. ** libgnutls-dane: Updated DANE verification options. -** configure: Trust store file must be explicitly set or unset when +** configure: Trust store file must be explicitly set or unset when cross compiling. ** API and ABI modifications: @@ -1888,7 +1913,7 @@ a PKCS #12 file from an encrypted key file. Reported by Yan Fiz. ** libgnutls: Corrected issue in gnutls_pubkey_verify_data(). -** libgnutls: Corrected parsing issue in XMPP within a subject +** libgnutls: Corrected parsing issue in XMPP within a subject alternative name. Reported by James Cloos. ** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11 @@ -1919,7 +1944,7 @@ with encrypted keys. Reported by Yan Fiz. PERFORMANCE was set to previous defaults 727 bits. Reported by Diego Elio Petteno. -** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash() +** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash() to operate with long keys. Reported by Erik A Jensen. ** API and ABI modifications: @@ -1943,7 +1968,7 @@ in a template from an RFC4514 string. ** libgnutls: DN variable 'T' was expanded to 'title'. -** libgnutls: Fixes in record padding parsing to prevent a timing attack. +** libgnutls: Fixes in record padding parsing to prevent a timing attack. Issue reported by Kenny Paterson and Nadhem Alfardan. ** libgnutls: Added functions to directly set the DN in a certificate @@ -1959,17 +1984,17 @@ by the specified priority string. The current values correspond to the previous defaults (727 bits), except for the SECURE128 and SECURE192 strings which increase the minimum to 1248 and 1776 respectively. -** libgnutls: Added the gnutls_record_cork() and uncork API to enable +** libgnutls: Added the gnutls_record_cork() and uncork API to enable buffering in sending application data. -** libgnutls: Removed default random padding, and added a length-hiding interface -instead. Both the server and the client must support this extension. Whether +** libgnutls: Removed default random padding, and added a length-hiding interface +instead. Both the server and the client must support this extension. Whether length-hiding can be used on a given session can be checked using gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti. -** libgnutls: Added the experimental %NEW_PADDING priority string. It enables +** libgnutls: Added the experimental %NEW_PADDING priority string. It enables a new padding mechanism in TLS allowing arbitrary padding in TLS records -in all ciphersuites, which makes length-hiding more efficient and solves +in all ciphersuites, which makes length-hiding more efficient and solves the issues with timing attacks on CBC ciphersuites. ** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD @@ -2041,10 +2066,10 @@ extension. ** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished Name by translating it to UTF-8 (works on windows or systems with iconv). -** libgnutls: Added PKCS #11 key generation function that returns the +** libgnutls: Added PKCS #11 key generation function that returns the public key on generation. -** libgnutls: Corrected bug in priority string parsing, that mostly +** libgnutls: Corrected bug in priority string parsing, that mostly affected combined levels. Patch by Tim Kosse. ** certtool: The --pubkey-info option can be combined with the @@ -2052,7 +2077,7 @@ affected combined levels. Patch by Tim Kosse. ** certtool: It is able to set certificate policies via a template. -** certtool: Added --hex-numbers option which prints big numbers in +** certtool: Added --hex-numbers option which prints big numbers in an easier to parse format. ** p11tool: After key generation, outputs the public key (useful in @@ -2088,7 +2113,7 @@ gnutls_certificate_verify_peers3(). Contributed by Martin Storsjo. ** libgnutls: The X.509 verification functions check the key -usage bits and pathlen constraints and on failure output +usage bits and pathlen constraints and on failure output GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE. ** libgnutls: gnutls_x509_crl_verify() includes the time checks. @@ -2163,7 +2188,7 @@ GNUTLS_NO_EXTENSIONS can be used to prevent that. is fully RFC6091 compliant and RFC5081 support is only supported in client mode. -** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC +** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC certificate verification. ** gnutls-cli: Added --dane option to enable DANE certificate verification. @@ -2215,10 +2240,10 @@ of certificates in the windows platform. ** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk. (the work was done during Google Summer of Code). -** libgnutls: Added X.509 certificate verification flag +** libgnutls: Added X.509 certificate verification flag GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification of unsorted certificate chains and is enabled by default for -TLS certificate verification (if gnutls_certificate_set_verify_flags() +TLS certificate verification (if gnutls_certificate_set_verify_flags() does not override it). ** libgnutls: Prints warning on certificates that contain keys of @@ -2260,7 +2285,7 @@ GNUTLS_SEC_PARAM_INSECURE: Added ** certtool: Changes in password handling of certtool. Ask password when required and only if the '--password' option is not -given. If the '--password' option is given during key generation then +given. If the '--password' option is given during key generation then assume the PKCS #8 file format, instead of ignoring the password. ** tpmtool: No longer asks for key password in registered keys. @@ -2289,7 +2314,7 @@ gnutls_sign_get_pk_algorithm: Added * Version 3.1.0 (released 2012-08-15) -** libgnutls: Added direct support for TPM as a cryptographic module +** libgnutls: Added direct support for TPM as a cryptographic module in gnutls/tpm.h. TPM keys can be used in functions accepting files using URLs of the following types: tpmkey:file=/path/to/file @@ -2315,8 +2340,8 @@ the whole certificate chain (if any) to the credentials structure, instead of only the end-user certificate. ** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse() -and gnutls_x509_privkey_import_pkcs8(), return consistently -GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no +and gnutls_x509_privkey_import_pkcs8(), return consistently +GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no password was provided. ** libgnutls: Added gnutls_handshake_set_timeout() a function that @@ -2405,11 +2430,11 @@ No changes since last version. * Version 3.0.21 (released 2012-07-02) -** libgnutls: fixed bug in gnutls_x509_privkey_import() +** libgnutls: fixed bug in gnutls_x509_privkey_import() that prevented the loading of EC private keys when DER encoded. Reported by David Woodhouse. -** libgnutls: In DTLS larger to mtu records result to +** libgnutls: In DTLS larger to mtu records result to GNUTLS_E_LARGE_PACKET instead of being truncated. ** libgnutls: gnutls_dtls_get_data_mtu() is more precise. Based @@ -2418,11 +2443,11 @@ on patch by David Woodhouse. ** libgnutls: Fixed memory leak in PKCS #8 key import. ** libgnutls: Added support for an old version of the DTLS protocol -used by openconnect vpn client for compatibility with Cisco's AnyConnect +used by openconnect vpn client for compatibility with Cisco's AnyConnect SSL VPN. It is marked as GNUTLS_DTLS0_9. Do not use it for newer protocols as it has issues. -** libgnutls: Corrected bug that prevented resolving PKCS #11 URLs +** libgnutls: Corrected bug that prevented resolving PKCS #11 URLs if only the label is specified. Patch by David Woodhouse. ** libgnutls: When EMSGSIZE errno is seen then GNUTLS_E_LARGE_PACKET @@ -2452,7 +2477,7 @@ name type in certtool. ** certtool: Increase to 128 the maximum number of distinct options (e.g. dns_names) allowed. -** gnutls-cli: If --print-cert is given, print the certificate, +** gnutls-cli: If --print-cert is given, print the certificate, even on verification failure. ** API and ABI modifications: @@ -2469,7 +2494,7 @@ by David Smith. ** libgnutls: gnutls_record_check_pending() no longer returns unprocessed data, and thus ensure the non-blocking -of the next call to gnutls_record_recv(). +of the next call to gnutls_record_recv(). ** libgnutls: Added strict tests in Diffie-Hellman and SRP key exchange public keys. @@ -2496,7 +2521,7 @@ is returned on premature termination (and added unit test). ** libgnutls: Fixes for W64 API. Patch by B. Scott Michel. -** libgnutls: Corrected VIA padlock detection for old +** libgnutls: Corrected VIA padlock detection for old VIA processors. Reported by Kris Karas. ** libgnutls: Updated assembler files. @@ -2531,7 +2556,7 @@ No changes since last version. ** libgnutls: included assembler files for MacOSX. -** p11tool: Small fixes in handling of the --private command +** p11tool: Small fixes in handling of the --private command line option. ** certtool: The template option allows for setting the domain @@ -2547,7 +2572,7 @@ gnutls_x509_crt_set_authority_info_access: Added ** test suite: Only run under valgrind in the development system (the full git repository) -** command line apps: Link with local libopts if the +** command line apps: Link with local libopts if the installed is an old one. ** libgnutls: Eliminate double free during SRP @@ -2607,7 +2632,7 @@ status from an ocsp server. ** command line apps: Use gnu autogen (libopts) to parse command line arguments and template files. -** tests: Added stress test for DTLS packet losses and +** tests: Added stress test for DTLS packet losses and out-of-order receival. Contributed by Sean Buckheister. ** libgnutls: Several updates and corrections in the DTLS @@ -2686,7 +2711,7 @@ correctly aligned in rare circumstances. ** libgnutls: Corrected memory leaks in DH parameter generation and ecc_projective_check_point(). -** libgnutls: Added gnutls_x509_dn_oid_name() to +** libgnutls: Added gnutls_x509_dn_oid_name() to return a descriptive name of a DN OID. ** API and ABI modifications: @@ -2732,7 +2757,7 @@ gnutls_ocsp_resp_verify: Added. * Version 3.0.11 (released 2012-01-06) -** libgnutls: Corrected functionality of +** libgnutls: Corrected functionality of gnutls_record_get_direction(). Reported by Philip Allison. ** libgnutls: Provide less timing information when decoding @@ -2759,7 +2784,7 @@ issue in windows systems. ** libgnutls: Added ciphersuites: GNUTLS_PSK_WITH_AES_256_GCM_SHA384 and GNUTLS_DHE_PSK_WITH_AES_256_GCM_SHA384. -** libgnutls: Added function gnutls_random_art() to convert +** libgnutls: Added function gnutls_random_art() to convert fingerprints to images (currently ascii-art). ** libgnutls: Corrected bug in DSA private key parsing, which @@ -2842,13 +2867,13 @@ No changes since last version. ** gnutls-guile: Compilation fixes. -** libgnutls: Fixed possible buffer overflow in +** libgnutls: Fixed possible buffer overflow in gnutls_session_get_data(). Reported and fix by Alban Crequy. ** libgnutls: Bug fixes in the ciphersuites with NULL cipher. Reported by Fabrice Gautier. -** libgnutls: Bug fixes in ECC code for 64-bit MIPS systems. +** libgnutls: Bug fixes in ECC code for 64-bit MIPS systems. Thanks to Joseph Graham for providing access to such a system. ** libgnutls: Correctly report ECC private key parsing errors. @@ -2871,7 +2896,7 @@ No changes since last version. ** libgnutls: Corrections in VIA padlock code for VIA C5 processor and new detection of PHE with support for partial hashing. -** libgnutls: Corrected bug in gnutls_x509_data2hex. Report and fix +** libgnutls: Corrected bug in gnutls_x509_data2hex. Report and fix by Vincent Untz. ** minitasn1: Upgraded to libtasn1 version 2.10. @@ -2889,7 +2914,7 @@ removed. SHA256 and elliptic curves. ** gnutls-cli: Added --benchmark-soft-ciphers to benchmark -the software version of the ciphers instead of hw accelerated +the software version of the ciphers instead of hw accelerated (where available) ** libgnutls: Public key ID calculation is consistent among @@ -2904,13 +2929,13 @@ used with a gnutls_privkey_t and a gnutls_pcert_st structure using gnutls_certificate_set_key(). ** libgnutls: Fixes to enable external signing callback to -operate with TLS 1.2. +operate with TLS 1.2. -** libgnutls: Fixed crash when printing ECDSA certificate key +** libgnutls: Fixed crash when printing ECDSA certificate key ID. Reported by Erik Jensen. -** libgnutls: Corrected VIA padlock code for C3. In C3 benchmarks -show a 50x increase in AES speed and a 14x increase in VIA nano. Added +** libgnutls: Corrected VIA padlock code for C3. In C3 benchmarks +show a 50x increase in AES speed and a 14x increase in VIA nano. Added support for hashes and HMACs. ** libgnutls: Compilation fixed when p11-kit is not detected. @@ -2942,13 +2967,13 @@ number of discarded records in a DTLS session. ** libgnutls: All functions related to RSA-EXPORT were deprecated. Support for RSA-EXPORT ciphersuites will be ceased in future versions. -** libgnutls: Memory leak fixes in credentials private key +** libgnutls: Memory leak fixes in credentials private key deinitialization. Reported by Dan Winship. ** libgnutls: Memory leak fixes in ECC ciphersuites. -** libgnutls: Do not send an empty extension structure in server -hello. This affected old implementations that do not support extensions. +** libgnutls: Do not send an empty extension structure in server +hello. This affected old implementations that do not support extensions. Reported by J. Cameijo Cerdeira. ** libgnutls: Allow CA importing of 0 certificates to succeed. @@ -2964,11 +2989,11 @@ PKCS #11. ** libgnutls: Added gnutls_pkcs11_privkey_generate() to allow generating a key in a token. -** p11tool: Added generate-rsa, generate-dsa and +** p11tool: Added generate-rsa, generate-dsa and generate-ecc options to allow generating private keys in the token. -** libgnutls: gnutls_transport_set_lowat dummy macro was +** libgnutls: gnutls_transport_set_lowat dummy macro was removed. ** API and ABI modifications: @@ -2989,7 +3014,7 @@ by default. ** libgnutls: Corrected issue in gnutls_record_recv() triggered on encryption or compression error. -** libgnutls: Compatibility fixes in CPU ID detection +** libgnutls: Compatibility fixes in CPU ID detection for i386 and old GCC. ** gnutls-cli: Benchmark applications were incorporated @@ -3012,16 +3037,16 @@ GNUTLS_PRIVKEY_IMPORT_COPY: new gnutls_privkey_import() flag * Version 3.0.1 (released 2011-08-20) -** libgnutls: gnutls_certificate_set_x509_key_file() and -friends support server name indication. If multiple -certificates are set using these functions the proper one -will be selected during a handshake. +** libgnutls: gnutls_certificate_set_x509_key_file() and +friends support server name indication. If multiple +certificates are set using these functions the proper one +will be selected during a handshake. ** libgnutls: Added AES-256-GCM which was left out from the previous release. Reported by Benjamin Hof. -** libgnutls: When asking for a PKCS# 11 PIN multiple -times, the flags in the callback were not being updated +** libgnutls: When asking for a PKCS# 11 PIN multiple +times, the flags in the callback were not being updated to reflect for PIN low count or final try. ** libgnutls: Do not allow second instances of PKCS #11 @@ -3033,11 +3058,11 @@ modules. is being read if provided. ** libgnutls: Ensure that a certificate list specified -using gnutls_certificate_set_x509_key() and friends, is +using gnutls_certificate_set_x509_key() and friends, is sorted according to TLS specification (from subject to issuer). ** libgnutls: Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for -gnutls_x509_crt_list_import. It checks whether the list to be +gnutls_x509_crt_list_import. It checks whether the list to be imported is properly sorted. ** crywrap: Added to the distribution. It is an application @@ -3096,10 +3121,10 @@ strings to enable the NSA SuiteB cryptography ciphersuites. ** libgnutls: Added gnutls_pubkey_verify_data2() that will verify data provided the signature algorithm. -** libgnutls: Simplified the handling of handshake messages to -be hashed. Instead of hashing during the handshake process we now -keep the data until handshake is over and hash them on request. -This uses more memory but eliminates issues with TLS 1.2 and +** libgnutls: Simplified the handling of handshake messages to +be hashed. Instead of hashing during the handshake process we now +keep the data until handshake is over and hash them on request. +This uses more memory but eliminates issues with TLS 1.2 and simplifies code. ** libgnutls: Added AES-GCM optimizations using the PCLMULQDQ @@ -3191,7 +3216,7 @@ GNUTLS_PK_ECC: New public key algorithm GNUTLS_SIGN_ECDSA_SHA1: New signature algorithm GNUTLS_SIGN_ECDSA_SHA256: New signature algorithm GNUTLS_SIGN_ECDSA_SHA384: New signature algorithm -GNUTLS_SIGN_ECDSA_SHA512: New signature algorithm +GNUTLS_SIGN_ECDSA_SHA512: New signature algorithm GNUTLS_SIGN_ECDSA_SHA224: New signature algorithm GNUTLS_ECC_CURVE_INVALID: New curve definition GNUTLS_ECC_CURVE_SECP224R1: New curve definition @@ -3209,7 +3234,7 @@ GNUTLS_ECC_CURVE_SECP521R1: New curve definition ** libgnutls: Added support for AES-NI if detected. Uses Andy Polyakov's AES-NI code. -** libgnutls: Restored HMAC-MD5 for compatibility. Although considered +** libgnutls: Restored HMAC-MD5 for compatibility. Although considered weak, several sites require it for connection. It is enabled for "NORMAL" and "PERFORMANCE" priority strings. @@ -3253,10 +3278,10 @@ by Todd A. Ouska. every error and not only on fatal ones. This allows easier handling of errors. -** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored +** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored the PSK callback. -** libgnutls: SRP and PSK are no longer set on the default priorities. +** libgnutls: SRP and PSK are no longer set on the default priorities. They have to be explicitly set. ** libgnutls: During handshake message verification using DSS @@ -3271,7 +3296,7 @@ on unexpected EOF, instead of GNUTLS_E_UNEXPECTED_PACKET_LENGTH. It was never standardized nor published as an RFC. ** libgnutls: Added new certificate verification functions, that -can provide more details and are more efficient. Check +can provide more details and are more efficient. Check gnutls_x509_trust_list_*. ** certtool: Uses the new certificate verification functions for @@ -3373,7 +3398,7 @@ the incompatibility with TLS other than 1.2. ** libgnutls: Modified signature algorithm selection in client certificate request, to avoid failures in DSA certificates. -** libgnutls: Instead of failing with internal error, return +** libgnutls: Instead of failing with internal error, return GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL if an incompatible DSA key with the negotiated protocol is encountered. @@ -3400,9 +3425,9 @@ gnutls_pubkey_import_openpgp: MODIFIED replaced by gnutls_privkey_sign_hash2(). ** libgnutls: gnutls_pubkey_verify_data, gnutls_pubkey_verify_hash, -gnutls_x509_privkey_verify_data, gnutls_x509_crt_verify_data, -gnutls_x509_crt_verify_hash return the negative error code -GNUTLS_E_PK_SIG_VERIFY_FAILED if verification fails to simplify error +gnutls_x509_privkey_verify_data, gnutls_x509_crt_verify_data, +gnutls_x509_crt_verify_hash return the negative error code +GNUTLS_E_PK_SIG_VERIFY_FAILED if verification fails to simplify error checking. ** libgnutls: Added helper functions for signature verification: @@ -3460,7 +3485,7 @@ gnutls_privkey_sign_hash: REMOVED (was added in 2.11.0) SSL 3.0. To restore the previous default behavior use %LATEST_RECORD_VERSION priority string. -** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures. +** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures. This makes us comply with RFC3279. Reported by Michael Rommel. ** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz. @@ -3560,7 +3585,7 @@ backend crypto library. ** libgnutls: Several updates in the buffering internal interface. -** libgnutls: Is now more liberal in the PEM decoding. That is spaces and +** libgnutls: Is now more liberal in the PEM decoding. That is spaces and tabs are being skipped. ** libgnutls: Added support for draft-pechanec-pkcs11uri-02. @@ -3612,7 +3637,7 @@ jurisdictionOfIncorporationLocalityName, jurisdictionOfIncorporationStateOrProvinceName, jurisdictionOfIncorporationCountryName -** libgnutls: Added support for DSA signing/verifying with bit +** libgnutls: Added support for DSA signing/verifying with bit length over 1024. ** libgnutls-extra: When in FIPS mode gnutls_global_init_extra() @@ -3635,7 +3660,7 @@ imported from tokens, and operations can be performed on private keys. ** libgnutls: Added abstract gnutls_privkey_t and gnutls_pubkey_t ** libgnutls: Added initial support for the nettle library. It uses -the system's random generator for seeding. That is /dev/urandom in Linux, +the system's random generator for seeding. That is /dev/urandom in Linux, system calls in Win32 and EGD on other systems. ** libgnutls: Corrected issue on the %SSL3_RECORD_VERSION priority string. It now @@ -3855,8 +3880,8 @@ Instead new error code GNUTLS_E_UNKNOWN_SRP_USERNAME is added. ** certtool: Corrected two issues that affected certificate request generation. (1) Null padding is added on integers (found thanks to Wilankar Trupti), (2) In optional SignatureAlgorithm parameters field for DSA keys the DSA -parameters were added. Those were rejected by Verisign. Gnutls no longer adds -those parameters there since other implementations don't do either and having +parameters were added. Those were rejected by Verisign. Gnutls no longer adds +those parameters there since other implementations don't do either and having them does not seem to offer anything (anyway you need the signer's certificate to verify thus public key will be available). Found thanks to Boyan Kasarov. This however has the side-effect that public key IDs shown by certtool are @@ -3945,7 +3970,7 @@ with gnutls_sign_algorithm_get_requested() whether the certificate they send complies with the peer's preferences in signature algorithms. -** libgnutls: In server side when resuming a session do not overwrite the +** libgnutls: In server side when resuming a session do not overwrite the ** initial session data with the resumed session data. ** libgnutls: Added support for AES-128, AES-192 and AES-256 in PKCS #8 @@ -4188,7 +4213,7 @@ No changes since last version. * Version 2.8.5 (released 2009-11-02) -** libgnutls: In server side when resuming a session do not overwrite the +** libgnutls: In server side when resuming a session do not overwrite the ** initial session data with the resumed session data. ** libgnutls: Fix PKCS#12 encoding. @@ -4428,7 +4453,7 @@ The symbols are: _gnutls* gnutls_asn1_tab - + Normally when symbols are removed, the shared library version has to be incremented. This leads to a significant cost for everyone using the library. Because none of the above symbols have ever been @@ -4689,7 +4714,7 @@ Reported by Roman Bogorodskiy <novel@FreeBSD.org> in It is currently only used by the core library. This will enable a new domain 'gnutls' for translations of the command line tools. -** Corrected possible memory corruption on signature verification failure. +** Corrected possible memory corruption on signature verification failure. Reported by Miroslav Kratochvil <exa.exa@gmail.com> ** API and ABI modifications: @@ -4719,8 +4744,8 @@ information. This avoids code duplication. They can be used to override the default certificate chain validation behaviour. -** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to -specify the client hello message record version. Used to overcome buggy +** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to +specify the client hello message record version. Used to overcome buggy TLS servers. Report by Martin von Gagern. ** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode. @@ -5899,7 +5924,7 @@ The crash can be triggered remotely before authentication, which can lead to a Daniel of Service attack to disable the server. The bug cause gnutls to read memory beyond the end of the received record. -** libgnutlsxx: Updated API according to patches from Eduardo +** libgnutlsxx: Updated API according to patches from Eduardo Villanueva Che (discussion at <http://lists.gnu.org/archive/html/gnutls-devel/2007-02/msg00017.html>) @@ -6085,7 +6110,7 @@ gnutls_openpgp_crt_get_auth_subkey: MODIFIED ** Finish renaming of gnutls_certificate_export_x509_cas etc. They weren't renamed in the public header file. -** Added functions to register a cipher/mac/digest. This allows to +** Added functions to register a cipher/mac/digest. This allows to override the included ones. ** Fix a bunch of compiler warnings. @@ -6645,7 +6670,7 @@ No changes since last version. * Version 2.1.4 (released 2007-10-27) ** Added the --v1 option to certtool, to allow generating X.509 -version 1 certificates. +version 1 certificates. ** certtool: Add option --disable-quick-random to enable the old behaviour of using /dev/random to generate keys. @@ -6655,7 +6680,7 @@ of using /dev/random to generate keys. ** Added gnutls_set_default_priority2() which accepts a flag to indicate priorities preferences. -** Added gnutls_record_disable_padding() to allow servers talking to +** Added gnutls_record_disable_padding() to allow servers talking to buggy clients that complain if the TLS 1.0 record protocol padding is used. @@ -6803,7 +6828,7 @@ gnutls_oprfi_enable_server: ADD, new function. * Version 2.0.4 (released 2007-11-16) -** Corrected bug in decompression of expanded compression data. +** Corrected bug in decompression of expanded compression data. ** API and ABI modifications: No changes since last version. @@ -7950,13 +7975,13 @@ Protover SSL. Libtasn1 0.2.18 is now required, which contains the previous bug fix. The included libtasn1 version in GnuTLS has been updated. -** Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no -longer invalidate a session if the underlying send fails, but it will +** Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no +longer invalidate a session if the underlying send fails, but it will prevent future writes. That is to allow reading the already received data. Patches and bug reports by Yoann Vandoorselaere <yoann@prelude-ids.org> ** Corrected bugs in gnutls_certificate_set_x509_crl() and -gnutls_certificate_set_x509_trust(), that caused memory corruption if +gnutls_certificate_set_x509_trust(), that caused memory corruption if more than one certificates were added. Report and patch by Max Kellermann. ** Fix build problems of OpenCDK on AIX. @@ -8231,8 +8256,8 @@ Use size_t instead of int for output size parameter: - Corrected bugs in gnutls_certificate_set_x509_crl() and gnutls_certificate_set_x509_trust(), that caused memory corruption if more than one certificates were added. Report and patch by Max Kellermann. -- Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no - longer invalidate a session if the underlying send fails, but it will +- Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no + longer invalidate a session if the underlying send fails, but it will prevent future writes. That is to allow reading the already received data. Patches and bug reports by Yoann Vandoorselaere <yoann@prelude-ids.org> @@ -8348,7 +8373,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS <dalgoda@ix.netcom.com>. - Fixed off-by-one bug in the size parameter of gnutls_x509_crt_get*_dn, reported by Adam Langley <alangley@gmail.com>. -- Corrected some stuff in minilzo detection. Pointed out by +- Corrected some stuff in minilzo detection. Pointed out by Sergey Lipnevich. - MiniLZO updated to version 2.00. - gnutls_x509_crt_list_import now accept a DER formatted CRL. @@ -8411,7 +8436,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS <pierre42d@9online.fr>. - Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites. Reported by Yoann Vandoorselaere <yoann@prelude-ids.org>. -- If the library has been compiled with features disabled, a warning is +- If the library has been compiled with features disabled, a warning is issued during the compilation of any program. - API and ABI modifications: gnutls_x509_crt_list_import(): Add @@ -8423,7 +8448,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS * Version 1.2.0 (2005-01-27) - Added the definitions and OIDs for the RIPEMD-160 hash algorithm. -- Introduced gnutls_x509_crt_sign2(), gnutls_x509_crq_sign2() and +- Introduced gnutls_x509_crt_sign2(), gnutls_x509_crq_sign2() and gnutls_x509_crl_sign2(). - Fixed license header in source code files. @@ -8547,14 +8572,14 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS - Changed the makefiles to be more portable. - SRP ciphersuites were moved to the gnutls library. - Added some default limits in the verification of certificate - chains, to avoid denial of service attacks. Also added + chains, to avoid denial of service attacks. Also added gnutls_certificate_set_verify_limits() to override them. Issue pointed out by Patrik Hornik <patrik@hornik.sk>. - Added gnutls_certificate_verify_peers2(). * Version 1.1.11 (2004-07-16) - Added the '_t' suffix to all exported symbols. -- Fixed bug in RSA encryption, report and patch by Martijn Koster +- Fixed bug in RSA encryption, report and patch by Martijn Koster <mak@greenhills.co.uk>. - Corrected a bug in certificate verification. Pointed out by Yoann Vandoorselaere <yoann@prelude-ids.org> @@ -8562,7 +8587,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS verification functions. - The ephemeral DH and RSA parameters are no longer stored in the session resume DB. -- Do not free the SRP (prime and generator) parameters obtained from the +- Do not free the SRP (prime and generator) parameters obtained from the callback if they are the static ones defined in extra.h - Eliminated some memory leaks. Reported by Yoann Vandoorselaere. @@ -8608,14 +8633,14 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS - Optimized the copying of rsa_params. * Version 1.1.7 (2004-03-29) -- Added gnutls_certificate_set_params_function() and +- Added gnutls_certificate_set_params_function() and gnutls_anon_set_params_function() that set the RSA or DH parameters using a callback. - Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy() and gnutls_x509_privkey_cpy(). - Corrected a compilation issue when opencdk was installed in a non standard directory. -- Deprecated: gnutls_srp_server_set_select_function(), +- Deprecated: gnutls_srp_server_set_select_function(), gnutls_certificate_client_set_select_function(), gnutls_srp_server_set_select_function(). * Version 1.1.6 (2004-02-24) @@ -8727,19 +8752,19 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS compatibility with previous versions. - Changed the makefiles to be more portable. - Added some default limits in the verification of certificate - chains, to avoid denial of service attacks. Also added + chains, to avoid denial of service attacks. Also added gnutls_certificate_set_verify_limits() to override them. Issue pointed out by Patrik Hornik <patrik@hornik.sk>. - Added gnutls_certificate_verify_peers2(). * Version 1.0.16 (2004-07-10) -- Do not free the SRP (prime and generator) parameters obtained from the +- Do not free the SRP (prime and generator) parameters obtained from the callback if they are the static ones defined in extra.h. - Eliminated some memory leaks. Reported by Yoann Vandoorselaere. - Some fixes in the makefiles. * Version 1.0.15 (2004-06-29) -- Fixed bug in RSA encryption, report and patch by Martijn Koster +- Fixed bug in RSA encryption, report and patch by Martijn Koster <mak@greenhills.co.uk>. - Corrected a bug in certificate verification. Pointed out by Yoann Vandoorselaere <yoann@prelude-ids.org>. @@ -8783,7 +8808,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS - Corrected bug in SSL 3.0 authentication. * Version 1.0.9 (2004-03-29) -- Added gnutls_certificate_set_params_function() and +- Added gnutls_certificate_set_params_function() and gnutls_anon_set_params_function() that set the RSA or DH parameters using a callback. - Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy() @@ -8862,7 +8887,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS * Version 0.9.99 (2003-11-28) - Some fixes in the gnutls.h header for the gnutls_server_name_set() and gnutls_server_name_get() prototypes. -- Exported the gnutls_x509_privkey_sign_data(), gnutls_x509_privkey_verify_data() +- Exported the gnutls_x509_privkey_sign_data(), gnutls_x509_privkey_verify_data() and gnutls_x509_crt_verify_data(). - Some fixes in the openpgp authentication. - Removed the Twofish cipher. @@ -8901,7 +8926,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS * Version 0.9.94 (2003-10-30) - Added manpages for the included programs. -- Documented and improved the certtool utility. +- Documented and improved the certtool utility. - Added PKCS #12 support to certtool utility. * Version 0.9.93 (2003-10-26) @@ -8933,7 +8958,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS - The library can now decrypt PKCS #12 files encrypted with the RC2-40 cipher. - The missing rfc2818_hostname object is now included. -- Several corrections and bug fixes in the library by +- Several corrections and bug fixes in the library by Arne Thomassen <arne@arne-thomassen.de>. - CR is now allowed in the base64 decoder. @@ -8964,7 +8989,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS - Added functionality to generate PKCS #7 structures (with certificates). * Version 0.9.3 (2003-03-24) -- Support for MD2 was dropped. +- Support for MD2 was dropped. - Improved the error logging functions, by adding a level, and by allowing debugging messages just by increasing the level. - The diffie Hellman ciphersuites are now of higher priority than @@ -8973,18 +8998,18 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS - Implemented the counter measure discussed in the paper "Attacking RSA-based Sessions in SSL/TLS", against the attack described in the same paper. -- Added the functions: gnutls_handshake_get_last_in(), +- Added the functions: gnutls_handshake_get_last_in(), gnutls_handshake_get_last_out(). -- The gnutls_certificate_set_rsa_params() was renamed to +- The gnutls_certificate_set_rsa_params() was renamed to gnutls_certificate_set_rsa_export_params(). - Added the new functions: gnutls_certificate_set_x509_key() gnutls_certificate_set_x509_trust(), gnutls_certificate_set_x509_crl(), gnutls_x509_crt_export(), gnutls_x509_crl_export(). -- Added support for encoding and decoding PKCS #8 2.0 encrypted +- Added support for encoding and decoding PKCS #8 2.0 encrypted RSA private keys. * Version 0.9.2 (2003-03-15) -- Some corrections in the memory mapping code (file is unmapped after +- Some corrections in the memory mapping code (file is unmapped after it is read). - Added support for PKCS#10 certificate requests generation. @@ -9002,27 +9027,27 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS - Added an strnstr() function and the requirement in some functions to use null terminated PEM structures is no more. - Use mmap() if available to read files. -- Fixed a memory leak in SRP code reported by Rupert Kittinger +- Fixed a memory leak in SRP code reported by Rupert Kittinger <r.kittinger@efkon.com>. * Version 0.9.0 (2003-03-03) - This version is not binary compatible with the previous ones. -- The library notifies the application on empty and illegal SRP usernames, +- The library notifies the application on empty and illegal SRP usernames, so that proper notification (via an alert) is sent to the peer. - Added ability to send some messages back to the application using the gnutls_global_set_log_function(). -- gnutls_dh_params_generate() and gnutls_rsa_params_generate() now use +- gnutls_dh_params_generate() and gnutls_rsa_params_generate() now use gnutls_malloc() to allocate the output parameters. - Added support for MD2 algorithm in certificate signature verification. - The RSA and DH parameter generation interface was changed. Added - ability to import and export from and to PKCS3 structures. This + ability to import and export from and to PKCS3 structures. This was needed to read parameters generated using the openssl dhparam tool. -- Several changes in the temporary (DH/RSA) parameter codebase. No DH - parameters are now included in the library. Also the credentials structure +- Several changes in the temporary (DH/RSA) parameter codebase. No DH + parameters are now included in the library. Also the credentials structure can now hold only one temporary parameter of a kind. -- Added a new Certificate, CRL, Private key and PKCS7 structures handling +- Added a new Certificate, CRL, Private key and PKCS7 structures handling API, defined in gnutls/x509.h -- Added gnutls_certificate_set_verify_flags() function to allow setting the +- Added gnutls_certificate_set_verify_flags() function to allow setting the verification flags in the credentials structure. They will be used in the *verify_peers functions. - Added protection against the new TLS 1.0 record layer timing attack. @@ -9040,19 +9065,19 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS - Some fixes which now allow compilation. * Version 0.8.0 (2003-01-20) -- Added gnutls_x509_extract_dn_string() which returns a +- Added gnutls_x509_extract_dn_string() which returns a distinguished name in a single string. - Added gnutls_openpgp_extract_key_name_string() which returns an openpgp user ID in a single string. - Added gnutls_x509_extract_certificate_ca_status() which returns the CA status of the given certificate. - Added SRP-6 support. Follows draft-ietf-tls-srp-04. -- If libtasn1 is not present in the system, it is included in +- If libtasn1 is not present in the system, it is included in the main gnutls library. - If liblzo is present in the system, then the included minilzo will not be used, and libgnutls-extra will depend on liblzo. -- GNUTLS_E_PARSING_ERROR error code was replaced by GNUTLS_E_BASE64_DECODING_ERROR, - and GNUTLS_E_SRP_PWD_PARSING_ERROR. GNUTLS_E_ASCII_ARMOR_ERROR was also +- GNUTLS_E_PARSING_ERROR error code was replaced by GNUTLS_E_BASE64_DECODING_ERROR, + and GNUTLS_E_SRP_PWD_PARSING_ERROR. GNUTLS_E_ASCII_ARMOR_ERROR was also replaced by GNUTLS_E_BASE64_DECODING_ERROR. * Version 0.6.0 (2002-12-08) @@ -9082,7 +9107,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS these are binary compatible. * Version 0.5.11 (2002-11-05) -- Some fixes in 'gnutls-cli' client program to prevent some segmentation +- Some fixes in 'gnutls-cli' client program to prevent some segmentation faults at exit. - Example programs found in the documentation can now be generated by running "make examples" in doc/tex directory. @@ -9108,7 +9133,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS starttls implementations. - Added gnutls_x509_extract_key_pk_algorithm() function which extracts the private key type, of a DER encoded key. -- Added gnutls_x509_extract_certificate_dn_string() which returns the +- Added gnutls_x509_extract_certificate_dn_string() which returns the certificate's distinguished name in a single string. - Added gnutls_set_default_priority() and gnutls_set_default_export_priority() functions, to avoid calling all the *_priority() functions if the defaults @@ -9132,7 +9157,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS - Corrected bug in session resuming code in server side. * Version 0.5.6 (2002-09-06) -- Corrected bugs in SRP implementation, which prevented gnutls +- Corrected bugs in SRP implementation, which prevented gnutls to interoperate with other implementations. (interoperability testing was done by David Taylor) - Corrected bug in cert_type extension. @@ -9144,10 +9169,10 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS * Version 0.5.5 (2002-09-03) - Updated the SRP implementation to the latest draft. The blowfish crypt implementation was removed, since the new draft does not allow - other hash algorithms except for the srpsha. + other hash algorithms except for the srpsha. - Renamed all the constructed types in order to have more consistent - names. -- Improved the certificate and key read functions. Now they can read + names. +- Improved the certificate and key read functions. Now they can read the certificate and the private key from the same file. - Updated and corrected documentation. @@ -9177,7 +9202,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS <gnutls/gnutls.h> - Documentation fixes - Added gnutls_transport_set_ptr2() function, which accepts two - different pointers, to be used while receiving, and + different pointers, to be used while receiving, and while sending data. - Semantic changes in gnutls_record_set_max_size(). The requested size is now immediately enforced at the output buffers. @@ -9259,15 +9284,15 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS - Corrections in session resumption - Rehandshake can now handle negotiation of different authentication type. -- gnutls-cli, gnutls-serv, gnutls-srpcrypt and gnutls-cli-debug are +- gnutls-cli, gnutls-serv, gnutls-srpcrypt and gnutls-cli-debug are now being installed. * Version 0.3.90 (2002-02-24) -- Handshake messages are not kept in memory any more. Now we use +- Handshake messages are not kept in memory any more. Now we use less memory during a handshake - Added support for certificates with DSA parameters - Added DHE_DSS cipher suites -- Key exchange methods changed so they do not depend on the +- Key exchange methods changed so they do not depend on the certificate type. Added certificate type negotiation TLS extension. - Added openpgp key support (EXPERIMENTAL) - Improved Diffie Hellman key exchange support. @@ -9276,7 +9301,7 @@ LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS - TLS extensions now use a 16 bit type field. - Added a minimal string library to assist in ASN.1 parsing - Changes in ASN.1 parser to work with the new bison -- Added gnutls_x509_extract_subject_alt_name(), which deprecates +- Added gnutls_x509_extract_subject_alt_name(), which deprecates gnutls_x509_extract_subject_dns_name() - gnutls_x509_set_trust_(file/mem) can now be called multiple times - gnutls_srp_server_set_cred_file() can now be called multiple times diff --git a/bootstrap.conf b/bootstrap.conf index b816118114..672c4b1ba3 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -23,6 +23,8 @@ gnulib_tool_option_extras="--with-tests --avoid=alignof-tests --avoid=lock-tests use_libtool=1 checkout_only_file= local_gl_dir=gl/override/ +required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/tlsfuzzer tests/suite/tls-fuzzer/tlslite-ng" + # Reproduce by: gnulib-tool --import --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2 --no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca byteswap c-ctype extensions func gendocs getline gettext-h gettimeofday hash-pjw-bare havelib intprops lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv snprintf stdint strcase strndup strtok_r strverscmp sys_socket sys_stat time_r unistd vasprintf vsnprintf warnings @@ -67,7 +69,10 @@ git_options= if test -n "$SUBMODULE_NOFETCH"; then git_options="--no-fetch" fi -git submodule update --init $git_options + +for mod in $required_submodules;do + git submodule update --init $git_options $mod +done bootstrap_post_import_hook () { @@ -41,7 +41,7 @@ local-checks-to-skip = sc_GPL_version sc_bindtextdomain \ sc_unmarked_diagnostics sc_useless_cpp_parens \ sc_two_space_separator_in_usage -VC_LIST_ALWAYS_EXCLUDE_REGEX = ^maint.mk|gtk-doc.make|m4/pkg|doc/fdl-1.3.texi|src/.*\.bak|src/crywrap/|(devel/perlasm/|lib/accelerated/x86/|build-aux/|gl/|src/libopts/|tests/suite/ecore/|doc/protocol/).*$$ +VC_LIST_ALWAYS_EXCLUDE_REGEX = ^maint.mk|gtk-doc.make|m4/pkg|doc/fdl-1.3.texi|src/crywrap/|(devel/perlasm/|lib/accelerated/x86/|build-aux/|gl/|src/libopts/|tests/suite/ecore/|doc/protocol/).*$$ update-copyright-env = UPDATE_COPYRIGHT_USE_INTERVALS=1 # Explicit syntax-check exceptions. diff --git a/configure.ac b/configure.ac index 168d098138..2530a805c2 100644 --- a/configure.ac +++ b/configure.ac @@ -21,7 +21,7 @@ dnl Process this file with autoconf to produce a configure script. # USA AC_PREREQ(2.61) -AC_INIT([GnuTLS], [3.6.4], [bugs@gnutls.org]) +AC_INIT([GnuTLS], [3.6.5], [bugs@gnutls.org]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIRS([m4 src/gl/m4 src/libopts/m4 lib/unistring/m4]) AC_CANONICAL_HOST @@ -60,6 +60,11 @@ fi AX_CODE_COVERAGE AM_MAINTAINER_MODE([enable]) +AC_ARG_ENABLE(bash-tests, + AS_HELP_STRING([--disable-bash-tests], [skip some tests that badly need bash]), + enable_bash_tests=$enableval, enable_bash_tests=yes) +AM_CONDITIONAL(DISABLE_BASH_TESTS, test "$enable_bash_tests" != "yes") + AC_ARG_ENABLE(doc, AS_HELP_STRING([--disable-doc], [don't generate any documentation]), enable_doc=$enableval, enable_doc=yes) @@ -110,6 +115,7 @@ case "$host" in ;; *mingw32* | *mingw64*) have_win=yes + AC_DEFINE([_UNICODE], [1], [Defined to 1 for Unicode (wide chars) APIs]) ;; *darwin*) have_macosx=yes @@ -287,7 +293,7 @@ AC_C_BIGENDIAN dnl No fork on MinGW, disable some self-tests until we fix them. dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs) -AC_CHECK_FUNCS([fork setitimer inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid localtime vasprintf mmap explicit_bzero],,) +AC_CHECK_FUNCS([fork setitimer inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid localtime mmap explicit_bzero],,) dnl Manually check some functions by including headers first. On macOS, you dnl normally only have the latest SDK available, containing all existing dnl functions, but having them restricted according to target version in @@ -305,28 +311,6 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <stdio.h>], [fmemopen(0, 0, 0);])], [AC_MSG_RESULT(yes); ac_cv_func_fmemopen=yes AC_DEFINE([HAVE_FMEMOPEN], 1, [Define to 1 if you have the `fmemopen' function.])], [AC_MSG_RESULT(no); ac_cv_func_fmemopen=no]) -if test "$ac_cv_func_vasprintf" != "yes";then - AC_MSG_CHECKING([for va_copy]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([ - #include <stdarg.h> - va_list a;],[ - va_list b; - va_copy(b,a); - va_end(b);])], - [AC_DEFINE([HAVE_VA_COPY], 1, [Have va_copy()]) - AC_MSG_RESULT(va_copy)], - [AC_LINK_IFELSE([AC_LANG_PROGRAM([ - #include <stdarg.h> - va_list a;],[ - va_list b; - __va_copy(b,a); - va_end(b);])], - [AC_DEFINE([HAVE___VA_COPY], 1, [Have __va_copy()]) - AC_MSG_RESULT(__va_copy)], - [AC_MSG_RESULT(no) - AC_MSG_ERROR([Your system lacks vasprintf() and va_copy()])]) - ]) -fi AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no") @@ -553,6 +537,15 @@ if test "$enable_non_suiteb" = "yes";then fi AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes") +# We MUST require a Nettle version that has rsa_sec_decrypt now. +save_LIBS=$LIBS +LIBS="$LIBS $HOGWEED_LIBS" +AC_CHECK_FUNCS(nettle_rsa_sec_decrypt, + [], + [AC_MSG_ERROR([Nettle lacks the required rsa_sec_decrypt function])] +) +LIBS=$save_LIBS + # Check if nettle has CFB8 support save_LIBS=$LIBS LIBS="$LIBS $NETTLE_LIBS" @@ -715,9 +708,11 @@ AM_MISSING_PROG([AUTOGEN], [autogen]) included_libopts=no if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then - AC_CHECK_PROGS([autogen], [autogen]) - - if test -z "$autogen"; then + AC_MSG_CHECKING([whether autogen is recent enough]) + if $PKG_CONFIG --atleast-version=41.1.16 autoopts 2>&1 >/dev/null; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) AC_MSG_WARN([[ *** *** autogen not found. Will not link against system libopts. @@ -989,7 +984,6 @@ AC_CONFIG_FILES([ lib/unistring/Makefile po/Makefile.in src/Makefile - src/args-std.def src/gl/Makefile tests/Makefile tests/windows/Makefile diff --git a/doc/Makefile.am b/doc/Makefile.am index e6d5e14c6e..59b3e67e5b 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -763,6 +763,10 @@ FUNCS += functions/gnutls_certificate_set_params_function FUNCS += functions/gnutls_certificate_set_params_function.short FUNCS += functions/gnutls_certificate_set_pin_function FUNCS += functions/gnutls_certificate_set_pin_function.short +FUNCS += functions/gnutls_certificate_set_rawpk_key_file +FUNCS += functions/gnutls_certificate_set_rawpk_key_file.short +FUNCS += functions/gnutls_certificate_set_rawpk_key_mem +FUNCS += functions/gnutls_certificate_set_rawpk_key_mem.short FUNCS += functions/gnutls_certificate_set_retrieve_function FUNCS += functions/gnutls_certificate_set_retrieve_function.short FUNCS += functions/gnutls_certificate_set_retrieve_function2 @@ -1265,6 +1269,10 @@ FUNCS += functions/gnutls_pcert_import_openpgp FUNCS += functions/gnutls_pcert_import_openpgp.short FUNCS += functions/gnutls_pcert_import_openpgp_raw FUNCS += functions/gnutls_pcert_import_openpgp_raw.short +FUNCS += functions/gnutls_pcert_import_rawpk +FUNCS += functions/gnutls_pcert_import_rawpk.short +FUNCS += functions/gnutls_pcert_import_rawpk_raw +FUNCS += functions/gnutls_pcert_import_rawpk_raw.short FUNCS += functions/gnutls_pcert_import_x509 FUNCS += functions/gnutls_pcert_import_x509.short FUNCS += functions/gnutls_pcert_import_x509_list @@ -1579,6 +1587,8 @@ FUNCS += functions/gnutls_priority_string_list FUNCS += functions/gnutls_priority_string_list.short FUNCS += functions/gnutls_privkey_decrypt_data FUNCS += functions/gnutls_privkey_decrypt_data.short +FUNCS += functions/gnutls_privkey_decrypt_data2 +FUNCS += functions/gnutls_privkey_decrypt_data2.short FUNCS += functions/gnutls_privkey_deinit FUNCS += functions/gnutls_privkey_deinit.short FUNCS += functions/gnutls_privkey_export_dsa_raw diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi index 0a9da1c9f8..8695415a9a 100644 --- a/doc/cha-cert-auth.texi +++ b/doc/cha-cert-auth.texi @@ -53,6 +53,7 @@ to use this key exchange algorithm. @menu * X.509 certificates:: * OpenPGP certificates:: +* Raw public-keys:: * Advanced certificate verification:: * Digital signatures:: @end menu @@ -478,6 +479,37 @@ use-cases, is a distraction that consumes considerable resources for improving and testing the library. For that we have decided to drop this functionality completely in 3.6.0. +@node Raw public-keys +@subsection Raw public-keys +@cindex Raw public-keys + +There are situations in which a rather large certificate / certificate chain is undesirable or impractical. +An example could be a resource contrained sensor network in which you do want to use authentication of and +encryption between your devices but where your devices lack loads of memory or processing power. Furthermore, +there are situations in which you don't want to or can't rely on a PKIX. TLS is, next to a PKIX environment, +also commonly used with self-signed certificates in smaller deployments where the self-signed certificates +are distributed to all involved protocol endpoints out-of-band. This practice does, however, still require +the overhead of the certificate generation even though none of the information found in the certificate is +actually used. + +With raw public-keys, only a subset of the information found in typical certificates is utilized: namely, +the SubjectPublicKeyInfo structure (in ASN.1 format) of a PKIX certificate that carries the parameters +necessary to describe the public-key. Other parameters found in PKIX certificates are omitted. By omitting +various certificate-related structures, the resulting raw public-key is kept fairly small in comparison to +the original certificate, and the code to process the keys can be simpler. + +It should be noted however, that the authenticity of these raw keys must be verified by an out-of-band mechanism +or something like @acronym{TOFU}. + +@menu +* Importing raw public-keys:: +@end menu + +@node Importing raw public-keys +@subsubsection Importing raw public-keys +Raw public-keys and their private counterparts can best be handled by using the abstract types +@code{gnutls_pubkey_t} and @code{gnutls_privkey_t} respectively. To learn how to use these +see @ref{Abstract key types}. @node Advanced certificate verification @subsection Advanced certificate verification diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 5d72707dfa..028d1ab778 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -476,6 +476,7 @@ current session using @funcref{gnutls_credentials_set}. @menu * Certificate credentials:: +* Raw public-key credentials:: * SRP credentials:: * PSK credentials:: * Anonymous credentials:: @@ -492,7 +493,7 @@ with the credential types is shown in @ref{tab:key-exchange-cred}. @headitem Authentication method @tab Key exchange @tab Client credentials @tab Server credentials -@item Certificate +@item Certificate and Raw public-key @tab @code{KX_RSA}, @code{KX_DHE_RSA}, @code{KX_DHE_DSS}, @@ -537,6 +538,10 @@ a pair, but a server could require it. In this section we discuss general issues applying to both client and server certificates. The next section will elaborate on issues arising from client authentication only. +In order to use certificate credentials one must first initialize a credentials +structure of type @code{gnutls_certificate_credentials_t}. After use this structure must +be freed. This can be done with the following functions. + @showfuncB{gnutls_certificate_allocate_credentials,gnutls_certificate_free_credentials} After the credentials structures are initialized, the certificate @@ -578,7 +583,7 @@ In that case a certificate should be selected according the peer's signature algorithm preferences. To get those preferences use @funcref{gnutls_sign_algorithm_get_requested}. Both functions are shown below. -@showfuncC{gnutls_certificate_set_retrieve_function,gnutls_certificate_set_retrieve_function2,gnutls_sign_algorithm_get_requested} +@showfuncD{gnutls_certificate_set_retrieve_function,gnutls_certificate_set_retrieve_function2,gnutls_certificate_set_retrieve_function3,gnutls_sign_algorithm_get_requested} The functions above do not handle the requested server name automatically. A server would need to check the name requested by the client @@ -613,8 +618,8 @@ available in certificate authentication. @subsubheading Client certificate authentication If a certificate is to be requested from the client during the handshake, the server -will send a certificate request message. This behavior is controlled @funcref{gnutls_certificate_server_set_request}. -The request contains a list of the acceptable by the server certificate signers. This list +will send a certificate request message. This behavior is controlled by @funcref{gnutls_certificate_server_set_request}. +The request contains a list of the by the server accepted certificate signers. This list is constructed using the trusted certificate authorities of the server. In cases where the server supports a large number of certificate authorities it makes sense not to advertise all of the names to save bandwidth. That can @@ -640,6 +645,7 @@ using the @code{GNUTLS_FORCE_CLIENT_CERT} flag in @funcref{gnutls_init}. @showfuncC{gnutls_certificate_set_x509_key_file,gnutls_certificate_set_x509_simple_pkcs12_file,gnutls_certificate_set_retrieve_function2} + @subsubheading Client or server certificate verification Certificate verification is possible by loading the trusted @@ -671,6 +677,22 @@ can be printed using @funcref{gnutls_certificate_verification_status_print}. @showfuncB{gnutls_certificate_verify_peers3,gnutls_certificate_set_verify_function} +Note that when using raw public-keys verification will not work because there is no corresponding +certificate body belonging to the raw key that can be verified. In that case the @funcref{gnutls_certificate_verify_peers} +family of functions will return a GNUTLS_E_INVALID_REQUEST error code. For authenticating raw public-keys +one must use an out-of-band mechanism, e.g. by comparing hashes or using trust on first use +(see @ref{Verifying a certificate using trust on first use authentication}). + + +@node Raw public-key credentials +@subsection Raw public-keys +As of version 3.6.6 GnuTLS supports @ref{Raw public-keys}. With raw public-keys only the +public-key part (that is normally embedded in a certificate) is transmitted to the peer. +In order to load a raw public-key and its corresponding private key in a credentials +structure one can use the following functions. + +@showfuncC{gnutls_certificate_set_key,gnutls_certificate_set_rawpk_key_mem,gnutls_certificate_set_rawpk_key_file} + @node SRP credentials @subsection SRP @@ -1438,16 +1460,16 @@ that the CURVE keyword is kept for backwards compatibility only, for new applications see the GROUP keyword above. @item Certificate types @tab -Certificate type negotitation must be explicitly enabled via the -GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init(). Certificate types can be given in a symmetric fashion (i.e. the same for both client and server) or, as of GnuTLS 3.6.4, in an asymmetric fashion -(i.e. different for the client than for the server). - -Currently supported types are: -CTYPE-X509 or CTYPE-X.509. Catch all is CTYPE-ALL. -CTYPE-CLI-X509 or CTYPE-CLI-X.509, CTYPE-SRV-X509 or CTYPE-SRV-X.509. -Catch all is CTYPE-CLI-ALL and CTYPE-SRV-ALL. +(i.e. different for the client than for the server). Alternative certificate +types must be explicitly enabled via flags in @funcref{gnutls_init}. + +The currently supported types are CTYPE-X509, CTYPE-RAWPK which apply both to +client and server; catch all is CTYPE-ALL. The types CTYPE-CLI-X509, CTYPE-SRV-X509, +CTYPE-CLI-RAWPK, CTYPE-SRV-RAWPK can be used to specialize on client or server; +catch all is CTYPE-CLI-ALL and CTYPE-SRV-ALL. The type 'X509' is aliased to 'X.509' +for legacy reasons. @end multitable @caption{The supported algorithm keywords in priority strings.} diff --git a/doc/cha-gtls-examples.texi b/doc/cha-gtls-examples.texi index bb8bca3004..8a8675e02a 100644 --- a/doc/cha-gtls-examples.texi +++ b/doc/cha-gtls-examples.texi @@ -137,9 +137,11 @@ This section has various, more advanced topics in client and servers. * Using a callback to select the certificate to use:: * Obtaining session information:: * Advanced certificate verification example:: +* Client example with PSK authentication:: * Client example with SRP authentication:: * Legacy client example with X.509 certificate support:: * Client example in C++:: +* Echo server with PSK authentication:: * Echo server with SRP authentication:: * Echo server with anonymous authentication:: * Helper functions for TCP connections:: @@ -195,6 +197,17 @@ and CRLs. @verbatiminclude examples/ex-verify.c + +@node Client example with PSK authentication +@subsection Client example with @acronym{PSK} authentication + +The following client is a very simple @acronym{PSK} @acronym{TLS} +client which connects to a server and authenticates using a +@emph{username} and a @emph{key}. + +@verbatiminclude examples/ex-client-psk.c + + @node Client example with SRP authentication @subsection Client example with @acronym{SRP} authentication @@ -225,6 +238,14 @@ the GnuTLS C++ API. @verbatiminclude examples/ex-cxx.cpp +@node Echo server with PSK authentication +@subsection Echo server with @acronym{PSK} authentication + +This is a server which supports @acronym{PSK} authentication. + +@verbatiminclude examples/ex-serv-psk.c + + @node Echo server with SRP authentication @subsection Echo server with @acronym{SRP} authentication diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi index d984afcc4d..529829bf29 100644 --- a/doc/cha-tokens.texi +++ b/doc/cha-tokens.texi @@ -80,8 +80,12 @@ gnutls_privkey_t abs_key; @node Abstract public keys @subsection Public keys -An abstract @code{gnutls_pubkey_t} can be initialized -using the functions below. It can be imported through +An abstract @code{gnutls_pubkey_t} can be initialized and freed by +using the functions below. + +@showfuncB{gnutls_pubkey_init,gnutls_pubkey_deinit} + +After initialization its values can be imported from an existing structure like @code{gnutls_x509_crt_t}, or through an ASN.1 encoding of the X.509 @code{SubjectPublicKeyInfo} sequence. @@ -120,8 +124,12 @@ To export the key-specific parameters, or obtain a unique key ID the following f @node Abstract private keys @subsection Private keys -An abstract @code{gnutls_privkey_t} can be initialized -using the functions below. It can be imported through +An abstract @code{gnutls_privkey_t} can be initialized and freed by +using the functions below. + +@showfuncB{gnutls_privkey_init,gnutls_privkey_deinit} + +After initialization its values can be imported from an existing structure like @code{gnutls_x509_privkey_t}, but unlike public keys it cannot be exported. That is to allow abstraction over keys stored in hardware that diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am index 3bac791f3e..2ef5b5bcee 100644 --- a/doc/manpages/Makefile.am +++ b/doc/manpages/Makefile.am @@ -183,6 +183,8 @@ APIMANS += gnutls_certificate_set_ocsp_status_request_function2.3 APIMANS += gnutls_certificate_set_ocsp_status_request_mem.3 APIMANS += gnutls_certificate_set_params_function.3 APIMANS += gnutls_certificate_set_pin_function.3 +APIMANS += gnutls_certificate_set_rawpk_key_file.3 +APIMANS += gnutls_certificate_set_rawpk_key_mem.3 APIMANS += gnutls_certificate_set_retrieve_function.3 APIMANS += gnutls_certificate_set_retrieve_function2.3 APIMANS += gnutls_certificate_set_retrieve_function3.3 @@ -434,6 +436,8 @@ APIMANS += gnutls_pcert_export_openpgp.3 APIMANS += gnutls_pcert_export_x509.3 APIMANS += gnutls_pcert_import_openpgp.3 APIMANS += gnutls_pcert_import_openpgp_raw.3 +APIMANS += gnutls_pcert_import_rawpk.3 +APIMANS += gnutls_pcert_import_rawpk_raw.3 APIMANS += gnutls_pcert_import_x509.3 APIMANS += gnutls_pcert_import_x509_list.3 APIMANS += gnutls_pcert_import_x509_raw.3 @@ -591,6 +595,7 @@ APIMANS += gnutls_priority_set_direct.3 APIMANS += gnutls_priority_sign_list.3 APIMANS += gnutls_priority_string_list.3 APIMANS += gnutls_privkey_decrypt_data.3 +APIMANS += gnutls_privkey_decrypt_data2.3 APIMANS += gnutls_privkey_deinit.3 APIMANS += gnutls_privkey_export_dsa_raw.3 APIMANS += gnutls_privkey_export_dsa_raw2.3 diff --git a/lib/Makefile.am b/lib/Makefile.am index 32a8511b33..5c0eac680c 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -72,7 +72,7 @@ COBJECTS = range.c record.c compress.c debug.c cipher.c gthreads.h handshake-tls pk.c cert-cred.c global.c constate.c anon_cred.c pkix_asn1_tab.c gnutls_asn1_tab.c \ mem.c fingerprint.c tls-sig.c ecc.c alert.c privkey_raw.c atomic.h \ system/certs.c system/threads.c system/fastopen.c system/sockets.c \ - system/inet_ntop.c str-iconv.c system/vasprintf.c vasprintf.h system.c \ + system/inet_ntop.c str-iconv.c system.c \ str.c str-unicode.c str-idna.c state.c cert-cred-x509.c file.c supplemental.c \ random.c crypto-api.c crypto-api.h privkey.c pcert.c pubkey.c locks.c dtls.c \ system_override.c crypto-backend.c verify-tofu.c pin.c tpm.c fips.c \ @@ -80,7 +80,7 @@ COBJECTS = range.c record.c compress.c debug.c cipher.c gthreads.h handshake-tls system-keys.h urls.c urls.h prf.c auto-verify.c dh-session.c \ cert-session.c handshake-checks.c dtls-sw.c dh-primes.c openpgp_compat.c \ crypto-selftests.c crypto-selftests-pk.c secrets.c extv.c extv.h \ - hello_ext_lib.c hello_ext_lib.h ocsp-api.c stek.c + hello_ext_lib.c hello_ext_lib.h ocsp-api.c stek.c cert-cred-rawpk.c if WINDOWS COBJECTS += system/keys-win.c @@ -124,7 +124,7 @@ HFILES = abstract_int.h debug.h cipher.h \ srp.h auth/srp_kx.h auth/srp_passwd.h \ file.h supplemental.h crypto.h random.h system.h\ locks.h mbuffers.h ecc.h pin.h fips.h \ - priority_options.h secrets.h stek.h + priority_options.h secrets.h stek.h cert-cred.h if ENABLE_PKCS11 HFILES += pkcs11_int.h pkcs11x.h @@ -216,7 +216,7 @@ libgnutlsxx_la_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_builddir)/includes -I AM_CXXFLAGS = \ -I$(srcdir)/includes \ - -I$(builddir)/includes + -I$(builddir)/includes lib_LTLIBRARIES += libgnutlsxx.la diff --git a/lib/abstract_int.h b/lib/abstract_int.h index 5eaf6e9460..d920486597 100644 --- a/lib/abstract_int.h +++ b/lib/abstract_int.h @@ -39,6 +39,7 @@ struct gnutls_privkey_st { gnutls_privkey_sign_data_func sign_data_func; gnutls_privkey_sign_hash_func sign_hash_func; gnutls_privkey_decrypt_func decrypt_func; + gnutls_privkey_decrypt_func2 decrypt_func2; gnutls_privkey_deinit_func deinit_func; gnutls_privkey_info_func info_func; void *userdata; diff --git a/lib/algorithms/cert_types.c b/lib/algorithms/cert_types.c index 6ae4b7e160..9671e508d9 100644 --- a/lib/algorithms/cert_types.c +++ b/lib/algorithms/cert_types.c @@ -64,8 +64,7 @@ gnutls_certificate_type_t gnutls_certificate_type_get_id(const char *name) if (c_strcasecmp(name, "X.509") == 0 || c_strcasecmp(name, "X509") == 0) return GNUTLS_CRT_X509; - if (c_strcasecmp(name, "RAWPK") == 0 - || c_strcasecmp(name, "RAWPUBKEY") == 0) + if (c_strcasecmp(name, "RAWPK") == 0) return GNUTLS_CRT_RAWPK; return ret; @@ -73,6 +72,7 @@ gnutls_certificate_type_t gnutls_certificate_type_get_id(const char *name) static const gnutls_certificate_type_t supported_certificate_types[] = { GNUTLS_CRT_X509, + GNUTLS_CRT_RAWPK, 0 }; diff --git a/lib/auth/cert.c b/lib/auth/cert.c index 574514649c..b6bd3bf91e 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -60,7 +60,7 @@ selected_certs_set(gnutls_session_t session, typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64 } CertificateSigType; -/* Moves data from a internal certificate struct (gnutls_pcert_st) to +/* Moves data from an internal certificate struct (gnutls_pcert_st) to * another internal certificate struct (cert_auth_info_t), and deinitializes * the former. */ @@ -188,9 +188,14 @@ find_x509_client_cert(gnutls_session_t session, * then send that one. */ if (cred->ncerts == 1 && - (data_size == 0 || (session->internals.flags & GNUTLS_FORCE_CLIENT_CERT))) { + (data_size == 0 + || (session->internals.flags & GNUTLS_FORCE_CLIENT_CERT))) { + if (cred->certs[0].cert_list[0].type == GNUTLS_CRT_X509) { + /* This check is necessary to prevent sending other certificate + * credentials that are set (e.g. raw public-key). */ *indx = 0; return 0; + } } do { @@ -250,6 +255,47 @@ find_x509_client_cert(gnutls_session_t session, } + +/* Locates the first raw public-key. + * Currently it only makes sense to associate one raw pubkey per session. + * Associating more raw pubkeys with a session has no use because we + * don't know how to select the correct one. + */ +static int +find_rawpk_client_cert(gnutls_session_t session, + const gnutls_certificate_credentials_t cred, + const gnutls_pk_algorithm_t* pk_algos, + int pk_algos_length, int* indx) +{ + unsigned i; + gnutls_pk_algorithm_t pk; + + *indx = -1; + + for (i = 0; i < cred->ncerts; i++) { + /* We know that our list length will be 1, therefore we can + * ignore the rest. + */ + if (cred->certs[i].cert_list_length == 1) { + pk = gnutls_pubkey_get_pk_algorithm(cred->certs[i]. + cert_list[0].pubkey, NULL); + + /* Check whether the public-key algorithm of our credential is in + * the list with supported public-key algorithms and whether the + * cert type matches. */ + if ((check_pk_algo_in_list(pk_algos, pk_algos_length, pk) == 0) + && (cred->certs[i].cert_list[0].type == GNUTLS_CRT_RAWPK)) { + // We found a compatible credential + *indx = i; + break; + } + } + } + + return 0; +} + + /* Returns the number of issuers in the server's * certificate request packet. */ @@ -308,7 +354,7 @@ get_issuers(gnutls_session_t session, int i; unsigned size; - if (gnutls_certificate_type_get2(session, GNUTLS_CTYPE_CLIENT) != GNUTLS_CRT_X509) + if (get_certificate_type(session, GNUTLS_CTYPE_CLIENT) != GNUTLS_CRT_X509) return 0; /* put the requested DNs to req_dn, only in case @@ -363,19 +409,10 @@ call_get_cert_callback(gnutls_session_t session, return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - /* Correctly set the certificate type depending on whether we - * have explicitly negotiated certificate types (RFC7250). - */ - if (_gnutls_has_negotiate_ctypes(session)) { - if (IS_SERVER(session)) { - type = gnutls_certificate_type_get2(session, GNUTLS_CTYPE_SERVER); - } else { // Client mode - type = gnutls_certificate_type_get2(session, GNUTLS_CTYPE_CLIENT); - } - } else { - type = DEFAULT_CERT_TYPE; - } + /* Correctly set the certificate type for ourselves */ + type = get_certificate_type(session, GNUTLS_CTYPE_OURS); + /* Check whether a callback is set and call it */ if (cred->get_cert_callback3) { struct gnutls_cert_retr_st info; unsigned int flags = 0; @@ -411,8 +448,7 @@ call_get_cert_callback(gnutls_session_t session, return 0; } else { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); } } @@ -435,6 +471,7 @@ _gnutls_select_client_cert(gnutls_session_t session, ssize_t data_size = _data_size; int issuers_dn_length; gnutls_datum_t *issuers_dn = NULL; + gnutls_certificate_type_t cert_type; cred = (gnutls_certificate_credentials_t) _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); @@ -443,11 +480,13 @@ _gnutls_select_client_cert(gnutls_session_t session, return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } + cert_type = get_certificate_type(session, GNUTLS_CTYPE_CLIENT); + if (cred->get_cert_callback3 != NULL) { /* use a callback to get certificate */ - if (session->security_parameters.client_ctype == GNUTLS_CRT_X509) { + if (cert_type == GNUTLS_CRT_X509) { issuers_dn_length = get_issuers_num(session, data, data_size); if (issuers_dn_length < 0) { @@ -486,16 +525,23 @@ _gnutls_select_client_cert(gnutls_session_t session, } else { /* If we have no callbacks, try to guess. */ - if (session->security_parameters.client_ctype == GNUTLS_CRT_X509) { - result = - find_x509_client_cert(session, cred, _data, _data_size, - pk_algos, pk_algos_length, &indx); - } else { - result = GNUTLS_E_UNIMPLEMENTED_FEATURE; + switch (cert_type) { + case GNUTLS_CRT_X509: + result = find_x509_client_cert(session, cred, _data, + _data_size, pk_algos, + pk_algos_length, &indx); + break; + case GNUTLS_CRT_RAWPK: + result = find_rawpk_client_cert(session, cred, + pk_algos, pk_algos_length, &indx); + break; + default: + result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; + break; } + if (result < 0) { - gnutls_assert(); - return result; + return gnutls_assert_val(result); } if (indx >= 0) { @@ -575,27 +621,83 @@ static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data) return data->length - init_pos; } + +/* Generates a Raw Public Key certificate message that holds only the + * SubjectPublicKeyInfo part of a regular certificate message. + * + * Returns the number of bytes sent or a negative error code. + */ +int +_gnutls_gen_rawpk_crt(gnutls_session_t session, gnutls_buffer_st* data) +{ + int ret; + gnutls_pcert_st *apr_cert_list; + gnutls_privkey_t apr_pkey; + int apr_cert_list_length; + + if((ret = _gnutls_get_selected_cert(session, &apr_cert_list, + &apr_cert_list_length, &apr_pkey)) < 0) { + return gnutls_assert_val(ret); + } + + /* Since we are transmitting a raw public key with no additional + * certificate credentials attached to it, it doesn't make sense to + * have more than one certificate set (i.e. to have a certificate chain). + * This is enforced by the API so having a value other than 1 should + * be an impossible situation. + */ + assert(apr_cert_list_length == 1); + + /* Write our certificate containing only the SubjectPublicKeyInfo to + * the output buffer. We always have exactly one certificate that + * contains our raw public key. Our message looks like: + * <length++certificate> where + * length = 3 bytes and + * certificate = length bytes. + */ + ret = _gnutls_buffer_append_data_prefix(data, 24, + apr_cert_list[0].cert.data, + apr_cert_list[0].cert.size); + + if (ret < 0) return gnutls_assert_val(ret); + + return data->length; +} + + int _gnutls_gen_cert_client_crt(gnutls_session_t session, gnutls_buffer_st * data) { - switch (session->security_parameters.client_ctype) { - case GNUTLS_CRT_X509: - return gen_x509_crt(session, data); - default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + gnutls_certificate_type_t cert_type; + + // Retrieve the (negotiated) certificate type for the client + cert_type = get_certificate_type(session, GNUTLS_CTYPE_CLIENT); + + switch (cert_type) { + case GNUTLS_CRT_X509: + return gen_x509_crt(session, data); + case GNUTLS_CRT_RAWPK: + return _gnutls_gen_rawpk_crt(session, data); + default: + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); } } int _gnutls_gen_cert_server_crt(gnutls_session_t session, gnutls_buffer_st * data) { - switch (session->security_parameters.server_ctype) { - case GNUTLS_CRT_X509: - return gen_x509_crt(session, data); - default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + gnutls_certificate_type_t cert_type; + + // Retrieve the (negotiated) certificate type for the server + cert_type = get_certificate_type(session, GNUTLS_CTYPE_SERVER); + + switch (cert_type) { + case GNUTLS_CRT_X509: + return gen_x509_crt(session, data); + case GNUTLS_CRT_RAWPK: + return _gnutls_gen_rawpk_crt(session, data); + default: + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); } } @@ -765,6 +867,99 @@ _gnutls_proc_x509_crt(gnutls_session_t session, } + +int _gnutls_proc_rawpk_crt(gnutls_session_t session, + uint8_t * data, size_t data_size) +{ + int cert_size, ret; + cert_auth_info_t info; + gnutls_pcert_st* peer_certificate; + gnutls_datum_t tmp_cert; + + uint8_t *p = data; + ssize_t dsize = data_size; + + /* We assume data != null and data_size > 0 because + * the caller checks this for us. */ + + /* Read the length of our certificate. We always have exactly + * one certificate that contains our raw public key. Our message + * looks like: + * <length++certificate> where + * length = 3 bytes and + * certificate = length bytes. + */ + DECR_LEN(dsize, 3); + cert_size = _gnutls_read_uint24(p); + p += 3; + + /* Ensure no discrepancy in data */ + if (cert_size != dsize) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + + + if (cert_size == 0) { + // No certificate was sent. This is not OK. + return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND); + } + + DECR_LEN_FINAL(dsize, cert_size); + + /* We are now going to read our certificate and store it into + * the authentication info structure. + */ + tmp_cert.size = cert_size; + tmp_cert.data = p; + + peer_certificate = gnutls_calloc(1, sizeof(*peer_certificate)); + if (peer_certificate == NULL) { + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + } + + // Import our raw certificate holding only a raw public key into this pcert + ret = gnutls_pcert_import_rawpk_raw(peer_certificate, &tmp_cert, GNUTLS_X509_FMT_DER, 0, 0); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + // Check whether the PK algo is compatible with the negotiated KX + ret = check_pk_compat(session, peer_certificate->pubkey); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, + sizeof(cert_auth_info_st), 1); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); + + /* Copy our imported certificate into the auth info structure + * and free our temporary cert storage peer_certificate. + */ + ret = _gnutls_pcert_to_auth_info(info, peer_certificate, 1); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + return GNUTLS_E_SUCCESS; + +cleanup: + if (peer_certificate != NULL) { + gnutls_pcert_deinit(peer_certificate); + gnutls_free(peer_certificate); + } + + return ret; +} + + int _gnutls_proc_crt(gnutls_session_t session, uint8_t * data, size_t data_size) { int ret; @@ -779,22 +974,17 @@ int _gnutls_proc_crt(gnutls_session_t session, uint8_t * data, size_t data_size) return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - /* Determine what certificate type we need to process */ - if (IS_SERVER(session)) { - // We are the server therefore we process the client certificate - cert_type = gnutls_certificate_type_get2(session, GNUTLS_CTYPE_CLIENT); - } else { - // We are the client therefore we process the server certificate - cert_type = gnutls_certificate_type_get2(session, GNUTLS_CTYPE_SERVER); - } + /* Determine what certificate type we need to process. + * We need to process the certificate of the peer. */ + cert_type = get_certificate_type(session, GNUTLS_CTYPE_PEERS); switch (cert_type) { case GNUTLS_CRT_X509: - ret = _gnutls_proc_x509_crt(session, data, data_size); - break; + return _gnutls_proc_x509_crt(session, data, data_size); + case GNUTLS_CRT_RAWPK: + return _gnutls_proc_rawpk_crt(session, data, data_size); default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); } return ret; @@ -1148,8 +1338,7 @@ _gnutls_get_selected_cert(gnutls_session_t session, return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - } else { /* CLIENT SIDE - */ + } else { /* CLIENT SIDE */ /* _gnutls_select_client_cert() must have been called before. */ *apr_cert_list = session->internals.selected_cert_list; @@ -1267,7 +1456,7 @@ int cert_select_sign_algorithm(gnutls_session_t session, assert(IS_SERVER(session)); /* Retrieve the server certificate type */ - ctype = gnutls_certificate_type_get2(session, GNUTLS_CTYPE_SERVER); + ctype = get_certificate_type(session, GNUTLS_CTYPE_SERVER); if (ctype != cert_type) { return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); @@ -1333,10 +1522,6 @@ _gnutls_select_server_cert(gnutls_session_t session, const gnutls_cipher_suite_e * certificate and then check its compatibility with * the ciphersuites. */ - - /* If the callback which retrieves the certificate has been set, - * use it and leave. We make sure that this is called once. - */ if (cred->get_cert_callback3) { if (session->internals.selected_cert_list_length == 0) { ret = call_get_cert_callback(session, NULL, 0, NULL, 0); @@ -1407,10 +1592,10 @@ _gnutls_select_server_cert(gnutls_session_t session, const gnutls_cipher_suite_e _gnutls_handshake_log ("HSK[%p]: checking compat of %s with certificate[%d] (%s/%s)\n", session, cs->name, i, - gnutls_pk_get_name(cred->certs[i].cert_list[0].pubkey->params.algo), - gnutls_certificate_type_get_name(cred->certs - [i].cert_list - [0].type)); + gnutls_pk_get_name(cred->certs[i].cert_list[0].pubkey-> + params.algo), + gnutls_certificate_type_get_name(cred->certs[i]. + cert_list[0].type)); ret = cert_select_sign_algorithm(session, &cred->certs[i].cert_list[0], @@ -1457,9 +1642,8 @@ _gnutls_select_server_cert(gnutls_session_t session, const gnutls_cipher_suite_e ocsp_func, ocsp_ptr); } else { - gnutls_assert(); /* Certificate does not support REQUESTED_ALGO. */ - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; + return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); } return 0; @@ -1603,7 +1787,7 @@ _gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t * data, signature.size = sigsize; // Retrieve the negotiated certificate type - cert_type = gnutls_certificate_type_get2(session, GNUTLS_CTYPE_SERVER); + cert_type = get_certificate_type(session, GNUTLS_CTYPE_SERVER); if ((ret = _gnutls_get_auth_info_pcert(&peer_cert, cert_type, info)) < 0) { diff --git a/lib/auth/cert.h b/lib/auth/cert.h index fe3210f922..3f57ec1c74 100644 --- a/lib/auth/cert.h +++ b/lib/auth/cert.h @@ -32,6 +32,12 @@ #define MAX_OCSP_RESPONSES 8 +/* We use the structure below to hold a certificate chain + * with corresponding public/private key pair. This structure will + * also be used when raw public keys are used. The cert_list will + * then not hold the cert chain but only a raw public-key. In that case + * the list length is always 1. + */ typedef struct { gnutls_pcert_st *cert_list; /* a certificate chain */ unsigned int cert_list_length; /* its length */ @@ -73,7 +79,7 @@ typedef struct gnutls_certificate_credentials_st { /* X509 specific stuff */ gnutls_x509_trust_list_t tlist; unsigned flags; /* gnutls_certificate_flags */ - unsigned int verify_flags; /* flags to be used at + unsigned int verify_flags; /* flags to be used at * certificate verification. */ unsigned int verify_depth; @@ -161,4 +167,9 @@ int _gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t * data, size_t _data_size, gnutls_datum_t * vparams); +int _gnutls_gen_rawpk_crt(gnutls_session_t session, gnutls_buffer_st* data); +int _gnutls_proc_rawpk_crt(gnutls_session_t session, + uint8_t * data, size_t data_size); + + #endif diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index 6afc91ae67..c2203c7ed3 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -117,7 +117,7 @@ _gnutls_get_public_rsa_params(gnutls_session_t session, } // Get the negotiated server certificate type - cert_type = gnutls_certificate_type_get2(session, GNUTLS_CTYPE_SERVER); + cert_type = get_certificate_type(session, GNUTLS_CTYPE_SERVER); ret = _gnutls_get_auth_info_pcert(&peer_cert, cert_type, info); @@ -155,12 +155,13 @@ static int proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) { - gnutls_datum_t plaintext = {NULL, 0}; + const char attack_error[] = "auth_rsa: Possible PKCS #1 attack\n"; gnutls_datum_t ciphertext; int ret, dsize; - int use_rnd_key = 0; ssize_t data_size = _data_size; - gnutls_datum_t rndkey = {NULL, 0}; + volatile uint8_t ver_maj, ver_min; + volatile uint8_t check_ver_min; + volatile uint32_t ok; #ifdef ENABLE_SSL3 if (get_num_version(session) == GNUTLS_SSL3) { @@ -184,75 +185,73 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, ciphertext.size = dsize; } - rndkey.size = GNUTLS_MASTER_SIZE; - rndkey.data = gnutls_malloc(rndkey.size); - if (rndkey.data == NULL) { + ver_maj = _gnutls_get_adv_version_major(session); + ver_min = _gnutls_get_adv_version_minor(session); + check_ver_min = (session->internals.allow_wrong_pms == 0); + + session->key.key.data = gnutls_malloc(GNUTLS_MASTER_SIZE); + if (session->key.key.data == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } + session->key.key.size = GNUTLS_MASTER_SIZE; - /* we do not need strong random numbers here. - */ - ret = gnutls_rnd(GNUTLS_RND_NONCE, rndkey.data, - rndkey.size); + /* Fallback value when decryption fails. Needs to be unpredictable. */ + ret = gnutls_rnd(GNUTLS_RND_NONCE, session->key.key.data, + GNUTLS_MASTER_SIZE); if (ret < 0) { + gnutls_free(session->key.key.data); + session->key.key.data = NULL; + session->key.key.size = 0; gnutls_assert(); - goto cleanup; + return ret; } ret = - gnutls_privkey_decrypt_data(session->internals.selected_key, 0, - &ciphertext, &plaintext); - - if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) { - /* In case decryption fails then don't inform - * the peer. Just use a random key. (in order to avoid - * attack against pkcs-1 formating). - */ - _gnutls_debug_log("auth_rsa: Possible PKCS #1 format attack\n"); - if (ret >= 0) { - gnutls_free(plaintext.data); - plaintext.data = NULL; - } - use_rnd_key = 1; - } else { - /* If the secret was properly formatted, then - * check the version number. - */ - if (_gnutls_get_adv_version_major(session) != - plaintext.data[0] - || (session->internals.allow_wrong_pms == 0 - && _gnutls_get_adv_version_minor(session) != - plaintext.data[1])) { - /* No error is returned here, if the version number check - * fails. We proceed normally. - * That is to defend against the attack described in the paper - * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima, - * Ondej Pokorny and Tomas Rosa. - */ - _gnutls_debug_log("auth_rsa: Possible PKCS #1 version check format attack\n"); - } - } + gnutls_privkey_decrypt_data2(session->internals.selected_key, + 0, &ciphertext, session->key.key.data, + session->key.key.size); + /* After this point, any conditional on failure that cause differences + * in execution may create a timing or cache access pattern side + * channel that can be used as an oracle, so tread very carefully */ + + /* Error handling logic: + * In case decryption fails then don't inform the peer. Just use the + * random key previously generated. (in order to avoid attack against + * pkcs-1 formating). + * + * If we get version mismatches no error is returned either. We + * proceed normally. This is to defend against the attack described + * in the paper "Attacking RSA-based sessions in SSL/TLS" by + * Vlastimil Klima, Ondej Pokorny and Tomas Rosa. + */ - if (use_rnd_key != 0) { - session->key.key.data = rndkey.data; - session->key.key.size = rndkey.size; - rndkey.data = NULL; + /* ok is 0 in case of error and 1 in case of success. */ + + /* if ret < 0 */ + ok = CONSTCHECK_EQUAL(ret, 0); + /* session->key.key.data[0] must equal ver_maj */ + ok &= CONSTCHECK_EQUAL(session->key.key.data[0], ver_maj); + /* if check_ver_min then session->key.key.data[1] must equal ver_min */ + ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) & + CONSTCHECK_EQUAL(session->key.key.data[1], ver_min); + + if (ok) { + /* call logging function unconditionally so all branches are + * indistinguishable for timing and cache access when debug + * logging is disabled */ + _gnutls_no_log("%s", attack_error); } else { - session->key.key.data = plaintext.data; - session->key.key.size = plaintext.size; + _gnutls_debug_log("%s", attack_error); } /* This is here to avoid the version check attack * discussed above. */ - session->key.key.data[0] = _gnutls_get_adv_version_major(session); - session->key.key.data[1] = _gnutls_get_adv_version_minor(session); + session->key.key.data[0] = ver_maj; + session->key.key.data[1] = ver_min; - ret = 0; - cleanup: - gnutls_free(rndkey.data); - return ret; + return 0; } diff --git a/lib/cert-cred-rawpk.c b/lib/cert-cred-rawpk.c new file mode 100644 index 0000000000..76cd653204 --- /dev/null +++ b/lib/cert-cred-rawpk.c @@ -0,0 +1,360 @@ +/* + * Copyright (C) 2017 - 2018 ARPA2 project + * + * Author: Tom Vrancken (dev@tomvrancken.nl) + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +#include "gnutls_int.h" +#include <gnutls/gnutls.h> +#include "datum.h" +#include "auth/cert.h" +#include "x509.h" +#include "cert-cred.h" +#include "read-file.h" +#include <stdint.h> + + +/** + * gnutls_certificate_set_rawpk_key_mem: + * @cred: is a #gnutls_certificate_credentials_t type. + * @spki: contains a raw public key in + * PKIX.SubjectPublicKeyInfo format. + * @pkey: contains a raw private key. + * @format: encoding of the keys. DER or PEM. + * @pass: an optional password to unlock the private key pkey. + * @key_usage: An ORed sequence of %GNUTLS_KEY_* flags. + * @names: is an array of DNS names belonging to the public-key (NULL if none). + * @names_length: holds the length of the names list. + * @flags: an ORed sequence of #gnutls_pkcs_encrypt_flags_t. + * These apply to the private key pkey. + * + * This function sets a public/private keypair in the + * #gnutls_certificate_credentials_t type to be used for authentication + * and/or encryption. @spki and @privkey should match otherwise set + * signatures cannot be validated. In case of no match this function + * returns %GNUTLS_E_CERTIFICATE_KEY_MISMATCH. This function should + * be called once for the client because there is currently no mechanism + * to determine which raw public-key to select for the peer when there + * are multiple present. Multiple raw public keys for the server can be + * distinghuished by setting the @names. + * + * Note here that @spki is a raw public-key as defined + * in RFC7250. It means that there is no surrounding certificate that + * holds the public key and that there is therefore no direct mechanism + * to prove the authenticity of this key. The keypair can be used during + * a TLS handshake but its authenticity should be established via a + * different mechanism (e.g. TOFU or known fingerprint). + * + * The supported formats are basic unencrypted key, PKCS8, PKCS12, + * and the openssl format and will be autodetected. + * + * If the raw public-key and the private key are given in PEM encoding + * then the strings that hold their values must be null terminated. + * + * Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly + * set because there is no certificate structure around the key to define + * this value. See for more info gnutls_x509_crt_get_key_usage(). + * + * Note that, this function by default returns zero on success and a + * negative value on error. Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 + * is set using gnutls_certificate_set_flags() it returns an index + * (greater or equal to zero). That index can be used in other functions + * to refer to the added key-pair. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, in case the + * key pair does not match %GNUTLS_E_CERTIFICATE_KEY_MISMATCH is returned, + * in other erroneous cases a different negative error code is returned. + * + * Since: 3.6.6 + **/ +int gnutls_certificate_set_rawpk_key_mem(gnutls_certificate_credentials_t cred, + const gnutls_datum_t* spki, + const gnutls_datum_t* pkey, + gnutls_x509_crt_fmt_t format, + const char* pass, + unsigned int key_usage, + const char **names, + unsigned int names_length, + unsigned int flags) +{ + int ret; + gnutls_privkey_t privkey; + gnutls_pcert_st* pcert; + gnutls_str_array_t str_names; + unsigned int i; + + if (pkey == NULL || spki == NULL) { + return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + + /* Import our private key. This function does all the necessary + * inits, checks and imports. */ + ret = _gnutls_read_key_mem(cred, pkey->data, pkey->size, + format, pass, flags, &privkey); + if (ret < 0) { + return gnutls_assert_val(ret); + } + + /* We now convert our raw public key to a parsed certificate (pcert) structure */ + pcert = gnutls_calloc(1, sizeof(*pcert)); + if (pcert == NULL) { + gnutls_privkey_deinit(privkey); + + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + } + // Import our raw public key to the pcert structure + ret = gnutls_pcert_import_rawpk_raw(pcert, spki, + format, key_usage, 0); + if (ret < 0) { + gnutls_privkey_deinit(privkey); + + return gnutls_assert_val(ret); + } + + /* Process the names, if any */ + _gnutls_str_array_init(&str_names); + + if (names != NULL && names_length > 0) { + for (i = 0; i < names_length; i++) { + ret = + _gnutls_str_array_append_idna(&str_names, names[i], + strlen(names[i])); + if (ret < 0) { + gnutls_privkey_deinit(privkey); + _gnutls_str_array_clear(&str_names); + + return gnutls_assert_val(ret); + } + } + } + + /* Now that we have converted the key material to our internal structures + * we can now add them to the credentials structure */ + ret = _gnutls_certificate_credential_append_keypair(cred, privkey, str_names, pcert, 1); + // Check for errors + if (ret < 0) { + gnutls_privkey_deinit(privkey); + gnutls_pcert_deinit(pcert); + gnutls_free(pcert); + + return gnutls_assert_val(ret); + } + // Successfully added a certificate + cred->ncerts++; + + /* Check whether the key pair matches. + * After this point we do not deinitialize anything on failure to avoid + * double freeing. We intentionally keep everything as the credentials state + * is documented to be in undefined state. */ + if ((ret = _gnutls_check_key_cert_match(cred)) < 0) { + return gnutls_assert_val(ret); + } + + CRED_RET_SUCCESS(cred); +} + + +/** + * gnutls_certificate_set_rawpk_key_file: + * @cred: is a #gnutls_certificate_credentials_t type. + * @rawpkfile: contains a raw public key in + * PKIX.SubjectPublicKeyInfo format. + * @privkeyfile: contains a file path to a private key. + * @format: encoding of the keys. DER or PEM. + * @pass: an optional password to unlock the private key privkeyfile. + * @key_usage: an ORed sequence of %GNUTLS_KEY_* flags. + * @names: is an array of DNS names belonging to the public-key (NULL if none). + * @names_length: holds the length of the names list. + * @privkey_flags: an ORed sequence of #gnutls_pkcs_encrypt_flags_t. + * These apply to the private key pkey. + * @pkcs11_flags: one of gnutls_pkcs11_obj_flags. These apply to URLs. + * + * This function sets a public/private keypair read from file in the + * #gnutls_certificate_credentials_t type to be used for authentication + * and/or encryption. @spki and @privkey should match otherwise set + * signatures cannot be validated. In case of no match this function + * returns %GNUTLS_E_CERTIFICATE_KEY_MISMATCH. This function should + * be called once for the client because there is currently no mechanism + * to determine which raw public-key to select for the peer when there + * are multiple present. Multiple raw public keys for the server can be + * distinghuished by setting the @names. + * + * Note here that @spki is a raw public-key as defined + * in RFC7250. It means that there is no surrounding certificate that + * holds the public key and that there is therefore no direct mechanism + * to prove the authenticity of this key. The keypair can be used during + * a TLS handshake but its authenticity should be established via a + * different mechanism (e.g. TOFU or known fingerprint). + * + * The supported formats are basic unencrypted key, PKCS8, PKCS12, + * and the openssl format and will be autodetected. + * + * If the raw public-key and the private key are given in PEM encoding + * then the strings that hold their values must be null terminated. + * + * Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly + * set because there is no certificate structure around the key to define + * this value. See for more info gnutls_x509_crt_get_key_usage(). + * + * Note that, this function by default returns zero on success and a + * negative value on error. Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 + * is set using gnutls_certificate_set_flags() it returns an index + * (greater or equal to zero). That index can be used in other functions + * to refer to the added key-pair. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, in case the + * key pair does not match %GNUTLS_E_CERTIFICATE_KEY_MISMATCH is returned, + * in other erroneous cases a different negative error code is returned. + * + * Since: 3.6.6 + */ +int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred, + const char* rawpkfile, + const char* privkeyfile, + gnutls_x509_crt_fmt_t format, + const char *pass, + unsigned int key_usage, + const char **names, + unsigned int names_length, + unsigned int privkey_flags, + unsigned int pkcs11_flags) +{ + int ret; + gnutls_privkey_t privkey; + gnutls_pubkey_t pubkey; + gnutls_pcert_st* pcert; + gnutls_datum_t rawpubkey = { NULL, 0 }; // to hold rawpk data from file + size_t key_size; + gnutls_str_array_t str_names; + unsigned int i; + + if (rawpkfile == NULL || privkeyfile == NULL) { + return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + + /* Import our private key. This function does all the necessary + * inits, checks and imports. */ + ret = _gnutls_read_key_file(cred, privkeyfile, format, pass, privkey_flags, &privkey); + if (ret < 0) { + return gnutls_assert_val(ret); + } + + pcert = gnutls_calloc(1, sizeof(*pcert)); + if (pcert == NULL) { + gnutls_privkey_deinit(privkey); + + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + } + + /* Check whether we are importing our raw public-key from a URL + * or from a regular file. + */ + if (gnutls_url_is_supported(rawpkfile)) { + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) { + gnutls_privkey_deinit(privkey); + + return gnutls_assert_val(ret); + } + + ret = gnutls_pubkey_import_url(pubkey, rawpkfile, pkcs11_flags); + if (ret < 0) { + gnutls_privkey_deinit(privkey); + gnutls_pubkey_deinit(pubkey); + + return gnutls_assert_val(ret); + } + + ret = gnutls_pcert_import_rawpk(pcert, pubkey, 0); + if (ret < 0) { + gnutls_privkey_deinit(privkey); + gnutls_pubkey_deinit(pubkey); + + return gnutls_assert_val(ret); + } + + } else { + /* Read our raw public-key into memory from file */ + rawpubkey.data = (void*) read_binary_file(rawpkfile, &key_size); + if (rawpubkey.data == NULL) { + gnutls_privkey_deinit(privkey); + + return gnutls_assert_val(GNUTLS_E_FILE_ERROR); + } + rawpubkey.size = key_size; // Implicit type casting + + /* We now convert our raw public key that we've loaded into memory to + * a parsed certificate (pcert) structure. Note that rawpubkey will + * be copied into pcert. Therefore we can directly cleanup rawpubkey. + */ + ret = gnutls_pcert_import_rawpk_raw(pcert, &rawpubkey, + format, key_usage, 0); + + _gnutls_free_datum(&rawpubkey); + + if (ret < 0) { + gnutls_privkey_deinit(privkey); + + return gnutls_assert_val(ret); + } + + } + + /* Process the names, if any */ + _gnutls_str_array_init(&str_names); + + if (names != NULL && names_length > 0) { + for (i = 0; i < names_length; i++) { + ret = + _gnutls_str_array_append_idna(&str_names, names[i], + strlen(names[i])); + if (ret < 0) { + gnutls_privkey_deinit(privkey); + _gnutls_str_array_clear(&str_names); + + return gnutls_assert_val(ret); + } + } + } + + /* Now that we have converted the key material to our internal structures + * we can now add them to the credentials structure */ + ret = _gnutls_certificate_credential_append_keypair(cred, privkey, str_names, pcert, 1); + if (ret < 0) { + gnutls_privkey_deinit(privkey); + gnutls_pcert_deinit(pcert); + gnutls_free(pcert); + + return gnutls_assert_val(ret); + } + // Successfully added a certificate + cred->ncerts++; + + /* Check whether the key pair matches. + * After this point we do not deinitialize anything on failure to avoid + * double freeing. We intentionally keep everything as the credentials state + * is documented to be in undefined state. */ + if ((ret = _gnutls_check_key_cert_match(cred)) < 0) { + return gnutls_assert_val(ret); + } + + CRED_RET_SUCCESS(cred); +} + diff --git a/lib/cert-cred-x509.c b/lib/cert-cred-x509.c index 42a6bd5ba8..257f1b989a 100644 --- a/lib/cert-cred-x509.c +++ b/lib/cert-cred-x509.c @@ -46,6 +46,7 @@ #include "read-file.h" #include "system-keys.h" #include "urls.h" +#include "cert-cred.h" #ifdef _WIN32 #include <wincrypt.h> #endif @@ -55,42 +56,10 @@ * related objects in a certificate credentials structure. */ -static int -certificate_credential_append_keypair(gnutls_certificate_credentials_t res, - gnutls_privkey_t key, - gnutls_str_array_t names, - gnutls_pcert_st * crt, int nr); - -#define CRED_RET_SUCCESS(cred) \ - if (cred->flags & GNUTLS_CERTIFICATE_API_V2) { \ - return cred->ncerts-1; \ - } else { \ - return 0; \ - } - - -static int str_array_append_idna(gnutls_str_array_t * head, const char *name, size_t size) -{ - int ret; - gnutls_datum_t ahost; - - /* convert the provided hostname to ACE-Labels domain. */ - ret = gnutls_idna_map(name, size, &ahost, 0); - if (ret < 0) { - _gnutls_debug_log("unable to convert hostname %s to IDNA format\n", name); - /* insert the raw name */ - return _gnutls_str_array_append(head, name, size); - } - - ret = _gnutls_str_array_append(head, (char*)ahost.data, ahost.size); - gnutls_free(ahost.data); - - return ret; -} /* Returns the name of the certificate of a null name */ -static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t * names) +int _gnutls_get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t * names) { size_t max_size; int i, ret = 0, ret2; @@ -107,7 +76,7 @@ static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t * names) have_dns_name = 1; ret2 = - str_array_append_idna(names, name, + _gnutls_str_array_append_idna(names, name, max_size); if (ret2 < 0) { _gnutls_str_array_clear(names); @@ -122,7 +91,7 @@ static int get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t * names) gnutls_x509_crt_get_dn_by_oid(crt, OID_X520_COMMON_NAME, 0, 0, name, &max_size); if (ret >= 0) { - ret = str_array_append_idna(names, name, max_size); + ret = _gnutls_str_array_append_idna(names, name, max_size); if (ret < 0) { _gnutls_str_array_clear(names); return gnutls_assert_val(ret); @@ -171,7 +140,7 @@ parse_der_cert_mem(gnutls_certificate_credentials_t res, goto cleanup; } - ret = get_x509_name(crt, &names); + ret = _gnutls_get_x509_name(crt, &names); if (ret < 0) { gnutls_assert(); gnutls_x509_crt_deinit(crt); @@ -186,7 +155,7 @@ parse_der_cert_mem(gnutls_certificate_credentials_t res, goto cleanup; } - ret = certificate_credential_append_keypair(res, key, names, ccert, 1); + ret = _gnutls_certificate_credential_append_keypair(res, key, names, ccert, 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -279,7 +248,7 @@ parse_pem_cert_mem(gnutls_certificate_credentials_t res, while (ptr != NULL && count < DEFAULT_MAX_VERIFY_DEPTH); ret = - get_x509_name(unsorted[0], &names); + _gnutls_get_x509_name(unsorted[0], &names); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -302,8 +271,7 @@ parse_pem_cert_mem(gnutls_certificate_credentials_t res, } ret = - certificate_credential_append_keypair(res, key, names, pcerts, - ncerts); + _gnutls_certificate_credential_append_keypair(res, key, names, pcerts, ncerts); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -370,8 +338,8 @@ static int tmp_pin_cb(void *userdata, int attempt, const char *token_url, * * It returns the private key read in @rkey. */ -static int -read_key_mem(gnutls_certificate_credentials_t res, +int +_gnutls_read_key_mem(gnutls_certificate_credentials_t res, const void *key, int key_size, gnutls_x509_crt_fmt_t type, const char *pass, unsigned int flags, gnutls_privkey_t *rkey) @@ -501,7 +469,7 @@ read_cert_url(gnutls_certificate_credentials_t res, gnutls_privkey_t key, const goto cleanup; } - ret = get_x509_name(crt, &names); + ret = _gnutls_get_x509_name(crt, &names); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -543,7 +511,7 @@ read_cert_url(gnutls_certificate_credentials_t res, gnutls_privkey_t key, const t.data = NULL; } - ret = certificate_credential_append_keypair(res, key, names, ccert, count); + ret = _gnutls_certificate_credential_append_keypair(res, key, names, ccert, count); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -596,8 +564,8 @@ read_cert_file(gnutls_certificate_credentials_t res, /* Reads PKCS-1 RSA private key file or a DSA file (in the format openssl * stores it). */ -static int -read_key_file(gnutls_certificate_credentials_t res, +int +_gnutls_read_key_file(gnutls_certificate_credentials_t res, const char *keyfile, gnutls_x509_crt_fmt_t type, const char *pass, unsigned int flags, gnutls_privkey_t *rkey) @@ -629,7 +597,7 @@ read_key_file(gnutls_certificate_credentials_t res, return GNUTLS_E_FILE_ERROR; } - ret = read_key_mem(res, data, size, type, pass, flags, rkey); + ret = _gnutls_read_key_mem(res, data, size, type, pass, flags, rkey); free(data); return ret; @@ -716,7 +684,7 @@ gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t res, /* this should be first */ - if ((ret = read_key_mem(res, key ? key->data : NULL, + if ((ret = _gnutls_read_key_mem(res, key ? key->data : NULL, key ? key->size : 0, type, pass, flags, &rkey)) < 0) return ret; @@ -736,57 +704,6 @@ gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t res, CRED_RET_SUCCESS(res); } -static int -certificate_credential_append_keypair(gnutls_certificate_credentials_t res, - gnutls_privkey_t key, - gnutls_str_array_t names, - gnutls_pcert_st * crt, int nr) -{ - res->sorted_cert_idx = gnutls_realloc_fast(res->sorted_cert_idx, - (1 + res->ncerts) * - sizeof(unsigned int)); - if (res->sorted_cert_idx == NULL) - return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - - res->certs = gnutls_realloc_fast(res->certs, - (1 + res->ncerts) * - sizeof(certs_st)); - if (res->certs == NULL) - return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - - memset(&res->certs[res->ncerts], 0, sizeof(res->certs[0])); - - res->certs[res->ncerts].cert_list = crt; - res->certs[res->ncerts].cert_list_length = nr; - res->certs[res->ncerts].names = names; - res->certs[res->ncerts].pkey = key; - - /* move RSA-PSS certificates before any RSA key. - * Note that we cannot assume that any previous pointers - * to sorted list are ok, due to the realloc in res->certs. */ - if (crt->pubkey->params.algo == GNUTLS_PK_RSA_PSS) { - unsigned i,ridx; - unsigned tmp; - - for (i=0;i<res->ncerts;i++) { - ridx = res->sorted_cert_idx[i]; - - if (res->certs[ridx].cert_list->pubkey->params.algo == GNUTLS_PK_RSA) { - tmp = ridx; - res->sorted_cert_idx[i] = res->ncerts; - res->sorted_cert_idx[res->ncerts] = tmp; - goto finish; - } - } - } - - /* otherwise append it normally on the end */ - res->sorted_cert_idx[res->ncerts] = res->ncerts; - - finish: - return 0; - -} /** * gnutls_certificate_set_x509_key: @@ -856,7 +773,7 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res, return GNUTLS_E_MEMORY_ERROR; } - ret = get_x509_name(cert_list[0], &names); + ret = _gnutls_get_x509_name(cert_list[0], &names); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -871,7 +788,7 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res, } ret = - certificate_credential_append_keypair(res, pkey, names, pcerts, + _gnutls_certificate_credential_append_keypair(res, pkey, names, pcerts, cert_list_size); if (ret < 0) { gnutls_assert(); @@ -1001,126 +918,6 @@ gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res, } /** - * gnutls_certificate_set_key: - * @res: is a #gnutls_certificate_credentials_t type. - * @names: is an array of DNS name of the certificate (NULL if none) - * @names_size: holds the size of the names list - * @pcert_list: contains a certificate list (path) for the specified private key - * @pcert_list_size: holds the size of the certificate list - * @key: is a #gnutls_privkey_t key - * - * This function sets a certificate/private key pair in the - * gnutls_certificate_credentials_t type. This function may be - * called more than once, in case multiple keys/certificates exist for - * the server. For clients that want to send more than their own end- - * entity certificate (e.g., also an intermediate CA cert), the full - * certificate chain must be provided in @pcert_list. - * - * Note that the @key and the elements of @pcert_list will become part of the credentials - * structure and must not be deallocated. They will be automatically deallocated - * when the @res structure is deinitialized. - * - * If that function fails to load the @res structure is at an undefined state, it must - * not be reused to load other keys or certificates. - * - * Note that, this function by default returns zero on success and a negative value on error. - * Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set using gnutls_certificate_set_flags() - * it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. - * - * Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). - * - * Since: 3.0 - **/ -int -gnutls_certificate_set_key(gnutls_certificate_credentials_t res, - const char **names, - int names_size, - gnutls_pcert_st * pcert_list, - int pcert_list_size, gnutls_privkey_t key) -{ - int ret, i; - gnutls_str_array_t str_names; - gnutls_pcert_st *new_pcert_list; - - _gnutls_str_array_init(&str_names); - - if (names != NULL && names_size > 0) { - for (i = 0; i < names_size; i++) { - ret = - str_array_append_idna(&str_names, names[i], - strlen(names[i])); - if (ret < 0) { - ret = gnutls_assert_val(ret); - goto cleanup; - } - } - } else if (names == NULL && pcert_list[0].type == GNUTLS_CRT_X509) { - gnutls_x509_crt_t crt; - - ret = gnutls_x509_crt_init(&crt); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - ret = gnutls_x509_crt_import(crt, &pcert_list[0].cert, GNUTLS_X509_FMT_DER); - if (ret < 0) { - gnutls_assert(); - gnutls_x509_crt_deinit(crt); - goto cleanup; - } - - ret = get_x509_name(crt, &str_names); - gnutls_x509_crt_deinit(crt); - - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - } - - if (res->pin.cb) - gnutls_privkey_set_pin_function(key, res->pin.cb, - res->pin.data); - - new_pcert_list = gnutls_malloc(sizeof(gnutls_pcert_st) * pcert_list_size); - if (new_pcert_list == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - memcpy(new_pcert_list, pcert_list, sizeof(gnutls_pcert_st) * pcert_list_size); - - ret = - certificate_credential_append_keypair(res, key, str_names, - new_pcert_list, - pcert_list_size); - if (ret < 0) { - gnutls_assert(); - gnutls_free(new_pcert_list); - goto cleanup; - } - - res->ncerts++; - - /* Unlike gnutls_certificate_set_x509_key, we deinitialize everything - * local after a failure. That is because the caller is responsible for - * freeing these values after a failure, and if we keep references we - * lead to double freeing */ - if ((ret = _gnutls_check_key_cert_match(res)) < 0) { - gnutls_assert(); - gnutls_free(new_pcert_list); - res->ncerts--; - goto cleanup; - } - - CRED_RET_SUCCESS(res); - - cleanup: - _gnutls_str_array_clear(&str_names); - return ret; -} - -/** * gnutls_certificate_set_trust_list: * @res: is a #gnutls_certificate_credentials_t type. * @tlist: is a #gnutls_x509_trust_list_t type @@ -1265,7 +1062,7 @@ gnutls_certificate_set_x509_key_file2(gnutls_certificate_credentials_t res, /* this should be first */ - if ((ret = read_key_file(res, keyfile, type, pass, flags, &rkey)) < 0) + if ((ret = _gnutls_read_key_file(res, keyfile, type, pass, flags, &rkey)) < 0) return ret; if ((ret = read_cert_file(res, rkey, certfile, type)) < 0) { diff --git a/lib/cert-cred.c b/lib/cert-cred.c index 2d7009b2e5..f04ded4c04 100644 --- a/lib/cert-cred.c +++ b/lib/cert-cred.c @@ -40,7 +40,202 @@ #include <str_array.h> #include <x509/verify-high.h> #include "x509/x509_int.h" +#include "x509/common.h" #include "dh.h" +#include "cert-cred.h" + + +/* + * Adds a public/private key pair to a certificate credential + */ +int +_gnutls_certificate_credential_append_keypair(gnutls_certificate_credentials_t res, + gnutls_privkey_t key, + gnutls_str_array_t names, + gnutls_pcert_st * crt, + int nr) +{ + res->sorted_cert_idx = gnutls_realloc_fast(res->sorted_cert_idx, + (1 + res->ncerts) * + sizeof(unsigned int)); + if (res->sorted_cert_idx == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + + res->certs = gnutls_realloc_fast(res->certs, + (1 + res->ncerts) * + sizeof(certs_st)); + if (res->certs == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + + memset(&res->certs[res->ncerts], 0, sizeof(res->certs[0])); + + res->certs[res->ncerts].cert_list = crt; + res->certs[res->ncerts].cert_list_length = nr; + res->certs[res->ncerts].names = names; + res->certs[res->ncerts].pkey = key; + + /* move RSA-PSS certificates before any RSA key. + * Note that we cannot assume that any previous pointers + * to sorted list are ok, due to the realloc in res->certs. */ + if (crt->pubkey->params.algo == GNUTLS_PK_RSA_PSS) { + unsigned i,ridx; + unsigned tmp; + + for (i=0;i<res->ncerts;i++) { + ridx = res->sorted_cert_idx[i]; + + if (res->certs[ridx].cert_list->pubkey->params.algo == GNUTLS_PK_RSA) { + tmp = ridx; + res->sorted_cert_idx[i] = res->ncerts; + res->sorted_cert_idx[res->ncerts] = tmp; + goto finish; + } + } + } + + /* otherwise append it normally on the end */ + res->sorted_cert_idx[res->ncerts] = res->ncerts; + + finish: + return 0; + +} + + +/** + * gnutls_certificate_set_key: + * @res: is a #gnutls_certificate_credentials_t type. + * @names: is an array of DNS names belonging to the public-key (NULL if none) + * @names_size: holds the size of the names list + * @pcert_list: contains a certificate list (chain) or raw public-key + * @pcert_list_size: holds the size of the certificate list + * @key: is a #gnutls_privkey_t key corresponding to the first public-key in pcert_list + * + * This function sets a public/private key pair in the + * gnutls_certificate_credentials_t type. The given public key may be encapsulated + * in a certificate or can be given as a raw key. This function may be + * called more than once, in case multiple key pairs exist for + * the server. For clients that want to send more than their own end- + * entity certificate (e.g., also an intermediate CA cert), the full + * certificate chain must be provided in @pcert_list. + * + * Note that the @key will become part of the credentials structure and must + * not be deallocated. It will be automatically deallocated when the @res structure + * is deinitialized. + * + * If this function fails, the @res structure is at an undefined state and it must + * not be reused to load other keys or certificates. + * + * Note that, this function by default returns zero on success and a negative value on error. + * Since 3.5.6, when the flag %GNUTLS_CERTIFICATE_API_V2 is set using gnutls_certificate_set_flags() + * it returns an index (greater or equal to zero). That index can be used for other functions to refer to the added key-pair. + * + * Since GnuTLS 3.6.6 this function also handles raw public keys. + * + * Returns: On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + * + * Since: 3.0 + **/ +int +gnutls_certificate_set_key(gnutls_certificate_credentials_t res, + const char **names, + int names_size, + gnutls_pcert_st * pcert_list, + int pcert_list_size, + gnutls_privkey_t key) +{ + int ret, i; + gnutls_str_array_t str_names; + gnutls_pcert_st *new_pcert_list; + + /* Sanity checks */ + // Check for a valid credential struct + if (res == NULL) { + return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + } + + // A complete key pair must be given + if (pcert_list == NULL || key == NULL) { + return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + + /* Process the names, if any */ + _gnutls_str_array_init(&str_names); + + if (names != NULL && names_size > 0) { + for (i = 0; i < names_size; i++) { + ret = + _gnutls_str_array_append_idna(&str_names, names[i], + strlen(names[i])); + if (ret < 0) { + ret = gnutls_assert_val(ret); + goto cleanup; + } + } + } else if (names == NULL && pcert_list[0].type == GNUTLS_CRT_X509) { + gnutls_x509_crt_t crt; + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = gnutls_x509_crt_import(crt, &pcert_list[0].cert, GNUTLS_X509_FMT_DER); + if (ret < 0) { + gnutls_assert(); + gnutls_x509_crt_deinit(crt); + goto cleanup; + } + + ret = _gnutls_get_x509_name(crt, &str_names); + gnutls_x509_crt_deinit(crt); + + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + } + + if (res->pin.cb) + gnutls_privkey_set_pin_function(key, res->pin.cb, + res->pin.data); + + new_pcert_list = gnutls_malloc(sizeof(gnutls_pcert_st) * pcert_list_size); + if (new_pcert_list == NULL) { + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + } + memcpy(new_pcert_list, pcert_list, sizeof(gnutls_pcert_st) * pcert_list_size); + + ret = + _gnutls_certificate_credential_append_keypair(res, key, str_names, + new_pcert_list, + pcert_list_size); + if (ret < 0) { + gnutls_assert(); + gnutls_free(new_pcert_list); + goto cleanup; + } + + res->ncerts++; + + /* Unlike gnutls_certificate_set_x509_key, we deinitialize everything + * local after a failure. That is because the caller is responsible for + * freeing these values after a failure, and if we keep references we + * lead to double freeing */ + if ((ret = _gnutls_check_key_cert_match(res)) < 0) { + gnutls_assert(); + gnutls_free(new_pcert_list); + res->ncerts--; + goto cleanup; + } + + CRED_RET_SUCCESS(res); + + cleanup: + _gnutls_str_array_clear(&str_names); + return ret; +} /** * gnutls_certificate_free_keys: @@ -199,7 +394,7 @@ gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc) // Check for valid pointer and otherwise do nothing if (sc == NULL) return; - + gnutls_x509_trust_list_deinit(sc->tlist, 1); gnutls_certificate_free_keys(sc); memset(sc->pin_tmp, 0, sizeof(sc->pin_tmp)); diff --git a/lib/cert-cred.h b/lib/cert-cred.h new file mode 100644 index 0000000000..06cba4dd58 --- /dev/null +++ b/lib/cert-cred.h @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2018 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +#include <gnutls/abstract.h> +#include "str_array.h" + + +int +_gnutls_certificate_credential_append_keypair(gnutls_certificate_credentials_t res, + gnutls_privkey_t key, + gnutls_str_array_t names, + gnutls_pcert_st * crt, int nr); + +int +_gnutls_read_key_mem(gnutls_certificate_credentials_t res, + const void *key, int key_size, gnutls_x509_crt_fmt_t type, + const char *pass, unsigned int flags, + gnutls_privkey_t *rkey); + +int +_gnutls_read_key_file(gnutls_certificate_credentials_t res, + const char *keyfile, gnutls_x509_crt_fmt_t type, + const char *pass, unsigned int flags, + gnutls_privkey_t *rkey); + +int +_gnutls_get_x509_name(gnutls_x509_crt_t crt, gnutls_str_array_t * names); + +#define CRED_RET_SUCCESS(cred) \ + if (cred->flags & GNUTLS_CERTIFICATE_API_V2) { \ + return cred->ncerts-1; \ + } else { \ + return 0; \ + } diff --git a/lib/cert-session.c b/lib/cert-session.c index 2726512f5d..9a25eb57a4 100644 --- a/lib/cert-session.c +++ b/lib/cert-session.c @@ -599,6 +599,10 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session, * default upper limits regarding the certificate key size and chain * size are set. To override them use gnutls_certificate_set_verify_limits(). * + * Note that when using raw public-keys verification will not work because there is + * no corresponding certificate body belonging to the raw key that can be verified. In that + * case this function will return %GNUTLS_E_INVALID_REQUEST. + * * Returns: %GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise. * A successful error code means that the @status parameter must be checked to obtain the validation status. **/ @@ -640,6 +644,10 @@ gnutls_certificate_verify_peers2(gnutls_session_t session, * default upper limits regarding the certificate key size and chain * size are set. To override them use gnutls_certificate_set_verify_limits(). * + * Note that when using raw public-keys verification will not work because there is + * no corresponding certificate body belonging to the raw key that can be verified. In that + * case this function will return %GNUTLS_E_INVALID_REQUEST. + * * Returns: %GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise. * A successful error code means that the @status parameter must be checked to obtain the validation status. * @@ -695,6 +703,10 @@ gnutls_typed_vdata_st data; * default upper limits regarding the certificate key size and chain * size are set. To override them use gnutls_certificate_set_verify_limits(). * + * Note that when using raw public-keys verification will not work because there is + * no corresponding certificate body belonging to the raw key that can be verified. In that + * case this function will return %GNUTLS_E_INVALID_REQUEST. + * * Returns: %GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise. * A successful error code means that the @status parameter must be checked to obtain the validation status. * @@ -719,7 +731,7 @@ gnutls_certificate_verify_peers(gnutls_session_t session, return GNUTLS_E_NO_CERTIFICATE_FOUND; - switch (gnutls_certificate_type_get2(session, GNUTLS_CTYPE_PEERS)) { + switch (get_certificate_type(session, GNUTLS_CTYPE_PEERS)) { case GNUTLS_CRT_X509: return _gnutls_x509_cert_verify_peers(session, data, elements, status); @@ -820,7 +832,7 @@ time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session) return (time_t) - 1; } - switch (gnutls_certificate_type_get2(session, GNUTLS_CTYPE_PEERS)) { + switch (get_certificate_type(session, GNUTLS_CTYPE_PEERS)) { case GNUTLS_CRT_X509: return _gnutls_x509_get_raw_crt_expiration_time(&info-> @@ -856,7 +868,7 @@ time_t gnutls_certificate_activation_time_peers(gnutls_session_t session) return (time_t) - 1; } - switch (gnutls_certificate_type_get2(session, GNUTLS_CTYPE_PEERS)) { + switch (get_certificate_type(session, GNUTLS_CTYPE_PEERS)) { case GNUTLS_CRT_X509: return _gnutls_x509_get_raw_crt_activation_time(&info-> diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h index ff8f39616e..19f705e14d 100644 --- a/lib/crypto-backend.h +++ b/lib/crypto-backend.h @@ -344,10 +344,15 @@ typedef struct gnutls_crypto_pk { int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext, const gnutls_datum_t * plaintext, const gnutls_pk_params_st * pub); - int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext, + int (*decrypt) (gnutls_pk_algorithm_t, + gnutls_datum_t * plaintext, const gnutls_datum_t * ciphertext, const gnutls_pk_params_st * priv); - + int (*decrypt2) (gnutls_pk_algorithm_t, + const gnutls_datum_t * ciphertext, + unsigned char * plaintext, + size_t paintext_size, + const gnutls_pk_params_st * priv); int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature, const gnutls_datum_t * data, const gnutls_pk_params_st *priv, diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c index e42367a93f..65de8916f5 100644 --- a/lib/crypto-selftests-pk.c +++ b/lib/crypto-selftests-pk.c @@ -116,6 +116,7 @@ static int test_rsa_enc(gnutls_pk_algorithm_t pk, gnutls_datum_t raw_rsa_key = { (void*)rsa_key2048, sizeof(rsa_key2048)-1 }; gnutls_privkey_t key; gnutls_pubkey_t pub = NULL; + unsigned char plaintext2[sizeof(DATASTR) - 1]; ret = gnutls_privkey_init(&key); if (ret < 0) @@ -165,6 +166,18 @@ static int test_rsa_enc(gnutls_pk_algorithm_t pk, goto cleanup; } + ret = gnutls_privkey_decrypt_data2(key, 0, &enc, plaintext2, + signed_data.size); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + if (memcmp(plaintext2, signed_data.data, signed_data.size) != 0) { + ret = GNUTLS_E_SELF_TEST_ERROR; + gnutls_assert(); + goto cleanup; + } + ret = 0; cleanup: if (pub != NULL) diff --git a/lib/errors.c b/lib/errors.c index acdaf65bca..a1bdf9b873 100644 --- a/lib/errors.c +++ b/lib/errors.c @@ -26,7 +26,6 @@ #ifdef STDC_HEADERS #include <stdarg.h> #endif -#include "vasprintf.h" #include "str.h" #define ERROR_ENTRY(desc, name) \ diff --git a/lib/errors.h b/lib/errors.h index e0f6b906c2..baadc0e67e 100644 --- a/lib/errors.h +++ b/lib/errors.h @@ -108,6 +108,7 @@ void _gnutls_mpi_log(const char *prefix, bigint_t a); #define _gnutls_write_log(...) LEVEL(11, __VA_ARGS__) #define _gnutls_io_log(...) LEVEL(12, __VA_ARGS__) #define _gnutls_buffers_log(...) LEVEL(13, __VA_ARGS__) +#define _gnutls_no_log(...) LEVEL(INT_MAX, __VA_ARGS__) #else #define _gnutls_debug_log _gnutls_null_log #define _gnutls_assert_log _gnutls_null_log @@ -119,6 +120,7 @@ void _gnutls_mpi_log(const char *prefix, bigint_t a); #define _gnutls_dtls_log _gnutls_null_log #define _gnutls_read_log _gnutls_null_log #define _gnutls_write_log _gnutls_null_log +#define _gnutls_no_log _gnutle_null_log void _gnutls_null_log(void *, ...); diff --git a/lib/ext/cert_types.h b/lib/ext/cert_types.h index c54e0f2bfe..04e024d5db 100644 --- a/lib/ext/cert_types.h +++ b/lib/ext/cert_types.h @@ -26,11 +26,13 @@ /* Maps IANA TLS Certificate Types identifiers to internal * certificate type representation. */ -static inline gnutls_certificate_type_t _gnutls_IANA2cert_type(int num) +static inline gnutls_certificate_type_t IANA2cert_type(int num) { switch (num) { case 0: return GNUTLS_CRT_X509; + case 2: + return GNUTLS_CRT_RAWPK; default: return GNUTLS_CRT_UNKNOWN; } @@ -39,12 +41,43 @@ static inline gnutls_certificate_type_t _gnutls_IANA2cert_type(int num) /* Maps internal certificate type representation to * IANA TLS Certificate Types identifiers. */ -static inline int _gnutls_cert_type2IANA(gnutls_certificate_type_t cert_type) +static inline int cert_type2IANA(gnutls_certificate_type_t cert_type) { switch (cert_type) { case GNUTLS_CRT_X509: return 0; + case GNUTLS_CRT_RAWPK: + return 2; default: return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } } + +/* Checks whether the given cert type is enabled in the application + */ +static inline bool is_cert_type_enabled(gnutls_session_t session, gnutls_certificate_type_t cert_type) +{ + switch(cert_type) { + case GNUTLS_CRT_X509: + // Default cert type, always enabled + return true; + case GNUTLS_CRT_RAWPK: + return session->internals.flags & GNUTLS_ENABLE_RAWPK; + default: + // When not explicitly supported here disable it + return false; + } +} + +/* Checks whether alternative cert types (i.e. other than X.509) + * are enabled in the application + */ +static inline bool are_alternative_cert_types_allowed(gnutls_session_t session) +{ + // OR-ed list of defined cert type init flags + #define CERT_TYPES_FLAGS GNUTLS_ENABLE_RAWPK + + return session->internals.flags & CERT_TYPES_FLAGS; + + #undef CERT_TYPES_FLAGS +} diff --git a/lib/ext/client_cert_type.c b/lib/ext/client_cert_type.c index 5449eae678..534c407b3a 100644 --- a/lib/ext/client_cert_type.c +++ b/lib/ext/client_cert_type.c @@ -33,8 +33,8 @@ #include "hello_ext.h" #include "hello_ext_lib.h" #include "errors.h" -#include <state.h> -#include <datum.h> +#include "state.h" +#include "datum.h" static int _gnutls_client_cert_type_recv_params(gnutls_session_t session, @@ -76,10 +76,10 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session, ssize_t len = data_size; const uint8_t* pdata = data; - /* Only activate this extension if cert type negotiation is enabled - * and we have cert credentials set */ - if (!_gnutls_has_negotiate_ctypes(session) || - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL) + /* Only activate this extension if we have cert credentials set + * and alternative cert types are allowed */ + if (!are_alternative_cert_types_allowed(session) || + (_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL)) return 0; if (!IS_SERVER(session)) { // client mode @@ -97,7 +97,7 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session, * receive a cert type that we offered, i.e. one that we support. * Because the world isn't as beautiful as it may seem, we're going * to check it nevertheless. */ - cert_type = _gnutls_IANA2cert_type(pdata[0]); + cert_type = IANA2cert_type(pdata[0]); // Check validity of cert type if (cert_type == GNUTLS_CRT_UNKNOWN) { @@ -119,7 +119,7 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session, // Check whether what we got back is actually offered by us for (i = 0; i < sent_cert_types.size; i++) { - if (_gnutls_IANA2cert_type(sent_cert_types.data[i]) == cert_type) + if (IANA2cert_type(sent_cert_types.data[i]) == cert_type) found = 1; } @@ -160,7 +160,7 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session, */ for (i = 0; i < cert_types.size; i++) { // Convert to internal representation - cert_type = _gnutls_IANA2cert_type(cert_types.data[i]); + cert_type = IANA2cert_type(cert_types.data[i]); // If we have an invalid cert id then continue to the next if (cert_type == GNUTLS_CRT_UNKNOWN) @@ -201,13 +201,13 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session, uint8_t i = 0, num_cert_types = 0; priority_st* cert_priorities; gnutls_datum_t tmp_cert_types; // For type conversion - uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported cert types + uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported cert types. Inv: 0 <= cert type Id < 256 const version_entry_st* vers = get_version(session); - /* Only activate this extension if cert type negotiation is enabled - * and we have cert credentials set */ - if (!_gnutls_has_negotiate_ctypes(session) || - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL) + /* Only activate this extension if we have cert credentials set + * and alternative cert types are allowed */ + if (!are_alternative_cert_types_allowed(session) || + (_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL)) return 0; if (!IS_SERVER(session)) { // Client mode @@ -255,7 +255,13 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); // Convert to IANA representation - cert_type = _gnutls_cert_type2IANA(cert_priorities->priorities[i]); + ret = cert_type2IANA(cert_priorities->priorities[i]); + + if (ret < 0) + return gnutls_assert_val(ret); + + cert_type = ret; // For readability + // Add this cert type to our list with supported types cert_types[num_cert_types] = cert_type; num_cert_types++; @@ -282,7 +288,7 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session, return 0; } else if (num_cert_types == 1 && - _gnutls_IANA2cert_type(cert_types[0]) == DEFAULT_CERT_TYPE) { + IANA2cert_type(cert_types[0]) == DEFAULT_CERT_TYPE) { _gnutls_handshake_log ("EXT[%p]: The only supported client certificate type is (%s) which is the default. " "We therefore do not send this extension.\n", @@ -342,9 +348,13 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session, * when we cannot find a matching client certificate. This is conform * spec (RFC7250, 4.2 case 2.). */ - cert_type = - _gnutls_cert_type2IANA(session-> - security_parameters.client_ctype); + ret = cert_type2IANA(get_certificate_type( + session, GNUTLS_CTYPE_CLIENT)); + + if (ret < 0) + return gnutls_assert_val(ret); + + cert_type = ret; // For readability ret = gnutls_buffer_append_data(data, &cert_type, 1); diff --git a/lib/ext/server_cert_type.c b/lib/ext/server_cert_type.c index a00a0376c9..35c6d751db 100644 --- a/lib/ext/server_cert_type.c +++ b/lib/ext/server_cert_type.c @@ -33,8 +33,8 @@ #include "hello_ext.h" #include "hello_ext_lib.h" #include "errors.h" -#include <state.h> -#include <datum.h> +#include "state.h" +#include "datum.h" static int _gnutls_server_cert_type_recv_params(gnutls_session_t session, @@ -76,10 +76,10 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session, ssize_t len = data_size; const uint8_t* pdata = data; - /* Only activate this extension if cert type negotiation is enabled - * and we have cert credentials set */ - if (!_gnutls_has_negotiate_ctypes(session) || - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL) + /* Only activate this extension if we have cert credentials set + * and alternative cert types are allowed */ + if (!are_alternative_cert_types_allowed(session) || + (_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL)) return 0; if (!IS_SERVER(session)) { // client mode @@ -96,7 +96,7 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session, * may only receive a cert type that we offered, i.e. one that we * support. Because the world isn't as beautiful as it may seem, * we're going to check it nevertheless. */ - cert_type = _gnutls_IANA2cert_type(pdata[0]); + cert_type = IANA2cert_type(pdata[0]); // Check validity of cert type if (cert_type == GNUTLS_CRT_UNKNOWN) { @@ -118,7 +118,7 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session, // Check whether what we got back is actually offered by us for (i = 0; i < sent_cert_types.size; i++) { - if (_gnutls_IANA2cert_type(sent_cert_types.data[i]) == cert_type) + if (IANA2cert_type(sent_cert_types.data[i]) == cert_type) found = 1; } @@ -159,7 +159,7 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session, */ for (i = 0; i < cert_types.size; i++) { // Convert to internal representation - cert_type = _gnutls_IANA2cert_type(cert_types.data[i]); + cert_type = IANA2cert_type(cert_types.data[i]); // If we have an invalid cert id then continue to the next if (cert_type == GNUTLS_CRT_UNKNOWN) @@ -197,12 +197,12 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session, uint8_t i = 0, num_cert_types = 0; priority_st* cert_priorities; gnutls_datum_t tmp_cert_types; // For type conversion - uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported cert types + uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported cert types. Inv: 0 <= cert type Id < 256 - /* Only activate this extension if cert type negotiation is enabled - * and we have cert credentials set */ - if (!_gnutls_has_negotiate_ctypes(session) || - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL) + /* Only activate this extension if we have cert credentials set + * and alternative cert types are allowed */ + if (!are_alternative_cert_types_allowed(session) || + (_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL)) return 0; if (!IS_SERVER(session)) { // Client mode @@ -255,7 +255,13 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); // Convert to IANA representation - cert_type = _gnutls_cert_type2IANA(cert_priorities->priorities[i]); + ret = cert_type2IANA(cert_priorities->priorities[i]); + + if (ret < 0) + return gnutls_assert_val(ret); + + cert_type = ret; // For readability + // Add this cert type to our list with supported types cert_types[num_cert_types] = cert_type; num_cert_types++; @@ -281,7 +287,7 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session, return 0; } else if (num_cert_types == 1 && - _gnutls_IANA2cert_type(cert_types[0]) == DEFAULT_CERT_TYPE) { + IANA2cert_type(cert_types[0]) == DEFAULT_CERT_TYPE) { _gnutls_handshake_log ("EXT[%p]: The only supported server certificate type is (%s) which is the default. " "We therefore do not send this extension.\n", @@ -320,9 +326,13 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session, } } else { // Server mode // Retrieve negotiated server certificate type and send it - cert_type = - _gnutls_cert_type2IANA(session->security_parameters. - server_ctype); + ret = cert_type2IANA(get_certificate_type( + session, GNUTLS_CTYPE_SERVER)); + + if (ret < 0) + return gnutls_assert_val(ret); + + cert_type = ret; // For readability ret = gnutls_buffer_append_data(data, &cert_type, 1); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 16881d8827..8baa8815e7 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1303,7 +1303,9 @@ typedef struct { /* starting time of current handshake */ struct timespec handshake_start_time; - time_t handshake_endtime; /* end time in seconds */ + /* end time of current handshake */ + struct timespec handshake_endtime; + unsigned int handshake_timeout_ms; /* timeout in milliseconds */ unsigned int record_timeout_ms; /* timeout in milliseconds */ @@ -1559,9 +1561,43 @@ inline static size_t max_user_send_size(gnutls_session_t session, return max; } -inline static bool _gnutls_has_negotiate_ctypes(gnutls_session_t session) +/* Returns the during the handshake negotiated certificate type(s). + * See state.c for the full function documentation. + * + * This function is made static inline for optimization reasons. + */ +static inline gnutls_certificate_type_t +get_certificate_type(gnutls_session_t session, + gnutls_ctype_target_t target) { - return session->internals.flags & GNUTLS_ENABLE_CERT_TYPE_NEG; + switch (target) { + case GNUTLS_CTYPE_CLIENT: + return session->security_parameters.client_ctype; + break; + case GNUTLS_CTYPE_SERVER: + return session->security_parameters.server_ctype; + break; + case GNUTLS_CTYPE_OURS: + if (IS_SERVER(session)) { + return session->security_parameters.server_ctype; + } else { + return session->security_parameters.client_ctype; + } + break; + case GNUTLS_CTYPE_PEERS: + if (IS_SERVER(session)) { + return session->security_parameters.client_ctype; + } else { + return session->security_parameters.server_ctype; + } + break; + default: // Illegal parameter passed + return GNUTLS_CRT_UNKNOWN; + } } +/* Macros to aide constant time/mem checks */ +#define CONSTCHECK_NOT_EQUAL(a, b) ((-((uint32_t)(a) ^ (uint32_t)(b))) >> 31) +#define CONSTCHECK_EQUAL(a, b) (1U - CONSTCHECK_NOT_EQUAL(a, b)) + #endif /* GNUTLS_INT_H */ diff --git a/lib/handshake.c b/lib/handshake.c index 5080756c28..d83a51c9bb 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -2737,6 +2737,10 @@ int gnutls_handshake(gnutls_session_t session) } if (STATE == STATE0) { + unsigned int tmo_ms; + struct timespec *end; + struct timespec *start; + /* first call */ if (session->internals.priorities == NULL || session->internals.priorities->cs.size == 0) @@ -2752,10 +2756,17 @@ int gnutls_handshake(gnutls_session_t session) session->internals.handshake_in_progress = 1; session->internals.vc_status = -1; gnutls_gettime(&session->internals.handshake_start_time); - if (session->internals.handshake_timeout_ms && - session->internals.handshake_endtime == 0) - session->internals.handshake_endtime = session->internals.handshake_start_time.tv_sec + - session->internals.handshake_timeout_ms / 1000; + + tmo_ms = session->internals.handshake_timeout_ms; + end = &session->internals.handshake_endtime; + start = &session->internals.handshake_start_time; + + if (tmo_ms && end->tv_sec == 0 && end->tv_nsec == 0) { + end->tv_sec = + start->tv_sec + (start->tv_nsec + tmo_ms * 1000000LL) / 1000000000LL; + end->tv_nsec = + (start->tv_nsec + tmo_ms * 1000000LL) % 1000000000LL; + } } if (session->internals.recv_state == RECV_STATE_FALSE_START) { diff --git a/lib/handshake.h b/lib/handshake.h index a82263aad1..11c310f33c 100644 --- a/lib/handshake.h +++ b/lib/handshake.h @@ -112,16 +112,23 @@ int _gnutls13_handshake_hash_buffers_synth(gnutls_session_t session, #define FAGAIN(target) (FINAL_STATE==target?1:0) #define AGAIN2(state, target) (state==target?1:0) +/* return the remaining time in ms */ inline static int handshake_remaining_time(gnutls_session_t session) { - if (session->internals.handshake_endtime) { + struct timespec *end = &session->internals.handshake_endtime; + + if (end->tv_sec || end->tv_nsec) { struct timespec now; gnutls_gettime(&now); - if (now.tv_sec < session->internals.handshake_endtime) - return (session->internals.handshake_endtime - - now.tv_sec) * 1000; - else + if (now.tv_sec < end->tv_sec || + (now.tv_sec == end->tv_sec && now.tv_nsec < end->tv_nsec)) + { + long long now_ms = now.tv_sec * 1000LL + now.tv_nsec / 1000000; + long long end_ms = end->tv_sec * 1000LL + end->tv_nsec / 1000000; + + return end_ms - now_ms; + } else return gnutls_assert_val(GNUTLS_E_TIMEDOUT); } return 0; diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index 5fa0fb99db..223fb2ed1f 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -75,6 +75,12 @@ typedef int (*gnutls_privkey_decrypt_func) (gnutls_privkey_t key, const gnutls_datum_t *ciphertext, gnutls_datum_t * plaintext); +typedef int (*gnutls_privkey_decrypt_func2) (gnutls_privkey_t key, + void *userdata, + const gnutls_datum_t *ciphertext, + unsigned char * plaintext, + size_t plaintext_size); + /* to be called to sign pre-hashed data. The input will be * the output of the hash (such as SHA256) corresponding to * the signature algorithm. The algorithm GNUTLS_SIGN_RSA_RAW @@ -542,12 +548,17 @@ int gnutls_privkey_sign_hash2(gnutls_privkey_t signer, const gnutls_datum_t * hash_data, gnutls_datum_t * signature); - int gnutls_privkey_decrypt_data(gnutls_privkey_t key, unsigned int flags, const gnutls_datum_t * ciphertext, gnutls_datum_t * plaintext); +int gnutls_privkey_decrypt_data2(gnutls_privkey_t key, + unsigned int flags, + const gnutls_datum_t * ciphertext, + unsigned char * plaintext, + size_t plaintext_size); + int gnutls_privkey_export_rsa_raw(gnutls_privkey_t key, gnutls_datum_t * m, gnutls_datum_t * e, @@ -633,8 +644,7 @@ typedef struct gnutls_pcert_st { gnutls_certificate_type_t type; } gnutls_pcert_st; -/* Do not initialize the "cert" element of - * the certificate */ +/* This flag is unused/ignored */ #define GNUTLS_PCERT_NO_CERT 1 int gnutls_pcert_import_x509(gnutls_pcert_st * pcert, @@ -683,6 +693,14 @@ int gnutls_pcert_export_openpgp(gnutls_pcert_st * pcert, void gnutls_pcert_deinit(gnutls_pcert_st * pcert); +int gnutls_pcert_import_rawpk(gnutls_pcert_st* pcert, + gnutls_pubkey_t key, unsigned int flags); + +int gnutls_pcert_import_rawpk_raw(gnutls_pcert_st* pcert, + const gnutls_datum_t* rawpubkey, + gnutls_x509_crt_fmt_t format, + unsigned int key_usage, unsigned int flags); + /* For certificate credentials */ /* This is the same as gnutls_certificate_retrieve_function() * but retrieves a gnutls_pcert_st which requires much less processing diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 73141a3a3b..7e6a592447 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -421,7 +421,6 @@ typedef enum { * applications which hide the length of transferred data via the TLS1.3 padding mechanism and * are already taking steps to hide the data processing time. This comes at a performance * penalty. - * @GNUTLS_ENABLE_CERT_TYPE_NEG: Enable certificate type negotiation extensions (RFC7250). * @GNUTLS_AUTO_REAUTH: Enable transparent re-authentication in client side when the server * requests to. That is, reauthentication is handled within gnutls_record_recv(), and * the %GNUTLS_E_REHANDSHAKE or %GNUTLS_E_REAUTH_REQUEST are not returned. This must be @@ -430,6 +429,9 @@ typedef enum { * since gnutls_record_recv() could be interrupted when sending when this flag is enabled. * Note this flag may not be used if you are using the same session for sending and receiving * in different threads. + * @GNUTLS_ENABLE_EARLY_DATA: Under TLS1.3 allow the server to receive early data sent as part of the initial ClientHello (0-RTT). + * This is not enabled by default as early data has weaker security properties than other data. Since 3.6.5. + * @GNUTLS_ENABLE_RAWPK: Allows raw public-keys to be negotiated during the handshake. Since 3.6.6. * * Enumeration of different flags for gnutls_init() function. All the flags * can be combined except @GNUTLS_SERVER and @GNUTLS_CLIENT which are mutually @@ -458,7 +460,7 @@ typedef enum { GNUTLS_NO_AUTO_REKEY = (1<<15), GNUTLS_SAFE_PADDING_CHECK = (1<<16), GNUTLS_ENABLE_EARLY_START = (1<<17), - GNUTLS_ENABLE_CERT_TYPE_NEG = (1<<18), + GNUTLS_ENABLE_RAWPK = (1<<18), GNUTLS_AUTO_REAUTH = (1<<19), GNUTLS_ENABLE_EARLY_DATA = (1<<20) } gnutls_init_flags_t; @@ -476,6 +478,8 @@ typedef enum { #define GNUTLS_ENABLE_FALSE_START (1<<8) #define GNUTLS_FORCE_CLIENT_CERT (1<<9) #define GNUTLS_NO_TICKETS (1<<10) +#define GNUTLS_ENABLE_CERT_TYPE_NEG 0 + // Here for compatibility reasons /** * gnutls_alert_level_t: @@ -630,7 +634,7 @@ const char * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known. * This is the case if the issuer is not included in the trusted certificate list. * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This - * may happen if this was a version 1 certificate, which is common with + * may happen if this was a version 1 certificate, which is common with * some CAs, or a version 3 certificate without the basic constrains extension. * @GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: The certificate's signer constraints were * violated. @@ -1405,7 +1409,7 @@ ssize_t gnutls_record_recv(gnutls_session_t session, void *data, typedef struct mbuffer_st *gnutls_packet_t; ssize_t -gnutls_record_recv_packet(gnutls_session_t session, +gnutls_record_recv_packet(gnutls_session_t session, gnutls_packet_t *packet); void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, unsigned char *sequence); @@ -1685,7 +1689,7 @@ const char * gnutls_protocol_get_name(gnutls_protocol_t version) __GNUTLS_CONST__; -/* get/set session +/* get/set session */ int gnutls_session_set_data(gnutls_session_t session, const void *session_data, @@ -1776,7 +1780,7 @@ int gnutls_session_channel_binding(gnutls_session_t session, gnutls_channel_binding_t cbtype, gnutls_datum_t * cb); -/* checks if this session is a resumed one +/* checks if this session is a resumed one */ int gnutls_session_is_resumed(gnutls_session_t session); int gnutls_session_resumption_requested(gnutls_session_t session); @@ -2130,6 +2134,29 @@ gnutls_ocsp_status_request_get2(gnutls_session_t session, unsigned idx, gnutls_datum_t * response); +/* RAW public key functions (RFC7250) */ +int gnutls_certificate_set_rawpk_key_mem(gnutls_certificate_credentials_t cred, + const gnutls_datum_t* spki, + const gnutls_datum_t* pkey, + gnutls_x509_crt_fmt_t format, + const char* pass, + unsigned int key_usage, + const char **names, + unsigned int names_length, + unsigned int flags); + +int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred, + const char* rawpkfile, + const char* privkeyfile, + gnutls_x509_crt_fmt_t format, + const char *pass, + unsigned int key_usage, + const char **names, + unsigned int names_length, + unsigned int privkey_flags, + unsigned int pkcs11_flags); + + /* global state functions */ int gnutls_global_init(void); @@ -2272,7 +2299,7 @@ void gnutls_transport_set_errno_function(gnutls_session_t session, void gnutls_transport_set_errno(gnutls_session_t session, int err); -/* session specific +/* session specific */ void gnutls_session_set_ptr(gnutls_session_t session, void *ptr); void *gnutls_session_get_ptr(gnutls_session_t session); @@ -2305,7 +2332,7 @@ int gnutls_random_art(gnutls_random_art_t type, int gnutls_idna_map(const char * input, unsigned ilen, gnutls_datum_t *out, unsigned flags); int gnutls_idna_reverse_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsigned flags); -/* SRP +/* SRP */ typedef struct gnutls_srp_server_credentials_st @@ -2974,13 +3001,13 @@ typedef int (*gnutls_supp_recv_func) (gnutls_session_t session, typedef int (*gnutls_supp_send_func) (gnutls_session_t session, gnutls_buffer_t buf); -int gnutls_supplemental_register(const char *name, - gnutls_supplemental_data_format_type_t type, +int gnutls_supplemental_register(const char *name, + gnutls_supplemental_data_format_type_t type, gnutls_supp_recv_func supp_recv_func, gnutls_supp_send_func supp_send_func); int gnutls_session_supplemental_register(gnutls_session_t session, const char *name, - gnutls_supplemental_data_format_type_t type, + gnutls_supplemental_data_format_type_t type, gnutls_supp_recv_func supp_recv_func, gnutls_supp_send_func supp_send_func, unsigned int flags); diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 06181f04ee..197644ea43 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1261,8 +1261,18 @@ GNUTLS_3_6_5 gnutls_anti_replay_deinit; gnutls_anti_replay_set_window; gnutls_anti_replay_enable; + gnutls_privkey_decrypt_data2; } GNUTLS_3_6_4; +GNUTLS_3_6_6 +{ + global: + gnutls_certificate_set_rawpk_key_mem; + gnutls_certificate_set_rawpk_key_file; + gnutls_pcert_import_rawpk; + gnutls_pcert_import_rawpk_raw; +} GNUTLS_3_6_5; + GNUTLS_FIPS140_3_4 { global: gnutls_cipher_self_test; diff --git a/lib/nettle/int/drbg-aes-self-test.c b/lib/nettle/int/drbg-aes-self-test.c index d50ca19c3c..fe056c6a11 100644 --- a/lib/nettle/int/drbg-aes-self-test.c +++ b/lib/nettle/int/drbg-aes-self-test.c @@ -28,8 +28,10 @@ struct self_test_st { const uint8_t entropy[DRBG_AES_SEED_SIZE]; - const char *pstring; - const uint8_t res[4][16]; + const uint8_t pstring[32]; + const uint8_t reseed[DRBG_AES_SEED_SIZE]; + const uint8_t addtl[3][32]; + const uint8_t res[64]; }; struct priv_st { @@ -40,64 +42,49 @@ struct priv_st { int drbg_aes_self_test(void) { static const struct self_test_st tv[] = { + /* + * Test vector from NIST ACVP test framework that was + * successfully validated by ACVP server. + */ { - .entropy = {0xb9, 0xca, 0x7f, 0xd6, 0xa0, 0xf5, 0xd3, 0x42, - 0x19, 0x6d, 0x84, 0x91, 0x76, 0x1c, 0x3b, 0xbe, - 0x48, 0xb2, 0x82, 0x98, 0x68, 0xc2, 0x80, 0x00, - 0x19, 0x6d, 0x84, 0x91, 0x76, 0x1c, 0x3b, 0xbe, - 0x48, 0xb2, 0x82, 0x98, 0x68, 0xc2, 0x80, 0x00, - 0x00, 0x00, 0x28, 0x18, 0x00, 0x00, 0x25, 0x00}, - .pstring = "test test test", - .res = { - {0xa4, 0xae, 0xb4, 0x51, 0xd0, 0x0d, 0x97, 0xcc, 0x46, - 0xbb, 0xc0, 0xec, 0x5c, 0xa1, 0xf0, 0x34}, - {0x68, 0xc4, 0x04, 0x63, 0x3d, 0x9e, 0x2c, 0x05, 0x18, - 0xcf, 0xde, 0x2a, 0x4c, 0x49, 0xc8, 0x2b}, - {0x60, 0x5a, 0xd6, 0x71, 0x5e, 0xb3, 0x86, 0x22, 0xd5, - 0x21, 0x7f, 0xd7, 0x1d, 0xa3, 0xff, 0xa6}, - {0xe0, 0xf8, 0x77, 0x2c, 0xcb, 0xa4, 0x52, 0xa5, 0x35, - 0xf5, 0x21, 0xb9, 0x20, 0x4e, 0xff, 0x3e}, - } - }, - { - .entropy = { - 0xb9, 0xca, 0x7f, 0xd6, 0xa0, 0xf5, 0xd3, 0x42, - 0x19, 0x6d, 0x84, 0x91, 0x76, 0x1c, 0x3b, 0xbe, - 0x48, 0xb2, 0x82, 0x98, 0x68, 0xc2, 0x80, 0x00, - 0x19, 0x6d, 0x84, 0x91, 0x76, 0x1c, 0x3b, 0xbe, - 0x48, 0xb2, 0x82, 0x98, 0x68, 0xc2, 0x80, 0x00, - 0x00, 0x00, 0x28, 0x18, 0x00, 0x00, 0x25, 0x00}, - .pstring = "tost tost test", - .res = { - {0x47, 0x2d, 0x1e, 0xa9, 0xe9, 0xed, 0x02, 0xba, 0x0b, - 0x8f, 0xc7, 0x59, 0x84, 0xe0, 0x7d, 0x6e}, - {0x4c, 0x63, 0xfd, 0xc9, 0x17, 0x1e, 0x09, 0xca, 0x62, - 0x72, 0x45, 0x4f, 0xeb, 0x5b, 0xd0, 0x02}, - {0x3e, 0x29, 0x1c, 0xde, 0xd9, 0xdd, 0x65, 0x4f, 0xfe, - 0xcd, 0x17, 0xa3, 0xa0, 0x23, 0x3b, 0xd5}, - {0x2b, 0x45, 0xd2, 0x4a, 0xf9, 0xd4, 0x91, 0xa4, 0x2e, - 0xaf, 0xe6, 0xb5, 0x40, 0xb4, 0xf5, 0xd7}, - } - }, - { - .entropy = { - 0x42, 0x9c, 0x08, 0x3d, 0x82, 0xf4, 0x8a, 0x40, - 0x66, 0xb5, 0x49, 0x27, 0xab, 0x42, 0xc7, 0xc3, - 0x0e, 0xb7, 0x61, 0x3c, 0xfe, 0xb0, 0xbe, 0x73, - 0xf7, 0x6e, 0x6d, 0x6f, 0x1d, 0xa3, 0x14, 0xfa, - 0xbb, 0x4b, 0xc1, 0x0e, 0xc5, 0xfb, 0xcd, 0x46, - 0xbe, 0x28, 0x61, 0xe7, 0x03, 0x2b, 0x37, 0x7d}, - .pstring = "one two", - .res = { - {0x6c, 0x29, 0x75, 0xdc, 0xd3, 0xaf, 0xfa, 0xf0, 0xe9, - 0xa8, 0xa4, 0xd8, 0x60, 0x62, 0xc9, 0xaa}, - {0x2b, 0xac, 0x71, 0x36, 0x42, 0xbf, 0x2a, 0xff, 0xa7, - 0xc7, 0xf6, 0x08, 0xa4, 0x3b, 0xe6, 0x00}, - {0x1d, 0x2c, 0x18, 0xbc, 0xc4, 0xbe, 0x64, 0x4b, 0x9a, - 0x6c, 0x45, 0xcb, 0x6b, 0xf2, 0xed, 0xc3}, - {0xe3, 0x41, 0x58, 0x24, 0x57, 0xa0, 0x60, 0xad, 0xb6, - 0x45, 0x8d, 0x8f, 0x32, 0x81, 0x77, 0xa9}, - } + .entropy = { 0xBE, 0x36, 0xDA, 0x22, 0xC5, 0xEE, 0xC2, 0x46, + 0x88, 0xAF, 0xD5, 0xFB, 0xC7, 0x12, 0x98, 0x58, + 0x32, 0xD0, 0x35, 0x89, 0x33, 0xF0, 0xFA, 0x2B, + 0x1B, 0x0D, 0x02, 0xE9, 0x3A, 0x28, 0x5F, 0x06, + 0x04, 0x3B, 0x97, 0x5F, 0xED, 0xD6, 0x2D, 0xC5, + 0xD9, 0x76, 0x42, 0x06, 0xEC, 0x80, 0x55, 0xFB }, + .pstring = { 0x50, 0xF9, 0x47, 0x14, 0x27, 0xF4, 0xA0, 0xAF, + 0x30, 0x08, 0x74, 0x85, 0xC7, 0x94, 0xA3, 0x5D, + 0x8F, 0x4F, 0x43, 0x52, 0x0C, 0xC0, 0x64, 0x47, + 0xF8, 0xAD, 0xC7, 0xB2, 0x6C, 0x7F, 0x26, 0x6E }, + .reseed = { 0x64, 0xDB, 0x9E, 0xC3, 0x45, 0x88, 0xED, 0x33, + 0xC8, 0x4C, 0xE2, 0x87, 0x12, 0x9C, 0xCA, 0x02, + 0x16, 0x41, 0xB5, 0x3B, 0xCB, 0x5F, 0x01, 0xAE, + 0xA0, 0x01, 0xBB, 0x16, 0x44, 0x1B, 0x99, 0x82, + 0x97, 0x84, 0x5B, 0x16, 0x58, 0xF3, 0xBD, 0xBE, + 0x9A, 0xAB, 0x9F, 0xB7, 0xB2, 0x93, 0xBE, 0xA5 }, + .addtl = { + { 0x10, 0xDD, 0xBC, 0x33, 0x29, 0x10, 0x53, 0x4C, + 0xA0, 0x10, 0x72, 0xBF, 0x4C, 0x55, 0xDD, 0x7C, + 0x08, 0x5F, 0xDF, 0x40, 0xB6, 0x03, 0xF2, 0xBC, + 0xEA, 0xAE, 0x08, 0x46, 0x61, 0x68, 0x91, 0xC9 }, + { 0x00, 0xB6, 0x84, 0xF7, 0xF3, 0x14, 0xC7, 0x80, + 0x57, 0xA4, 0x8F, 0x48, 0xE5, 0xC9, 0x7F, 0x8D, + 0x54, 0x88, 0x96, 0xDF, 0x94, 0x55, 0xB1, 0x1C, + 0xFA, 0xCF, 0xE0, 0x4D, 0xAA, 0x01, 0xFA, 0x25 }, + { 0x97, 0x02, 0xDB, 0xCB, 0x85, 0x2A, 0xAA, 0x55, + 0x96, 0xC7, 0xF8, 0xF3, 0xB3, 0x9B, 0xBC, 0xCA, + 0xB5, 0xC1, 0x7C, 0x1C, 0x0D, 0x2F, 0x5B, 0x0E, + 0x9B, 0xBA, 0xB4, 0xDD, 0x45, 0x90, 0xF2, 0x14 }, + }, + .res = { 0xfe, 0x78, 0x3c, 0x64, 0x98, 0xb8, 0x69, 0x1d, + 0xb7, 0xd4, 0xfb, 0x71, 0xdb, 0x58, 0xd2, 0xee, + 0x32, 0x63, 0xfd, 0xed, 0x78, 0xe7, 0x93, 0x13, + 0x65, 0xd7, 0xf8, 0x6b, 0x71, 0x90, 0xfc, 0xf4, + 0xa3, 0x29, 0xae, 0x0b, 0xca, 0x40, 0x23, 0x61, + 0x6c, 0xa3, 0xf8, 0xc6, 0x75, 0x15, 0x38, 0x36, + 0x11, 0x5c, 0xc0, 0x87, 0x8a, 0x9b, 0x91, 0xdb, + 0x56, 0xb9, 0x06, 0x98, 0xc5, 0x78, 0x1a, 0x3a } }, }; unsigned i, j; @@ -106,7 +93,7 @@ int drbg_aes_self_test(void) struct priv_st priv; int ret, saved; uint8_t *tmp; - unsigned char result[16]; + unsigned char result[64]; memset(&priv, 0, sizeof(priv)); priv.ctx = &test_ctx; @@ -127,38 +114,36 @@ int drbg_aes_self_test(void) } for (i = 0; i < sizeof(tv) / sizeof(tv[0]); i++) { - /* Setup the key. */ - ret = - drbg_aes_init(&test_ctx, DRBG_AES_SEED_SIZE, tv[i].entropy, - strlen(tv[i].pstring), (void *)tv[i].pstring); + /* CAVP test step 1: initialization with perso string */ + ret = drbg_aes_init(&test_ctx, + sizeof(tv[i].entropy), tv[i].entropy, + sizeof(tv[i].pstring), tv[i].pstring); if (ret == 0) goto fail; if (drbg_aes_is_seeded(&test_ctx) == 0) goto fail; - /* Get and compare the first three results. */ - for (j = 0; j < 3; j++) { - /* Compute the next value. */ - if (drbg_aes_random(&test_ctx, 16, result) == 0) - goto fail; - - /* Compare it to the known value. */ - if (memcmp(result, tv[i].res[j], 16) != 0) { - goto fail; - } - } - - ret = - drbg_aes_reseed(&test_ctx, DRBG_AES_SEED_SIZE, - tv[i].entropy, 0, NULL); + /* CAVP test step 2: reseed with addtl information */ + ret = drbg_aes_reseed(&test_ctx, + sizeof(tv[i].reseed), tv[i].reseed, + sizeof(tv[i].addtl[0]), tv[i].addtl[0]); if (ret == 0) goto fail; - if (drbg_aes_random(&test_ctx, 16, result) == 0) + /* CAVP test step 3: generate with addtl info, discard result */ + if (drbg_aes_generate(&test_ctx, sizeof(result), result, + sizeof(tv[i].addtl[1]), + tv[i].addtl[1]) == 0) + goto fail; + + /* CAVP test step 4: generate with addtl info */ + if (drbg_aes_generate(&test_ctx, sizeof(result), result, + sizeof(tv[i].addtl[2]), + tv[i].addtl[2]) == 0) goto fail; - if (memcmp(result, tv[i].res[3], 16) != 0) { + if (memcmp(result, tv[i].res, sizeof(result)) != 0) { goto fail; } diff --git a/lib/nettle/int/drbg-aes.c b/lib/nettle/int/drbg-aes.c index a5a05b64a8..d8b0780cff 100644 --- a/lib/nettle/int/drbg-aes.c +++ b/lib/nettle/int/drbg-aes.c @@ -143,32 +143,16 @@ int drbg_aes_generate(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst, memset(seed, 0, DRBG_AES_SEED_SIZE); } - /* Throw the first block generated. FIPS 140-2 requirement (see - * the continuous random number generator test in 4.9.2) - */ - if (ctx->prev_block_present == 0) { - INCREMENT(sizeof(ctx->v), ctx->v); - aes256_encrypt(&ctx->key, AES_BLOCK_SIZE, ctx->prev_block, ctx->v); - - ctx->prev_block_present = 1; - } - /* Perform the actual encryption */ for (left = length; left >= AES_BLOCK_SIZE; left -= AES_BLOCK_SIZE, dst += AES_BLOCK_SIZE) { - INCREMENT(sizeof(ctx->v), ctx->v); aes256_encrypt(&ctx->key, AES_BLOCK_SIZE, dst, ctx->v); - - memcpy(ctx->prev_block, dst, AES_BLOCK_SIZE); } if (left > 0) { /* partial fill */ - INCREMENT(sizeof(ctx->v), ctx->v); aes256_encrypt(&ctx->key, AES_BLOCK_SIZE, tmp, ctx->v); - - memcpy(ctx->prev_block, tmp, AES_BLOCK_SIZE); memcpy(dst, tmp, left); } diff --git a/lib/nettle/int/drbg-aes.h b/lib/nettle/int/drbg-aes.h index 1d421a69e9..5d03929662 100644 --- a/lib/nettle/int/drbg-aes.h +++ b/lib/nettle/int/drbg-aes.h @@ -50,8 +50,6 @@ struct drbg_aes_ctx { uint8_t v[AES_BLOCK_SIZE]; - unsigned prev_block_present; - uint8_t prev_block[AES_BLOCK_SIZE]; unsigned reseed_counter; }; diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 4d945c89ad..38c098d8d5 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -529,6 +529,57 @@ _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo, return ret; } +/* Note: we do not allocate in this function to avoid asymettric + * unallocation (which creates a side channel) in case of failure + * */ +static int +_wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo, + const gnutls_datum_t * ciphertext, + unsigned char * plaintext, + size_t plaintext_size, + const gnutls_pk_params_st * pk_params) +{ + struct rsa_private_key priv; + struct rsa_public_key pub; + bigint_t c; + uint32_t is_err; + int ret; + + if (algo != GNUTLS_PK_RSA || plaintext == NULL) { + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } + + _rsa_params_to_privkey(pk_params, &priv); + ret = _rsa_params_to_pubkey(pk_params, &pub); + if (ret < 0) + return gnutls_assert_val(ret); + + if (ciphertext->size != pub.size) + return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); + + if (_gnutls_mpi_init_scan_nz(&c, ciphertext->data, + ciphertext->size) != 0) { + return gnutls_assert_val (GNUTLS_E_MPI_SCAN_FAILED); + } + + ret = rsa_sec_decrypt(&pub, &priv, NULL, rnd_nonce_func, + plaintext_size, plaintext, TOMPZ(c)); + /* after this point, any conditional on failure that cause differences + * in execution may create a timing or cache access pattern side + * channel that can be used as an oracle, so thread very carefully */ + _gnutls_mpi_release(&c); + /* Here HAVE_LIB_ERROR() should be fine as it doesn't have + * branches in it and returns a bool */ + is_err = HAVE_LIB_ERROR(); + /* if is_err != 0 */ + is_err = CONSTCHECK_NOT_EQUAL(is_err, 0); + /* or ret == 0 */ + is_err |= CONSTCHECK_EQUAL(ret, 0); + /* then return GNUTLS_E_DECRYPTION_FAILED */ + return (int)((is_err * UINT_MAX) & GNUTLS_E_DECRYPTION_FAILED); +} + #define CHECK_INVALID_RSA_PSS_PARAMS(dig_size, salt_size, pub_size, err) \ if (unlikely(dig_size + salt_size + 2 > pub_size)) \ return gnutls_assert_val(err) @@ -2780,6 +2831,7 @@ int crypto_pk_prio = INT_MAX; gnutls_crypto_pk_st _gnutls_pk_ops = { .encrypt = _wrap_nettle_pk_encrypt, .decrypt = _wrap_nettle_pk_decrypt, + .decrypt2 = _wrap_nettle_pk_decrypt2, .sign = _wrap_nettle_pk_sign, .verify = _wrap_nettle_pk_verify, .verify_priv_params = wrap_nettle_pk_verify_priv_params, diff --git a/lib/pcert.c b/lib/pcert.c index 3476405022..816a748b05 100644 --- a/lib/pcert.c +++ b/lib/pcert.c @@ -27,6 +27,7 @@ #include <x509.h> #include "x509/x509_int.h" #include <gnutls/x509.h> +#include "x509_b64.h" /** * gnutls_pcert_import_x509: @@ -215,7 +216,7 @@ gnutls_pcert_list_import_x509_raw(gnutls_pcert_st *pcert_list, cleanup: for (i = 0; i < *pcert_list_size; i++) gnutls_x509_crt_deinit(crt[i]); - + cleanup_crt: gnutls_free(crt); return ret; @@ -356,6 +357,133 @@ int gnutls_pcert_import_x509_raw(gnutls_pcert_st * pcert, } /** + * gnutls_pcert_import_rawpk: + * @pcert: The pcert structure to import the data into. + * @pubkey: The raw public-key in #gnutls_pubkey_t format to be imported + * @flags: zero for now + * + * This convenience function will import (i.e. convert) the given raw + * public key @pubkey into a #gnutls_pcert_st structure. The structure + * must be deinitialized afterwards using gnutls_pcert_deinit(). The + * given @pubkey must not be deinitialized because it will be associated + * with the given @pcert structure and will be deinitialized with it. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.6.6 + **/ +int gnutls_pcert_import_rawpk(gnutls_pcert_st* pcert, + gnutls_pubkey_t pubkey, unsigned int flags) +{ + int ret; + + if (pubkey == NULL) { + return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + + memset(pcert, 0, sizeof(*pcert)); + + /* A pcert struct holds a raw copy of the certificate data. + * Therefore we convert our gnutls_pubkey_t to its raw DER + * representation and copy it into our pcert. It is this raw data + * that will be transfered to the peer via a Certificate msg. + * According to the spec (RFC7250) a DER representation must be used. + */ + ret = gnutls_pubkey_export2(pubkey, GNUTLS_X509_FMT_DER, &pcert->cert); + if (ret < 0) { + return gnutls_assert_val(ret); + } + + pcert->pubkey = pubkey; + + pcert->type = GNUTLS_CRT_RAWPK; + + return GNUTLS_E_SUCCESS; +} + +/** + * gnutls_pcert_import_rawpk_raw: + * @pcert: The pcert structure to import the data into. + * @rawpubkey: The raw public-key in #gnutls_datum_t format to be imported. + * @format: The format of the raw public-key. DER or PEM. + * @key_usage: An ORed sequence of %GNUTLS_KEY_* flags. + * @flags: zero for now + * + * This convenience function will import (i.e. convert) the given raw + * public key @rawpubkey into a #gnutls_pcert_st structure. The structure + * must be deinitialized afterwards using gnutls_pcert_deinit(). + * Note that the caller is responsible for freeing @rawpubkey. All necessary + * values will be copied into @pcert. + * + * Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly + * set because there is no certificate structure around the key to define + * this value. See for more info gnutls_x509_crt_get_key_usage(). + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.6.6 + **/ +int gnutls_pcert_import_rawpk_raw(gnutls_pcert_st* pcert, + const gnutls_datum_t* rawpubkey, + gnutls_x509_crt_fmt_t format, + unsigned int key_usage, unsigned int flags) +{ + int ret; + + if (rawpubkey == NULL) { + return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + + memset(pcert, 0, sizeof(*pcert)); + + ret = gnutls_pubkey_init(&pcert->pubkey); + if (ret < 0) { + return gnutls_assert_val(ret); + } + + // Convert our raw public-key to a gnutls_pubkey_t structure + ret = gnutls_pubkey_import(pcert->pubkey, rawpubkey, format); + if (ret < 0) { + return gnutls_assert_val(ret); + } + + pcert->pubkey->key_usage = key_usage; + + /* A pcert struct holds a raw copy of the certificate data. + * It is this raw data that will be transfered to the peer via a + * Certificate message. According to the spec (RFC7250) a DER + * representation must be used. Therefore we check the format and + * convert if necessary. + */ + if (format == GNUTLS_X509_FMT_PEM) { + ret = _gnutls_fbase64_decode(PEM_PK, + rawpubkey->data, rawpubkey->size, + &pcert->cert); + + if (ret < 0) { + gnutls_pubkey_deinit(pcert->pubkey); + + return gnutls_assert_val(ret); + } + } else { + // Directly copy the raw DER data to our pcert + ret = _gnutls_set_datum(&pcert->cert, rawpubkey->data, rawpubkey->size); + + if (ret < 0) { + gnutls_pubkey_deinit(pcert->pubkey); + + return gnutls_assert_val(ret); + } + } + + pcert->type = GNUTLS_CRT_RAWPK; + + return GNUTLS_E_SUCCESS; +} + +/** * gnutls_pcert_export_x509: * @pcert: The pcert structure. * @crt: An initialized #gnutls_x509_crt_t. @@ -420,15 +548,17 @@ _gnutls_get_auth_info_pcert(gnutls_pcert_st * pcert, cert_auth_info_t info) { switch (type) { - case GNUTLS_CRT_X509: - return gnutls_pcert_import_x509_raw(pcert, - &info-> - raw_certificate_list - [0], - GNUTLS_X509_FMT_DER, - GNUTLS_PCERT_NO_CERT); - default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + case GNUTLS_CRT_X509: + return gnutls_pcert_import_x509_raw(pcert, + &info->raw_certificate_list[0], + GNUTLS_X509_FMT_DER, + 0); + case GNUTLS_CRT_RAWPK: + return gnutls_pcert_import_rawpk_raw(pcert, + &info->raw_certificate_list[0], + GNUTLS_X509_FMT_DER, + 0, 0); + default: + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); } } @@ -28,6 +28,7 @@ extern gnutls_crypto_pk_st _gnutls_pk_ops; #define _gnutls_pk_encrypt( algo, ciphertext, plaintext, params) _gnutls_pk_ops.encrypt( algo, ciphertext, plaintext, params) #define _gnutls_pk_decrypt( algo, ciphertext, plaintext, params) _gnutls_pk_ops.decrypt( algo, ciphertext, plaintext, params) +#define _gnutls_pk_decrypt2( algo, ciphertext, plaintext, size, params) _gnutls_pk_ops.decrypt2( algo, ciphertext, plaintext, size, params) #define _gnutls_pk_sign( algo, sig, data, params, sign_params) _gnutls_pk_ops.sign( algo, sig, data, params, sign_params) #define _gnutls_pk_verify( algo, data, sig, params, sign_params) _gnutls_pk_ops.verify( algo, data, sig, params, sign_params) #define _gnutls_pk_verify_priv_params( algo, params) _gnutls_pk_ops.verify_priv_params( algo, params) diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 1a335ea959..c974565830 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -612,12 +612,17 @@ gnutls_pkcs11_obj_set_info(gnutls_pkcs11_obj_t obj, * @obj: should contain a #gnutls_pkcs11_obj_t type * @itype: Denotes the type of information requested * @output: where output will be stored - * @output_size: contains the maximum size of the output and will be overwritten with actual + * @output_size: contains the maximum size of the output buffer and will be + * overwritten with the actual size. * * This function will return information about the PKCS11 certificate * such as the label, id as well as token information where the key is - * stored. When output is text it returns null terminated string - * although @output_size contains the size of the actual data only. + * stored. + * + * When output is text, a null terminated string is written to @output and its + * string length is written to @output_size (without null terminator). If the + * buffer is too small, @output_size will contain the expected buffer size + * (with null terminator for text) and return %GNUTLS_E_SHORT_MEMORY_BUFFER. * * In versions previously to 3.6.0 this function included the null terminator * to @output_size. After 3.6.0 the output size doesn't include the terminator character. @@ -2447,11 +2452,17 @@ gnutls_pkcs11_token_get_url(unsigned int seq, * @url: should contain a PKCS 11 URL * @ttype: Denotes the type of information requested * @output: where output will be stored - * @output_size: contains the maximum size of the output and will be overwritten with actual + * @output_size: contains the maximum size of the output buffer and will be + * overwritten with the actual size. * * This function will return information about the PKCS 11 token such * as the label, id, etc. * + * When output is text, a null terminated string is written to @output and its + * string length is written to @output_size (without null terminator). If the + * buffer is too small, @output_size will contain the expected buffer size + * (with null terminator for text) and return %GNUTLS_E_SHORT_MEMORY_BUFFER. + * * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code * on error. * @@ -2465,6 +2476,7 @@ gnutls_pkcs11_token_get_info(const char *url, struct p11_kit_uri *info = NULL; const uint8_t *str; size_t str_max; + char *temp_str = NULL; size_t len; int ret; @@ -2505,10 +2517,14 @@ gnutls_pkcs11_token_get_info(const char *url, goto cleanup; } - snprintf(output, *output_size, "%s", tn.modname); - *output_size = strlen(output); - ret = 0; - goto cleanup; + temp_str = tn.modname; + if (temp_str == NULL) { + gnutls_assert(); + str_max = 0; + } else { + str = (uint8_t *)temp_str; + } + break; } default: gnutls_assert(); @@ -2516,14 +2532,21 @@ gnutls_pkcs11_token_get_info(const char *url, goto cleanup; } - len = p11_kit_space_strlen(str, str_max); + if (temp_str) + len = strlen(temp_str); + else if (str_max == 0) + len = 0; + else + len = p11_kit_space_strlen(str, str_max); if (len + 1 > *output_size) { *output_size = len + 1; - return GNUTLS_E_SHORT_MEMORY_BUFFER; + ret = GNUTLS_E_SHORT_MEMORY_BUFFER; + goto cleanup; } - memcpy(output, str, len); + if (len) + memcpy(output, str, len); ((char *) output)[len] = '\0'; *output_size = len; @@ -2531,6 +2554,7 @@ gnutls_pkcs11_token_get_info(const char *url, ret = 0; cleanup: + free(temp_str); p11_kit_uri_free(info); return ret; } @@ -2584,6 +2608,7 @@ gnutls_pkcs11_token_get_ptr(const char *url, void **ptr, unsigned long *slot_id, ret = 0; cleanup: + free(tn.modname); p11_kit_uri_free(info); return ret; } diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 9c81f4e19d..a5187636ed 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -28,6 +28,11 @@ #include <gnutls/pkcs11.h> #include <x509/x509_int.h> +/* Part of PKCS#11 3.0 interface, which was added in p11-kit 0.23.14 */ +#ifdef CKM_EDDSA +#define HAVE_CKM_EDDSA +#endif + #define PKCS11_ID_SIZE 128 #define PKCS11_LABEL_SIZE 128 @@ -214,6 +219,13 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, gnutls_datum_t * plaintext); int +_gnutls_pkcs11_privkey_decrypt_data2(gnutls_pkcs11_privkey_t key, + unsigned int flags, + const gnutls_datum_t * ciphertext, + unsigned char * plaintext, + size_t plaintext_size); + +int _pkcs11_privkey_get_pubkey (gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t *pub, unsigned flags); static inline int pk_to_mech(gnutls_pk_algorithm_t pk) @@ -226,8 +238,10 @@ static inline int pk_to_mech(gnutls_pk_algorithm_t pk) return CKM_RSA_PKCS; else if (pk == GNUTLS_PK_RSA_PSS) return CKM_RSA_PKCS_PSS; +#ifdef HAVE_CKM_EDDSA else if (pk == GNUTLS_PK_EDDSA_ED25519) return CKM_EDDSA; +#endif else return -1; } @@ -240,8 +254,10 @@ static inline int pk_to_key_type(gnutls_pk_algorithm_t pk) return CKK_ECDSA; else if (pk == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_RSA) return CKK_RSA; +#ifdef HAVE_CKM_EDDSA else if (pk == GNUTLS_PK_EDDSA_ED25519) return CKK_EC_EDWARDS; +#endif else return -1; } @@ -254,8 +270,10 @@ static inline gnutls_pk_algorithm_t key_type_to_pk(ck_key_type_t m) return GNUTLS_PK_DSA; else if (m == CKK_ECDSA) return GNUTLS_PK_EC; +#ifdef HAVE_CKM_EDDSA else if (m == CKK_EC_EDWARDS) return GNUTLS_PK_EDDSA_ED25519; +#endif else return GNUTLS_PK_UNKNOWN; } @@ -271,9 +289,11 @@ static inline int pk_to_genmech(gnutls_pk_algorithm_t pk, ck_key_type_t *type) } else if (pk == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_RSA) { *type = CKK_RSA; return CKM_RSA_PKCS_KEY_PAIR_GEN; +#ifdef HAVE_CKM_EDDSA } else if (pk == GNUTLS_PK_EDDSA_ED25519) { *type = CKK_EC_EDWARDS; return CKM_EDDSA; +#endif } else { *type = -1; return -1; diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index f643a69a66..bf69b69ce4 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -715,6 +715,121 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, return ret; } +/*- + * _gnutls_pkcs11_privkey_decrypt_data2: + * @key: Holds the key + * @flags: should be 0 for now + * @ciphertext: holds the data to be signed + * @plaintext: a preallocated buffer that will be filled with the plaintext + * @plaintext_size: size of the plaintext + * + * This function will decrypt the given data using the public key algorithm + * supported by the private key. + * Unlike with _gnutls_pkcs11_privkey_decrypt_data the plaintext size is known + * and provided by the caller, if the plaintext size differs from the requested + * one, the operation fails and the provided buffer is left unchanged. + * NOTE: plaintext_size must be exactly the size of the payload in the + * ciphertext, otherwise an error is returned and the plaintext buffer is left + * unchanged. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + -*/ +int +_gnutls_pkcs11_privkey_decrypt_data2(gnutls_pkcs11_privkey_t key, + unsigned int flags, + const gnutls_datum_t * ciphertext, + unsigned char * plaintext, + size_t plaintext_size) +{ + ck_rv_t rv; + int ret; + struct ck_mechanism mech; + unsigned long siglen = ciphertext->size; + unsigned req_login = 0; + unsigned login_flags = SESSION_LOGIN|SESSION_CONTEXT_SPECIFIC; + unsigned char *buffer; + volatile unsigned char value; + unsigned char mask; + + PKCS11_CHECK_INIT_PRIVKEY(key); + + if (key->pk_algorithm != GNUTLS_PK_RSA) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + mech.mechanism = CKM_RSA_PKCS; + mech.parameter = NULL; + mech.parameter_len = 0; + + ret = gnutls_mutex_lock(&key->mutex); + if (ret != 0) + return gnutls_assert_val(GNUTLS_E_LOCKING_ERROR); + + buffer = gnutls_malloc(siglen); + if (!buffer) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + /* Initialize signing operation; using the private key discovered + * earlier. */ + REPEAT_ON_INVALID_HANDLE( + rv = pkcs11_decrypt_init(key->sinfo.module, key->sinfo.pks, + &mech, key->ref) + ); + if (rv != CKR_OK) { + gnutls_assert(); + ret = pkcs11_rv_to_err(rv); + goto cleanup; + } + + retry_login: + if (key->reauth || req_login) { + if (req_login) + login_flags = SESSION_FORCE_LOGIN|SESSION_LOGIN; + ret = + pkcs11_login(&key->sinfo, &key->pin, + key->uinfo, login_flags); + if (ret < 0) { + gnutls_assert(); + _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n"); + /* let's try the operation anyway */ + } + } + + ret = 0; + siglen = ciphertext->size; + rv = pkcs11_decrypt(key->sinfo.module, key->sinfo.pks, + ciphertext->data, ciphertext->size, + buffer, &siglen); + if (unlikely(rv == CKR_USER_NOT_LOGGED_IN && req_login == 0)) { + req_login = 1; + goto retry_login; + } + + /* NOTE: These branches are not side-channel silent */ + if (rv != CKR_OK) { + gnutls_assert(); + ret = pkcs11_rv_to_err(rv); + } else if (siglen != plaintext_size) { + gnutls_assert(); + ret = GNUTLS_E_INVALID_REQUEST; + } + + /* conditionally copy buffer in a side-channel silent way */ + /* on success mask is 0xFF, on failure it is 0 */ + mask = ((uint32_t)ret >> 31) - 1U; + for (size_t i = 0; i < plaintext_size; i++) { + value = (buffer[i] & mask) + (plaintext[i] & ~mask); + plaintext[i] = value; + } + + cleanup: + gnutls_mutex_unlock(&key->mutex); + gnutls_free(buffer); + return ret; +} + /** * gnutls_pkcs11_privkey_export_url: * @key: Holds the PKCS 11 key diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 07dd98e9c6..4a83018fd8 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -753,7 +753,8 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, if (pk == GNUTLS_PK_RSA) { a[a_val].type = CKA_DECRYPT; - if (key_usage & (GNUTLS_KEY_ENCIPHER_ONLY|GNUTLS_KEY_DECIPHER_ONLY)) { + if ((key_usage & (GNUTLS_KEY_ENCIPHER_ONLY|GNUTLS_KEY_DECIPHER_ONLY)) || + (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)) { a[a_val].value = (void*)&tval; a[a_val].value_len = sizeof(tval); } else { @@ -943,6 +944,7 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, break; } +#ifdef HAVE_CKM_EDDSA case GNUTLS_PK_EDDSA_ED25519: { ret = @@ -967,6 +969,7 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, break; } +#endif default: gnutls_assert(); ret = GNUTLS_E_INVALID_REQUEST; diff --git a/lib/pkcs11x.c b/lib/pkcs11x.c index fc428e17a4..c11f12cb8d 100644 --- a/lib/pkcs11x.c +++ b/lib/pkcs11x.c @@ -277,7 +277,7 @@ gnutls_pkcs11_obj_get_exts(gnutls_pkcs11_obj_t obj, spki.data = obj->raw.data; spki.size = obj->raw.size; } else { - ret = x509_raw_crt_to_raw_pubkey(&obj->raw, &spki); + ret = _gnutls_x509_raw_crt_to_raw_pubkey(&obj->raw, &spki); if (ret < 0) return gnutls_assert_val(ret); deinit_spki = 1; diff --git a/lib/privkey.c b/lib/privkey.c index 26e3cee893..55bd3181ab 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -1555,6 +1555,82 @@ gnutls_privkey_decrypt_data(gnutls_privkey_t key, } /** + * gnutls_privkey_decrypt_data2: + * @key: Holds the key + * @flags: zero for now + * @ciphertext: holds the data to be decrypted + * @plaintext: a preallocated buffer that will be filled with the plaintext + * @plaintext_size: in/out size of the plaintext + * + * This function will decrypt the given data using the algorithm + * supported by the private key. Unlike with gnutls_privkey_decrypt_data() + * this function operates in constant time and constant memory access. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.6.5 + **/ + +int +gnutls_privkey_decrypt_data2(gnutls_privkey_t key, + unsigned int flags, + const gnutls_datum_t * ciphertext, + unsigned char * plaintext, + size_t plaintext_size) +{ + /* Note: except for the backwards compatibility function, no + * conditional code should be called after the decryption + * function call, to avoid creating oracle attacks based + * on cache/timing side channels */ + + /* backwards compatibility */ + if (key->type == GNUTLS_PRIVKEY_EXT && + key->key.ext.decrypt_func2 == NULL && + key->key.ext.decrypt_func != NULL) { + gnutls_datum_t plain; + int ret; + ret = key->key.ext.decrypt_func(key, + key->key.ext.userdata, + ciphertext, + &plain); + if (plain.size != plaintext_size) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + } else { + memcpy(plaintext, plain.data, plain.size); + } + gnutls_free(plain.data); + return ret; + } + + switch (key->type) { + case GNUTLS_PRIVKEY_X509: + return _gnutls_pk_decrypt2(key->pk_algorithm, ciphertext, + plaintext, plaintext_size, + &key->key.x509->params); +#ifdef ENABLE_PKCS11 + case GNUTLS_PRIVKEY_PKCS11: + return _gnutls_pkcs11_privkey_decrypt_data2(key->key.pkcs11, + flags, + ciphertext, + plaintext, + plaintext_size); +#endif + case GNUTLS_PRIVKEY_EXT: + if (key->key.ext.decrypt_func2 == NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + return key->key.ext.decrypt_func2(key, + key->key.ext.userdata, + ciphertext, plaintext, + plaintext_size); + default: + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } +} + +/** * gnutls_privkey_import_x509_raw: * @pkey: The private key * @data: The private key data to be imported @@ -83,9 +83,9 @@ gnutls_psk_allocate_client_credentials(gnutls_psk_client_credentials_t * * This function sets the username and password, in a * gnutls_psk_client_credentials_t type. Those will be used in * PSK authentication. @username should be an ASCII string or UTF-8 - * strings prepared using the "SASLprep" profile of "stringprep". The - * key can be either in raw byte format or in Hex format (without the - * 0x prefix). + * string. In case of a UTF-8 string it is recommended to be following + * the PRECIS framework for usernames (rfc8265). The key can be either + * in raw byte format or in Hex format (without the 0x prefix). * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise * an error code is returned. @@ -296,8 +296,9 @@ gnutls_psk_set_server_credentials_function(gnutls_psk_server_credentials_t * gnutls_datum_t* key); * * The @username and @key->data must be allocated using gnutls_malloc(). - * @username should be ASCII strings or UTF-8 strings prepared using - * the "SASLprep" profile of "stringprep". + * The @username should be an ASCII string or UTF-8 + * string. In case of a UTF-8 string it is recommended to be following + * the PRECIS framework for usernames (rfc8265). * * The callback function will be called once per handshake. * diff --git a/lib/record.c b/lib/record.c index 19f5b52282..73c484ed56 100644 --- a/lib/record.c +++ b/lib/record.c @@ -1331,8 +1331,15 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type, if (bufel == NULL) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - if (vers && vers->tls13_sem && record.type == GNUTLS_CHANGE_CIPHER_SPEC && - record.length == 1 && session->internals.handshake_in_progress) { + if (vers && vers->tls13_sem && record.type == GNUTLS_CHANGE_CIPHER_SPEC) { + /* if the CCS has value other than 0x01, or arrives + * after Finished, abort the connection */ + if (record.length != 1 || + *((uint8_t *) _mbuffer_get_udata_ptr(bufel) + + record.header_size) != 0x01 || + !session->internals.handshake_in_progress) + return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET); + _gnutls_read_log("discarding change cipher spec in TLS1.3\n"); /* we use the same mechanism to retry as when * receiving multiple empty TLS packets */ diff --git a/lib/session.c b/lib/session.c index a7ac943153..a5c9c93d53 100644 --- a/lib/session.c +++ b/lib/session.c @@ -27,6 +27,7 @@ #include <datum.h> #include "buffers.h" #include "state.h" +#include "ext/cert_types.h" /** * gnutls_session_get_data: @@ -423,11 +424,10 @@ char *gnutls_session_get_desc(gnutls_session_t session) } } - // Check whether we have negotiated certificate types - if (_gnutls_has_negotiate_ctypes(session)) { + if (are_alternative_cert_types_allowed(session)) { // Get certificate types - ctype_client = gnutls_certificate_type_get2(session, GNUTLS_CTYPE_CLIENT); - ctype_server = gnutls_certificate_type_get2(session, GNUTLS_CTYPE_SERVER); + ctype_client = get_certificate_type(session, GNUTLS_CTYPE_CLIENT); + ctype_server = get_certificate_type(session, GNUTLS_CTYPE_SERVER); if (ctype_client == ctype_server) { // print proto version, client/server cert type @@ -442,9 +442,8 @@ char *gnutls_session_get_desc(gnutls_session_t session) gnutls_certificate_type_get_name(ctype_server)); } } else { // Assumed default certificate type (X.509) - snprintf(proto_name, sizeof(proto_name), "%s", - gnutls_protocol_get_name(get_num_version - (session))); + snprintf(proto_name, sizeof(proto_name), "%s", + gnutls_protocol_get_name(get_num_version(session))); } desc = gnutls_malloc(DESC_SIZE); @@ -459,10 +459,11 @@ gnutls_srp_allocate_client_credentials(gnutls_srp_client_credentials_t * * * This function sets the username and password, in a * #gnutls_srp_client_credentials_t type. Those will be used in - * SRP authentication. @username and @password should be ASCII - * strings or UTF-8 strings prepared using the "SASLprep" profile of - * "stringprep". - * + * SRP authentication. @username should be an ASCII string or UTF-8 + * string. In case of a UTF-8 string it is recommended to be following + * the PRECIS framework for usernames (rfc8265). The password can + * be in ASCII format, or normalized using gnutls_utf8_password_normalize(). + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an * error code. **/ @@ -671,9 +672,12 @@ gnutls_srp_set_server_credentials_function(gnutls_srp_server_credentials_t * int (*callback)(gnutls_session_t, char** username, char**password); * * The @username and @password must be allocated using - * gnutls_malloc(). @username and @password should be ASCII strings - * or UTF-8 strings prepared using the "SASLprep" profile of - * "stringprep". + * gnutls_malloc(). + * + * The @username should be an ASCII string or UTF-8 + * string. In case of a UTF-8 string it is recommended to be following + * the PRECIS framework for usernames (rfc8265). The password can + * be in ASCII format, or normalized using gnutls_utf8_password_normalize(). * * The callback function will be called once per handshake before the * initial hello message is sent. diff --git a/lib/state.c b/lib/state.c index a60544737a..540a83c7b8 100644 --- a/lib/state.c +++ b/lib/state.c @@ -52,6 +52,7 @@ #include <gnutls/dtls.h> #include "dtls.h" #include "tls13/session_ticket.h" +#include "ext/cert_types.h" /* to be used by supplemental data support to disable TLS1.3 * when supplemental data have been globally registered */ @@ -140,30 +141,9 @@ gnutls_certificate_type_t gnutls_certificate_type_get2(gnutls_session_t session, gnutls_ctype_target_t target) { - switch (target) { - case GNUTLS_CTYPE_CLIENT: - return session->security_parameters.client_ctype; - break; - case GNUTLS_CTYPE_SERVER: - return session->security_parameters.server_ctype; - break; - case GNUTLS_CTYPE_OURS: - if (IS_SERVER(session)) { - return session->security_parameters.server_ctype; - } else { - return session->security_parameters.client_ctype; - } - break; - case GNUTLS_CTYPE_PEERS: - if (IS_SERVER(session)) { - return session->security_parameters.client_ctype; - } else { - return session->security_parameters.server_ctype; - } - break; - default: // Illegal parameter passed - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - } + /* We want to inline this function so therefore + * we've defined it in gnutls_int.h */ + return get_certificate_type(session, target); } /** @@ -309,6 +289,10 @@ _gnutls_session_cert_type_supported(gnutls_session_t session, unsigned i; priority_st* ctype_priorities; + // Check whether this cert type is enabled by the application + if (!is_cert_type_enabled(session, cert_type)) + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE); + // Perform a credentials check if requested if (check_credentials) { if (!_gnutls_has_cert_credentials(session, cert_type)) @@ -336,14 +320,14 @@ _gnutls_session_cert_type_supported(gnutls_session_t session, // No explicit priorities set, and default ctype is asked if (ctype_priorities->num_priorities == 0 && cert_type == DEFAULT_CERT_TYPE) - return 0; // ok + return 0; /* Now lets find out whether our cert type is in our priority * list, i.e. set of allowed cert types. */ for (i = 0; i < ctype_priorities->num_priorities; i++) { if (ctype_priorities->priorities[i] == cert_type) - return 0; /* ok */ + return 0; } return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; @@ -430,7 +414,8 @@ void _gnutls_handshake_internal_state_clear(gnutls_session_t session) _gnutls_epoch_gc(session); - session->internals.handshake_endtime = 0; + session->internals.handshake_endtime.tv_sec = 0; + session->internals.handshake_endtime.tv_nsec = 0; session->internals.handshake_in_progress = 0; session->internals.tfo.connect_addrlen = 0; @@ -29,7 +29,6 @@ #include <c-ctype.h> #include <intprops.h> #include <nettle/base64.h> -#include "vasprintf.h" #include "extras/hex.h" /* These functions are like strcat, strcpy. They only diff --git a/lib/str_array.h b/lib/str_array.h index ef68783905..abec702488 100644 --- a/lib/str_array.h +++ b/lib/str_array.h @@ -112,4 +112,24 @@ inline static int _gnutls_str_array_append(gnutls_str_array_t * head, return 0; } +inline static int _gnutls_str_array_append_idna(gnutls_str_array_t * head, + const char *name, size_t size) +{ + int ret; + gnutls_datum_t ahost; + + /* convert the provided hostname to ACE-Labels domain. */ + ret = gnutls_idna_map(name, size, &ahost, 0); + if (ret < 0) { + _gnutls_debug_log("unable to convert hostname %s to IDNA format\n", name); + /* insert the raw name */ + return _gnutls_str_array_append(head, name, size); + } + + ret = _gnutls_str_array_append(head, (char*)ahost.data, ahost.size); + gnutls_free(ahost.data); + + return ret; +} + #endif diff --git a/lib/system.c b/lib/system.c index 1bbbf79c84..ddf1427098 100644 --- a/lib/system.c +++ b/lib/system.c @@ -70,7 +70,7 @@ int gnutls_system_global_init(void) #if defined(_WIN32) && defined(NEED_CERT_ENUM_CRLS) /* used in system/certs.c */ HMODULE crypto; - crypto = LoadLibraryA("Crypt32.dll"); + crypto = LoadLibrary(TEXT("Crypt32.dll")); if (crypto == NULL) return GNUTLS_E_CRYPTO_INIT_FAILED; diff --git a/lib/system/keys-win.c b/lib/system/keys-win.c index eac511b975..ab4f6aaa0d 100644 --- a/lib/system/keys-win.c +++ b/lib/system/keys-win.c @@ -43,6 +43,7 @@ #include <wincrypt.h> #include <winbase.h> +#include <winapifamily.h> #define DYN_NCRYPT @@ -612,6 +613,9 @@ static int cng_info(gnutls_privkey_t key, unsigned int flags, void *userdata) -*/ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) { +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); +#else uint8_t id[MAX_WID_SIZE]; HCERTSTORE store = NULL; size_t id_size; @@ -861,6 +865,7 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) CertCloseStore(store, 0); return ret; +#endif } int _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url) @@ -1426,7 +1431,7 @@ int _gnutls_system_key_init(void) int ret; #ifdef DYN_NCRYPT - ncrypt_lib = LoadLibraryA("ncrypt.dll"); + ncrypt_lib = LoadLibrary(TEXT("ncrypt.dll")); if (ncrypt_lib == NULL) { return gnutls_assert_val(GNUTLS_E_CRYPTO_INIT_FAILED); } diff --git a/lib/system/vasprintf.c b/lib/system/vasprintf.c deleted file mode 100644 index 8362942a20..0000000000 --- a/lib/system/vasprintf.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright © 2008-2014 Intel Corporation. - * - * Authors: David Woodhouse <dwmw2@infradead.org> - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * version 2.1, as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - */ - -#include <config.h> -#include <stdio.h> -#include <stdlib.h> -#include <errno.h> -#include <stdarg.h> -#include "vasprintf.h" - -#ifndef HAVE_VASPRINTF - -int _gnutls_vasprintf(char **strp, const char *fmt, va_list ap) -{ - va_list ap2; - char *res = NULL; - int len = 160, len2; - int ret = 0; - int errno_save = -ENOMEM; - - res = malloc(160); - if (!res) - goto err; - - /* Use a copy of 'ap', preserving it in case we need to retry into - a larger buffer. 160 characters should be sufficient for most - strings in openconnect. */ -#ifdef HAVE_VA_COPY - va_copy(ap2, ap); -#elif defined(HAVE___VA_COPY) - __va_copy(ap2, ap); -#else -#error No va_copy()! - /* You could try this. */ - ap2 = ap; - /* Or this */ - *ap2 = *ap; -#endif - len = vsnprintf(res, 160, fmt, ap2); - va_end(ap2); - - if (len < 0) { - printf_err: - errno_save = errno; - free(res); - res = NULL; - goto err; - } - if (len >= 0 && len < 160) - goto out; - - free(res); - res = malloc(len+1); - if (!res) - goto err; - - len2 = vsnprintf(res, len+1, fmt, ap); - if (len2 < 0 || len2 > len) - goto printf_err; - - ret = 0; - goto out; - - err: - errno = errno_save; - ret = -1; - out: - *strp = res; - return ret; -} - -#endif diff --git a/lib/tls13/certificate_verify.c b/lib/tls13/certificate_verify.c index 01966b14d1..26c93d2c1d 100644 --- a/lib/tls13/certificate_verify.c +++ b/lib/tls13/certificate_verify.c @@ -113,7 +113,7 @@ int _gnutls13_recv_certificate_verify(gnutls_session_t session) /* We verify the certificate of the peer. Therefore we need to * retrieve the negotiated certificate type for the peer. */ - cert_type = gnutls_certificate_type_get2(session, GNUTLS_CTYPE_PEERS); + cert_type = get_certificate_type(session, GNUTLS_CTYPE_PEERS); /* Verify the signature */ ret = _gnutls_get_auth_info_pcert(&peer_cert, cert_type, info); diff --git a/lib/vasprintf.h b/lib/vasprintf.h deleted file mode 100644 index 70574806bc..0000000000 --- a/lib/vasprintf.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef VASPRINTF_H -#define VASPRINTF_H -#include <config.h> - -#ifndef HAVE_VASPRINTF - -int _gnutls_vasprintf(char **strp, const char *fmt, va_list ap); -#define vasprintf _gnutls_vasprintf - -#endif - -#endif diff --git a/lib/verify-tofu.c b/lib/verify-tofu.c index 310778629b..66a583ded7 100644 --- a/lib/verify-tofu.c +++ b/lib/verify-tofu.c @@ -77,11 +77,11 @@ struct gnutls_tdb_int default_tdb = { * @cert: The raw (der) data of the certificate * @flags: should be 0. * - * This function will try to verify the provided (raw or DER-encoded) certificate - * using a list of stored public keys. The @service field if non-NULL should - * be a port number. + * This function will try to verify a raw public-key or a public-key provided via + * a raw (DER-encoded) certificate using a list of stored public keys. + * The @service field if non-NULL should be a port number. * - * The @retrieve variable if non-null specifies a custom backend for + * The @db_name variable if non-null specifies a custom backend for * the retrieval of entries. If it is NULL then the * default file backend will be used. In POSIX-like systems the * file backend uses the $HOME/.gnutls/known_hosts file. @@ -93,10 +93,12 @@ struct gnutls_tdb_int default_tdb = { * the given key is found, and 0 if it was found. The storage * function should return 0 on success. * + * As of GnuTLS 3.6.6 this function also verifies raw public keys. + * * Returns: If no associated public key is found * then %GNUTLS_E_NO_CERTIFICATE_FOUND will be returned. If a key * is found but does not match %GNUTLS_E_CERTIFICATE_KEY_MISMATCH - * is returned. On success, %GNUTLS_E_SUCCESS (0) is returned, + * is returned. On success, %GNUTLS_E_SUCCESS (0) is returned, * or a negative error value on other errors. * * Since: 3.0.13 @@ -110,14 +112,11 @@ gnutls_verify_stored_pubkey(const char *db_name, const gnutls_datum_t * cert, unsigned int flags) { - gnutls_datum_t pubkey = { NULL, 0 }; + gnutls_datum_t pubkey = { NULL, 0 }; // Holds the pubkey in subjectPublicKeyInfo format (DER encoded) int ret; char local_file[MAX_FILENAME]; + bool need_free; - if (cert_type != GNUTLS_CRT_X509) - return - gnutls_assert_val - (GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE); if (db_name == NULL && tdb == NULL) { ret = find_config_file(local_file, sizeof(local_file)); @@ -129,18 +128,38 @@ gnutls_verify_stored_pubkey(const char *db_name, if (tdb == NULL) tdb = &default_tdb; - ret = x509_raw_crt_to_raw_pubkey(cert, &pubkey); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + /* Import the public key depending on the provided certificate type */ + switch (cert_type) { + case GNUTLS_CRT_X509: + /* Extract the pubkey from the cert. This function does a malloc + * deep down the call chain. We are responsible for freeing. */ + ret = _gnutls_x509_raw_crt_to_raw_pubkey(cert, &pubkey); + + if (ret < 0) { + _gnutls_free_datum(&pubkey); + return gnutls_assert_val(ret); + } + + need_free = true; + break; + case GNUTLS_CRT_RAWPK: + pubkey.data = cert->data; + pubkey.size = cert->size; + need_free = false; + break; + default: + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE); } + // Verify our pubkey against the database ret = tdb->verify(db_name, host, service, &pubkey); if (ret < 0 && ret != GNUTLS_E_CERTIFICATE_KEY_MISMATCH) ret = gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND); - cleanup: - gnutls_free(pubkey.data); + if (need_free) { + _gnutls_free_datum(&pubkey); + } + return ret; } @@ -203,7 +222,7 @@ static int parse_commitment_line(char *line, /* hash and hex encode */ ret = - _gnutls_hash_fast((gnutls_digest_algorithm_t)hash_algo->id, + _gnutls_hash_fast((gnutls_digest_algorithm_t)hash_algo->id, skey->data, skey->size, phash); if (ret < 0) return gnutls_assert_val(ret); @@ -301,7 +320,7 @@ static int parse_line(char *line, return 0; } -/* Returns the base64 key if found +/* Returns the base64 key if found */ static int verify_pubkey(const char *file, const char *host, const char *service, @@ -460,11 +479,11 @@ int store_commitment(const char *db_name, const char *host, * @expiration: The expiration time (use 0 to disable expiration) * @flags: should be 0. * - * This function will store the provided (raw or DER-encoded) certificate to - * the list of stored public keys. The key will be considered valid until - * the provided expiration time. + * This function will store a raw public-key or a public-key provided via + * a raw (DER-encoded) certificate to the list of stored public keys. The key + * will be considered valid until the provided expiration time. * - * The @store variable if non-null specifies a custom backend for + * The @tdb variable if non-null specifies a custom backend for * the storage of entries. If it is NULL then the * default file backend will be used. * @@ -475,6 +494,8 @@ int store_commitment(const char *db_name, const char *host, * time in seconds since the epoch (0 for no expiration), and a base64 * encoding of the raw (DER) public key information (SPKI) of the peer. * + * As of GnuTLS 3.6.6 this function also accepts raw public keys. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -489,14 +510,11 @@ gnutls_store_pubkey(const char *db_name, const gnutls_datum_t * cert, time_t expiration, unsigned int flags) { - gnutls_datum_t pubkey = { NULL, 0 }; + gnutls_datum_t pubkey = { NULL, 0 }; // Holds the pubkey in subjectPublicKeyInfo format (DER encoded) int ret; char local_file[MAX_FILENAME]; + bool need_free; - if (cert_type != GNUTLS_CRT_X509) - return - gnutls_assert_val - (GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE); if (db_name == NULL && tdb == NULL) { ret = @@ -517,22 +535,38 @@ gnutls_store_pubkey(const char *db_name, if (tdb == NULL) tdb = &default_tdb; - ret = x509_raw_crt_to_raw_pubkey(cert, &pubkey); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + /* Import the public key depending on the provided certificate type */ + switch (cert_type) { + case GNUTLS_CRT_X509: + /* Extract the pubkey from the cert. This function does a malloc + * deep down the call chain. We are responsible for freeing. */ + ret = _gnutls_x509_raw_crt_to_raw_pubkey(cert, &pubkey); + + if (ret < 0) { + _gnutls_free_datum(&pubkey); + return gnutls_assert_val(ret); + } + + need_free = true; + break; + case GNUTLS_CRT_RAWPK: + pubkey.data = cert->data; + pubkey.size = cert->size; + need_free = false; + break; + default: + return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE); } _gnutls_debug_log("Configuration file: %s\n", db_name); tdb->store(db_name, host, service, expiration, &pubkey); - ret = 0; - - cleanup: - gnutls_free(pubkey.data); + if (need_free) { + _gnutls_free_datum(&pubkey); + } - return ret; + return GNUTLS_E_SUCCESS; } /** @@ -546,11 +580,11 @@ gnutls_store_pubkey(const char *db_name, * @expiration: The expiration time (use 0 to disable expiration) * @flags: should be 0 or %GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN. * - * This function will store the provided hash commitment to + * This function will store the provided hash commitment to * the list of stored public keys. The key with the given * hash will be considered valid until the provided expiration time. * - * The @store variable if non-null specifies a custom backend for + * The @tdb variable if non-null specifies a custom backend for * the storage of entries. If it is NULL then the * default file backend will be used. * @@ -604,12 +638,10 @@ gnutls_store_commitment(const char *db_name, _gnutls_debug_log("Configuration file: %s\n", db_name); - tdb->cstore(db_name, host, service, expiration, + tdb->cstore(db_name, host, service, expiration, (gnutls_digest_algorithm_t)me->id, hash); - ret = 0; - - return ret; + return 0; } #define CONFIG_FILE "known_hosts" diff --git a/lib/x509.h b/lib/x509.h index 859824056a..67eb957d78 100644 --- a/lib/x509.h +++ b/lib/x509.h @@ -21,7 +21,7 @@ */ #include <libtasn1.h> -#include <gnutls/abstract.h> + int _gnutls_x509_cert_verify_peers(gnutls_session_t session, gnutls_typed_vdata_st * data, @@ -35,6 +35,7 @@ int _gnutls_x509_cert_verify_peers(gnutls_session_t session, #define PEM_CRL_SEP "-----BEGIN X509 CRL" + int _gnutls_x509_raw_privkey_to_gkey(gnutls_privkey_t * privkey, const gnutls_datum_t * raw_key, gnutls_x509_crt_fmt_t type); diff --git a/lib/x509/common.c b/lib/x509/common.c index 060c2aede1..9ce4275229 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -1653,7 +1653,7 @@ int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt, } /* Converts an X.509 certificate to subjectPublicKeyInfo */ -int x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, +int _gnutls_x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, gnutls_datum_t * rpubkey) { gnutls_x509_crt_t crt = NULL; diff --git a/lib/x509/common.h b/lib/x509/common.h index 2ff979380f..878da42045 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -260,7 +260,7 @@ int _gnutls_copy_string(gnutls_datum_t* str, uint8_t *out, size_t *out_size); int _gnutls_copy_data(gnutls_datum_t* str, uint8_t *out, size_t *out_size); int _gnutls_x509_decode_ext(const gnutls_datum_t *der, gnutls_x509_ext_st *out); -int x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, +int _gnutls_x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, gnutls_datum_t * rpubkey); int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt, diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c index f4a580bb05..6c7cf99012 100644 --- a/lib/x509/verify-high2.c +++ b/lib/x509/verify-high2.c @@ -45,6 +45,10 @@ # endif #endif +#ifdef _WIN32 +# include <tchar.h> +#endif + /* Convenience functions for verify-high functionality */ @@ -386,12 +390,14 @@ int load_dir_certs(const char *dirname, unsigned int tl_flags, unsigned int tl_vflags, unsigned type, unsigned crl) { - DIR *dirp; - struct dirent *d; int ret; int r = 0; char path[GNUTLS_PATH_MAX]; +#if !defined(_WIN32) || !defined(_UNICODE) + DIR *dirp; + struct dirent *d; + dirp = opendir(dirname); if (dirp != NULL) { do { @@ -422,7 +428,47 @@ int load_dir_certs(const char *dirname, while (d != NULL); closedir(dirp); } +#else /* _WIN32 */ + _TDIR *dirp; + struct _tdirent *d; + gnutls_datum_t utf16 = {NULL, 0}; + + r = _gnutls_utf8_to_ucs2(dirname, strlen(dirname), &utf16); + if (r < 0) + return gnutls_assert_val(r); + dirp = _topendir((_TCHAR*)utf16.data); + gnutls_free(utf16.data); + if (dirp != NULL) { + do { + d = _treaddir(dirp); + if (d != NULL +#ifdef _DIRENT_HAVE_D_TYPE + && (d->d_type == DT_REG || d->d_type == DT_LNK || d->d_type == DT_UNKNOWN) +#endif + ) { + snprintf(path, sizeof(path), "%s/%S", + dirname, d->d_name); + + if (crl != 0) { + ret = + gnutls_x509_trust_list_add_trust_file + (list, NULL, path, type, tl_flags, + tl_vflags); + } else { + ret = + gnutls_x509_trust_list_add_trust_file + (list, path, NULL, type, tl_flags, + tl_vflags); + } + if (ret >= 0) + r += ret; + } + } + while (d != NULL); + _tclosedir(dirp); + } +#endif /* _WIN32 */ return r; } diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index db90dab9c4..8325ad0c73 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -1188,7 +1188,7 @@ gnutls_x509_crt_sign(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, * @cert: a certificate of type #gnutls_x509_crt_t * @act_time: The actual time * - * This function will set the time this Certificate was or will be + * This function will set the time this certificate was or will be * activated. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a @@ -1216,8 +1216,8 @@ gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert, * @exp_time: The actual time * * This function will set the time this Certificate will expire. - * Setting an expiration time to (time_t)-1 or to %GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION - * will set to the no well-defined expiration date value. + * Setting an expiration time to (time_t)-1 will set + * to the no well-defined expiration date value. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. diff --git a/m4/hooks.m4 b/m4/hooks.m4 index e3ce7b129b..2762da6d55 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -40,9 +40,9 @@ AC_DEFUN([LIBGNUTLS_HOOKS], # in CONTRIBUTION.md for more info. # # Interfaces removed: AGE=0 (+bump all symbol versions in .map) - AC_SUBST(LT_CURRENT, 52) + AC_SUBST(LT_CURRENT, 53) AC_SUBST(LT_REVISION, 0) - AC_SUBST(LT_AGE, 22) + AC_SUBST(LT_AGE, 23) AC_SUBST(LT_SSL_CURRENT, 27) AC_SUBST(LT_SSL_REVISION, 2) @@ -68,16 +68,17 @@ AC_DEFUN([LIBGNUTLS_HOOKS], DLL_SSL_VERSION=`expr ${LT_SSL_CURRENT} - ${LT_SSL_AGE}` AC_SUBST(DLL_SSL_VERSION) - PKG_CHECK_MODULES(NETTLE, [nettle >= 3.4], [cryptolib="nettle"], [ +NETTLE_MINIMUM=3.4.1 + PKG_CHECK_MODULES(NETTLE, [nettle >= $NETTLE_MINIMUM], [cryptolib="nettle"], [ AC_MSG_ERROR([[ - *** - *** Libnettle 3.4 was not found. + *** + *** Libnettle $NETTLE_MINIMUM was not found. ]]) ]) - PKG_CHECK_MODULES(HOGWEED, [hogweed >= 3.4], [], [ + PKG_CHECK_MODULES(HOGWEED, [hogweed >= $NETTLE_MINIMUM ], [], [ AC_MSG_ERROR([[ - *** - *** Libhogweed (nettle's companion library) was not found. Note that you must compile nettle with gmp support. + *** + *** Libhogweed (nettle's companion library) $NETTLE_MINIMUM was not found. Note that you must compile nettle with gmp support. ]]) ]) AM_CONDITIONAL(ENABLE_NETTLE, test "$cryptolib" = "nettle") @@ -115,7 +116,7 @@ LIBTASN1_MINIMUM=4.9 PKG_CHECK_MODULES(LIBTASN1, [libtasn1 >= $LIBTASN1_MINIMUM], [], [included_libtasn1=yes]) if test "$included_libtasn1" = yes; then AC_MSG_ERROR([[ - *** + *** *** Libtasn1 $LIBTASN1_MINIMUM was not found. To use the included one, use --with-included-libtasn1 ]]) fi @@ -131,7 +132,7 @@ LIBTASN1_MINIMUM=4.9 AC_MSG_CHECKING([whether C99 macros are supported]) AC_TRY_COMPILE(, [ - #define test_mac(...) + #define test_mac(...) int z,y,x; test_mac(x,y,z); return 0; @@ -245,7 +246,7 @@ LIBTASN1_MINIMUM=4.9 AC_MSG_RESULT(yes) fi AM_CONDITIONAL(ENABLE_SRP, test "$ac_enable_srp" != "no") - + ac_enable_psk=yes AC_MSG_CHECKING([whether to disable PSK authentication support]) AC_ARG_ENABLE(psk-authentication, @@ -260,7 +261,7 @@ LIBTASN1_MINIMUM=4.9 AC_MSG_RESULT(yes) fi AM_CONDITIONAL(ENABLE_PSK, test "$ac_enable_psk" != "no") - + ac_enable_anon=yes AC_MSG_CHECKING([whether to disable anonymous authentication support]) AC_ARG_ENABLE(anon-authentication, diff --git a/src/Makefile.am b/src/Makefile.am index 9d0af9aae2..329cfdfd0f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -33,19 +33,6 @@ ARGS_BUILT = \ tpmtool-args.c tpmtool-args.h \ systemkey-args.c systemkey-args.h -ARGS_BAK = \ - srptool-args.c.bak srptool-args.h.bak \ - psktool-args.c.bak psktool-args.h.bak \ - ocsptool-args.h.bak ocsptool-args.c.bak \ - serv-args.c.bak serv-args.h.bak \ - cli-args.c.bak cli-args.h.bak \ - cli-debug-args.c.bak cli-debug-args.h.bak \ - certtool-args.c.bak certtool-args.h.bak \ - danetool-args.c.bak danetool-args.h.bak \ - p11tool-args.c.bak p11tool-args.h.bak \ - tpmtool-args.c.bak tpmtool-args.h.bak \ - systemkey-args.c.bak systemkey-args.h.bak - ARGS_STAMPS = \ certtool-args.stamp cli-debug-args.stamp cli-args.stamp tpmtool-args.stamp \ systemkey-args.stamp srptool-args.stamp ocsptool-args.stamp p11tool-args.stamp \ @@ -53,11 +40,11 @@ ARGS_STAMPS = \ BUILT_SOURCES = $(ARGS_BUILT) mech-list.h -DISTCLEANFILES = $(BUILT_SOURCES) $(ARGS_STAMPS) +DISTCLEANFILES = mech-list.h -EXTRA_DIST = gen-mech-list.sh $(ARGS_BAK) +EXTRA_DIST = gen-mech-list.sh args-std.def.in args-std.def $(ARGS_BUILT) $(ARGS_STAMPS) -MAINTAINERCLEANFILES = $(ARGS_BAK) +MAINTAINERCLEANFILES = args-std.def $(ARGS_BUILT) $(ARGS_STAMPS) AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) AM_CPPFLAGS = \ @@ -264,23 +251,17 @@ nodist_libcmd_systemkey_la_SOURCES = systemkey-args.c systemkey-args.h libcmd_systemkey_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la libcmd_systemkey_la_LIBADD += $(LTLIBREADLINE) $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME) -SUFFIXES = .stamp .def .c.bak .h.bak +args-std.def: args-std.def.in + $(AM_V_GEN) sed \ + -e 's|@VERSION[@]|$(VERSION)|g' \ + -e 's|@YEAR[@]|$(YEAR)|g' \ + -e 's|@PACKAGE_BUGREPORT[@]|$(PACKAGE_BUGREPORT)|g' \ + $< > $@.tmp && mv $@.tmp $@ + +SUFFIXES = .stamp .def .def.stamp: - $(AM_V_GEN) $(AUTOGEN) $< || { \ - srcdir=''; \ - b=`echo $@ | sed 's/.stamp$$//'`; \ - test -f ./$${b}.def || srcdir=$(srcdir)/; \ - cp -p $${srcdir}$${b}.c.bak $${b}.c; \ - cp -p $${srcdir}$${b}.h.bak $${b}.h; \ - } && \ - touch $@ - -.c.c.bak: - $(AM_V_GEN) cp -p $< $@ - -.h.h.bak: - $(AM_V_GEN) cp -p $< $@ + $(AM_V_GEN) $(AUTOGEN) $< && touch $@ danetool-args.h: danetool-args.stamp danetool-args.c: danetool-args.stamp diff --git a/src/tests.c b/src/tests.c index ffa772553a..682ce41504 100644 --- a/src/tests.c +++ b/src/tests.c @@ -117,6 +117,7 @@ char prio_str[512] = ""; #define BLOCK_CIPHERS "+3DES-CBC:+AES-128-CBC:+CAMELLIA-128-CBC:+AES-256-CBC:+CAMELLIA-256-CBC" #define ALL_COMP "+COMP-NULL" #define ALL_MACS "+MAC-ALL:+MD5:+SHA1" +#define ALL_CERTTYPES "+CTYPE-X509:+CTYPE-RAWPK" #define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+ECDHE-RSA:+ECDHE-ECDSA:+ANON-ECDH" #define INIT_STR "NONE:" char rest[128] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL"; diff --git a/symbols.last b/symbols.last index 820821219e..e5f0e01c69 100644 --- a/symbols.last +++ b/symbols.last @@ -4,6 +4,7 @@ GNUTLS_3_6_2@GNUTLS_3_6_2 GNUTLS_3_6_3@GNUTLS_3_6_3 GNUTLS_3_6_4@GNUTLS_3_6_4 GNUTLS_3_6_5@GNUTLS_3_6_5 +GNUTLS_3_6_6@GNUTLS_3_6_6 _gnutls_global_init_skip@GNUTLS_3_4 gnutls_aead_cipher_decrypt@GNUTLS_3_4 gnutls_aead_cipher_deinit@GNUTLS_3_4 @@ -80,6 +81,8 @@ gnutls_certificate_set_openpgp_keyring_file@GNUTLS_3_4 gnutls_certificate_set_openpgp_keyring_mem@GNUTLS_3_4 gnutls_certificate_set_params_function@GNUTLS_3_4 gnutls_certificate_set_pin_function@GNUTLS_3_4 +gnutls_certificate_set_rawpk_key_file@GNUTLS_3_6_6 +gnutls_certificate_set_rawpk_key_mem@GNUTLS_3_6_6 gnutls_certificate_set_retrieve_function2@GNUTLS_3_4 gnutls_certificate_set_retrieve_function3@GNUTLS_3_6_3 gnutls_certificate_set_retrieve_function@GNUTLS_3_4 @@ -415,6 +418,8 @@ gnutls_pcert_export_openpgp@GNUTLS_3_4 gnutls_pcert_export_x509@GNUTLS_3_4 gnutls_pcert_import_openpgp@GNUTLS_3_4 gnutls_pcert_import_openpgp_raw@GNUTLS_3_4 +gnutls_pcert_import_rawpk@GNUTLS_3_6_6 +gnutls_pcert_import_rawpk_raw@GNUTLS_3_6_6 gnutls_pcert_import_x509@GNUTLS_3_4 gnutls_pcert_import_x509_list@GNUTLS_3_4 gnutls_pcert_import_x509_raw@GNUTLS_3_4 @@ -567,6 +572,7 @@ gnutls_priority_set@GNUTLS_3_4 gnutls_priority_set_direct@GNUTLS_3_4 gnutls_priority_sign_list@GNUTLS_3_4 gnutls_priority_string_list@GNUTLS_3_4 +gnutls_privkey_decrypt_data2@GNUTLS_3_6_5 gnutls_privkey_decrypt_data@GNUTLS_3_4 gnutls_privkey_deinit@GNUTLS_3_4 gnutls_privkey_export_dsa_raw2@GNUTLS_3_6_0 diff --git a/tests/Makefile.am b/tests/Makefile.am index 45192203e1..7bc98df743 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -37,6 +37,7 @@ EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \ certs/cert-rsa-2432.pem certs/ecc384.pem certs/ecc.pem hex.h \ certs/ca-ecc.pem certs/cert-ecc384.pem certs/cert-ecc.pem certs/ecc256.pem \ certs/ecc521.pem certs/rsa-2432.pem x509cert-dir/ca.pem psk.passwd \ + certs/rawpk_priv.pem certs/rawpk_pub.pem \ certs/ed25519.pem certs/cert-ed25519.pem \ system.prio pkcs11/softhsm.h pkcs11/pkcs11-pubkey-import.c gnutls-asan.supp \ rsa-md5-collision/README safe-renegotiation/README starttls-smtp.txt starttls-ftp.txt \ @@ -207,7 +208,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei dss-sig-val sign-pk-api tls-session-ext-override record-pad \ tls13-server-kx-neg gnutls_ext_raw_parse_dtls key-export-pkcs8 \ null_retrieve_function tls-record-size-limit tls-crt_type-neg \ - resume-with-stek-expiration resume-with-previous-stek + resume-with-stek-expiration resume-with-previous-stek rawpk-api if HAVE_SECCOMP_TESTS ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp diff --git a/tests/cert-common.h b/tests/cert-common.h index dcae0104e5..80cdffd776 100644 --- a/tests/cert-common.h +++ b/tests/cert-common.h @@ -1783,3 +1783,131 @@ const gnutls_datum_t server_ca3_pkcs12 = { (unsigned char*)server_ca3_pkcs12_pem sizeof(server_ca3_pkcs12_pem)-1 }; +/* Raw public-key key material for testing */ +static char rawpk_public_key_pem1[] = + "-----BEGIN PUBLIC KEY-----\n" + "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAyAeBq7Ti7oVExeVT1PqH\n" + "GBXzC+johdeVnZgZRLhDTIaIGODV5F5JhE4NNb1O/DYLlAy5IIO8tfAE2KIxlarN\n" + "H/+AcfV6ZJQSG4SSmhoIGzfdcdjuBmFfdfhO+z/cgqiewh53/fFCQlaJweHhpmim\n" + "/LVL/M/1Rd6Urskv/5jXGG4FVUNfhXKQag0uzWsqcztCPX7Lrqr2BSOmkA1nWzdo\n" + "h5oBuxdooaH9/kwphqJAp03LwtaSStX/yz6Mh+ZqEbBuM4mWw/xKzbEbs7zA+d8s\n" + "ryHXkC8nsdA+h+IRd8bPa/KuWQNfjxXKNPzgmsZddHmHtYtWvAcoIMvtyO23Y2Nh\n" + "N4V0/7fwFLbZtfUBg4pqUl2ktkdwsNguTT1qzJCsYhsHXaqqvHy+5HR2D0w07y2X\n" + "1qCVmfHzBZCM5OhxoeoauE+xu+5nvYrgsgPE0y5Nty0y2MrApg3digaiKUXrI+mE\n" + "VKn9vsQeaVvw9D6PgNQM99HkbGhRMGPOzcHjS/ZeLd1zAgMBAAE=\n" + "-----END PUBLIC KEY-----"; + +const gnutls_datum_t rawpk_public_key1 = { + (unsigned char*)rawpk_public_key_pem1, + sizeof(rawpk_public_key_pem1) - 1 +}; + +static char rawpk_private_key_pem1[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIG4wIBAAKCAYEAyAeBq7Ti7oVExeVT1PqHGBXzC+johdeVnZgZRLhDTIaIGODV\n" + "5F5JhE4NNb1O/DYLlAy5IIO8tfAE2KIxlarNH/+AcfV6ZJQSG4SSmhoIGzfdcdju\n" + "BmFfdfhO+z/cgqiewh53/fFCQlaJweHhpmim/LVL/M/1Rd6Urskv/5jXGG4FVUNf\n" + "hXKQag0uzWsqcztCPX7Lrqr2BSOmkA1nWzdoh5oBuxdooaH9/kwphqJAp03LwtaS\n" + "StX/yz6Mh+ZqEbBuM4mWw/xKzbEbs7zA+d8sryHXkC8nsdA+h+IRd8bPa/KuWQNf\n" + "jxXKNPzgmsZddHmHtYtWvAcoIMvtyO23Y2NhN4V0/7fwFLbZtfUBg4pqUl2ktkdw\n" + "sNguTT1qzJCsYhsHXaqqvHy+5HR2D0w07y2X1qCVmfHzBZCM5OhxoeoauE+xu+5n\n" + "vYrgsgPE0y5Nty0y2MrApg3digaiKUXrI+mEVKn9vsQeaVvw9D6PgNQM99HkbGhR\n" + "MGPOzcHjS/ZeLd1zAgMBAAECggGBALHiAw3Yscqd11gJpbCMDqF7u4VG3alQ26un\n" + "PClhl++w380H/Q62TriK1LKKpHgj8834NpXUsXg2d4jTTDcmCn6/L9GoFOzmxOeV\n" + "0O2b4sOZvaNl397qrwLxDAPhec7z9yL4B4tcBqmJ3b3+izX6cS3gaC/uG9fDpgN9\n" + "xOKPYBFInhOB86twAz9cc9eXysto0nJvlODDBj/xwUjvso9qydl1Or7PhWvf7Ek+\n" + "H9ur5MUjqOWe/b/xaSWsfTrJzF/ovbRnGbXLIpozIx609TZS4wYSqU5FUjkL0zTB\n" + "bTdb3jgFm/5SHnnThD67zbZavCxiN9wiTs3zeGlxYf8hMeaTkOYiAOR4/1bOTe2J\n" + "ttRA1EcY+i6H0+JOtLkqwj5ka0m3lrH2KD3E/mHs1yfERQx7VVjw9IpeAKmi5lzQ\n" + "v1lhIXiv75Mb0NMsCknGYPLHCyOY5aA2dhR8Wnr67gOYu3ssexLzMKczk5OTzl5c\n" + "PRHJRXDpJqgOYWujF99uCYhnxonO4QKBwQDUQB0s4shWTyOylq7j4rCSbHf2zHDf\n" + "HBYC75wyjQECNQXNk6hp5jJz2BC0XvnO7PYSRXaVauMc/S3V7V7GMsry3uugfwLy\n" + "XNnyRVY4voe5SNt/WAArybNsPNPEIPzgkZmeWvcpoY8ESufPfVW54BvGHt3YjPjI\n" + "gYmFUkpPRUWXfji91NpTlIrsP6jtBTYXGV4kVm+TawP06a6FdCjJQaI7Nm2dwUiX\n" + "Cmf4oFSo8mGxi0wimX+BiLJep2bYnUF2gqMCgcEA8UKESDX3jBpyz59vpSjmfpw1\n" + "AnlEfR6s83W92m0HfEYLulfxq9xA2zaQjy4GbaKVRfLrO2Pj3bZWs89RGXTQVGgq\n" + "ztCLIRsL+M1SQ883e8yx4jwFaqIM+pPpvAjOOOTdpgY33h7w20tgrbzVKeOl1ghC\n" + "IZ+K8C/tIGZXI5/TYppl7csIOoYRtzuRpyDE0tmwy658RfyxzEtfLxJoaLiFXOE0\n" + "zFFrEvT/jto4jN+cwsdnHhxrY9+bVNUNyb9ZH7bxAoHARvcIyjEo+nKLZPKsltT8\n" + "ZHiPw5ynQHGLin/CocQzSiGgRxPPg1jMFZ9wNl5q95ySyZkgBOUv+klMQfKTdYEW\n" + "Cg4uigLtYUtaM36rTV2m03RgrzslE37k1pOf2juNUShdTGztpqW1w6Gnz+AAAZ3E\n" + "q4E2e2jm5WMqL8FLxyVKF1TEc/Pu63MG3+aI/HZ5l0+MAmpD8+4b7I8VItmrqV6g\n" + "d1vDWrN9KcL48E/q/nHL6CjC0+6uiwjBWpRt9o7djFoxAoHAJzK/e1wJVGIXtVQa\n" + "N6Nlj7yhgD1ju1B4mTXQGuUMCkz3KtePFHU8tGExK5I2ySlZR3wobAXWx/cQLzbH\n" + "3nL0RkKGcgPAFyjl0Q7LBulsAllHrZJC7whVQ4E0wLBNkUDeIlNwUE6Go5qjopbD\n" + "q4KpNxUwaXYahNvEkzcNgWQ+XA7p8LDELX4K8tJi39ybHgbwiqdW2ags2xyD4ooD\n" + "HMCeKnEMuwWfd/0GaJdcCMdsGNl9D49eg2OZQTc8fkLwoA6BAoHATQdk3VZwGGn/\n" + "93p9vu189alkshTmir+SOo/ufH5U+j7t8cPeT7psuYAPZWS+Z6KEzvHxj54pAvcp\n" + "mlAngD3+AfHDn/VAtYv5HVcpZ+K2K0X4v8N5HGIubgaebs2oVNz+RAWnd8K2drDG\n" + "NcJV3C+zLziTCwvpGCIy3T/lHjKe+YczjGfhg2e6PgfwhTqPAjuhUZ8wScYo7l7V\n" + "zAhlSL0665IXJ32zX+3LyQFDbkB6pbKy5TU+rX3DmDyj3MSbc3kR\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t rawpk_private_key1 = { + (unsigned char*)rawpk_private_key_pem1, + sizeof(rawpk_private_key_pem1) - 1 +}; + +const char rawpk_public_key_pem2[] = + "-----BEGIN PUBLIC KEY-----\n" + "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0tQAiQ13zWGZMV9YxFo2\n" + "H15yERrkr8KD7z6QheVeatc2+5X0m5/+/o95nmnt6Mlwa27U78QwkHBccOaNkSi7\n" + "HGMopaxatEsF/S30MDmhqOi9R2VtMwDaa2zWH/s2wPHn8efn2/zG0jeXCzNsXFs4\n" + "zNApaZmTJCHaDRUE12adwP5i6GvUb978f27Cm0gnkSWBH9OdVnMunQkm/L16NI3E\n" + "lvcDEEJbqhX2eswHenbhw//LiR1EKRtHEjWywAq5AeHeYNH+2zjff59SGD6Bn+W2\n" + "vPKBhSWCyFDPGRfcYeCX2LFM7+Xx0j+GLzBnkjBhEgdsdLJ7Bt8aDToUJScLxeeP\n" + "oOmL9e0bec20debwF0G/7QMlwRgDjV3sd3u+5RxRCeOh8Xqfbs/tij7tnU93orhc\n" + "MzGjcn5XZ6WicyimuTruNznhKhNp6vmizCpwQAroimaZGV7F/8nvHInTZfpNH/+b\n" + "++gYbddkH+MouxOXcAEUku6vN0JzDgA4qj4Tw7dffXSDAgMBAAE=\n" + "-----END PUBLIC KEY-----\n"; + +const gnutls_datum_t rawpk_public_key2 = { + (unsigned char*)rawpk_public_key_pem2, + sizeof(rawpk_public_key_pem2) - 1 +}; + +const char rawpk_private_key_pem2[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIG4wIBAAKCAYEA0tQAiQ13zWGZMV9YxFo2H15yERrkr8KD7z6QheVeatc2+5X0\n" + "m5/+/o95nmnt6Mlwa27U78QwkHBccOaNkSi7HGMopaxatEsF/S30MDmhqOi9R2Vt\n" + "MwDaa2zWH/s2wPHn8efn2/zG0jeXCzNsXFs4zNApaZmTJCHaDRUE12adwP5i6GvU\n" + "b978f27Cm0gnkSWBH9OdVnMunQkm/L16NI3ElvcDEEJbqhX2eswHenbhw//LiR1E\n" + "KRtHEjWywAq5AeHeYNH+2zjff59SGD6Bn+W2vPKBhSWCyFDPGRfcYeCX2LFM7+Xx\n" + "0j+GLzBnkjBhEgdsdLJ7Bt8aDToUJScLxeePoOmL9e0bec20debwF0G/7QMlwRgD\n" + "jV3sd3u+5RxRCeOh8Xqfbs/tij7tnU93orhcMzGjcn5XZ6WicyimuTruNznhKhNp\n" + "6vmizCpwQAroimaZGV7F/8nvHInTZfpNH/+b++gYbddkH+MouxOXcAEUku6vN0Jz\n" + "DgA4qj4Tw7dffXSDAgMBAAECggGAVD3oFNtv0n48I1FQ++x8Ed7AP3t6g4x7AX8D\n" + "aq0zJAfo7XCG9CRjVL5pv1XefZT4OcVoioHfUefD2E0XpjgbRAWPOVv8Rmxv8TGK\n" + "kDaHFSIid8PcdXPS0vgDO3Y686/1mWCr8eg4XclerlgW5XSB5r0KvyphdB+erHmI\n" + "nLVhNbuwM+TaVvVH+Xd9hWS4grP0u43oIaIWryL4FCd2DEfVlOkQrU+GpxjtizW5\n" + "i0KzhYjRgHFUSgSfSnRwf3IJaOoiIpOma2p7R4dVoQkVGS6bStqPcqSUGVxH2CLu\n" + "TC7B0xZZs2xq6pLVWYXh/J79Ziw76+7qeMwFatzsUPtB6smQvR7016BThY6Cj+ui\n" + "KgTCZGpbb30MCn9/px8P2jXagA9fnPzf31WkdbsnjrYPNe6kkP5snJtz6k3cYex2\n" + "P8WulCS23qjCdVoUcoSDzPiaFtnPR/HcZDpTYuxKuUMoQrqsmRHeF/QRvbXkKFQC\n" + "Kudpfna5CAIT5IaIWwXQp0NfpnNBAoHBAPcnqz2uZaVZO7LiZEMc3cDfiPTp2vhf\n" + "VRYNyvTZIYgAox8k49waEQq6MyD5N2oWyRjWsQ0ta/BqJgMLoG42oyDntp/HGhZC\n" + "SxLQEu4ursFsCE32I4nyt7DD5erzX+H6folRq2BelL6ISwdr1g1wJZ3cCrwGbG/P\n" + "7MUYtSo026K9iXCqv9t7Q3TYe7yECVrxqbOu++C2df8IodehUm5wQZTsysBDfCHZ\n" + "PT9m4Qfaryq/u4N5w8nCt/Ep3JkjqyJL4wKBwQDaX4WbwL6ipyt6k4NZ6dEe0aLT\n" + "yKowO0rAWckr6WbA6kFBV2JWPswdV7gCqSOaae+UVc6cpw07jc39vsFNFGDL6OfC\n" + "HvmjQ2HQ/Mf4RjNTSt1rYpiB7DTqtLCys454OHFxo0UinXUc20+timroLEJbZJ23\n" + "upgAvico9zgCyjiwHoEVCpwZerLcLJk44mSGANiBLMo6YfyWj+PfLOeXu5rs4vhC\n" + "K0JBPdIzXHKwv996qFpy8xBatfO/+CH2NR/D1uECgcB8mATdbWNUfa14umQs6Qpp\n" + "Rsb2IEYA2547Jezgje03cIrLEn/D32gj7kYEI15qHt51pRVQPUuiwQA0nNHdfbGy\n" + "ztzjoy1ldzn9W+OPKv1yCJIPKzwzOKadd8QaM2Jsuyi69O7eABAgFPkt3pDj6Vst\n" + "P1Yx/1L+8uS7X39ErazjV4VHxOw/Kt6Qsul92VoV/Km+KUJUv+awEJv15h92CSUm\n" + "fFChp+OV9LvJkIV0vit783gGCYZH2d98tcu9b5vACF0CgcAZM0rM5ZpaVOZcl+dh\n" + "me0LHHAo9pBFTqJavkHL8nxsKNxs+POdNlQB0tymWfSE3lLKkHhudYy+Yafy72+J\n" + "QJ/HCFKugTqXz6/bGUDOcvN7WjlhKhilbafRqhZ2GOiJESJuVcQlsXwRX3G7eizK\n" + "LElgGKVmzX67HzaPsK/jCokuMeb9kaLgAdvgMrlf6ihlmnVhutR/lk065tIKMDlt\n" + "tjWzvqGdqTZVJxg52yJVKV9V3VXKzCgH/9VoQu9QZWMMC6ECgcEAu2lYMEfbrTYS\n" + "u2ukovL69EnxUfQ76f8/cs3gVsOWRxPN6MFe8pR7lC03orHckGdwVF0uUSbek4F7\n" + "vmZxewPQvVWntGfyL3uhln+xyJbfd/a4YThTDzXIy++jdrKGCVPc9Z+XPWJyc5qM\n" + "fA7FxB9uBfVyHKa3LIsuvyFtSKF38pEVMrL4kTnB++Eg536AOZbYB351dMi0qXzN\n" + "Ljyi36ud0J5l00OZAanLPw7dklZOTYNguCDRhi6k7qpayV7ywLSB\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t rawpk_private_key2 = { + (unsigned char*)rawpk_private_key_pem2, + sizeof(rawpk_private_key_pem2) - 1 +}; diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 26dd5b22bb..0e5692df6d 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -162,5 +162,9 @@ else TESTS_ENVIRONMENT += ENABLE_GOST=0 endif +if DISABLE_BASH_TESTS +TESTS_ENVIRONMENT += DISABLE_BASH_TESTS=1 +endif + distclean-local: rm -rf tmp-* *.tmp diff --git a/tests/cert-tests/certtool b/tests/cert-tests/certtool index 3c7c620dee..5f1276e60e 100755 --- a/tests/cert-tests/certtool +++ b/tests/cert-tests/certtool @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Copyright (C) 2014-2018 Nikos Mavrogiannopoulos # Copyright (C) 2018 Red Hat, Inc. @@ -27,6 +27,10 @@ TMPFILE1=certtool-file1.$$.tmp TMPFILE2=certtool-file2.$$.tmp PASS="1234" +if test -n "$DISABLE_BASH_TESTS"; then + exit 77 +fi + if ! test -x "${CERTTOOL}"; then exit 77 fi @@ -43,8 +47,11 @@ if test -n "${SETSID}";then exit 1 fi - #check whether ask-pass is being honoured - ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template "${srcdir}/templates/template-test.tmpl" --ask-pass >${TMPFILE2} 2>&1 <<<${PASS} + #check whether password is being honoured + #some CI runners need GNUTLS_PIN (GNUTLS_PIN=${PASS}) + ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 <<EOF +$PASS +EOF if test $? != 0;then cat ${TMPFILE2} echo "cert generation failed" diff --git a/tests/cert-tests/certtool-crl-decoding b/tests/cert-tests/certtool-crl-decoding index 36fb1ea46d..dadc92cbf7 100755 --- a/tests/cert-tests/certtool-crl-decoding +++ b/tests/cert-tests/certtool-crl-decoding @@ -24,7 +24,6 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" OUTFILE="crl.$$.pem" if ! test -x "${CERTTOOL}"; then @@ -35,21 +34,21 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=3" fi +. "${srcdir}/../scripts/common.sh" + # crl-demo1.pem: version 2 CRL with a single extension # crl-demo2.pem: version 2 CRL with two extensions (one critical) # crl-demo3.pem: version 1 CRL with many revoked certificates for i in "crl-demo1.pem" "crl-demo2.pem" "crl-demo3.pem";do ${VALGRIND} "${CERTTOOL}" --crl-info --infile "${srcdir}/data/$i" >$OUTFILE -rc=$? - -if test "${rc}" != 0;then +if test $? != 0; then echo "Could not read CRL $i" exit 1 fi -$DIFF -I 'warning:' ${OUTFILE} "${srcdir}/data/$i" -if test $? != 0;then +check_if_equal ${OUTFILE} "${srcdir}/data/$i" "warning:" +if test $? != 0; then echo "Error in parsing cert with long OIDs" exit 1 fi diff --git a/tests/cert-tests/certtool-ecdsa b/tests/cert-tests/certtool-ecdsa index 2cb1aac134..9811777b1f 100755 --- a/tests/cert-tests/certtool-ecdsa +++ b/tests/cert-tests/certtool-ecdsa @@ -22,7 +22,6 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" KEYFILE=ecdsa-privkey.$$.tmp TMPFILE=ecdsa.$$.tmp @@ -38,6 +37,7 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then exit 77 fi +. "${srcdir}/../scripts/common.sh" ${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/cert-ecc256-full.pem" --outfile "${TMPFILE}" rc=$? @@ -47,7 +47,7 @@ if test "${rc}" != "0"; then exit 1 fi -$DIFF -I 'Not After:' ${TMPFILE} "${srcdir}/data/cert-ecc256-full.pem" +check_if_equal ${TMPFILE} "${srcdir}/data/cert-ecc256-full.pem" "Not After:" if test $? != 0;then echo "Error in parsing ECDSA cert" exit 1 @@ -60,7 +60,7 @@ if test "${rc}" != "0"; then exit 1 fi -$DIFF ${TMPFILE} "${srcdir}/data/pubkey-ecc256.pem" +check_if_equal ${TMPFILE} "${srcdir}/data/pubkey-ecc256.pem" if test $? != 0;then echo "Error in parsing ECDSA public key" exit 1 diff --git a/tests/cert-tests/certtool-eddsa b/tests/cert-tests/certtool-eddsa index 8b2714dcde..c097fbf6c6 100755 --- a/tests/cert-tests/certtool-eddsa +++ b/tests/cert-tests/certtool-eddsa @@ -22,9 +22,9 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" KEYFILE=eddsa-privkey.$$.tmp TMPFILE=eddsa.$$.tmp +TMPFILE2=eddsa2.$$.tmp if ! test -x "${CERTTOOL}"; then exit 77 @@ -38,17 +38,17 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then exit 77 fi +. "${srcdir}/../scripts/common.sh" # Test certificate in draft-ietf-curdle-pkix-04 ${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/cert-eddsa.pem" --outfile "${TMPFILE}" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "There was an issue parsing the certificate" exit 1 fi -$DIFF -I 'Not After:' ${TMPFILE} "${srcdir}/data/cert-eddsa.pem" +check_if_equal ${TMPFILE} "${srcdir}/data/cert-eddsa.pem" "Not After:" if test $? != 0;then echo "Error in parsing EdDSA cert" exit 1 @@ -56,13 +56,12 @@ fi # Test public key in draft-ietf-curdle-pkix-04 ${VALGRIND} "${CERTTOOL}" --pubkey-info --infile "${srcdir}/data/pubkey-eddsa.pem" --outfile "${TMPFILE}" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "Could not read an EdDSA public key" exit 1 fi -$DIFF ${TMPFILE} "${srcdir}/data/pubkey-eddsa.pem" +check_if_equal ${TMPFILE} "${srcdir}/data/pubkey-eddsa.pem" if test $? != 0;then echo "Error in parsing EdDSA public key" exit 1 @@ -72,16 +71,14 @@ fi # Create an RSA-PSS private key, restricted to the use with RSA-PSS ${VALGRIND} "${CERTTOOL}" --generate-privkey --pkcs8 --password '' \ --key-type eddsa --outfile "$KEYFILE" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "Could not generate an EdDSA key" exit 1 fi ${VALGRIND} "${CERTTOOL}" -k --password '' --infile "$KEYFILE" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "Could not read generated an EdDSA key" exit 1 fi @@ -92,16 +89,14 @@ ${VALGRIND} "${CERTTOOL}" --generate-self-signed \ --pkcs8 --load-privkey "$KEYFILE" --password '' \ --template "${srcdir}/templates/template-test.tmpl" \ --outfile "${TMPFILE}" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "Could not generate an EdDSA certificate from an EdDSA key" exit 1 fi ${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${TMPFILE}" --infile "${TMPFILE}" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "There was an issue verifying the generated certificate (1)" exit 1 fi @@ -113,33 +108,29 @@ ${VALGRIND} "${CERTTOOL}" --generate-certificate --key-type eddsa \ --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ --template "${srcdir}/templates/template-test.tmpl" \ --outfile "${TMPFILE}" 2>/dev/null -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "Could not generate an EdDSA certificate $i" exit 1 fi ${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${TMPFILE}" -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "There was an issue verifying the generated certificate (2)" exit 1 fi -rm -f "${TMPFILE}" +rm -f "${TMPFILE}" "${TMPFILE2}" rm -f "${KEYFILE}" -. ${srcdir}/../scripts/common.sh check_for_datefudge # Test certificate chain using Ed25519 datefudge "2017-7-6" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-eddsa.pem -rc=$? -if test "${rc}" != "0"; then +if test $? != 0; then echo "There was an issue verifying the Ed25519 chain" exit 1 fi diff --git a/tests/cert-tests/crl b/tests/cert-tests/crl index bea0c5237e..9ca61d7700 100755 --- a/tests/cert-tests/crl +++ b/tests/cert-tests/crl @@ -63,7 +63,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$\|^[A-Za-z0-9/+=]\+$\|^-----END [A-Z0-9 ]\+-----$' ${TMP2FILE} ; then +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMP2FILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then echo "--no-text crl info failed 2" exit 1 fi diff --git a/tests/cert-tests/crq b/tests/cert-tests/crq index 58581e4148..e29f17a17f 100755 --- a/tests/cert-tests/crq +++ b/tests/cert-tests/crq @@ -74,7 +74,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$\|^[A-Za-z0-9/+=]\+$\|^-----END [A-Z0-9 ]\+-----$' ${TMPFILE} ; then +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then echo "--no-text crq info failed 2" exit 1 fi diff --git a/tests/cert-tests/pem-decoding b/tests/cert-tests/pem-decoding index c5ba22e26d..267a1fc7f3 100755 --- a/tests/cert-tests/pem-decoding +++ b/tests/cert-tests/pem-decoding @@ -24,7 +24,6 @@ srcdir="${srcdir:-.}" CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" -DIFF="${DIFF:-diff -b -B}" if ! test -x "${CERTTOOL}"; then exit 77 @@ -34,6 +33,8 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi +. "${srcdir}/../scripts/common.sh" + TMPFILE=tmp-$$.pem.tmp TMPFILE1=tmp1-$$.pem.tmp TMPFILE2=tmp2-$$.pem.tmp @@ -57,8 +58,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -#FIXME: the output string differs in windows and linux on the last char. -${DIFF} -I 'Algorithm Security Level' "${srcdir}/data/bmpstring.pem" ${TMPFILE} || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr "${srcdir}/data/bmpstring.pem" ${TMPFILE} +check_if_equal "${srcdir}/data/bmpstring.pem" ${TMPFILE} "Algorithm Security Level" rc=$? if test "${rc}" != "0"; then @@ -75,9 +75,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -cat "${srcdir}/data/complex-cert.pem" |grep -v "Not After:" >${TMPFILE1} -cat ${TMPFILE} |grep -v "Not After:" >${TMPFILE2} -${DIFF} -I 'Algorithm Security Level' ${TMPFILE1} ${TMPFILE2} || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr ${TMPFILE1} ${TMPFILE2} +check_if_equal "${srcdir}/data/complex-cert.pem" ${TMPFILE} "Not After:|Algorithm Security Level" rc=$? if test "${rc}" != "0"; then @@ -94,9 +92,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -cat "${srcdir}/data/xmpp-othername.pem" |grep -v "Not After:" >${TMPFILE1} -cat ${TMPFILE} |grep -v "Not After:" >${TMPFILE2} -${DIFF} -I ^warning -I 'Algorithm Security Level' ${TMPFILE1} ${TMPFILE2} || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr ${TMPFILE1} ${TMPFILE2} +check_if_equal "${srcdir}/data/xmpp-othername.pem" ${TMPFILE} "^warning|Not After:|Algorithm Security Level" rc=$? if test "${rc}" != "0"; then @@ -112,9 +108,9 @@ if test "${rc}" != "0"; then exit ${rc} fi -cat ${TMPFILE} |grep "KRB5Principal:" >${TMPFILE1} -cat "${srcdir}/data/template-krb5name-full.pem" |grep "KRB5Principal:" >${TMPFILE2} -${DIFF} -I 'Algorithm Security Level' -u ${TMPFILE1} ${TMPFILE2} || ${DIFF} -I 'Algorithm Security Level' -u --strip-trailing-cr ${TMPFILE1} ${TMPFILE2} +grep "KRB5Principal:" ${TMPFILE} >${TMPFILE1} +grep "KRB5Principal:" "${srcdir}/data/template-krb5name-full.pem" >${TMPFILE2} +check_if_equal ${TMPFILE1} ${TMPFILE2} rc=$? if test "${rc}" != "0"; then @@ -138,7 +134,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -${DIFF} -u ${TMPFILE} "${GOSTCERT}" || ${DIFF} -u --strip-trailing-cr "${TMPFILE}" "${GOSTCERT}" +check_if_equal ${TMPFILE} "${GOSTCERT}" rc=$? if test "${rc}" != "0"; then @@ -155,7 +151,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -${DIFF} -I 'Algorithm Security Level' ${TMPFILE} "${srcdir}/data/gost94-cert.pem" || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr "${TMPFILE}" "${srcdir}/data/gost94-cert.pem" +check_if_equal ${TMPFILE} "${srcdir}/data/gost94-cert.pem" "Algorithm Security Level" rc=$? if test "${rc}" != "0"; then @@ -171,7 +167,8 @@ if test "${rc}" != "0"; then exit ${rc} fi -${DIFF} -I 'Algorithm Security Level' ${TMPFILE} "${srcdir}/data/multi-value-dn.pem" || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr "${TMPFILE}" "${srcdir}/data/multi-value-dn.pem" +# Needed for FIPS140 mode +check_if_equal "${srcdir}/data/multi-value-dn.pem" ${TMPFILE} "Algorithm Security Level:" rc=$? if test "${rc}" != "0"; then @@ -188,7 +185,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$\|^[A-Za-z0-9/+=]\+$\|^-----END [A-Z0-9 ]\+-----$' ${TMPFILE} ; then +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then echo "--no-text -k --certificate-info failed 2" exit 1 fi @@ -202,7 +199,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$\|^[A-Za-z0-9/+=]\+$\|^-----END [A-Z0-9 ]\+-----$' ${TMPFILE} ; then +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then echo "--no-text cert pubkey failed 2" exit 1 fi @@ -216,7 +213,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$\|^[A-Za-z0-9/+=]\+$\|^-----END [A-Z0-9 ]\+-----$' ${TMPFILE} ; then +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then echo "--no-text pubkey info failed 2" exit 1 fi diff --git a/tests/cert-tests/pkcs12 b/tests/cert-tests/pkcs12 index d05389d10f..f28230a7b2 100755 --- a/tests/cert-tests/pkcs12 +++ b/tests/cert-tests/pkcs12 @@ -88,7 +88,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$\|^[A-Za-z0-9/+=]\+$\|^-----END [A-Z0-9 ]\+-----$' ${TMPFILE} ; then +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then echo "--no-text pkcs12 info failed 2" exit 1 fi diff --git a/tests/cert-tests/pkcs12-corner-cases b/tests/cert-tests/pkcs12-corner-cases index 5a0e615b3b..0b9c482db7 100755 --- a/tests/cert-tests/pkcs12-corner-cases +++ b/tests/cert-tests/pkcs12-corner-cases @@ -38,7 +38,8 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=6" fi -DIFF="${DIFF:-diff}" +. "${srcdir}/../scripts/common.sh" + TMPFILE="pkcs12-corner.$$.tmp" # Cases from oss-fuzz @@ -79,7 +80,7 @@ for p12 in "key-corpus-rc2-1.p12";do set -- ${p12} file="$1" "${CERTTOOL}" --p12-info --inder --password "${cpassword}" \ - --infile "${srcdir}/data/${file}" >${TMPFILE} 2>/dev/null + --infile "${srcdir}/data/${file}" | tr -d '\r' >${TMPFILE} 2>/dev/null rc=$? if test ${rc} != 0 && test ${rc} != 1; then cat ${TMPFILE} @@ -87,7 +88,7 @@ for p12 in "key-corpus-rc2-1.p12";do exit 1 fi - ${DIFF} --strip-trailing-cr ${TMPFILE} "${srcdir}/data/${file}.out" + check_if_equal ${TMPFILE} "${srcdir}/data/${file}.out" rc=$? if test ${rc} != 0;then echo "Output differs in ${file}.out ${TMPFILE}" diff --git a/tests/cert-tests/pkcs12-utf8 b/tests/cert-tests/pkcs12-utf8 index 1842136eaa..ace10ca181 100755 --- a/tests/cert-tests/pkcs12-utf8 +++ b/tests/cert-tests/pkcs12-utf8 @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Copyright (C) 2016 Red Hat, Inc. # Inc. diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7 index bfe11290fc..eed9f068a2 100755 --- a/tests/cert-tests/pkcs7 +++ b/tests/cert-tests/pkcs7 @@ -72,7 +72,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$\|^[A-Za-z0-9/+=]\+$\|^-----END [A-Z0-9 ]\+-----$' ${TMPFILE} ; then +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then echo "--no-text pkcs7 info failed 2" exit 1 fi diff --git a/tests/cert-tests/privkey-import b/tests/cert-tests/privkey-import index f3f94806fa..73bacae253 100755 --- a/tests/cert-tests/privkey-import +++ b/tests/cert-tests/privkey-import @@ -52,7 +52,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$\|^[A-Za-z0-9/+=]\+$\|^-----END [A-Z0-9 ]\+-----$' ${TMPFILE} ; then +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then echo "--no-text privkey info failed 2" exit 1 fi diff --git a/tests/certs/rawpk_priv.pem b/tests/certs/rawpk_priv.pem new file mode 100644 index 0000000000..4329cb0870 --- /dev/null +++ b/tests/certs/rawpk_priv.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAyAeBq7Ti7oVExeVT1PqHGBXzC+johdeVnZgZRLhDTIaIGODV +5F5JhE4NNb1O/DYLlAy5IIO8tfAE2KIxlarNH/+AcfV6ZJQSG4SSmhoIGzfdcdju +BmFfdfhO+z/cgqiewh53/fFCQlaJweHhpmim/LVL/M/1Rd6Urskv/5jXGG4FVUNf +hXKQag0uzWsqcztCPX7Lrqr2BSOmkA1nWzdoh5oBuxdooaH9/kwphqJAp03LwtaS +StX/yz6Mh+ZqEbBuM4mWw/xKzbEbs7zA+d8sryHXkC8nsdA+h+IRd8bPa/KuWQNf +jxXKNPzgmsZddHmHtYtWvAcoIMvtyO23Y2NhN4V0/7fwFLbZtfUBg4pqUl2ktkdw +sNguTT1qzJCsYhsHXaqqvHy+5HR2D0w07y2X1qCVmfHzBZCM5OhxoeoauE+xu+5n +vYrgsgPE0y5Nty0y2MrApg3digaiKUXrI+mEVKn9vsQeaVvw9D6PgNQM99HkbGhR +MGPOzcHjS/ZeLd1zAgMBAAECggGBALHiAw3Yscqd11gJpbCMDqF7u4VG3alQ26un +PClhl++w380H/Q62TriK1LKKpHgj8834NpXUsXg2d4jTTDcmCn6/L9GoFOzmxOeV +0O2b4sOZvaNl397qrwLxDAPhec7z9yL4B4tcBqmJ3b3+izX6cS3gaC/uG9fDpgN9 +xOKPYBFInhOB86twAz9cc9eXysto0nJvlODDBj/xwUjvso9qydl1Or7PhWvf7Ek+ +H9ur5MUjqOWe/b/xaSWsfTrJzF/ovbRnGbXLIpozIx609TZS4wYSqU5FUjkL0zTB +bTdb3jgFm/5SHnnThD67zbZavCxiN9wiTs3zeGlxYf8hMeaTkOYiAOR4/1bOTe2J +ttRA1EcY+i6H0+JOtLkqwj5ka0m3lrH2KD3E/mHs1yfERQx7VVjw9IpeAKmi5lzQ +v1lhIXiv75Mb0NMsCknGYPLHCyOY5aA2dhR8Wnr67gOYu3ssexLzMKczk5OTzl5c +PRHJRXDpJqgOYWujF99uCYhnxonO4QKBwQDUQB0s4shWTyOylq7j4rCSbHf2zHDf +HBYC75wyjQECNQXNk6hp5jJz2BC0XvnO7PYSRXaVauMc/S3V7V7GMsry3uugfwLy +XNnyRVY4voe5SNt/WAArybNsPNPEIPzgkZmeWvcpoY8ESufPfVW54BvGHt3YjPjI +gYmFUkpPRUWXfji91NpTlIrsP6jtBTYXGV4kVm+TawP06a6FdCjJQaI7Nm2dwUiX +Cmf4oFSo8mGxi0wimX+BiLJep2bYnUF2gqMCgcEA8UKESDX3jBpyz59vpSjmfpw1 +AnlEfR6s83W92m0HfEYLulfxq9xA2zaQjy4GbaKVRfLrO2Pj3bZWs89RGXTQVGgq +ztCLIRsL+M1SQ883e8yx4jwFaqIM+pPpvAjOOOTdpgY33h7w20tgrbzVKeOl1ghC +IZ+K8C/tIGZXI5/TYppl7csIOoYRtzuRpyDE0tmwy658RfyxzEtfLxJoaLiFXOE0 +zFFrEvT/jto4jN+cwsdnHhxrY9+bVNUNyb9ZH7bxAoHARvcIyjEo+nKLZPKsltT8 +ZHiPw5ynQHGLin/CocQzSiGgRxPPg1jMFZ9wNl5q95ySyZkgBOUv+klMQfKTdYEW +Cg4uigLtYUtaM36rTV2m03RgrzslE37k1pOf2juNUShdTGztpqW1w6Gnz+AAAZ3E +q4E2e2jm5WMqL8FLxyVKF1TEc/Pu63MG3+aI/HZ5l0+MAmpD8+4b7I8VItmrqV6g +d1vDWrN9KcL48E/q/nHL6CjC0+6uiwjBWpRt9o7djFoxAoHAJzK/e1wJVGIXtVQa +N6Nlj7yhgD1ju1B4mTXQGuUMCkz3KtePFHU8tGExK5I2ySlZR3wobAXWx/cQLzbH +3nL0RkKGcgPAFyjl0Q7LBulsAllHrZJC7whVQ4E0wLBNkUDeIlNwUE6Go5qjopbD +q4KpNxUwaXYahNvEkzcNgWQ+XA7p8LDELX4K8tJi39ybHgbwiqdW2ags2xyD4ooD +HMCeKnEMuwWfd/0GaJdcCMdsGNl9D49eg2OZQTc8fkLwoA6BAoHATQdk3VZwGGn/ +93p9vu189alkshTmir+SOo/ufH5U+j7t8cPeT7psuYAPZWS+Z6KEzvHxj54pAvcp +mlAngD3+AfHDn/VAtYv5HVcpZ+K2K0X4v8N5HGIubgaebs2oVNz+RAWnd8K2drDG +NcJV3C+zLziTCwvpGCIy3T/lHjKe+YczjGfhg2e6PgfwhTqPAjuhUZ8wScYo7l7V +zAhlSL0665IXJ32zX+3LyQFDbkB6pbKy5TU+rX3DmDyj3MSbc3kR +-----END RSA PRIVATE KEY----- diff --git a/tests/certs/rawpk_pub.pem b/tests/certs/rawpk_pub.pem new file mode 100644 index 0000000000..fad8af8e0f --- /dev/null +++ b/tests/certs/rawpk_pub.pem @@ -0,0 +1,11 @@ +-----BEGIN PUBLIC KEY----- +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAyAeBq7Ti7oVExeVT1PqH +GBXzC+johdeVnZgZRLhDTIaIGODV5F5JhE4NNb1O/DYLlAy5IIO8tfAE2KIxlarN +H/+AcfV6ZJQSG4SSmhoIGzfdcdjuBmFfdfhO+z/cgqiewh53/fFCQlaJweHhpmim +/LVL/M/1Rd6Urskv/5jXGG4FVUNfhXKQag0uzWsqcztCPX7Lrqr2BSOmkA1nWzdo +h5oBuxdooaH9/kwphqJAp03LwtaSStX/yz6Mh+ZqEbBuM4mWw/xKzbEbs7zA+d8s +ryHXkC8nsdA+h+IRd8bPa/KuWQNfjxXKNPzgmsZddHmHtYtWvAcoIMvtyO23Y2Nh +N4V0/7fwFLbZtfUBg4pqUl2ktkdwsNguTT1qzJCsYhsHXaqqvHy+5HR2D0w07y2X +1qCVmfHzBZCM5OhxoeoauE+xu+5nvYrgsgPE0y5Nty0y2MrApg3digaiKUXrI+mE +VKn9vsQeaVvw9D6PgNQM99HkbGhRMGPOzcHjS/ZeLd1zAgMBAAE= +-----END PUBLIC KEY----- diff --git a/tests/common-cert-key-exchange.c b/tests/common-cert-key-exchange.c index 9d8fbb217b..468475f846 100644 --- a/tests/common-cert-key-exchange.c +++ b/tests/common-cert-key-exchange.c @@ -145,12 +145,14 @@ void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algori const gnutls_datum_t *client_cert, const gnutls_datum_t *client_key, unsigned cert_flags, - unsigned exp_group) + unsigned exp_group, + gnutls_certificate_type_t server_ctype, + gnutls_certificate_type_t client_ctype) { int ret; char buffer[256]; /* Server stuff. */ - gnutls_certificate_credentials_t serverx509cred; + gnutls_certificate_credentials_t server_cred; gnutls_anon_server_credentials_t s_anoncred; gnutls_dh_params_t dh_params; const gnutls_datum_t p3 = @@ -158,7 +160,7 @@ void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algori gnutls_session_t server; int sret = GNUTLS_E_AGAIN; /* Client stuff. */ - gnutls_certificate_credentials_t clientx509cred; + gnutls_certificate_credentials_t client_cred; gnutls_anon_client_credentials_t c_anoncred; gnutls_session_t client; int cret = GNUTLS_E_AGAIN, version; @@ -172,23 +174,36 @@ void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algori reset_buffers(); /* Init server */ gnutls_anon_allocate_server_credentials(&s_anoncred); - gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_allocate_credentials(&server_cred); + + // Set server crt creds based on ctype + switch (server_ctype) { + case GNUTLS_CRT_X509: + ret = gnutls_certificate_set_x509_key_mem(server_cred, + serv_cert, serv_key, + GNUTLS_X509_FMT_PEM); + break; + case GNUTLS_CRT_RAWPK: + ret = gnutls_certificate_set_rawpk_key_mem(server_cred, + serv_cert, serv_key, GNUTLS_X509_FMT_PEM, NULL, 0, + NULL, 0, 0); + break; + default: + ret = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; + } - ret = gnutls_certificate_set_x509_key_mem(serverx509cred, - serv_cert, serv_key, - GNUTLS_X509_FMT_PEM); if (ret < 0) { fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); } gnutls_dh_params_init(&dh_params); gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); - gnutls_certificate_set_dh_params(serverx509cred, dh_params); + gnutls_certificate_set_dh_params(server_cred, dh_params); gnutls_anon_set_server_dh_params(s_anoncred, dh_params); - gnutls_init(&server, GNUTLS_SERVER); + gnutls_init(&server, GNUTLS_SERVER | GNUTLS_ENABLE_RAWPK); gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, - serverx509cred); + server_cred); gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); @@ -196,33 +211,45 @@ void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algori assert(gnutls_priority_set_direct(server, server_priority, NULL) >= 0); else assert(gnutls_priority_set_direct(server, - "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519", + "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519:+CTYPE-ALL", NULL)>=0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); /* Init client */ - - ret = gnutls_certificate_allocate_credentials(&clientx509cred); + ret = gnutls_certificate_allocate_credentials(&client_cred); if (ret < 0) exit(1); if (cert_flags == USE_CERT) { - gnutls_certificate_set_x509_key_mem(clientx509cred, - client_cert, client_key, - GNUTLS_X509_FMT_PEM); + // Set client crt creds based on ctype + switch (client_ctype) { + case GNUTLS_CRT_X509: + gnutls_certificate_set_x509_key_mem(client_cred, + client_cert, client_key, + GNUTLS_X509_FMT_PEM); + break; + case GNUTLS_CRT_RAWPK: + gnutls_certificate_set_rawpk_key_mem(client_cred, + client_cert, client_key, GNUTLS_X509_FMT_PEM, NULL, 0, + NULL, 0, 0); + break; + default: + fail("Illegal client certificate type given\n"); + } + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE); } else if (cert_flags == ASK_CERT) { gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); } #if 0 - ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + ret = gnutls_certificate_set_x509_trust_mem(client_cred, &ca_cert, GNUTLS_X509_FMT_PEM); if (ret < 0) exit(1); #endif - ret = gnutls_init(&client, GNUTLS_CLIENT); + ret = gnutls_init(&client, GNUTLS_CLIENT | GNUTLS_ENABLE_RAWPK); if (ret < 0) exit(1); @@ -230,7 +257,7 @@ void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algori gnutls_anon_allocate_client_credentials(&c_anoncred); gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, - clientx509cred); + client_cred); if (ret < 0) exit(1); @@ -315,8 +342,8 @@ void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algori gnutls_deinit(client); gnutls_deinit(server); - gnutls_certificate_free_credentials(serverx509cred); - gnutls_certificate_free_credentials(clientx509cred); + gnutls_certificate_free_credentials(server_cred); + gnutls_certificate_free_credentials(client_cred); gnutls_anon_free_server_credentials(s_anoncred); gnutls_anon_free_client_credentials(c_anoncred); gnutls_dh_params_deinit(dh_params); @@ -423,7 +450,7 @@ void dtls_try_with_key_mtu(const char *name, const char *client_prio, gnutls_kx_ gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); gnutls_transport_set_pull_timeout_function(client, client_pull_timeout_func); - + gnutls_transport_set_ptr(client, client); if (smtu) gnutls_dtls_set_mtu (client, smtu); diff --git a/tests/common-cert-key-exchange.h b/tests/common-cert-key-exchange.h index b52c95ea72..8fb5ab754e 100644 --- a/tests/common-cert-key-exchange.h +++ b/tests/common-cert-key-exchange.h @@ -31,17 +31,26 @@ extern const char *server_priority; -#define try(name, client_prio, client_kx, server_sign_algo, client_sign_algo) \ +#define try_x509(name, client_prio, client_kx, server_sign_algo, client_sign_algo) \ try_with_key(name, client_prio, client_kx, server_sign_algo, client_sign_algo, \ - &server_ca3_localhost_cert, &server_ca3_key, NULL, NULL, 0) + &server_ca3_localhost_cert, &server_ca3_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN) + +#define try_rawpk(name, client_prio, client_kx, server_sign_algo, client_sign_algo) \ + try_with_key(name, client_prio, client_kx, server_sign_algo, client_sign_algo, \ + &rawpk_public_key1, &rawpk_private_key1, NULL, NULL, 0, GNUTLS_CRT_RAWPK, GNUTLS_CRT_UNKNOWN) -#define try_ks(name, client_prio, client_kx, group) \ +#define try_x509_ks(name, client_prio, client_kx, group) \ try_with_key_ks(name, client_prio, client_kx, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN, \ - &server_ca3_localhost_cert, &server_ca3_key, NULL, NULL, 0, group) + &server_ca3_localhost_cert, &server_ca3_key, NULL, NULL, 0, group, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN) -#define try_cli(name, client_prio, client_kx, server_sign_algo, client_sign_algo, client_cert) \ +#define try_x509_cli(name, client_prio, client_kx, server_sign_algo, client_sign_algo, client_cert) \ try_with_key(name, client_prio, client_kx, server_sign_algo, client_sign_algo, \ - &server_ca3_localhost_cert, &server_ca3_key, &cli_ca3_cert, &cli_ca3_key, client_cert) + &server_ca3_localhost_cert, &server_ca3_key, &cli_ca3_cert, &cli_ca3_key, client_cert, GNUTLS_CRT_X509, GNUTLS_CRT_X509) + +#define try_rawpk_cli(name, client_prio, client_kx, server_sign_algo, client_sign_algo, client_cert) \ + try_with_key(name, client_prio, client_kx, server_sign_algo, client_sign_algo, \ + &rawpk_public_key1, &rawpk_private_key1, &rawpk_public_key2, &rawpk_private_key2, client_cert, GNUTLS_CRT_RAWPK, GNUTLS_CRT_RAWPK) + void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algorithm_t client_kx, gnutls_sign_algorithm_t server_sign_algo, @@ -51,7 +60,9 @@ void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algori const gnutls_datum_t *cli_cert, const gnutls_datum_t *cli_key, unsigned client_cert, - unsigned exp_group); + unsigned exp_group, + gnutls_certificate_type_t server_ctype, + gnutls_certificate_type_t client_ctype); inline static void try_with_key(const char *name, const char *client_prio, gnutls_kx_algorithm_t client_kx, @@ -61,10 +72,12 @@ void try_with_key(const char *name, const char *client_prio, gnutls_kx_algorithm const gnutls_datum_t *serv_key, const gnutls_datum_t *cli_cert, const gnutls_datum_t *cli_key, - unsigned client_cert) + unsigned client_cert, + gnutls_certificate_type_t server_ctype, + gnutls_certificate_type_t client_ctype) { return try_with_key_ks(name, client_prio, client_kx, server_sign_algo, client_sign_algo, - serv_cert, serv_key, cli_cert, cli_key, client_cert, 0); + serv_cert, serv_key, cli_cert, cli_key, client_cert, 0, server_ctype, client_ctype); } void try_with_key_fail(const char *name, const char *client_prio, diff --git a/tests/crt_type-neg-common.c b/tests/crt_type-neg-common.c index ac99e20984..d6a91d22a3 100644 --- a/tests/crt_type-neg-common.c +++ b/tests/crt_type-neg-common.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2017 - 2018 ARPA2 project * - * Author: Tom Vrancken + * Author: Tom Vrancken (dev@tomvrancken.nl) * * This file is part of GnuTLS. * @@ -15,7 +15,7 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * - * You should have received a copy of the GNU Lesser General Public License + * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/> */ #include <assert.h> @@ -39,8 +39,15 @@ typedef struct test_case_st { gnutls_certificate_type_t expected_srv_ctype; int client_err; int server_err; - bool enable_cert_type_neg_cli; - bool enable_cert_type_neg_srv; + unsigned int init_flags_cli; + unsigned int init_flags_srv; + bool request_cli_crt; + bool cli_srv_may_diverge; + // only needed when may_diverge is true + gnutls_certificate_type_t expected_cli_cli_ctype; // negotiated cli ctype on the client + gnutls_certificate_type_t expected_srv_cli_ctype; // negotiated cli ctype on the server + gnutls_certificate_type_t expected_cli_srv_ctype; // negotiated srv ctype on the client + gnutls_certificate_type_t expected_srv_srv_ctype; // negotiated srv ctype on the server } test_case_st; @@ -55,10 +62,6 @@ static void try(test_case_st * test) gnutls_certificate_credentials_t server_creds = NULL; gnutls_session_t server, client; - gnutls_pubkey_t rawpk = NULL; // For RawPubKey tmp - gnutls_privkey_t privkey = NULL; // For RawPubKey tmp - - sret = cret = GNUTLS_E_AGAIN; // Initialize creds assert(gnutls_certificate_allocate_credentials(&client_creds) >= 0); @@ -68,14 +71,14 @@ static void try(test_case_st * test) success("Running %s...\n", test->name); // Init client/server - if(test->enable_cert_type_neg_cli) { - assert(gnutls_init(&client, GNUTLS_CLIENT | GNUTLS_ENABLE_CERT_TYPE_NEG) >= 0); + if(test->init_flags_cli) { + assert(gnutls_init(&client, GNUTLS_CLIENT | test->init_flags_cli) >= 0); } else { assert(gnutls_init(&client, GNUTLS_CLIENT) >= 0); } - if (test->enable_cert_type_neg_srv) { - assert(gnutls_init(&server, GNUTLS_SERVER | GNUTLS_ENABLE_CERT_TYPE_NEG) >= 0); + if (test->init_flags_srv) { + assert(gnutls_init(&server, GNUTLS_SERVER | test->init_flags_srv) >= 0); } else { assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); } @@ -93,7 +96,9 @@ static void try(test_case_st * test) // Test for using RawPubKey cli credentials if (test->set_cli_creds & CRED_RAWPK) { - // TODO set client RawPubKey when support is ready + assert(gnutls_certificate_set_rawpk_key_mem(client_creds, + &rawpk_public_key1, &rawpk_private_key1, GNUTLS_X509_FMT_PEM, + NULL, 0, NULL, 0, 0) >= 0); } // -- Add extra ctype creds here in the future -- @@ -122,8 +127,10 @@ static void try(test_case_st * test) } // Test for using RawPubKey srv credentials - if( test->set_srv_creds & CRED_RAWPK ) { - //TODO when RawPK support is finished + if (test->set_srv_creds & CRED_RAWPK) { + assert(gnutls_certificate_set_rawpk_key_mem(server_creds, + &rawpk_public_key2, &rawpk_private_key2, GNUTLS_X509_FMT_PEM, + NULL, 0, NULL, 0, 0) >= 0); } // -- Add extra ctype creds here in the future -- @@ -138,6 +145,9 @@ static void try(test_case_st * test) gnutls_transport_set_ptr(server, server); assert(gnutls_priority_set_direct(server, test->server_prio, 0) >= 0); + if (test->request_cli_crt) + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + // Client settings gnutls_transport_set_push_function(client, client_push); gnutls_transport_set_pull_function(client, client_pull); @@ -164,12 +174,6 @@ static void try(test_case_st * test) cli_cli_ctype = gnutls_certificate_type_get2(client, GNUTLS_CTYPE_CLIENT); - /* Check whether the API functions return the correct cert types for OURS and PEERS */ - assert(srv_srv_ctype == gnutls_certificate_type_get2(server, GNUTLS_CTYPE_OURS)); - assert(srv_srv_ctype == gnutls_certificate_type_get2(client, GNUTLS_CTYPE_PEERS)); - assert(cli_cli_ctype == gnutls_certificate_type_get2(server, GNUTLS_CTYPE_PEERS)); - assert(cli_cli_ctype == gnutls_certificate_type_get2(client, GNUTLS_CTYPE_OURS)); - // For debugging if (debug) { success("Srv srv ctype: %s\n", gnutls_certificate_type_get_name(srv_srv_ctype)); @@ -179,21 +183,46 @@ static void try(test_case_st * test) } /* Check whether the negotiated certificate types match the expected results */ - // Matching server ctype - if (srv_srv_ctype != cli_srv_ctype) { - fail("%s: client negotiated different server ctype than server (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(cli_srv_ctype), gnutls_certificate_type_get_name(srv_srv_ctype)); - } - // Matching client ctype - if (srv_cli_ctype != cli_cli_ctype) { - fail("%s: client negotiated different client ctype than server (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(cli_cli_ctype), gnutls_certificate_type_get_name(srv_cli_ctype)); - } - // Matching expected server ctype - if (srv_srv_ctype != test->expected_srv_ctype) { - fail("%s: negotiated server ctype diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(srv_srv_ctype), gnutls_certificate_type_get_name(test->expected_srv_ctype)); - } - // Matching expected client ctype - if (srv_cli_ctype != test->expected_cli_ctype) { - fail("%s: negotiated server ctype diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(srv_cli_ctype), gnutls_certificate_type_get_name(test->expected_cli_ctype)); + if (test->cli_srv_may_diverge) { + // Matching expected client ctype at client + if (cli_cli_ctype != test->expected_cli_cli_ctype) { + fail("%s: negotiated client ctype at client diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(cli_cli_ctype), gnutls_certificate_type_get_name(test->expected_cli_cli_ctype)); + } + // Matching expected server ctype at client + if (cli_srv_ctype != test->expected_cli_srv_ctype) { + fail("%s: negotiated server ctype at client diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(cli_srv_ctype), gnutls_certificate_type_get_name(test->expected_cli_srv_ctype)); + } + // Matching expected client ctype at server + if (srv_cli_ctype != test->expected_srv_cli_ctype) { + fail("%s: negotiated client ctype at server diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(srv_cli_ctype), gnutls_certificate_type_get_name(test->expected_srv_cli_ctype)); + } + // Matching expected server ctype at server + if (srv_srv_ctype != test->expected_srv_srv_ctype) { + fail("%s: negotiated client ctype at client diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(srv_srv_ctype), gnutls_certificate_type_get_name(test->expected_srv_srv_ctype)); + } + } else { + // Matching server ctype + if (srv_srv_ctype != cli_srv_ctype) { + fail("%s: client negotiated different server ctype than server (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(cli_srv_ctype), gnutls_certificate_type_get_name(srv_srv_ctype)); + } + // Matching client ctype + if (srv_cli_ctype != cli_cli_ctype) { + fail("%s: client negotiated different client ctype than server (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(cli_cli_ctype), gnutls_certificate_type_get_name(srv_cli_ctype)); + } + // Matching expected server ctype + if (srv_srv_ctype != test->expected_srv_ctype) { + fail("%s: negotiated server ctype diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(srv_srv_ctype), gnutls_certificate_type_get_name(test->expected_srv_ctype)); + } + // Matching expected client ctype + if (srv_cli_ctype != test->expected_cli_ctype) { + fail("%s: negotiated client ctype diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(srv_cli_ctype), gnutls_certificate_type_get_name(test->expected_cli_ctype)); + } + + /* Check whether the API functions return the correct cert types for OURS and PEERS */ + assert(srv_srv_ctype == gnutls_certificate_type_get2(server, GNUTLS_CTYPE_OURS)); + assert(srv_srv_ctype == gnutls_certificate_type_get2(client, GNUTLS_CTYPE_PEERS)); + assert(cli_cli_ctype == gnutls_certificate_type_get2(server, GNUTLS_CTYPE_PEERS)); + assert(cli_cli_ctype == gnutls_certificate_type_get2(client, GNUTLS_CTYPE_OURS)); } } @@ -202,8 +231,6 @@ static void try(test_case_st * test) gnutls_deinit(client); gnutls_certificate_free_credentials(client_creds); gnutls_certificate_free_credentials(server_creds); - gnutls_pubkey_deinit(rawpk); - gnutls_privkey_deinit(privkey); reset_buffers(); } diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh index 017db46e0b..10a3b182f1 100755 --- a/tests/gnutls-cli-debug.sh +++ b/tests/gnutls-cli-debug.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # Copyright (C) 2017-2018 Red Hat, Inc. # @@ -74,31 +74,33 @@ timeout 1800 datefudge "2017-08-9" \ kill ${PID} wait - -declare -a arr=("whether we need to disable TLS 1.2... no" "for TLS 1.0 (RFC2246) support... no" - "for TLS 1.1 (RFC4346) support... yes" "for TLS 1.2 (RFC5246) support... yes" - "TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" "for safe renegotiation (RFC5746) support... yes" - "for encrypt-then-MAC (RFC7366) support... yes" "for ext master secret (RFC7627) support... yes" - "for RFC7919 Diffie-Hellman support... yes" "for curve SECP256r1 (RFC4492)... yes" - "for AES-GCM cipher (RFC5288) support... yes" - "for SHA1 MAC support... yes") - -if test "${GNUTLS_FORCE_FIPS_MODE}" != 1;then -#these tests are not run in FIPS mode -arr+=("for MD5 MAC support... no") -arr+=("for ARCFOUR 128 cipher (RFC2246) support... no") -arr+=("for CHACHA20-POLY1305 cipher (RFC7905) support... yes") -fi - -for txt in "${arr[@]}" -do - echo " - Checking ${OUTFILE} for \"${txt}\"" - grep "$txt" $OUTFILE >/dev/null - if test $? != 0;then +check_text() { + echo " - Checking ${OUTFILE} for \"$1\"" + grep "$1" $OUTFILE >/dev/null + if test $? != 0; then echo "failed" exit 1 fi -done +} + +check_text "whether we need to disable TLS 1.2... no" +check_text "for TLS 1.0 (RFC2246) support... no" +check_text "for TLS 1.1 (RFC4346) support... yes" +check_text "for TLS 1.2 (RFC5246) support... yes" +check_text "TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" +check_text "for safe renegotiation (RFC5746) support... yes" +check_text "for encrypt-then-MAC (RFC7366) support... yes" +check_text "for ext master secret (RFC7627) support... yes" +check_text "for RFC7919 Diffie-Hellman support... yes" +check_text "for curve SECP256r1 (RFC4492)... yes" +check_text "for AES-GCM cipher (RFC5288) support... yes" +check_text "for SHA1 MAC support... yes" +if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then + #these tests are not run in FIPS mode + check_text "for MD5 MAC support... no" + check_text "for ARCFOUR 128 cipher (RFC2246) support... no" + check_text "for CHACHA20-POLY1305 cipher (RFC7905) support... yes" +fi rm -f ${OUTFILE} @@ -118,32 +120,26 @@ timeout 1800 datefudge "2017-08-9" \ kill ${PID} wait -declare -a arr=("whether we need to disable TLS 1.2... no" "for TLS 1.0 (RFC2246) support... no" - "for TLS 1.1 (RFC4346) support... no" "for TLS 1.2 (RFC5246) support... yes" - "for TLS 1.3 (RFC8446) support... yes" - "TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" "for safe renegotiation (RFC5746) support... yes" - "for encrypt-then-MAC (RFC7366) support... yes" "for ext master secret (RFC7627) support... yes" - "for RFC7919 Diffie-Hellman support... yes" "for curve SECP256r1 (RFC4492)... yes" - "for AES-GCM cipher (RFC5288) support... yes" - "for SHA1 MAC support... yes") - -if test "${GNUTLS_FORCE_FIPS_MODE}" != 1;then -#these tests are not run in FIPS mode -arr+=("for MD5 MAC support... no") -arr+=("for ARCFOUR 128 cipher (RFC2246) support... no") -arr+=("for CHACHA20-POLY1305 cipher (RFC7905) support... yes") +check_text "whether we need to disable TLS 1.2... no" +check_text "for TLS 1.0 (RFC2246) support... no" +check_text "for TLS 1.1 (RFC4346) support... no" +check_text "for TLS 1.2 (RFC5246) support... yes" +check_text "for TLS 1.3 (RFC8446) support... yes" +check_text "TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" +check_text "for safe renegotiation (RFC5746) support... yes" +check_text "for encrypt-then-MAC (RFC7366) support... yes" +check_text "for ext master secret (RFC7627) support... yes" +check_text "for RFC7919 Diffie-Hellman support... yes" +check_text "for curve SECP256r1 (RFC4492)... yes" +check_text "for AES-GCM cipher (RFC5288) support... yes" +check_text "for SHA1 MAC support... yes" +if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then + #these tests are not run in FIPS mode + check_text "for MD5 MAC support... no" + check_text "for ARCFOUR 128 cipher (RFC2246) support... no" + check_text "for CHACHA20-POLY1305 cipher (RFC7905) support... yes" fi -for txt in "${arr[@]}" -do - echo " - Checking ${OUTFILE} for \"${txt}\"" - grep "$txt" $OUTFILE >/dev/null - if test $? != 0;then - echo "failed" - exit 1 - fi -done - rm -f ${OUTFILE} exit 0 diff --git a/tests/handshake-timeout.c b/tests/handshake-timeout.c index 52c21f69b4..92a398cce0 100644 --- a/tests/handshake-timeout.c +++ b/tests/handshake-timeout.c @@ -26,6 +26,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <errno.h> #if defined(_WIN32) @@ -61,7 +62,7 @@ static void client_log_func(int level, const char *str) fprintf(stderr, "client|<%d>| %s", level, str); } -static void client(int fd, int wait) +static void client(int fd, int tmo_ms) { int ret; gnutls_anon_client_credentials_t anoncred; @@ -79,7 +80,7 @@ static void client(int fd, int wait) /* Initialize TLS session */ gnutls_init(&session, GNUTLS_CLIENT); - gnutls_handshake_set_timeout(session, 20 * 1000); + gnutls_handshake_set_timeout(session, tmo_ms); /* Use default priorities */ gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH:-VERS-ALL:+VERS-TLS1.2", NULL); @@ -102,7 +103,7 @@ static void client(int fd, int wait) gnutls_global_deinit(); if (ret < 0) { - if (ret != GNUTLS_E_TIMEDOUT || wait == 0) { + if (ret != GNUTLS_E_TIMEDOUT || tmo_ms == 0) { if (debug) fail("client: unexpected error: %s\n", gnutls_strerror(ret)); @@ -110,19 +111,19 @@ static void client(int fd, int wait) } if (debug) success("client: expected timeout occurred\n"); - return; } else { - if (wait != 0) { + if (tmo_ms != 0) { fail("client: handshake was completed unexpectedly\n"); gnutls_perror(ret); exit(1); } } + shutdown(fd, SHUT_RDWR); return; } -static void server(int fd, int wait) +static void server(int fd, int tmo_ms) { int ret; gnutls_session_t session; @@ -150,8 +151,12 @@ static void server(int fd, int wait) gnutls_transport_set_int(session, fd); - if (wait) { - sec_sleep(25); + if (tmo_ms) { + char buf[32]; + + // read until client closes connection + while (read(fd, buf, sizeof(buf)) > 0) + ; } else { do { ret = gnutls_handshake(session); @@ -167,14 +172,14 @@ static void server(int fd, int wait) gnutls_global_deinit(); } -static void start(int wait_flag) +static void start(int tmo_ms) { int fd[2]; int ret; pid_t child; - if (debug && wait_flag) - fprintf(stderr, "\nWill test timeout\n"); + if (debug && tmo_ms) + fprintf(stderr, "\nWill test timeout %dms\n", tmo_ms); ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { @@ -193,14 +198,14 @@ static void start(int wait_flag) int status = 0; /* parent */ close(fd[1]); - server(fd[0], wait_flag); + server(fd[0], tmo_ms); close(fd[0]); wait(&status); check_wait_status(status); } else { close(fd[0]); - client(fd[1], wait_flag); + client(fd[1], tmo_ms); close(fd[1]); exit(0); } @@ -219,8 +224,11 @@ void doit(void) /* make sure that normal handshake occurs */ start(0); - /* check the handshake with an expected timeout */ - start(1); + /* check the handshake with a 100ms timeout */ + start(100); + + /* check the handshake with a 1000ms timeout */ + start(1000); } #endif /* _WIN32 */ diff --git a/tests/long-crl.sh b/tests/long-crl.sh index 74327e36c6..3abd910cbd 100755 --- a/tests/long-crl.sh +++ b/tests/long-crl.sh @@ -21,7 +21,6 @@ # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. srcdir="${srcdir:-.}" -DIFF="${DIFF:-diff}" CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}" if ! test -x "${CERTTOOL}"; then @@ -32,24 +31,20 @@ if ! test -z "${VALGRIND}"; then VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" fi +. "${srcdir}/scripts/common.sh" + TMPFILE=long.$$.pem.tmp -rm -f $TMPFILE ${VALGRIND} "${CERTTOOL}" --crl-info --inder --infile "${srcdir}/data/long.crl" --outfile $TMPFILE -rc=$? - -# We're done. -if test "${rc}" != "0"; then +if test $? != 0; then echo "CRL decoding failed 1!" - exit ${rc} + exit 1 fi -${DIFF} -I ^warning "${srcdir}/data/long.pem" "$TMPFILE" || ${DIFF} -I ^warning --strip-trailing-cr "${srcdir}/data/long.pem" $TMPFILE -rc=$? - -if test "${rc}" != "0"; then +check_if_equal "${srcdir}/data/long.pem" $TMPFILE "^warning" +if test $? != 0; then echo "CRL decoding failed 2!" - exit ${rc} + exit 1 fi rm -f $TMPFILE diff --git a/tests/pkcs11/tls-neg-pkcs11-key.c b/tests/pkcs11/tls-neg-pkcs11-key.c index c003e762aa..764e93b6ad 100644 --- a/tests/pkcs11/tls-neg-pkcs11-key.c +++ b/tests/pkcs11/tls-neg-pkcs11-key.c @@ -72,8 +72,10 @@ static unsigned verify_eddsa_presence(void) return 0; } -static gnutls_privkey_t load_virt_privkey(const char *name, const gnutls_datum_t *txtkey, int exp_key_err) +static gnutls_privkey_t load_virt_privkey(const char *name, const gnutls_datum_t *txtkey, + int exp_key_err, unsigned needs_decryption) { + unsigned flags; gnutls_privkey_t privkey; gnutls_x509_privkey_t tmp; int ret; @@ -86,7 +88,12 @@ static gnutls_privkey_t load_virt_privkey(const char *name, const gnutls_datum_t if (ret < 0) testfail("gnutls_privkey_import: %s\n", gnutls_strerror(ret)); - ret = gnutls_pkcs11_copy_x509_privkey(SOFTHSM_URL, tmp, "key", GNUTLS_KEY_DIGITAL_SIGNATURE, + if (needs_decryption) + flags = GNUTLS_KEY_KEY_ENCIPHERMENT; + else + flags = GNUTLS_KEY_DIGITAL_SIGNATURE; + + ret = gnutls_pkcs11_copy_x509_privkey(SOFTHSM_URL, tmp, "key", flags, GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN); gnutls_x509_privkey_deinit(tmp); @@ -166,9 +173,9 @@ void try_with_key(const char *name, const char *client_prio, gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_xcred); - gnutls_priority_set_direct(server, - "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519", - NULL); + assert(gnutls_priority_set_direct(server, + "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519", + NULL) >= 0); gnutls_transport_set_push_function(server, server_push); gnutls_transport_set_pull_function(server, server_pull); gnutls_transport_set_ptr(server, server); @@ -260,10 +267,19 @@ typedef struct test_st { int exp_key_err; int exp_serv_err; int needs_eddsa; + int needs_decryption; unsigned requires_pkcs11_pss; } test_st; static const test_st tests[] = { + {.name = "tls1.2: rsa-decryption key", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:-KX-ALL:+RSA:-VERS-TLS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_localhost_rsa_decrypt_cert, + .key = &server_ca3_key, + .exp_kx = GNUTLS_KX_RSA, + .needs_decryption = 1 + }, {.name = "tls1.2: ecc key", .pk = GNUTLS_PK_ECDSA, .prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2", @@ -437,7 +453,7 @@ void doit(void) } } - privkey = load_virt_privkey(tests[i].name, tests[i].key, tests[i].exp_key_err); + privkey = load_virt_privkey(tests[i].name, tests[i].key, tests[i].exp_key_err, tests[i].needs_decryption); if (privkey == NULL && tests[i].exp_key_err < 0) continue; assert(privkey != 0); diff --git a/tests/rawpk-api.c b/tests/rawpk-api.c new file mode 100644 index 0000000000..1be9acf973 --- /dev/null +++ b/tests/rawpk-api.c @@ -0,0 +1,143 @@ +/* + * Copyright (C) 2018 ARPA2 project + * + * Author: Tom Vrancken (dev@tomvrancken.nl) + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <gnutls/gnutls.h> +#include <gnutls/abstract.h> +#include "utils.h" +#include <assert.h> +#include "cert-common.h" + +/* Here we test the raw public-key API */ + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t cred = NULL; + gnutls_pcert_st* pcert; + gnutls_pubkey_t pubkey; + const char *src; + char rawpk_pub_path[256]; + char rawpk_priv_path[256]; + + // Get current src dir + src = getenv("srcdir"); + if (src == NULL) + src = "."; + + // Set file paths for pem files + snprintf(rawpk_pub_path, sizeof(rawpk_pub_path), "%s/%s", src, "certs/rawpk_pub.pem"); + snprintf(rawpk_priv_path, sizeof(rawpk_priv_path), "%s/%s", src, "certs/rawpk_priv.pem"); + + + global_init(); + + // Initialize creds + assert(gnutls_certificate_allocate_credentials(&cred) >= 0); + assert((pcert = gnutls_calloc(1, sizeof(*pcert))) != NULL); + assert(gnutls_pubkey_init(&pubkey) >= 0); + assert(gnutls_pubkey_import(pubkey, &rawpk_public_key1, GNUTLS_X509_FMT_PEM) >= 0); + + + /* Tests for gnutls_certificate_set_rawpk_key_mem() */ + success("Testing gnutls_certificate_set_rawpk_key_mem()...\n"); + // Positive tests + ret = gnutls_certificate_set_rawpk_key_mem(cred, + &rawpk_public_key2, &rawpk_private_key2, GNUTLS_X509_FMT_PEM, + NULL, 0, NULL, 0, 0); + if (ret < 0) { + fail("Failed to load credentials with error: %d\n", ret); + } + // Negative tests + ret = gnutls_certificate_set_rawpk_key_mem(cred, + NULL, &rawpk_private_key2, GNUTLS_X509_FMT_PEM, + NULL, 0, NULL, 0, 0); + if (ret != GNUTLS_E_INSUFFICIENT_CREDENTIALS) { + fail("Failed to detect falsy input. Expected error: %d\n", GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + ret = gnutls_certificate_set_rawpk_key_mem(cred, + &rawpk_public_key2, NULL, GNUTLS_X509_FMT_PEM, + NULL, 0, NULL, 0, 0); + if (ret != GNUTLS_E_INSUFFICIENT_CREDENTIALS) { + fail("Failed to detect falsy input. Expected error: %d\n", GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + + + /* Tests for gnutls_certificate_set_rawpk_key_file() */ + success("Testing gnutls_certificate_set_rawpk_key_file()...\n"); + // Positive tests + ret = gnutls_certificate_set_rawpk_key_file(cred, rawpk_pub_path, rawpk_priv_path, GNUTLS_X509_FMT_PEM, NULL, 0, NULL, 0, 0, 0); + if (ret < 0) { + fail("Failed to load credentials with error: %d\n", ret); + } + // Negative tests + ret = gnutls_certificate_set_rawpk_key_file(cred, NULL, rawpk_priv_path, GNUTLS_X509_FMT_PEM, NULL, 0, NULL, 0, 0, 0); + if (ret != GNUTLS_E_INSUFFICIENT_CREDENTIALS) { + fail("Failed to detect falsy input. Expected error: %d\n", GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + ret = gnutls_certificate_set_rawpk_key_file(cred, rawpk_pub_path, NULL, GNUTLS_X509_FMT_PEM, NULL, 0, NULL, 0, 0, 0); + if (ret != GNUTLS_E_INSUFFICIENT_CREDENTIALS) { + fail("Failed to detect falsy input. Expected error: %d\n", GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + + + /* Tests for gnutls_pcert_import_rawpk() */ + success("Testing gnutls_pcert_import_rawpk()...\n"); + // Positive tests + ret = gnutls_pcert_import_rawpk(pcert, pubkey, 0); + if (ret < 0) { + fail("Failed to import raw public-key into pcert with error: %d\n", ret); + } + // Negative tests + ret = gnutls_pcert_import_rawpk(pcert, NULL, 0); + if (ret != GNUTLS_E_INSUFFICIENT_CREDENTIALS) { + fail("Failed to detect falsy input. Expected error: %d\n", GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + // Cleanup to prevent subsequent API calls to produce memory leaks + gnutls_pcert_deinit(pcert); + + + /* Tests for gnutls_pcert_import_rawpk_raw() */ + success("Testing gnutls_pcert_import_rawpk_raw()...\n"); + // Positive tests + ret = gnutls_pcert_import_rawpk_raw(pcert, &rawpk_public_key1, GNUTLS_X509_FMT_PEM, 0, 0); + if (ret < 0) { + fail("Failed to import raw public-key into pcert with error: %d\n", ret); + } + // Negative tests + ret = gnutls_pcert_import_rawpk_raw(pcert, NULL, GNUTLS_X509_FMT_PEM, 0, 0); + if (ret != GNUTLS_E_INSUFFICIENT_CREDENTIALS) { + fail("Failed to detect falsy input. Expected error: %d\n", GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + // Cleanup to prevent subsequent API calls to produce memory leaks + gnutls_pcert_deinit(pcert); + + + // Generic cleanup + gnutls_free(pcert); + gnutls_certificate_free_credentials(cred); + + gnutls_global_deinit(); +} + diff --git a/tests/rsa-encrypt-decrypt.c b/tests/rsa-encrypt-decrypt.c index 374684388c..95fdc64fb0 100644 --- a/tests/rsa-encrypt-decrypt.c +++ b/tests/rsa-encrypt-decrypt.c @@ -165,6 +165,15 @@ void doit(void) if (memcmp(out2.data, hash_data.data, hash_data.size) != 0) fail("Decrypted data don't match original (2)\n"); + /* try again with fixed length API */ + memset(out2.data, 'A', out2.size); + ret = gnutls_privkey_decrypt_data2(privkey, 0, &out, out2.data, out2.size); + if (ret < 0) + fail("gnutls_privkey_decrypt_data\n"); + + if (memcmp(out2.data, hash_data.data, hash_data.size) != 0) + fail("Decrypted data don't match original (2b)\n"); + gnutls_free(out.data); gnutls_free(out2.data); @@ -183,6 +192,15 @@ void doit(void) if (memcmp(out2.data, raw_data.data, raw_data.size) != 0) fail("Decrypted data don't match original (4)\n"); + /* try again with fixed length API */ + memset(out2.data, 'A', out2.size); + ret = gnutls_privkey_decrypt_data2(privkey, 0, &out, out2.data, out2.size); + if (ret < 0) + fail("gnutls_privkey_decrypt_data\n"); + + if (memcmp(out2.data, raw_data.data, raw_data.size) != 0) + fail("Decrypted data don't match original (4b)\n"); + if (debug) success("ok\n"); diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh index 1567d8e614..1cce09d04e 100644 --- a/tests/scripts/common.sh +++ b/tests/scripts/common.sh @@ -59,7 +59,10 @@ check_if_port_listening() { } # Find a port number not currently in use. -GETPORT='rc=0; myrandom=$(date +%N | sed s/^0*//) +GETPORT='rc=0; unset myrandom + if test -n "$RANDOM"; then myrandom=$(($RANDOM + $RANDOM)); fi + if test -z "$myrandom"; then myrandom=$(date +%N | sed s/^0*//); fi + if test -z "$myrandom"; then myrandom=0; fi while test $rc = 0;do PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))" check_if_port_in_use $PORT;rc=$? @@ -117,7 +120,7 @@ wait_for_port() { local ret local PORT="$1" - sleep 4 + sleep 1 for i in 1 2 3 4 5 6;do check_if_port_listening ${PORT} @@ -144,7 +147,7 @@ wait_for_free_port() if test $ret != 0;then break else - sleep 20 + sleep 2 fi done return $ret @@ -260,3 +263,21 @@ terminate_proc() { kill_quiet -9 $pid sleep 0.1 } + +# $1, $2: the two files to check for equality +# $3: Strings to be ignored, separated by | +check_if_equal() { + if test -n "$3"; then + local tmp1=`basename "$1"`"1.tmp" + local tmp2=`basename "$2"`"2.tmp" + egrep -v "$3" "$1" | tr -d '\r' >"$tmp1" + egrep -v "$3" "$2" | tr -d '\r' >"$tmp2" + diff -b -B "$tmp1" "$tmp2" + local rc=$? + rm -f "$tmp1" "$tmp2" + return $rc + fi + + diff -b -B "$1" "$2" + return $? +} diff --git a/tests/ssl30-cert-key-exchange.c b/tests/ssl30-cert-key-exchange.c index eccb4955d8..662721a2bd 100644 --- a/tests/ssl30-cert-key-exchange.c +++ b/tests/ssl30-cert-key-exchange.c @@ -40,15 +40,15 @@ void doit(void) { #ifdef ENABLE_SSL3 global_init(); - try("SSL 3.0 with anon-dh", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try("SSL 3.0 with dhe-rsa no cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("SSL 3.0 with anon-dh", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("SSL 3.0 with dhe-rsa no cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try("SSL 3.0 with rsa no cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try_cli("SSL 3.0 with dhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); - try_cli("SSL 3.0 with rsa cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_x509("SSL 3.0 with rsa no cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509_cli("SSL 3.0 with dhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_x509_cli("SSL 3.0 with rsa cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); - try_cli("SSL 3.0 with dhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); - try_cli("SSL 3.0 with rsa ask cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("SSL 3.0 with dhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("SSL 3.0 with rsa ask cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); gnutls_global_deinit(); #else exit(77); diff --git a/tests/suite/tls-fuzzer/gnutls-cert.json b/tests/suite/tls-fuzzer/gnutls-cert.json index fe2b39f2c2..f9de174699 100644 --- a/tests/suite/tls-fuzzer/gnutls-cert.json +++ b/tests/suite/tls-fuzzer/gnutls-cert.json @@ -37,9 +37,13 @@ "-p", "@PORT@"] }, {"name" : "test-rsa-pss-sigs-on-certificate-verify.py", + "comment" : "FIXME: We shouldn't allow rsa_pss_pss* schemes as there is only RSA key #645", "arguments" : ["-k", "tests/clientX509Key.pem", "-c", "tests/clientX509Cert.pem", "-e", "check CertificateRequest sigalgs", + "-e", "rsa_pss_pss_sha256 in CertificateVerify with rsa key", + "-e", "rsa_pss_pss_sha384 in CertificateVerify with rsa key", + "-e", "rsa_pss_pss_sha512 in CertificateVerify with rsa key", "-n", "100", "-p", "@PORT@"] }, diff --git a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json index d0d142e7a2..06fbf92351 100644 --- a/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json +++ b/tests/suite/tls-fuzzer/gnutls-nocert-tls13.json @@ -14,6 +14,8 @@ "tests" : [ {"name" : "test-tls13-0rtt-garbage.py", "arguments": ["-p", "@PORT@"]}, + {"name" : "test-tls13-ccs.py", + "arguments": ["-p", "@PORT@"]}, {"name" : "test-tls13-crfg-curves.py", "comment": "We do not support x448", "arguments": ["-p", "@PORT@", diff --git a/tests/suite/tls-fuzzer/tlsfuzzer b/tests/suite/tls-fuzzer/tlsfuzzer -Subproject 64f4a6e94c6cc1357fdb9fb36b8467456509df6 +Subproject cd624f68c671f339b3a1e0ef90db984760bcfea diff --git a/tests/suite/tls-fuzzer/tlslite-ng b/tests/suite/tls-fuzzer/tlslite-ng -Subproject af466651a7795ac5a6cf54932d496ca8e79b49b +Subproject d00ad94272be90172ecc5c422c923d679c23416 diff --git a/tests/tls-crt_type-neg.c b/tests/tls-crt_type-neg.c index ff5aa08885..f09d3cb27f 100644 --- a/tests/tls-crt_type-neg.c +++ b/tests/tls-crt_type-neg.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2017 - 2018 ARPA2 project * - * Author: Tom Vrancken + * Author: Tom Vrancken (dev@tomvrancken.nl) * * This file is part of GnuTLS. * @@ -15,7 +15,7 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * - * You should have received a copy of the GNU Lesser General Public License + * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/> */ @@ -40,254 +40,393 @@ test_case_st tests[] = { /* Tests with only a single credential set for client/server. * Tests for X.509 cases. */ - { + { /* Default case A * * Priority cli: NORMAL * Priority srv: NORMAL - * Certificate negotiation mechanism: disabled * Cli creds: None * Srv creds: X.509 * Handshake: should complete without errors * Negotiation: cert types should default to X.509 */ - .name = "Default case A. Neg off (default). Creds set (CLI/SRV): None/X509.", + .name = "Default case A. Creds set (CLI/SRV): None/X509.", .client_prio = "NORMAL", .server_prio = "NORMAL", .set_cli_creds = CRED_EMPTY, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = false, - .enable_cert_type_neg_srv = false}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { /* Default case B * * Priority: NORMAL - * Certificate negotiation mechanism: disabled * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors * Negotiation: cert types should default to X.509 */ - .name = "Default case B. Neg off (default). Creds set (CLI/SRV): X509/X509.", + .name = "Default case B. Creds set (CLI/SRV): X509/X509. No cli cert asked.", .client_prio = "NORMAL", .server_prio = "NORMAL", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = false, - .enable_cert_type_neg_srv = false}, - { - /* No server credentials - * - * Priority: NORMAL - * Certificate negotiation mechanism: disabled - * Cli creds: None - * Srv creds: None - * Handshake: results in errors - * Negotiation: cert types are not evaluated - */ - .name = "No server creds. Creds set (CLI/SRV): None/None.", - .client_prio = "NORMAL", - .server_prio = "NORMAL", - .set_cli_creds = CRED_EMPTY, - .set_srv_creds = CRED_EMPTY, - .client_err = GNUTLS_E_AGAIN, - .server_err = GNUTLS_E_NO_CIPHER_SUITES, - .enable_cert_type_neg_cli = false, - .enable_cert_type_neg_srv = false}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { - /* Client can negotiate, server not + /* Default case C * * Priority: NORMAL - * Certificate negotiation mechanism (cli/srv): enabled/disabled - * Cli creds: None + * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors * Negotiation: cert types should default to X.509 */ - .name = "Client can negotiate, server not", + .name = "Default case C. Creds set (CLI/SRV): X509/X509. Cli cert asked.", .client_prio = "NORMAL", .server_prio = "NORMAL", - .set_cli_creds = CRED_EMPTY, + .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = false}, + .request_cli_crt = true}, { - /* Server can negotiate, client not + /* No server credentials * * Priority: NORMAL - * Certificate negotiation mechanism (cli/srv): disabled/enabled * Cli creds: None - * Srv creds: X.509 - * Handshake: should complete without errors - * Negotiation: cert types should default to X.509 + * Srv creds: None + * Handshake: results in errors + * Negotiation: cert types are not evaluated */ - .name = "Server can negotiate, client not", + .name = "No server creds. Creds set (CLI/SRV): None/None.", .client_prio = "NORMAL", .server_prio = "NORMAL", .set_cli_creds = CRED_EMPTY, - .set_srv_creds = CRED_X509, - .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = false, - .enable_cert_type_neg_srv = true}, + .set_srv_creds = CRED_EMPTY, + .client_err = GNUTLS_E_AGAIN, + .server_err = GNUTLS_E_NO_CIPHER_SUITES}, { - /* Client and server can negotiate + /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509 * - * Priority: NORMAL - * Certificate negotiation mechanism (cli/srv): enabled/enabled - * Cli creds: None + * Priority: NORMAL + request x509 for cli and srv + * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors - * Negotiation: cert types should default to X.509 + * Negotiation: Fallback to default cli X.509, srv X.509 because + * we advertise with only the cert type defaults. Extensions + * will therefore not be activated. */ - .name = "Client and server can negotiate", - .client_prio = "NORMAL", - .server_prio = "NORMAL", - .set_cli_creds = CRED_EMPTY, + .name = "Negotiate CLI X.509 + SRV X.509. Creds set (CLI/SRV): X.509/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509", + .server_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509", + .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { - /* Negotiate both, cli creds x509, srv creds x509 + /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509, no cli cert asked * - * Priority: NORMAL + request x509 for cli and srv - * Certificate negotiation mechanism (cli/srv): enabled/enabled + * Priority: NORMAL + request x509 for cli * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors * Negotiation: Fallback to default cli X.509, srv X.509 because - * we advertise with only the cert type defaults. + * we advertise with only the cert type defaults. Extensions + * will therefore not be activated. */ - .name = "Negotiate CLI X.509 + SRV X.509, cli/srv X.509 creds set", - .client_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509", - .server_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509", + .name = "Negotiate CLI X.509. Creds set (CLI/SRV): X.509/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-X509", + .server_prio = "NORMAL:+CTYPE-CLI-X509", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { - /* Negotiate cli x509, cli creds x509, srv creds x509 + /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509, cli cert asked * * Priority: NORMAL + request x509 for cli - * Certificate negotiation mechanism (cli/srv): enabled/enabled * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors * Negotiation: Fallback to default cli X.509, srv X.509 because - * we advertise with only the cert type defaults. + * we advertise with only the cert type defaults. Extensions + * will therefore not be activated. */ - .name = "Negotiate CLI X.509, cli/srv X.509 creds set", + .name = "Negotiate CLI X.509. Creds set (CLI/SRV): X.509/X.509.", .client_prio = "NORMAL:+CTYPE-CLI-X509", .server_prio = "NORMAL:+CTYPE-CLI-X509", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true}, + .request_cli_crt = true}, { - /* Negotiate srv x509, cli creds x509, srv creds x509 + /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509 * * Priority: NORMAL + request x509 for srv - * Certificate negotiation mechanism (cli/srv): enabled/enabled * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors * Negotiation: Fallback to default cli X.509, srv X.509 because - * we advertise with only the cert type defaults. + * we advertise with only the cert type defaults. Extensions + * will therefore not be activated. */ - .name = "Negotiate SRV X.509, cli/srv X.509 creds set", + .name = "Negotiate SRV X.509. Creds set (CLI/SRV): X.509/X.509.", .client_prio = "NORMAL:+CTYPE-SRV-X509", .server_prio = "NORMAL:+CTYPE-SRV-X509", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { - /* All types allowed for CLI, cli creds x509, srv creds x509 + /* Explicit cli/srv ctype negotiation, all types allowed for CLI, cli creds x509, srv creds x509 * * Priority: NORMAL + allow all client cert types - * Certificate negotiation mechanism (cli/srv): enabled/enabled * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors - * Negotiation: Fallback to default cli X.509, srv X.509 because - * we advertise with only the cert type defaults. + * Negotiation: cli X.509 and srv X.509 because + * we only have X.509 credentials set. */ - .name = "Negotiate CLI all, cli/srv X.509 creds set", + .name = "Negotiate CLI all. Creds set (CLI/SRV): X.509/X.509.", .client_prio = "NORMAL:+CTYPE-CLI-ALL", .server_prio = "NORMAL:+CTYPE-CLI-ALL", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { - /* All types allowed for SRV, cli creds x509, srv creds x509 + /* Explicit cli/srv ctype negotiation, all types allowed for SRV, cli creds x509, srv creds x509 * * Priority: NORMAL + allow all server cert types - * Certificate negotiation mechanism (cli/srv): enabled/enabled * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors - * Negotiation: Fallback to default cli X.509, srv X.509 because - * we advertise with only the cert type defaults. + * Negotiation: cli X.509 and srv X.509 because + * we only have X.509 credentials set. */ - .name = "Negotiate SRV all, cli/srv X.509 creds set", + .name = "Negotiate SRV all. Creds set (CLI/SRV): X.509/X.509.", .client_prio = "NORMAL:+CTYPE-SRV-ALL", .server_prio = "NORMAL:+CTYPE-SRV-ALL", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true}, + .expected_srv_ctype = GNUTLS_CRT_X509}, { - /* All types allowed for CLI/SRV, cli creds x509, srv creds x509 + /* Explicit cli/srv ctype negotiation, all types allowed for CLI/SRV, cli creds x509, srv creds x509 * * Priority: NORMAL + allow all client and server cert types - * Certificate negotiation mechanism (cli/srv): enabled/enabled * Cli creds: X.509 * Srv creds: X.509 * Handshake: should complete without errors - * Negotiation: Fallback to default cli X.509, srv X.509 because - * we advertise with only the cert type defaults. + * Negotiation: cli X.509 and srv X.509 because + * we only have X.509 credentials set. */ - .name = "Negotiate CLI/SRV all, cli/srv X.509 creds set", + .name = "Negotiate CLI/SRV all. Creds set (CLI/SRV): X.509/X.509.", .client_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL", .server_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL", .set_cli_creds = CRED_X509, .set_srv_creds = CRED_X509, .expected_cli_ctype = GNUTLS_CRT_X509, - .expected_srv_ctype = GNUTLS_CRT_X509, - .enable_cert_type_neg_cli = true, - .enable_cert_type_neg_srv = true} + .expected_srv_ctype = GNUTLS_CRT_X509}, /* Tests with only a single credential set for client/server. * Tests for Raw public-key cases. */ - //TODO implement when Raw public key support is finished - - /* Tests with only a single credential set for client/server. - * Tests for KDH cases. - */ - //TODO implement when KDH support is finished + { + /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds Raw PK, Req. cli cert. + * + * Priority: NORMAL + request rawpk for cli and srv + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: yes + * Handshake: should complete without errors + * Negotiation: both parties should have a Raw PK cert negotiated + */ + .name = "Negotiate CLI Raw PK + SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK. Cert req.", + .client_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* Explicit cli/srv ctype negotiation (TLS 1.2), cli creds Raw PK, srv creds Raw PK + * + * Priority: NORMAL + request rawpk for cli and srv + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: no + * Handshake: should complete without errors + * Negotiation: a Raw PK server cert. A diverged state for the client + * cert type. The server picks Raw PK but does not send a response + * to the client (under TLS 1.2). The client therefore falls back to default (X.509). + */ + .name = "Negotiate CLI Raw PK + SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK.", + .client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_cli_srv_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = false, + .cli_srv_may_diverge = true}, + { + /* Explicit cli/srv ctype negotiation (TLS 1.3), cli creds Raw PK, srv creds Raw PK + * + * Priority: NORMAL + request rawpk for cli and srv + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: no + * Handshake: should complete without errors + * Negotiation: a Raw PK server cert and client cert. Under TLS 1.3 + * a respons is always sent by the server also when no client + * cert is requested. This is necessary for post-handshake authentication + * to work. + */ + .name = "Negotiate CLI Raw PK + SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK.", + .client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_cli_srv_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = false, + .cli_srv_may_diverge = true}, + { + /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds Raw PK + * + * Priority: NORMAL + request rawpk for cli + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: no + * Handshake: fails because no valid cred (X.509) can be found for the server. + * Negotiation: - + */ + .name = "Negotiate CLI Raw PK. Creds set (CLI/SRV): RawPK/RawPK.", + .client_prio = "NORMAL:+CTYPE-CLI-RAWPK", + .server_prio = "NORMAL:+CTYPE-CLI-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .client_err = GNUTLS_E_AGAIN, + .server_err = GNUTLS_E_NO_CIPHER_SUITES}, + { + /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds Raw PK, request cli cert. + * + * Priority: NORMAL + request rawpk for srv + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: yes + * Handshake: should complete without errors + * Negotiation: Raw PK will be negotiated for server. Client will + * default to X.509. + */ + .name = "Negotiate SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK.", + .client_prio = "NORMAL:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds X.509, Request cli cert. + * + * Priority: NORMAL + request rawpk for cli and srv + * Cli creds: Raw PK + * Srv creds: X.509 + * Request client cert: yes + * Handshake: should complete without errors + * Negotiation: Raw PK will be negotiated for client. Server will + * default to X.509. + */ + .name = "Negotiate CLI and SRV Raw PK. Creds set (CLI/SRV): RawPK/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_ctype = GNUTLS_CRT_X509, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* All types allowed for CLI, cli creds Raw PK, srv creds X.509 + * + * Priority: NORMAL + allow all client cert types + * Cli creds: Raw PK + * Srv creds: X.509 + * Handshake: should complete without errors + * Negotiation: cli Raw PK and srv X.509 because + * that are the only credentials set. + */ + .name = "Negotiate CLI all. Creds set (CLI/SRV): Raw PK/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-ALL", + .server_prio = "NORMAL:+CTYPE-CLI-ALL", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_ctype = GNUTLS_CRT_X509, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* All types allowed for SRV, cli creds x509, srv creds Raw PK + * + * Priority: NORMAL + allow all server cert types + * Cli creds: X.509 + * Srv creds: Raw PK + * Handshake: should complete without errors + * Negotiation: cli X.509 and srv Raw PK because + * that are the only credentials set. + */ + .name = "Negotiate SRV all. Creds set (CLI/SRV): X.509/Raw PK.", + .client_prio = "NORMAL:+CTYPE-SRV-ALL", + .server_prio = "NORMAL:+CTYPE-SRV-ALL", + .set_cli_creds = CRED_X509, + .set_srv_creds = CRED_RAWPK, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* All types allowed for CLI/SRV, cli creds Raw PK, srv creds Raw PK + * + * Priority: NORMAL + allow all client and server cert types + * Cli creds: Raw PK + * Srv creds: Raw PK + * Handshake: should complete without errors + * Negotiation: cli Raw PK and srv Raw PK because + * that are the only credentials set. + */ + .name = "Negotiate CLI/SRV all. Creds set (CLI/SRV): Raw PK/Raw PK.", + .client_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL", + .server_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, - /* Tests with multiple credentials set for client/server. */ - //TODO implement when support for more cert types is ready }; void doit(void) diff --git a/tests/tls10-cert-key-exchange.c b/tests/tls10-cert-key-exchange.c index e1cee39253..1b976c37ee 100644 --- a/tests/tls10-cert-key-exchange.c +++ b/tests/tls10-cert-key-exchange.c @@ -40,26 +40,26 @@ void doit(void) { global_init(); - try("TLS 1.0 with anon-ecdh", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ANON-ECDH", GNUTLS_KX_ANON_ECDH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.0 with anon-dh", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.0 with dhe-rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.0 with ecdhe x25519 rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.0 with ecdhe rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.0 with anon-ecdh", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ANON-ECDH", GNUTLS_KX_ANON_ECDH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.0 with anon-dh", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.0 with dhe-rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.0 with ecdhe x25519 rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.0 with ecdhe rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); try_with_key("TLS 1.0 with ecdhe ecdsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, - &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0); + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); - try("TLS 1.0 with rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try_cli("TLS 1.0 with dhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); - try_cli("TLS 1.0 with ecdhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); - try_cli("TLS 1.0 with rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_x509("TLS 1.0 with rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509_cli("TLS 1.0 with dhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_x509_cli("TLS 1.0 with ecdhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_x509_cli("TLS 1.0 with rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); try_with_key("TLS 1.0 with ecdhe ecdsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, - &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT); + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); - try_cli("TLS 1.0 with dhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); - try_cli("TLS 1.0 with ecdhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); - try_cli("TLS 1.0 with rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.0 with dhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.0 with ecdhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.0 with rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); try_with_key("TLS 1.0 with ecdhe ecdsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, - &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, ASK_CERT); + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, ASK_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); gnutls_global_deinit(); } diff --git a/tests/tls11-cert-key-exchange.c b/tests/tls11-cert-key-exchange.c index 860574afdc..ef4b81e5d5 100644 --- a/tests/tls11-cert-key-exchange.c +++ b/tests/tls11-cert-key-exchange.c @@ -40,27 +40,27 @@ void doit(void) { global_init(); - try("TLS 1.1 with anon-ecdh", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ANON-ECDH", GNUTLS_KX_ANON_ECDH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.1 with anon-dh", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.1 with dhe-rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.1 with ecdhe x25519 rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.1 with ecdhe rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.1 with anon-ecdh", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ANON-ECDH", GNUTLS_KX_ANON_ECDH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.1 with anon-dh", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.1 with dhe-rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.1 with ecdhe x25519 rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.1 with ecdhe rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); try_with_key("TLS 1.1 with ecdhe ecdsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, - &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0); + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); - try("TLS 1.1 with rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.1 with rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try_cli("TLS 1.1 with dhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); - try_cli("TLS 1.1 with ecdhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); - try_cli("TLS 1.1 with rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_x509_cli("TLS 1.1 with dhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_x509_cli("TLS 1.1 with ecdhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_x509_cli("TLS 1.1 with rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); try_with_key("TLS 1.1 with ecdhe ecdsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, - &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT); + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); - try_cli("TLS 1.1 with dhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); - try_cli("TLS 1.1 with ecdhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); - try_cli("TLS 1.1 with rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.1 with dhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.1 with ecdhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.1 with rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); try_with_key("TLS 1.1 with ecdhe ecdsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, - &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, ASK_CERT); + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, ASK_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); /* illegal setups */ server_priority = NULL; diff --git a/tests/tls12-cert-key-exchange.c b/tests/tls12-cert-key-exchange.c index bdfd91f72f..7811ae85bb 100644 --- a/tests/tls12-cert-key-exchange.c +++ b/tests/tls12-cert-key-exchange.c @@ -40,51 +40,69 @@ void doit(void) { global_init(); - try("TLS 1.2 with anon-ecdh", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ANON-ECDH", GNUTLS_KX_ANON_ECDH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.2 with anon-dh", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.2 with dhe-rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.2 with ecdhe x25519 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.2 with ecdhe rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); - try_with_key("TLS 1.2 with ecdhe ecdsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_UNKNOWN, - &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0); - try("TLS 1.2 with ecdhe rsa-pss sig no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + /** X.509 tests **/ + try_x509("TLS 1.2 with anon-ecdh", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ANON-ECDH", GNUTLS_KX_ANON_ECDH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.2 with anon-dh", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.2 with dhe-rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.2 with ecdhe x25519 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.2 with ecdhe rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_with_key("TLS 1.2 with ecdhe ecdsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_x509("TLS 1.2 with ecdhe rsa-pss sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); /* Test RSA-PSS cert/key combo issues */ - try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, - &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0); - try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key and 1 sig no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, - &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0); - try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key and rsa-pss-sha384 first sig no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, - &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0); - try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key and rsa-pss-sha512 first sig no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, - &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0); - - try("TLS 1.2 with ecdhe rsa-pss no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); - try_with_key("TLS 1.2 with ecdhe rsa-pss/rsa-pss no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, - &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, NULL, NULL, 0); - try("TLS 1.2 with rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); - try_with_key("TLS 1.2 with ecdhe x25519 ed25519 no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_UNKNOWN, - &server_ca3_eddsa_cert, &server_ca3_eddsa_key, NULL, NULL, 0); - - try_cli("TLS 1.2 with dhe-rsa cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); - try_cli("TLS 1.2 with ecdhe-rsa cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); - try_cli("TLS 1.2 with rsa cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_RSA_SHA256, USE_CERT); - try_with_key("TLS 1.2 with ecdhe ecdsa cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_RSA_SHA256, - &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT); - try_cli("TLS 1.2 with ecdhe-rsa-pss cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, USE_CERT); - try_with_key("TLS 1.2 with ecdhe-rsa-pss/rsa-pss cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_RSA_PSS_SHA256, - &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &cli_ca3_rsa_pss_cert, &cli_ca3_rsa_pss_key, USE_CERT); - - try_with_key("TLS 1.2 with ecdhe x25519 ed25519 cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_EDDSA_ED25519, - &server_ca3_eddsa_cert, &server_ca3_eddsa_key, &server_ca3_eddsa_cert, &server_ca3_eddsa_key, USE_CERT); - - try_cli("TLS 1.2 with dhe-rsa ask cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); - try_cli("TLS 1.2 with ecdhe-rsa ask cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); - try_cli("TLS 1.2 with rsa ask cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); - try_with_key("TLS 1.2 with ecdhe ecdsa cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_UNKNOWN, - &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, ASK_CERT); - - /* illegal setups */ + try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key and 1 sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key and rsa-pss-sha384 first sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key and rsa-pss-sha512 first sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + + try_x509("TLS 1.2 with ecdhe rsa-pss no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_with_key("TLS 1.2 with ecdhe rsa-pss/rsa-pss no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_x509("TLS 1.2 with rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_with_key("TLS 1.2 with ecdhe x25519 ed25519 no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_UNKNOWN, + &server_ca3_eddsa_cert, &server_ca3_eddsa_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + + try_x509_cli("TLS 1.2 with dhe-rsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + try_x509_cli("TLS 1.2 with ecdhe-rsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + try_x509_cli("TLS 1.2 with rsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + try_with_key("TLS 1.2 with ecdhe ecdsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_RSA_SHA256, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_x509_cli("TLS 1.2 with ecdhe-rsa-pss cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, USE_CERT); + try_with_key("TLS 1.2 with ecdhe-rsa-pss/rsa-pss cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_RSA_PSS_SHA256, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &cli_ca3_rsa_pss_cert, &cli_ca3_rsa_pss_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + + try_with_key("TLS 1.2 with ecdhe x25519 ed25519 cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_EDDSA_ED25519, + &server_ca3_eddsa_cert, &server_ca3_eddsa_key, &server_ca3_eddsa_cert, &server_ca3_eddsa_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + + try_x509_cli("TLS 1.2 with dhe-rsa ask cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.2 with ecdhe-rsa ask cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.2 with rsa ask cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_with_key("TLS 1.2 with ecdhe ecdsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, ASK_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + + /** Raw public-key tests **/ + try_rawpk("TLS 1.2 with dhe-rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:+CTYPE-ALL", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.2 with ecdhe x25519 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.2 with ecdhe rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.2 with ecdhe rsa-pss sig no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.2 with ecdhe rsa-pss no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.2 with rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:+CTYPE-ALL", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + + try_rawpk_cli("TLS 1.2 with dhe-rsa cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:+CTYPE-ALL", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + try_rawpk_cli("TLS 1.2 with ecdhe-rsa cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + try_rawpk_cli("TLS 1.2 with rsa cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:+CTYPE-ALL", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + try_rawpk_cli("TLS 1.2 with ecdhe-rsa-pss cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, USE_CERT); + try_rawpk_cli("TLS 1.2 with dhe-rsa ask cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:+CTYPE-ALL", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_rawpk_cli("TLS 1.2 with ecdhe-rsa ask cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_rawpk_cli("TLS 1.2 with rsa ask cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:+CTYPE-ALL", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + + + /** Illegal setups **/ server_priority = "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA"; try_with_key_fail("TLS 1.2 with rsa cert and only RSA-PSS sig algos in client", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", diff --git a/tests/tls13-cert-key-exchange.c b/tests/tls13-cert-key-exchange.c index c0963889ae..8b72b8a8d6 100644 --- a/tests/tls13-cert-key-exchange.c +++ b/tests/tls13-cert-key-exchange.c @@ -40,69 +40,82 @@ void doit(void) global_init(); server_priority = "NORMAL:+ANON-DH:+ANON-ECDH:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519"; - try("TLS 1.3 with ffdhe2048 rsa no-cli-cert / anon on server", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with ffdhe2048 rsa no-cli-cert / anon on server", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + /** X.509 tests **/ server_priority = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519"; /* TLS 1.3 no client cert */ - try("TLS 1.3 with ffdhe2048 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.3 with ffdhe3072 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.3 with ffdhe4096 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE4096", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.3 with secp256r1 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.3 with secp384r1 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.3 with secp521r1 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.3 with x25519 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with ffdhe2048 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with ffdhe3072 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with ffdhe4096 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE4096", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with secp256r1 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with secp384r1 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with secp521r1 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with x25519 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); - try_with_key_ks("TLS 1.3 with secp256r1 ecdsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, GNUTLS_SIGN_UNKNOWN, - &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, GNUTLS_GROUP_SECP256R1); + try_with_key_ks("TLS 1.3 with secp256r1 ecdsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, GNUTLS_GROUP_SECP256R1, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); /* Test RSA-PSS cert/key combo issues */ - try_with_key_ks("TLS 1.3 with x25519 with rsa-pss-sha256 key no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, - &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_GROUP_X25519); - try_with_key_ks("TLS 1.3 with x25519 with rsa-pss-sha256 key and 1 sig no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, - &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_GROUP_X25519); - try_with_key_ks("TLS 1.3 with x25519 with rsa-pss-sha256 key and rsa-pss-sha384 first sig no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, - &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_GROUP_X25519); - try_with_key_ks("TLS 1.3 with x25519 with rsa-pss-sha256 key and rsa-pss-sha512 first sig no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, - &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_GROUP_X25519); - - try_with_key_ks("TLS 1.3 with x25519 rsa-pss/rsa-pss no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, - &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, NULL, NULL, 0, GNUTLS_GROUP_X25519); - try_with_key_ks("TLS 1.3 with x25519 ed25519 no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-ECDSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_UNKNOWN, - &server_ca3_eddsa_cert, &server_ca3_eddsa_key, NULL, NULL, 0, GNUTLS_GROUP_X25519); + try_with_key_ks("TLS 1.3 with x25519 with rsa-pss-sha256 key no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_GROUP_X25519, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key_ks("TLS 1.3 with x25519 with rsa-pss-sha256 key and 1 sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_GROUP_X25519, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key_ks("TLS 1.3 with x25519 with rsa-pss-sha256 key and rsa-pss-sha384 first sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_GROUP_X25519, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key_ks("TLS 1.3 with x25519 with rsa-pss-sha256 key and rsa-pss-sha512 first sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_GROUP_X25519, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + + try_with_key_ks("TLS 1.3 with x25519 rsa-pss/rsa-pss no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, NULL, NULL, 0, GNUTLS_GROUP_X25519, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key_ks("TLS 1.3 with x25519 ed25519 no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-ECDSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_UNKNOWN, + &server_ca3_eddsa_cert, &server_ca3_eddsa_key, NULL, NULL, 0, GNUTLS_GROUP_X25519, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); /* client authentication */ - try_with_key("TLS 1.3 with rsa-pss cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, GNUTLS_SIGN_RSA_PSS_SHA256, - &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_rsa_pss_cert, &cli_ca3_rsa_pss_key, USE_CERT); - try_with_key("TLS 1.3 with rsa cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, - &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT); - try_with_key("TLS 1.3 with ecdsa cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, - &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, USE_CERT); - try_with_key("TLS 1.3 with x25519 ed25519 cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_EDDSA_ED25519, - &server_ca3_eddsa_cert, &server_ca3_eddsa_key, &server_ca3_eddsa_cert, &server_ca3_eddsa_key, USE_CERT); + try_with_key("TLS 1.3 with rsa-pss cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, GNUTLS_SIGN_RSA_PSS_SHA256, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_rsa_pss_cert, &cli_ca3_rsa_pss_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.3 with rsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.3 with ecdsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.3 with x25519 ed25519 cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_EDDSA_ED25519, + &server_ca3_eddsa_cert, &server_ca3_eddsa_key, &server_ca3_eddsa_cert, &server_ca3_eddsa_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); /* TLS 1.3 mis-matching groups */ /* Our policy is to send a key share for the first of each type of groups, so make sure * the server doesn't support them */ server_priority = "NORMAL:-GROUP-ALL:-VERS-TLS-ALL:+VERS-TLS1.3:+GROUP-FFDHE3072:+GROUP-SECP521R1", - try_ks("TLS 1.3 with default key share", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_GROUP_FFDHE3072); - try_ks("TLS 1.3 with ffdhe2048 key share", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_GROUP_FFDHE3072); - try_ks("TLS 1.3 with ffdhe4096 key share", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE4096:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_GROUP_FFDHE3072); - try_ks("TLS 1.3 with secp256r1 key share", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_GROUP_SECP521R1); - try_ks("TLS 1.3 with secp384r1 key share", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_GROUP_SECP521R1); - try_ks("TLS 1.3 with secp521r1 key share", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_GROUP_SECP521R1); - try_ks("TLS 1.3 with x25519 -> ffdhe3072 key share", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP384R1:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_GROUP_FFDHE3072); + try_x509_ks("TLS 1.3 with default key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_GROUP_FFDHE3072); + try_x509_ks("TLS 1.3 with ffdhe2048 key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_GROUP_FFDHE3072); + try_x509_ks("TLS 1.3 with ffdhe4096 key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE4096:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_GROUP_FFDHE3072); + try_x509_ks("TLS 1.3 with secp256r1 key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_GROUP_SECP521R1); + try_x509_ks("TLS 1.3 with secp384r1 key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_GROUP_SECP521R1); + try_x509_ks("TLS 1.3 with secp521r1 key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_GROUP_SECP521R1); + try_x509_ks("TLS 1.3 with x25519 -> ffdhe3072 key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP384R1:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_GROUP_FFDHE3072); /* TLS 1.2 fallback */ server_priority = "NORMAL:-VERS-ALL:+VERS-TLS1.2:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519", try_with_key_ks("TLS 1.2 fallback with x25519 ed25519 no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_UNKNOWN, - &server_ca3_eddsa_cert, &server_ca3_eddsa_key, NULL, NULL, 0, 0); - try("TLS 1.2 fallback with secp521r1 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-GROUP-ALL:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); - try("TLS 1.2 fallback with ffdhe2048 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:-GROUP-ALL:+GROUP-FFDHE2048", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + &server_ca3_eddsa_cert, &server_ca3_eddsa_key, NULL, NULL, 0, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_x509("TLS 1.2 fallback with secp521r1 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-GROUP-ALL:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.2 fallback with ffdhe2048 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:-GROUP-ALL:+GROUP-FFDHE2048", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); - /* illegal setups */ + /** Raw public-key tests **/ + server_priority = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519:+CTYPE-ALL"; + + try_rawpk("TLS 1.3 with ffdhe2048 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+CTYPE-ALL", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.3 with ffdhe3072 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE3072:+CTYPE-ALL", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.3 with ffdhe4096 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE4096:+CTYPE-ALL", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.3 with secp256r1 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.3 with secp384r1 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.3 with secp521r1 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.3 with x25519 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + + + /** Illegal setups **/ server_priority = "NORMAL:-VERS-ALL:+VERS-TLS1.3"; try_with_key_fail("TLS 1.3 with rsa cert and only RSA-PSS sig algos in client", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", diff --git a/tests/tls13/change_cipher_spec.c b/tests/tls13/change_cipher_spec.c index 1a9b80c817..09ef786789 100644 --- a/tests/tls13/change_cipher_spec.c +++ b/tests/tls13/change_cipher_spec.c @@ -134,6 +134,11 @@ static void client(int fd, unsigned ccs_check) if (ret < 0) fail("client: recv did not succeed as expected: %s\n", gnutls_strerror(ret)); + /* send change cipher spec, this should fail in the server */ + do { + ret = send(fd, "\x14\x03\x03\x00\x01\x01", 6, 0); + } while(ret == -1 && (errno == EINTR || errno == EAGAIN)); + close(fd); gnutls_deinit(session); @@ -217,6 +222,7 @@ static void server(int fd, unsigned ccs_check) int ret; gnutls_session_t session; gnutls_certificate_credentials_t x509_cred; + char buf[64]; /* this must be called once in the program */ @@ -276,6 +282,15 @@ static void server(int fd, unsigned ccs_check) if (ret < 0) fail("server: gnutls_record_send did not succeed as expected: %s\n", gnutls_strerror(ret)); + /* receive CCS and fail */ + do { + ret = gnutls_record_recv(session, buf, sizeof(buf)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret != GNUTLS_E_UNEXPECTED_PACKET) + fail("server: incorrect alert sent: %d != %d\n", + ret, GNUTLS_E_UNEXPECTED_PACKET); + close(fd); gnutls_deinit(session); diff --git a/tests/trustdb-tofu.c b/tests/trustdb-tofu.c index 85d08886a0..5917fadf1d 100644 --- a/tests/trustdb-tofu.c +++ b/tests/trustdb-tofu.c @@ -31,6 +31,8 @@ #include <gnutls/gnutls.h> #include <unistd.h> #include "utils.h" +#include "cert-common.h" + /* This will test whether the default public key storage backend * is operating properly */ @@ -40,7 +42,7 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "|<%d>| %s", level, str); } -static unsigned char server_cert_pem[] = +static unsigned char tofu_server_cert_pem[] = "-----BEGIN CERTIFICATE-----\n" "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" @@ -56,8 +58,8 @@ static unsigned char server_cert_pem[] = "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; -const gnutls_datum_t server_cert = { server_cert_pem, - sizeof(server_cert_pem) +const gnutls_datum_t tofu_server_cert = { tofu_server_cert_pem, + sizeof(tofu_server_cert_pem) }; static char client_pem[] = @@ -86,6 +88,7 @@ const gnutls_datum_t client_cert = void doit(void) { gnutls_datum_t der_cert, der_cert2; + gnutls_datum_t der_rawpk, der_rawpk2; int ret; gnutls_datum_t hash; char path[512]; @@ -100,8 +103,9 @@ void doit(void) if (debug) gnutls_global_set_log_level(2); + // X.509 certificates ret = - gnutls_pem_base64_decode_alloc("CERTIFICATE", &server_cert, + gnutls_pem_base64_decode_alloc("CERTIFICATE", &tofu_server_cert, &der_cert); if (ret < 0) { fail("base64 decoding\n"); @@ -116,10 +120,27 @@ void doit(void) goto fail; } + // Raw public keys + ret = + gnutls_pem_base64_decode_alloc("PUBLIC KEY", &rawpk_public_key1, + &der_rawpk); + if (ret < 0) { + fail("base64 decoding\n"); + goto fail; + } + + ret = + gnutls_pem_base64_decode_alloc("PUBLIC KEY", &rawpk_public_key2, + &der_rawpk2); + if (ret < 0) { + fail("base64 decoding\n"); + goto fail; + } + remove(HOSTS_FILE); remove(TMP_FILE); - /* verify whether the stored hash verification succeeeds */ + /* verify whether the stored hash verification succeeds */ ret = gnutls_store_commitment(TMP_FILE, NULL, "localhost", "https", GNUTLS_DIG_SHA1, &hash, 0, GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN); if (ret != 0) { @@ -175,7 +196,8 @@ void doit(void) success("Commitment from homedir verification: passed\n"); #endif - /* verify whether the stored pubkey verification succeeeds */ + /* verify whether the stored pubkey verification succeeds */ + // First we test regular X.509 certs ret = gnutls_store_pubkey(TMP_FILE, NULL, "localhost", "https", GNUTLS_CRT_X509, &der_cert, 0, 0); if (ret != 0) { @@ -184,14 +206,14 @@ void doit(void) } if (debug) - success("Public key storage: passed\n"); + success("Public key storage (from cert): passed\n"); ret = gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost", "https", GNUTLS_CRT_X509, &der_cert, 0); if (ret != 0) { - fail("pubkey verification: %s\n", gnutls_strerror(ret)); + fail("pubkey verification (from cert): %s\n", gnutls_strerror(ret)); goto fail; } @@ -200,7 +222,44 @@ void doit(void) "https", GNUTLS_CRT_X509, &der_cert2, 0); if (ret == 0) { - fail("verification succeed when shouldn't!\n"); + fail("verification succeeded when shouldn't!\n"); + goto fail; + } + if (ret != GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { + fail("Wrong error code returned: %s!\n", + gnutls_strerror(ret)); + goto fail; + } + + if (debug) + success("Public key verification (from cert): passed\n"); + + // Secondly we test raw public keys + ret = gnutls_store_pubkey(TMP_FILE, NULL, "localhost", "https", + GNUTLS_CRT_RAWPK, &der_rawpk, 0, 0); + if (ret != 0) { + fail("storage: %s\n", gnutls_strerror(ret)); + goto fail; + } + + if (debug) + success("Public key storage (from raw pk): passed\n"); + + ret = + gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost", + "https", GNUTLS_CRT_RAWPK, + &der_rawpk, 0); + if (ret != 0) { + fail("pubkey verification (from raw pk): %s\n", gnutls_strerror(ret)); + goto fail; + } + + ret = + gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost", + "https", GNUTLS_CRT_RAWPK, + &der_rawpk2, 0); + if (ret == 0) { + fail("verification succeeded when shouldn't!\n"); goto fail; } if (ret != GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { @@ -210,7 +269,7 @@ void doit(void) } if (debug) - success("Public key verification: passed\n"); + success("Public key verification (from raw pk): passed\n"); remove(HOSTS_FILE); remove(TMP_FILE); @@ -219,6 +278,8 @@ void doit(void) gnutls_global_deinit(); gnutls_free(der_cert.data); gnutls_free(der_cert2.data); + gnutls_free(der_rawpk.data); + gnutls_free(der_rawpk2.data); return; fail: |