From 0b03200e96160b318649abdcfc853c38bf635188 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 17 Aug 2013 13:01:41 +0200 Subject: [PATCH 01/35] Add server-side support for ECDSA client auth --- include/polarssl/ssl.h | 4 + library/ssl_srv.c | 171 ++++++++++++++++++++++++++++++----------- 2 files changed, 132 insertions(+), 43 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 8383b7fdb..65a7c53c3 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -192,6 +192,7 @@ /* * Supported Signature and Hash algorithms (For TLS 1.2) + * RFC 5246 section 7.4.1.4.1 */ #define SSL_HASH_NONE 0 #define SSL_HASH_MD5 1 @@ -202,11 +203,14 @@ #define SSL_HASH_SHA512 6 #define SSL_SIG_RSA 1 +#define SSL_SIG_ECDSA 3 /* * Client Certificate Types + * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5 */ #define SSL_CERT_TYPE_RSA_SIGN 1 +#define SSL_CERT_TYPE_ECDSA_SIGN 64 /* * Message, alert and handshake types diff --git a/library/ssl_srv.c b/library/ssl_srv.c index bfbf2cbb7..53b603194 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1676,7 +1676,8 @@ static int ssl_write_certificate_request( ssl_context *ssl ) { int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; - size_t n = 0, dn_size, total_dn_size; + size_t dn_size, total_dn_size; /* excluding length bytes */ + size_t ct_len, sa_len; /* including length bytes */ unsigned char *buf, *p; const x509_cert *crt; @@ -1708,37 +1709,73 @@ static int ssl_write_certificate_request( ssl_context *ssl ) p = buf + 4; /* - * At the moment, only RSA certificates are supported + * Supported certificate types + * + * ClientCertificateType certificate_types<1..2^8-1>; + * enum { (255) } ClientCertificateType; */ - *p++ = 1; - *p++ = SSL_CERT_TYPE_RSA_SIGN; + ct_len = 0; + +#if defined(POLARSSL_RSA_C) + p[1 + ct_len++] = SSL_CERT_TYPE_RSA_SIGN; +#endif +#if defined(POLARSSL_ECDSA_C) + p[1 + ct_len++] = SSL_CERT_TYPE_ECDSA_SIGN; +#endif + + p[0] = ct_len++; + p += ct_len; /* * Add signature_algorithms for verify (TLS 1.2) - * Only add current running algorithm that is already required for - * requested ciphersuite. * - * Length is always 2 + * SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2>; + * + * struct { + * HashAlgorithm hash; + * SignatureAlgorithm signature; + * } SignatureAndHashAlgorithm; + * + * enum { (255) } HashAlgorithm; + * enum { (255) } SignatureAlgorithm; */ + sa_len = 0; if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) { + /* + * Only use current running hash algorithm that is already required + * for requested ciphersuite. + */ ssl->handshake->verify_sig_alg = SSL_HASH_SHA256; - *p++ = 0; - *p++ = 2; - if( ssl->transform_negotiate->ciphersuite_info->mac == POLARSSL_MD_SHA384 ) { ssl->handshake->verify_sig_alg = SSL_HASH_SHA384; } - *p++ = ssl->handshake->verify_sig_alg; - *p++ = SSL_SIG_RSA; + /* + * Supported signature algorithms + */ +#if defined(POLARSSL_RSA_C) + p[2 + sa_len++] = ssl->handshake->verify_sig_alg; + p[2 + sa_len++] = SSL_SIG_RSA; +#endif +#if defined(POLARSSL_ECDSA_C) + p[2 + sa_len++] = ssl->handshake->verify_sig_alg; + p[2 + sa_len++] = SSL_SIG_ECDSA; +#endif - n += 4; + p[0] = (unsigned char)( sa_len >> 8 ); + p[1] = (unsigned char)( sa_len ); + sa_len += 2; + p += sa_len; } + /* + * DistinguishedName certificate_authorities<0..2^16-1>; + * opaque DistinguishedName<1..2^16-1>; + */ p += 2; crt = ssl->ca_chain; @@ -1763,8 +1800,8 @@ static int ssl_write_certificate_request( ssl_context *ssl ) ssl->out_msglen = p - buf; ssl->out_msgtype = SSL_MSG_HANDSHAKE; ssl->out_msg[0] = SSL_HS_CERTIFICATE_REQUEST; - ssl->out_msg[6 + n] = (unsigned char)( total_dn_size >> 8 ); - ssl->out_msg[7 + n] = (unsigned char)( total_dn_size ); + ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 ); + ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size ); ret = ssl_write_record( ssl ); @@ -2468,10 +2505,12 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) static int ssl_parse_certificate_verify( ssl_context *ssl ) { int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; - size_t n = 0, n1, n2; + size_t sa_len, sig_len; unsigned char hash[48]; - md_type_t md_alg = POLARSSL_MD_NONE; - unsigned int hashlen = 0; + size_t hashlen; + pk_type_t pk_alg; + md_type_t md_alg; + const md_info_t *md_info; const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); @@ -2513,16 +2552,33 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); } - if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) + /* + * 0 . 0 handshake type + * 1 . 3 handshake length + * 4 . 5 sig alg (TLS 1.2 only) + * 4+n . 5+n signature length (n = sa_len) + * 6+n . 6+n+m signature (m = sig_len) + */ + + if( ssl->minor_ver != SSL_MINOR_VERSION_3 ) { + sa_len = 0; + + md_alg = POLARSSL_MD_NONE; + hashlen = 36; + } + else + { + sa_len = 2; + /* - * As server we know we either have SSL_HASH_SHA384 or + * Hash: as server we know we either have SSL_HASH_SHA384 or * SSL_HASH_SHA256 */ - if( ssl->in_msg[4] != ssl->handshake->verify_sig_alg || - ssl->in_msg[5] != SSL_SIG_RSA ) + if( ssl->in_msg[4] != ssl->handshake->verify_sig_alg ) { - SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg for verify message" ) ); + SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" + " for verify message" ) ); return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); } @@ -2531,36 +2587,65 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) else md_alg = POLARSSL_MD_SHA256; - n += 2; - } - else - { - hashlen = 36; - md_alg = POLARSSL_MD_NONE; + /* + * Get hashlen from MD + */ + if( ( md_info = md_info_from_type( md_alg ) ) == NULL ) + { + SSL_DEBUG_MSG( 1, ( "requested hash not available " ) ); + return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + } + hashlen = md_info->size; + + /* + * Signature + */ + switch( ssl->in_msg[5] ) + { +#if defined(POLARSSL_RSA_C) + case SSL_SIG_RSA: + pk_alg = POLARSSL_PK_RSA; + break; +#endif + +#if defined(POLARSSL_ECDSA_C) + case SSL_SIG_ECDSA: + pk_alg = POLARSSL_PK_ECDSA; + break; +#endif + + default: + SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" + " for verify message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + } + + + /* + * Check the certificate's key type matches the signature alg + */ + if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) ) + { + SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + } + } - /* EC NOT IMPLEMENTED YET */ - if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, - POLARSSL_PK_RSA ) ) - { - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); - } + sig_len = ( ssl->in_msg[4 + sa_len] << 8 ) | ssl->in_msg[5 + sa_len]; - n1 = pk_get_size( &ssl->session_negotiate->peer_cert->pk ) / 8; - n2 = ( ssl->in_msg[4 + n] << 8 ) | ssl->in_msg[5 + n]; - - if( n + n1 + 6 != ssl->in_hslen || n1 != n2 ) + if( sa_len + sig_len + 6 != ssl->in_hslen ) { SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); } - ret = rsa_pkcs1_verify( pk_rsa( ssl->session_negotiate->peer_cert->pk ), - RSA_PUBLIC, md_alg, hashlen, hash, - ssl->in_msg + 6 + n ); + ret = pk_verify( &ssl->session_negotiate->peer_cert->pk, + md_alg, hash, hashlen, + ssl->in_msg + 6 + sa_len, sig_len ); if( ret != 0 ) { - SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret ); + SSL_DEBUG_RET( 1, "pk_verify", ret ); return( ret ); } From 32ea60a1277c5c06c344e96dcda8d0fd73a21810 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 17 Aug 2013 17:39:04 +0200 Subject: [PATCH 02/35] Declare ECDSA key exchange and ciphersuites Also fix bug in ssl_list_ciphersuites(). For now, disable it on server. Client will offer it but fail if server selects it. --- include/polarssl/config.h | 28 ++++++++ include/polarssl/ssl_ciphersuites.h | 16 +++++ library/ssl_ciphersuites.c | 107 ++++++++++++++++++++++++++-- library/ssl_srv.c | 8 ++- 4 files changed, 152 insertions(+), 7 deletions(-) diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 5aee16557..0db1cd01d 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -363,6 +363,28 @@ */ #define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED +/** + * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + * + * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS + * + * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_PARSE_C + * + * This enables the following ciphersuites (if other requisites are + * enabled as well): + * TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + * TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + * TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + * TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + */ +#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + /** * \def POLARSSL_ERROR_STRERROR_BC * @@ -1419,6 +1441,12 @@ #error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" #endif +#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ + ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \ + !defined(POLARSSL_X509_PARSE_C) ) +#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" +#endif + #if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \ ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_PARSE_C) ) #error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites" diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h index 8a489b41c..714cdcdfa 100644 --- a/include/polarssl/ssl_ciphersuites.h +++ b/include/polarssl/ssl_ciphersuites.h @@ -119,18 +119,33 @@ extern "C" { #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0 /**< TLS 1.2 */ #define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4 /**< TLS 1.2 */ +#define TLS_ECDHE_ECDSA_WITH_NULL_SHA 0xC006 /**< Weak! */ +#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 0xC007 /**< Not in SSL3! */ +#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC008 /**< Not in SSL3! */ +#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009 /**< Not in SSL3! */ +#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A /**< Not in SSL3! */ + #define TLS_ECDHE_RSA_WITH_NULL_SHA 0xC010 /**< Weak! */ #define TLS_ECDHE_RSA_WITH_RC4_128_SHA 0xC011 /**< Not in SSL3! */ #define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0xC012 /**< Not in SSL3! */ #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013 /**< Not in SSL3! */ #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014 /**< Not in SSL3! */ +#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023 /**< TLS 1.2 */ +#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024 /**< TLS 1.2 */ + #define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028 /**< TLS 1.2 */ +#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B /**< TLS 1.2 */ +#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C /**< TLS 1.2 */ + #define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030 /**< TLS 1.2 */ +#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< TLS 1.2 */ +#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< TLS 1.2 */ + #define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xC076 /**< TLS 1.2 */ #define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0xC077 /**< TLS 1.2 */ @@ -146,6 +161,7 @@ typedef enum { POLARSSL_KEY_EXCHANGE_RSA, POLARSSL_KEY_EXCHANGE_DHE_RSA, POLARSSL_KEY_EXCHANGE_ECDHE_RSA, + POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, POLARSSL_KEY_EXCHANGE_PSK, POLARSSL_KEY_EXCHANGE_DHE_PSK, POLARSSL_KEY_EXCHANGE_RSA_PSK, diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index e714a3c3a..63601f66f 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -40,34 +40,44 @@ static const int ciphersuite_preference[] = { /* All AES-256 ephemeral suites */ + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* All CAMELLIA-256 ephemeral suites */ + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, /* All AES-128 ephemeral suites */ + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* All CAMELLIA-128 ephemeral suites */ + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, /* All remaining > 128-bit ephemeral suites */ + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, /* The PSK ephemeral suites */ @@ -132,6 +142,7 @@ static const int ciphersuite_preference[] = /* Weak or NULL suites */ TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_RSA_WITH_NULL_SHA, @@ -155,6 +166,90 @@ static int supported_init = 0; static const ssl_ciphersuite_t ciphersuite_definitions[] = { +#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(POLARSSL_AES_C) + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, + { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", + POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, +#if defined(POLARSSL_SHA256_C) + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, +#if defined(POLARSSL_GCM_C) + { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_GCM_C */ +#endif /* POLARSSL_SHA256_C */ +#if defined(POLARSSL_SHA512_C) + { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, +#if defined(POLARSSL_GCM_C) + { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_GCM_C */ +#endif /* POLARSSL_SHA512_C */ +#endif /* POLARSSL_AES_C */ + +#if defined(POLARSSL_CAMELLIA_C) +#if defined(POLARSSL_SHA256_C) + { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", + POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_SHA256_C */ +#if defined(POLARSSL_SHA512_C) + { TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", + POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_SHA512_C */ +#endif /* POLARSSL_CAMELLIA_C */ + +#if defined(POLARSSL_DES_C) + { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", + POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_DES_C */ + +#if defined(POLARSSL_ARC4_C) + { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA", + POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC }, +#endif /* POLARSSL_ARC4_C */ + +#if defined(POLARSSL_CIPHER_NULL_CIPHER) + { TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", + POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1, + SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, + POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK }, +#endif /* POLARSSL_CIPHER_NULL_CIPHER */ +#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ + #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) #if defined(POLARSSL_AES_C) { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", @@ -746,16 +841,18 @@ const int *ssl_list_ciphersuites( void ) { const int *p = ciphersuite_preference; int *q = supported_ciphersuites; + size_t i; + size_t max = sizeof(supported_ciphersuites) / sizeof(int); memset( supported_ciphersuites, 0x00, sizeof(supported_ciphersuites) ); - while( *p != 0 ) + /* Leave room for a final 0 */ + for( i = 0; i < max - 1 && p[i] != 0; i++ ) { - if( ssl_ciphersuite_from_id( *p ) != NULL ) - *(q++) = *p; - - p++; + if( ssl_ciphersuite_from_id( p[i] ) != NULL ) + *(q++) = p[i]; } + supported_init = 1; } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 53b603194..17b23f1ab 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1318,6 +1318,10 @@ static int ssl_parse_client_hello( ssl_context *ssl ) continue; #endif + if( ciphersuite_info->key_exchange == + POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ) + continue; + goto have_ciphersuite; } } @@ -1603,9 +1607,9 @@ static int ssl_write_server_hello( ssl_context *ssl ) *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite ); *p++ = (unsigned char)( ssl->session_negotiate->compression ); - SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d", + SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: 0x%04X", ssl->session_negotiate->ciphersuite ) ); - SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", + SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X", ssl->session_negotiate->compression ) ); /* From efebb0a394d1ac44a86519a06122f41234d70278 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 19 Aug 2013 12:06:38 +0200 Subject: [PATCH 03/35] Refactor ssl_parse_server_key_exchange() a bit --- library/ssl_cli.c | 129 +++++++++++++++++++++++++++++++--------------- 1 file changed, 87 insertions(+), 42 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 1c2c395db..bd7129f7d 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1157,20 +1157,29 @@ static int ssl_parse_server_psk_hint( ssl_context *ssl, static int ssl_parse_signature_algorithm( ssl_context *ssl, unsigned char **p, unsigned char *end, - md_type_t *md_alg ) + md_type_t *md_alg, + size_t *hash_len, + pk_type_t *pk_alg ) { + const md_info_t *md_info; + ((void) ssl); *md_alg = POLARSSL_MD_NONE; + *pk_alg = POLARSSL_PK_NONE; + + /* Only in TLS 1.2 */ + if( ssl->minor_ver != SSL_MINOR_VERSION_3 ) + { + *hash_len = 36; + return( 0 ); + } if( (*p) + 2 > end ) return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - if( (*p)[1] != SSL_SIG_RSA ) - { - SSL_DEBUG_MSG( 2, ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) ); - return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - } - + /* + * Get hash algorithm + */ switch( (*p)[0] ) { #if defined(POLARSSL_MD5_C) @@ -1200,7 +1209,43 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl, break; #endif default: - SSL_DEBUG_MSG( 2, ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) ); + SSL_DEBUG_MSG( 2, ( "Server used unsupported " + "HashAlgorithm %d", *(p)[0] ) ); + return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } + + /* + * Get hash_len from hash alg + */ + if( ( md_info = md_info_from_type( *md_alg ) ) == NULL ) + { + SSL_DEBUG_MSG( 2, ( "Server used unsupported " + "HashAlgorithm %d", *(p)[0] ) ); + return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } + + *hash_len = md_info->size; + + /* + * Get signature algorithm + */ + switch( (*p)[1] ) + { +#if defined(POLARSSL_RSA_C) + case SSL_SIG_RSA: + *pk_alg = POLARSSL_PK_RSA; + break; +#endif + +#if defined(POLARSSL_ECDSA_C) + case SSL_SIG_ECDSA: + *pk_alg = POLARSSL_PK_ECDSA; + break; +#endif + + default: + SSL_DEBUG_MSG( 2, ( "server used unsupported " + "SignatureAlgorithm %d", (*p)[1] ) ); return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -1220,10 +1265,11 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) unsigned char *p, *end; #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) - size_t n; + size_t sig_len, params_len; unsigned char hash[64]; md_type_t md_alg = POLARSSL_MD_NONE; - unsigned int hashlen = 0; + size_t hashlen; + pk_type_t pk_alg = POLARSSL_PK_NONE; #endif SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) ); @@ -1325,41 +1371,30 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA || ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ) { + params_len = p - ( ssl->in_msg + 4 ); + /* * Handle the digitally-signed structure */ - if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) + if( ssl_parse_signature_algorithm( ssl, &p, end, + &md_alg, &hashlen, &pk_alg ) != 0 ) { - if( ssl_parse_signature_algorithm( ssl, &p, end, &md_alg ) != 0 ) - { - SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - } + SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - n = ( p[0] << 8 ) | p[1]; + sig_len = ( p[0] << 8 ) | p[1]; p += 2; - if( end != p + n ) - { - SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - } - - if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, - POLARSSL_PK_RSA ) ) - { - SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH ); - } - - if( 8 * (unsigned int)( end - p ) != - pk_get_size( &ssl->session_negotiate->peer_cert->pk ) ) + if( end != p + sig_len ) { SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } + /* + * Compute the hash that has been signed + */ if( ssl->minor_ver != SSL_MINOR_VERSION_3 ) { md5_context md5; @@ -1378,27 +1413,20 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) * SHA(ClientHello.random + ServerHello.random * + ServerParams); */ - n = ssl->in_hslen - ( end - p ) - 6; - md5_starts( &md5 ); md5_update( &md5, ssl->handshake->randbytes, 64 ); - md5_update( &md5, ssl->in_msg + 4, n ); + md5_update( &md5, ssl->in_msg + 4, params_len ); md5_finish( &md5, hash ); sha1_starts( &sha1 ); sha1_update( &sha1, ssl->handshake->randbytes, 64 ); - sha1_update( &sha1, ssl->in_msg + 4, n ); + sha1_update( &sha1, ssl->in_msg + 4, params_len ); sha1_finish( &sha1, hash + 16 ); - - md_alg = POLARSSL_MD_NONE; - hashlen = 36; } else { md_context_t ctx; - n = ssl->in_hslen - ( end - p ) - 8; - /* * digitally-signed struct { * opaque client_random[32]; @@ -1414,13 +1442,30 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) md_starts( &ctx ); md_update( &ctx, ssl->handshake->randbytes, 64 ); - md_update( &ctx, ssl->in_msg + 4, n ); + md_update( &ctx, ssl->in_msg + 4, params_len ); md_finish( &ctx, hash ); md_free_ctx( &ctx ); } SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen ); + /* + * Verify signature + */ + if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, + POLARSSL_PK_RSA ) ) + { + SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH ); + } + + if( 8 * sig_len != + pk_get_size( &ssl->session_negotiate->peer_cert->pk ) ) + { + SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } + if( ( ret = rsa_pkcs1_verify( pk_rsa( ssl->session_negotiate->peer_cert->pk ), RSA_PUBLIC, md_alg, hashlen, hash, p ) ) != 0 ) From 20846b1a50184fae80dc8c0246fd821cef39d35e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 19 Aug 2013 12:32:12 +0200 Subject: [PATCH 04/35] Add client support for ECDHE_ECDSA key exchange --- library/ssl_cli.c | 61 ++++++++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 27 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index bd7129f7d..267e38595 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1083,7 +1083,8 @@ static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p, } #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */ -#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_parse_server_ecdh_params( ssl_context *ssl, unsigned char **p, unsigned char *end ) @@ -1116,7 +1117,8 @@ static int ssl_parse_server_ecdh_params( ssl_context *ssl, return( ret ); } -#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ +#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) @@ -1153,7 +1155,8 @@ static int ssl_parse_server_psk_hint( ssl_context *ssl, POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) + defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_parse_signature_algorithm( ssl_context *ssl, unsigned char **p, unsigned char *end, @@ -1256,7 +1259,8 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl, return( 0 ); } #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED || - POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ + POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ static int ssl_parse_server_key_exchange( ssl_context *ssl ) { @@ -1264,7 +1268,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; unsigned char *p, *end; #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) + defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) size_t sig_len, params_len; unsigned char hash[64]; md_type_t md_alg = POLARSSL_MD_NONE; @@ -1276,6 +1281,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) if( ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_RSA && ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_RSA && + ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA && ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_PSK && ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_PSK ) { @@ -1324,8 +1330,10 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) } else #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */ -#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ) +#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) + if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ) { if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 ) { @@ -1334,7 +1342,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) } } else -#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ +#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ) { @@ -1367,9 +1376,11 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) } #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) + defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA || - ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ) + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ) { params_len = p - ( ssl->in_msg + 4 ); @@ -1452,30 +1463,23 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) /* * Verify signature */ - if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, - POLARSSL_PK_RSA ) ) + if( pk_alg != POLARSSL_PK_NONE && + ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) ) { SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH ); } - if( 8 * sig_len != - pk_get_size( &ssl->session_negotiate->peer_cert->pk ) ) + if( ( ret = pk_verify( &ssl->session_negotiate->peer_cert->pk, + md_alg, hash, hashlen, p, sig_len ) ) != 0 ) { - SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - } - - if( ( ret = rsa_pkcs1_verify( - pk_rsa( ssl->session_negotiate->peer_cert->pk ), - RSA_PUBLIC, md_alg, hashlen, hash, p ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret ); + SSL_DEBUG_RET( 1, "pk_verify", ret ); return( ret ); } } #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED || - POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ + POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ exit: ssl->state++; @@ -1687,8 +1691,10 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) } else #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */ -#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ) +#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) + if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ) { /* * ECDH key exchange -- send client public value @@ -1719,7 +1725,8 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z ); } else -#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ +#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ) { From 09edda888e448b8a3012bd01dbfcde57813d5431 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 19 Aug 2013 13:50:33 +0200 Subject: [PATCH 05/35] Check key type against selected key exchange --- include/polarssl/ssl_ciphersuites.h | 3 +++ library/ssl_ciphersuites.c | 16 ++++++++++++++++ library/ssl_cli.c | 13 +++++++++++++ 3 files changed, 32 insertions(+) diff --git a/include/polarssl/ssl_ciphersuites.h b/include/polarssl/ssl_ciphersuites.h index 714cdcdfa..85392c177 100644 --- a/include/polarssl/ssl_ciphersuites.h +++ b/include/polarssl/ssl_ciphersuites.h @@ -27,6 +27,7 @@ #ifndef POLARSSL_SSL_CIPHERSUITES_H #define POLARSSL_SSL_CIPHERSUITES_H +#include "pk.h" #include "cipher.h" #include "md.h" @@ -197,6 +198,8 @@ const int *ssl_ciphersuites_list( void ); const ssl_ciphersuite_t *ssl_ciphersuite_from_string( const char *ciphersuite_name ); const ssl_ciphersuite_t *ssl_ciphersuite_from_id( int ciphersuite_id ); +pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info ); + #ifdef __cplusplus } #endif diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 63601f66f..759845ee9 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -916,4 +916,20 @@ int ssl_get_ciphersuite_id( const char *ciphersuite_name ) return( cur->id ); } +pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case POLARSSL_KEY_EXCHANGE_DHE_RSA: + case POLARSSL_KEY_EXCHANGE_ECDHE_RSA: + return( POLARSSL_PK_RSA ); + + case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA: + return( POLARSSL_PK_ECDSA ); + + default: + return( POLARSSL_PK_NONE ); + } +} + #endif diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 267e38595..605d4668d 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1394,6 +1394,19 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } + if( pk_alg != POLARSSL_PK_NONE ) + { + if( pk_alg != ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) + { + SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } + } + else + { + pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); + } + sig_len = ( p[0] << 8 ) | p[1]; p += 2; From ac75523593dc7ac638f75142c75284c6ff22b61a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 19 Aug 2013 14:10:16 +0200 Subject: [PATCH 06/35] Adapt ssl_set_own_cert() to generic keys --- include/polarssl/ssl.h | 33 +++++++++++++++++++++++++-------- library/ssl_tls.c | 31 ++++++++++++++++++++++--------- programs/ssl/ssl_client2.c | 14 +++++++------- programs/ssl/ssl_fork_server.c | 14 +++++++------- programs/ssl/ssl_mail_client.c | 14 +++++++------- programs/ssl/ssl_server.c | 14 +++++++------- programs/ssl/ssl_server2.c | 14 +++++++------- programs/test/ssl_test.c | 12 ++++++------ programs/x509/cert_app.c | 8 ++++---- 9 files changed, 92 insertions(+), 62 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 65a7c53c3..b98551b4a 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -578,6 +578,7 @@ struct _ssl_context /* * PKI layer */ + pk_context *pk_key; /*!< own private key */ #if defined(POLARSSL_RSA_C) void *rsa_key; /*!< own RSA private key */ rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/ @@ -903,13 +904,29 @@ void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain, * * \param ssl SSL context * \param own_cert own public certificate chain - * \param rsa_key own private RSA key + * \param pk_key own private key */ void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert, - rsa_context *rsa_key ); + pk_context *rsa_key ); + +#if defined(POLARSSL_RSA_C) +/** + * \brief Set own certificate chain and private RSA key + * + * Note: own_cert should contain IN order from the bottom + * up your certificate chain. The top certificate (self-signed) + * can be omitted. + * + * \param ssl SSL context + * \param own_cert own public certificate chain + * \param rsa_key own private RSA key + */ +void ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert, + rsa_context *rsa_key ); +#endif /* POLARSSL_RSA_C */ /** - * \brief Set own certificate and alternate non-PolarSSL private + * \brief Set own certificate and alternate non-PolarSSL RSA private * key and handling callbacks, such as the PKCS#11 wrappers * or any other external private key handler. * (see the respective RSA functions in rsa.h for documentation @@ -927,11 +944,11 @@ void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert, * \param rsa_sign_func alternate implementation of \c rsa_pkcs1_sign() * \param rsa_key_len_func function returning length of RSA key in bytes */ -void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert, - void *rsa_key, - rsa_decrypt_func rsa_decrypt, - rsa_sign_func rsa_sign, - rsa_key_len_func rsa_key_len ); +void ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert, + void *rsa_key, + rsa_decrypt_func rsa_decrypt, + rsa_sign_func rsa_sign, + rsa_key_len_func rsa_key_len ); #endif /* POLARSSL_X509_PARSE_C */ #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 033c9faf6..4e5b3e6ae 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3143,22 +3143,35 @@ void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain, } void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert, - rsa_context *rsa_key ) + pk_context *pk_key ) +{ + ssl->own_cert = own_cert; + ssl->pk_key = pk_key; + + /* Temporary, until everything is moved to PK */ + if( pk_key->pk_info->type == POLARSSL_PK_RSA ) + ssl->rsa_key = pk_key->pk_ctx; +} + +#if defined(POLARSSL_RSA_C) +void ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert, + rsa_context *rsa_key ) { ssl->own_cert = own_cert; ssl->rsa_key = rsa_key; } +#endif /* POLARSSL_RSA_C */ -void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert, - void *rsa_key, - rsa_decrypt_func rsa_decrypt, - rsa_sign_func rsa_sign, - rsa_key_len_func rsa_key_len ) +void ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert, + void *rsa_key, + rsa_decrypt_func rsa_decrypt, + rsa_sign_func rsa_sign, + rsa_key_len_func rsa_key_len ) { - ssl->own_cert = own_cert; - ssl->rsa_key = rsa_key; + ssl->own_cert = own_cert; + ssl->rsa_key = rsa_key; ssl->rsa_decrypt = rsa_decrypt; - ssl->rsa_sign = rsa_sign; + ssl->rsa_sign = rsa_sign; ssl->rsa_key_len = rsa_key_len; } #endif /* POLARSSL_X509_PARSE_C */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index dd7fc465e..e5adef725 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -257,7 +257,7 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_X509_PARSE_C) x509_cert cacert; x509_cert clicert; - rsa_context rsa; + pk_context pkey; #endif char *p, *q; const int *list; @@ -271,7 +271,7 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_X509_PARSE_C) memset( &cacert, 0, sizeof( x509_cert ) ); memset( &clicert, 0, sizeof( x509_cert ) ); - memset( &rsa, 0, sizeof( rsa_context ) ); + pk_init( &pkey ); #endif if( argc == 0 ) @@ -626,11 +626,11 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_FS_IO) if( strlen( opt.key_file ) ) - ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" ); + ret = x509parse_keyfile( &pkey, opt.key_file, "" ); else #endif #if defined(POLARSSL_CERTS_C) - ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_cli_key, + ret = x509parse_key( &pkey, (const unsigned char *) test_cli_key, strlen( test_cli_key ), NULL, 0 ); #else { @@ -640,7 +640,7 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - printf( " failed\n ! x509parse_key_rsa returned -0x%x\n\n", -ret ); + printf( " failed\n ! x509parse_key returned -0x%x\n\n", -ret ); goto exit; } @@ -711,7 +711,7 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_X509_PARSE_C) ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); - ssl_set_own_cert( &ssl, &clicert, &rsa ); + ssl_set_own_cert( &ssl, &clicert, &pkey ); #endif #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) @@ -911,7 +911,7 @@ exit: #if defined(POLARSSL_X509_PARSE_C) x509_free( &clicert ); x509_free( &cacert ); - rsa_free( &rsa ); + pk_free( &pkey ); #endif ssl_session_free( &saved_session ); ssl_free( &ssl ); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 986458b5e..98a518c14 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -104,7 +104,7 @@ int main( int argc, char *argv[] ) ctr_drbg_context ctr_drbg; ssl_context ssl; x509_cert srvcert; - rsa_context rsa; + pk_context pkey; ((void) argc); ((void) argv); @@ -139,7 +139,7 @@ int main( int argc, char *argv[] ) /* * This demonstration program uses embedded test certificates. * Instead, you may want to use x509parse_crtfile() to read the - * server and CA certificates, as well as x509parse_keyfile_rsa(). + * server and CA certificates, as well as x509parse_keyfile(). */ ret = x509parse_crt( &srvcert, (const unsigned char *) test_srv_crt, strlen( test_srv_crt ) ); @@ -157,12 +157,12 @@ int main( int argc, char *argv[] ) goto exit; } - rsa_init( &rsa, RSA_PKCS_V15, 0 ); - ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key, + pk_init( &pkey ); + ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key, strlen( test_srv_key ), NULL, 0 ); if( ret != 0 ) { - printf( " failed\n ! x509parse_key_rsa returned %d\n\n", ret ); + printf( " failed\n ! x509parse_key returned %d\n\n", ret ); goto exit; } @@ -265,7 +265,7 @@ int main( int argc, char *argv[] ) net_send, &client_fd ); ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); - ssl_set_own_cert( &ssl, &srvcert, &rsa ); + ssl_set_own_cert( &ssl, &srvcert, &pkey ); /* * 5. Handshake @@ -363,7 +363,7 @@ exit: net_close( client_fd ); x509_free( &srvcert ); - rsa_free( &rsa ); + pk_free( &pkey ); ssl_free( &ssl ); #if defined(_WIN32) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 665cdbfe8..6333d170c 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -352,7 +352,7 @@ int main( int argc, char *argv[] ) ssl_context ssl; x509_cert cacert; x509_cert clicert; - rsa_context rsa; + pk_context pkey; int i; size_t n; char *p, *q; @@ -364,7 +364,7 @@ int main( int argc, char *argv[] ) server_fd = 0; memset( &cacert, 0, sizeof( x509_cert ) ); memset( &clicert, 0, sizeof( x509_cert ) ); - memset( &rsa, 0, sizeof( rsa_context ) ); + pk_init( &pkey ); if( argc == 0 ) { @@ -532,11 +532,11 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_FS_IO) if( strlen( opt.key_file ) ) - ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" ); + ret = x509parse_keyfile( &pkey, opt.key_file, "" ); else #endif #if defined(POLARSSL_CERTS_C) - ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_cli_key, + ret = x509parse_key( &pkey, (const unsigned char *) test_cli_key, strlen( test_cli_key ), NULL, 0 ); #else { @@ -546,7 +546,7 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - printf( " failed\n ! x509parse_key_rsa returned %d\n\n", ret ); + printf( " failed\n ! x509parse_key returned %d\n\n", ret ); goto exit; } @@ -594,7 +594,7 @@ int main( int argc, char *argv[] ) ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); - ssl_set_own_cert( &ssl, &clicert, &rsa ); + ssl_set_own_cert( &ssl, &clicert, &pkey ); ssl_set_hostname( &ssl, opt.server_name ); @@ -789,7 +789,7 @@ exit: net_close( server_fd ); x509_free( &clicert ); x509_free( &cacert ); - rsa_free( &rsa ); + pk_free( &pkey ); ssl_free( &ssl ); #if defined(_WIN32) diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index dbb193ba4..801c0c6dc 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -94,7 +94,7 @@ int main( int argc, char *argv[] ) ctr_drbg_context ctr_drbg; ssl_context ssl; x509_cert srvcert; - rsa_context rsa; + pk_context pkey; #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_context cache; #endif @@ -117,7 +117,7 @@ int main( int argc, char *argv[] ) /* * This demonstration program uses embedded test certificates. * Instead, you may want to use x509parse_crtfile() to read the - * server and CA certificates, as well as x509parse_keyfile_rsa(). + * server and CA certificates, as well as x509parse_keyfile(). */ ret = x509parse_crt( &srvcert, (const unsigned char *) test_srv_crt, strlen( test_srv_crt ) ); @@ -135,12 +135,12 @@ int main( int argc, char *argv[] ) goto exit; } - rsa_init( &rsa, RSA_PKCS_V15, 0 ); - ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key, + pk_init( &pkey ); + ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key, strlen( test_srv_key ), NULL, 0 ); if( ret != 0 ) { - printf( " failed\n ! x509parse_key_rsa returned %d\n\n", ret ); + printf( " failed\n ! x509parse_key returned %d\n\n", ret ); goto exit; } @@ -201,7 +201,7 @@ int main( int argc, char *argv[] ) #endif ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); - ssl_set_own_cert( &ssl, &srvcert, &rsa ); + ssl_set_own_cert( &ssl, &srvcert, &pkey ); printf( " ok\n" ); @@ -364,7 +364,7 @@ exit: net_close( client_fd ); x509_free( &srvcert ); - rsa_free( &rsa ); + pk_free( &pkey ); ssl_free( &ssl ); #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_free( &cache ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 681850bee..8831190b0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -215,7 +215,7 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_X509_PARSE_C) x509_cert cacert; x509_cert srvcert; - rsa_context rsa; + pk_context pkey; #endif #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_context cache; @@ -239,7 +239,7 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_X509_PARSE_C) memset( &cacert, 0, sizeof( x509_cert ) ); memset( &srvcert, 0, sizeof( x509_cert ) ); - memset( &rsa, 0, sizeof( rsa_context ) ); + pk_init( &pkey ); #endif #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_init( &cache ); @@ -575,11 +575,11 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_FS_IO) if( strlen( opt.key_file ) ) - ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" ); + ret = x509parse_keyfile( &pkey, opt.key_file, "" ); else #endif #if defined(POLARSSL_CERTS_C) - ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key, + ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key, strlen( test_srv_key ), NULL, 0 ); #else { @@ -589,7 +589,7 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - printf( " failed\n ! x509parse_key_rsa returned -0x%x\n\n", -ret ); + printf( " failed\n ! x509parse_key returned -0x%x\n\n", -ret ); goto exit; } @@ -649,7 +649,7 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_X509_PARSE_C) ssl_set_ca_chain( &ssl, &cacert, NULL, NULL ); - ssl_set_own_cert( &ssl, &srvcert, &rsa ); + ssl_set_own_cert( &ssl, &srvcert, &pkey ); #endif #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) @@ -877,7 +877,7 @@ exit: #if defined(POLARSSL_X509_PARSE_C) x509_free( &srvcert ); x509_free( &cacert ); - rsa_free( &rsa ); + pk_free( &pkey ); #endif ssl_free( &ssl ); diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c index ce45ccf87..797226bb1 100644 --- a/programs/test/ssl_test.c +++ b/programs/test/ssl_test.c @@ -166,7 +166,7 @@ static int ssl_test( struct options *opt ) ctr_drbg_context ctr_drbg; ssl_context ssl; x509_cert srvcert; - rsa_context rsa; + pk_context pkey; ret = 1; @@ -187,7 +187,7 @@ static int ssl_test( struct options *opt ) memset( write_state, 0, sizeof( write_state ) ); memset( &srvcert, 0, sizeof( x509_cert ) ); - memset( &rsa, 0, sizeof( rsa_context ) ); + pk_init( &pkey ); if( opt->opmode == OPMODE_CLIENT ) { @@ -229,11 +229,11 @@ static int ssl_test( struct options *opt ) goto exit; } - ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key, + ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key, strlen( test_srv_key ), NULL, 0 ); if( ret != 0 ) { - printf( " ! x509parse_key_rsa returned %d\n\n", ret ); + printf( " ! x509parse_key returned %d\n\n", ret ); goto exit; } #endif @@ -262,7 +262,7 @@ static int ssl_test( struct options *opt ) ssl_set_endpoint( &ssl, SSL_IS_SERVER ); ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); - ssl_set_own_cert( &ssl, &srvcert, &rsa ); + ssl_set_own_cert( &ssl, &srvcert, &pkey ); } ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); @@ -400,7 +400,7 @@ exit: ssl_close_notify( &ssl ); x509_free( &srvcert ); - rsa_free( &rsa ); + pk_free( &pkey ); ssl_free( &ssl ); net_close( client_fd ); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index d7cacdb88..40d76d8e8 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -157,7 +157,7 @@ int main( int argc, char *argv[] ) ssl_context ssl; x509_cert cacert; x509_cert clicert; - rsa_context rsa; + pk_context pkey; int i, j, n; int flags, verify = 0; char *p, *q; @@ -169,7 +169,7 @@ int main( int argc, char *argv[] ) server_fd = 0; memset( &cacert, 0, sizeof( x509_cert ) ); memset( &clicert, 0, sizeof( x509_cert ) ); - memset( &rsa, 0, sizeof( rsa_context ) ); + pk_init( &pkey ); if( argc == 0 ) { @@ -404,7 +404,7 @@ int main( int argc, char *argv[] ) ssl_set_bio( &ssl, net_recv, &server_fd, net_send, &server_fd ); - ssl_set_own_cert( &ssl, &clicert, &rsa ); + ssl_set_own_cert( &ssl, &clicert, &pkey ); ssl_set_hostname( &ssl, opt.server_name ); @@ -450,7 +450,7 @@ exit: net_close( server_fd ); x509_free( &cacert ); x509_free( &clicert ); - rsa_free( &rsa ); + pk_free( &pkey ); #if defined(_WIN32) printf( " + Press Enter to exit this program.\n" ); From abae74c4a08918f5f243be711f9d9eebe300deba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Aug 2013 13:53:44 +0200 Subject: [PATCH 07/35] Add server support for ECDHE_ECDSA key exchange --- library/ssl_srv.c | 175 +++++++++++++++++++++++++++++++--------------- 1 file changed, 118 insertions(+), 57 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 17b23f1ab..f8e174845 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -912,6 +912,7 @@ static int ssl_parse_client_hello( ssl_context *ssl ) int handshake_failure = 0; const int *ciphersuites; const ssl_ciphersuite_t *ciphersuite_info; + pk_type_t pk_alg; SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) ); @@ -1303,7 +1304,7 @@ static int ssl_parse_client_hello( ssl_context *ssl ) if( ciphersuite_info == NULL ) { - SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found", + SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", ciphersuites[i] ) ); return( POLARSSL_ERR_SSL_BAD_INPUT_DATA ); } @@ -1318,8 +1319,12 @@ static int ssl_parse_client_hello( ssl_context *ssl ) continue; #endif - if( ciphersuite_info->key_exchange == - POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ) + /* If ciphersuite requires us to have a private key of a + * certain type, make sure we do */ + pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); + if( pk_alg != POLARSSL_PK_NONE && + ( ssl->pk_key == NULL || + ! pk_can_do( ssl->pk_key, pk_alg ) ) ) continue; goto have_ciphersuite; @@ -1823,10 +1828,10 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) size_t n = 0, len; unsigned char hash[64]; md_type_t md_alg = POLARSSL_MD_NONE; - unsigned int hashlen = 0; + unsigned int hashlen; unsigned char *p = ssl->out_msg + 4; - unsigned char *dig_sig = p; - size_t dig_sig_len = 0; + unsigned char *dig_signed = p; + size_t dig_signed_len = 0; const ssl_ciphersuite_t *ciphersuite_info; ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; @@ -1835,6 +1840,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) if( ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_RSA && ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_RSA && + ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA && ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_PSK ) { SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) ); @@ -1842,14 +1848,6 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) return( 0 ); } -#if defined(POLARSSL_RSA_C) - if( ssl->rsa_key == NULL ) - { - SSL_DEBUG_MSG( 1, ( "got no private key" ) ); - return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED ); - } -#endif /* POLARSSL_RSA_C */ - #if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK ) { @@ -1891,8 +1889,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) return( ret ); } - dig_sig = p; - dig_sig_len = len; + dig_signed = p; + dig_signed_len = len; p += len; n += len; @@ -1905,8 +1903,10 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED || POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ) +#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) + if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ) { /* * Ephemeral ECDH parameters: @@ -1932,23 +1932,29 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) return( ret ); } - dig_sig = p; - dig_sig_len = len; + dig_signed = p; + dig_signed_len = len; p += len; n += len; SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q ); } -#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ +#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) + defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA || - ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ) + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ) { - size_t rsa_key_len = 0; + size_t signature_len = 0; + /* + * Compute the hash to be signed + */ if( ssl->minor_ver != SSL_MINOR_VERSION_3 ) { md5_context md5; @@ -1969,12 +1975,12 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) */ md5_starts( &md5 ); md5_update( &md5, ssl->handshake->randbytes, 64 ); - md5_update( &md5, dig_sig, dig_sig_len ); + md5_update( &md5, dig_signed, dig_signed_len ); md5_finish( &md5, hash ); sha1_starts( &sha1 ); sha1_update( &sha1, ssl->handshake->randbytes, 64 ); - sha1_update( &sha1, dig_sig, dig_sig_len ); + sha1_update( &sha1, dig_signed, dig_signed_len ); sha1_finish( &sha1, hash + 16 ); hashlen = 36; @@ -1983,6 +1989,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) else { md_context_t ctx; + const md_info_t *md_info; /* * digitally-signed struct { @@ -2024,7 +2031,15 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) return( -1 ); } - if( ( ret = md_init_ctx( &ctx, md_info_from_type( md_alg ) ) ) != 0 ) + if( ( md_info = md_info_from_type( md_alg ) ) == NULL ) + { + SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + } + + hashlen = md_info->size; + + if( ( ret = md_init_ctx( &ctx, md_info ) ) != 0 ) { SSL_DEBUG_RET( 1, "md_init_ctx", ret ); return( ret ); @@ -2032,7 +2047,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) md_starts( &ctx ); md_update( &ctx, ssl->handshake->randbytes, 64 ); - md_update( &ctx, dig_sig, dig_sig_len ); + md_update( &ctx, dig_signed, dig_signed_len ); md_finish( &ctx, hash ); if( ( ret = md_free_ctx( &ctx ) ) != 0 ) @@ -2045,40 +2060,82 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen ); - if ( ssl->rsa_key ) - rsa_key_len = ssl->rsa_key_len( ssl->rsa_key ); - - if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) + /* + * Make the signature + */ + if( ssl->pk_key == NULL || ssl->pk_key->pk_info == NULL ) { - *(p++) = ssl->handshake->sig_alg; - *(p++) = SSL_SIG_RSA; - - n += 2; + SSL_DEBUG_MSG( 1, ( "got no private key" ) ); + return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED ); } - *(p++) = (unsigned char)( rsa_key_len >> 8 ); - *(p++) = (unsigned char)( rsa_key_len ); +#if defined(POLARSSL_RSA_C) + if( ssl->rsa_key != NULL ) + { + if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) + { + *(p++) = ssl->handshake->sig_alg; + *(p++) = SSL_SIG_RSA; + + n += 2; + } + + if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng, + RSA_PRIVATE, md_alg, hashlen, hash, p + 2 ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "rsa_sign", ret ); + return( ret ); + } + + signature_len = ssl->rsa_key_len( ssl->rsa_key ); + } + else +#endif /* POLARSSL_RSA_C */ +#if defined(POLARSSL_ECDSA_C) + if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) ) + { + ecdsa_context ecdsa; + + if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) + { + *(p++) = ssl->handshake->sig_alg; + *(p++) = SSL_SIG_ECDSA; + + n += 2; + } + + ecdsa_init( &ecdsa ); + + ret = ecdsa_from_keypair( &ecdsa, ssl->pk_key->pk_ctx ) || + ecdsa_write_signature( &ecdsa, hash, hashlen, + p + 2, &signature_len, + ssl->f_rng, ssl->p_rng ); + + ecdsa_free( &ecdsa ); + + if( ret != 0 ) + { + SSL_DEBUG_RET( 1, "ecdsa_sign", ret ); + return( ret ); + } + } + else +#endif /* POLARSSL_ECDSA_C */ + /* should never happen */ + return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + + *(p++) = (unsigned char)( signature_len >> 8 ); + *(p++) = (unsigned char)( signature_len ); n += 2; - if ( ssl->rsa_key ) - { - ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng, - RSA_PRIVATE, md_alg, hashlen, hash, p ); - } + SSL_DEBUG_BUF( 3, "my signature", p, signature_len ); - if( ret != 0 ) - { - SSL_DEBUG_RET( 1, "pkcs1_sign", ret ); - return( ret ); - } - - SSL_DEBUG_BUF( 3, "my RSA sig", p, rsa_key_len ); - - p += rsa_key_len; - n += rsa_key_len; + p += signature_len; + n += signature_len; } #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || - POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ + POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ ssl->out_msglen = 4 + n; ssl->out_msgtype = SSL_MSG_HANDSHAKE; @@ -2362,8 +2419,10 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl ) } else #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */ -#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ) +#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) + if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ) { if( ( ret = ssl_parse_client_ecdh_public( ssl ) ) != 0 ) { @@ -2383,7 +2442,8 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl ) SSL_DEBUG_MPI( 3, "ECDH: z ", &ssl->handshake->ecdh_ctx.z ); } else -#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ +#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ) { @@ -2469,6 +2529,7 @@ static int ssl_parse_client_key_exchange( ssl_context *ssl ) else #endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */ { + SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); } From 76c18a1a77795f232614ee6a65cea82be9e0250b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Aug 2013 16:50:40 +0200 Subject: [PATCH 08/35] Add client support for ECDSA client auth --- library/ssl_cli.c | 74 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 56 insertions(+), 18 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 605d4668d..dbc804afa 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1949,7 +1949,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) size_t n = 0, offset = 0; unsigned char hash[48]; md_type_t md_alg = POLARSSL_MD_NONE; - unsigned int hashlen = 0; + unsigned int hashlen; SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); @@ -1968,7 +1968,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) return( 0 ); } - if( ssl->rsa_key == NULL ) + if( ssl->pk_key == NULL || ssl->pk_key->pk_info == NULL ) { SSL_DEBUG_MSG( 1, ( "got no private key" ) ); return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED ); @@ -1998,6 +1998,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) } else { + const md_info_t *md_info; /* * digitally-signed struct { * opaque handshake_messages[handshake_messages_length]; @@ -2018,37 +2019,74 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) { md_alg = POLARSSL_MD_SHA384; ssl->out_msg[4] = SSL_HASH_SHA384; - ssl->out_msg[5] = SSL_SIG_RSA; } else { md_alg = POLARSSL_MD_SHA256; ssl->out_msg[4] = SSL_HASH_SHA256; - ssl->out_msg[5] = SSL_SIG_RSA; } + /* SIG added later */ + + if( ( md_info = md_info_from_type( md_alg ) ) == NULL ) + { + SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + } + + hashlen = md_info->size; offset = 2; } - if ( ssl->rsa_key ) +#if defined(POLARSSL_RSA_C) + if( ssl->rsa_key != NULL ) + { + if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) + ssl->out_msg[5] = SSL_SIG_RSA; + + if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng, + RSA_PRIVATE, md_alg, + hashlen, hash, ssl->out_msg + 6 + offset ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "pkcs1_sign", ret ); + return( ret ); + } + n = ssl->rsa_key_len ( ssl->rsa_key ); + } + else +#endif /* POLARSSL_RSA_C */ +#if defined(POLARSSL_ECDSA_C) + if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) ) + { + ecdsa_context ecdsa; + + if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) + ssl->out_msg[5] = SSL_SIG_ECDSA; + + ecdsa_init( &ecdsa ); + + ret = ecdsa_from_keypair( &ecdsa, ssl->pk_key->pk_ctx ) || + ecdsa_write_signature( &ecdsa, hash, hashlen, + ssl->out_msg + 6 + offset, &n, + ssl->f_rng, ssl->p_rng ); + + ecdsa_free( &ecdsa ); + + if( ret != 0 ) + { + SSL_DEBUG_RET( 1, "ecdsa_sign", ret ); + return( ret ); + } + } + else +#endif /* POLARSSL_ECDSA_C */ + /* should never happen */ + return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); ssl->out_msg[5 + offset] = (unsigned char)( n ); - if( ssl->rsa_key ) - { - ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng, - RSA_PRIVATE, md_alg, - hashlen, hash, ssl->out_msg + 6 + offset ); - } - - if (ret != 0) - { - SSL_DEBUG_RET( 1, "pkcs1_sign", ret ); - return( ret ); - } - ssl->out_msglen = 6 + n + offset; ssl->out_msgtype = SSL_MSG_HANDSHAKE; ssl->out_msg[0] = SSL_HS_CERTIFICATE_VERIFY; From 583b608401097b0c7785ba3328c9451ed9921964 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Aug 2013 16:58:13 +0200 Subject: [PATCH 09/35] Fix some return values --- library/pk_wrap.c | 4 ++-- library/ssl_cli.c | 10 ++++++---- library/ssl_srv.c | 11 +++++++---- library/x509parse.c | 5 +++-- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index c2a4c7fce..249f7bd0c 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -141,8 +141,8 @@ static int eckey_verify_wrap( void *ctx, md_type_t md_alg, ecdsa_init( &ecdsa ); - ret = ecdsa_from_keypair( &ecdsa, ctx ) || - ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len ); + if( ( ret = ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) + ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len ); ecdsa_free( &ecdsa ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index dbc804afa..274cb3ae3 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2066,10 +2066,12 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) ecdsa_init( &ecdsa ); - ret = ecdsa_from_keypair( &ecdsa, ssl->pk_key->pk_ctx ) || - ecdsa_write_signature( &ecdsa, hash, hashlen, - ssl->out_msg + 6 + offset, &n, - ssl->f_rng, ssl->p_rng ); + if( ( ret = ecdsa_from_keypair( &ecdsa, ssl->pk_key->pk_ctx ) ) == 0 ) + { + ret = ecdsa_write_signature( &ecdsa, hash, hashlen, + ssl->out_msg + 6 + offset, &n, + ssl->f_rng, ssl->p_rng ); + } ecdsa_free( &ecdsa ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f8e174845..e3f604fe9 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2106,10 +2106,13 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) ecdsa_init( &ecdsa ); - ret = ecdsa_from_keypair( &ecdsa, ssl->pk_key->pk_ctx ) || - ecdsa_write_signature( &ecdsa, hash, hashlen, - p + 2, &signature_len, - ssl->f_rng, ssl->p_rng ); + ret = ecdsa_from_keypair( &ecdsa, ssl->pk_key->pk_ctx ); + if( ret == 0 ) + { + ret = ecdsa_write_signature( &ecdsa, hash, hashlen, + p + 2, &signature_len, + ssl->f_rng, ssl->p_rng ); + } ecdsa_free( &ecdsa ); diff --git a/library/x509parse.c b/library/x509parse.c index a76285512..9f90b5ab6 100644 --- a/library/x509parse.c +++ b/library/x509parse.c @@ -605,8 +605,9 @@ static int x509_get_pubkey( unsigned char **p, #if defined(POLARSSL_ECP_C) if( pk_alg == POLARSSL_PK_ECKEY_DH || pk_alg == POLARSSL_PK_ECKEY ) { - ret = x509_use_ecparams( &alg_params, &pk_ec( *pk )->grp ) || - x509_get_ecpubkey( p, end, pk_ec( *pk ) ); + ret = x509_use_ecparams( &alg_params, &pk_ec( *pk )->grp ); + if( ret == 0 ) + ret = x509_get_ecpubkey( p, end, pk_ec( *pk ) ); } else #endif /* POLARSSL_ECP_C */ ret = POLARSSL_ERR_X509_UNKNOWN_PK_ALG; From 8df2769178781aa4442beb43a27d627297a5b217 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Aug 2013 10:34:38 +0200 Subject: [PATCH 10/35] Introduce pk_sign() and use it in ssl --- include/polarssl/pk.h | 26 ++++++++++++++++++++ include/polarssl/ssl.h | 1 + library/pk.c | 21 ++++++++++++++-- library/pk_wrap.c | 54 +++++++++++++++++++++++++++++++++++++++++- library/ssl_cli.c | 46 ++++++++++++++++++----------------- library/ssl_srv.c | 46 ++++++++++++++++++----------------- library/ssl_tls.c | 1 + 7 files changed, 148 insertions(+), 47 deletions(-) diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h index fb0e92ec5..cc8a2fcfb 100644 --- a/include/polarssl/pk.h +++ b/include/polarssl/pk.h @@ -129,6 +129,13 @@ typedef struct const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ); + /** Make signature */ + int (*sign_func)( void *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); + /** Allocate a new context */ void * (*ctx_alloc_func)( void ); @@ -218,6 +225,25 @@ int pk_verify( pk_context *ctx, md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ); +/** + * \brief Make signature + * + * \param ctx PK context to use + * \param md_alg Hash algorithm used + * \param hash Hash of the message to sign + * \param hash_len Hash length + * \param sig Place to write the signature + * \param sig_len Number of bytes written + * \param f_rng RNG function + * \param p_rng RNG parameter + * + * \return 0 on success, or a specific error code. + */ +int pk_sign( pk_context *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + /** * \brief Export debug information * diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index b98551b4a..9a1d22044 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -580,6 +580,7 @@ struct _ssl_context */ pk_context *pk_key; /*!< own private key */ #if defined(POLARSSL_RSA_C) + int rsa_use_alt; /*pk_info->verify_func == NULL ) return( POLARSSL_ERR_PK_TYPE_MISMATCH ); - return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, - hash, hash_len, + return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len, sig, sig_len ) ); } +/* + * Make a signature + */ +int pk_sign( pk_context *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + if( ctx == NULL || ctx->pk_info == NULL ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); + + if( ctx->pk_info->sign_func == NULL ) + return( POLARSSL_ERR_PK_TYPE_MISMATCH ); + + return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len, + sig, sig_len, f_rng, p_rng ) ); +} + /* * Get key size in bits */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 249f7bd0c..eb91d895f 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -69,6 +69,17 @@ static int rsa_verify_wrap( void *ctx, md_type_t md_alg, RSA_PUBLIC, md_alg, hash_len, hash, sig ) ); } +static int rsa_sign_wrap( void *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + *sig_len = ((rsa_context *) ctx)->len; + + return( rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, RSA_PRIVATE, + md_alg, hash_len, hash, sig ) ); +} + static void *rsa_alloc_wrap( void ) { void *ctx = polarssl_malloc( sizeof( rsa_context ) ); @@ -104,6 +115,7 @@ const pk_info_t rsa_info = { rsa_get_size, rsa_can_do, rsa_verify_wrap, + rsa_sign_wrap, rsa_alloc_wrap, rsa_free_wrap, rsa_debug, @@ -127,11 +139,16 @@ static size_t eckey_get_size( const void *ctx ) } #if defined(POLARSSL_ECDSA_C) -/* Forward declaration */ +/* Forward declarations */ static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ); +static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + static int eckey_verify_wrap( void *ctx, md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) @@ -148,6 +165,26 @@ static int eckey_verify_wrap( void *ctx, md_type_t md_alg, return( ret ); } + +static int eckey_sign_wrap( void *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + int ret; + ecdsa_context ecdsa; + + ecdsa_init( &ecdsa ); + + if( ( ret = ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) + ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len, + f_rng, p_rng ); + + ecdsa_free( &ecdsa ); + + return( ret ); +} + #endif /* POLARSSL_ECDSA_C */ static void *eckey_alloc_wrap( void ) @@ -180,8 +217,10 @@ const pk_info_t eckey_info = { eckey_can_do, #if defined(POLARSSL_ECDSA_C) eckey_verify_wrap, + eckey_sign_wrap, #else NULL, + NULL, #endif eckey_alloc_wrap, eckey_free_wrap, @@ -203,6 +242,7 @@ const pk_info_t eckeydh_info = { eckey_get_size, /* Same underlying key structure */ eckeydh_can_do, NULL, + NULL, eckey_alloc_wrap, /* Same underlying key structure */ eckey_free_wrap, /* Same underlying key structure */ eckey_debug, /* Same underlying key structure */ @@ -225,6 +265,17 @@ static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg, hash, hash_len, sig, sig_len ) ); } +static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + ((void) md_alg); + + return( ecdsa_write_signature( (ecdsa_context *) ctx, + hash, hash_len, sig, sig_len, f_rng, p_rng ) ); +} + static void *ecdsa_alloc_wrap( void ) { void *ctx = polarssl_malloc( sizeof( ecdsa_context ) ); @@ -247,6 +298,7 @@ const pk_info_t ecdsa_info = { eckey_get_size, /* Compatible key structures */ ecdsa_can_do, ecdsa_verify_wrap, + ecdsa_sign_wrap, ecdsa_alloc_wrap, ecdsa_free_wrap, eckey_debug, /* Compatible key structures */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 274cb3ae3..829e46b75 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2044,40 +2044,42 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) ssl->out_msg[5] = SSL_SIG_RSA; - if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng, - RSA_PRIVATE, md_alg, - hashlen, hash, ssl->out_msg + 6 + offset ) ) != 0 ) + if( ssl->rsa_use_alt ) { - SSL_DEBUG_RET( 1, "pkcs1_sign", ret ); - return( ret ); - } + if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng, + RSA_PRIVATE, md_alg, + hashlen, hash, ssl->out_msg + 6 + offset ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "rsa_sign", ret ); + return( ret ); + } - n = ssl->rsa_key_len ( ssl->rsa_key ); + n = ssl->rsa_key_len ( ssl->rsa_key ); + } + else + { + if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, + ssl->out_msg + 6 + offset, &n, + ssl->f_rng, ssl->p_rng ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "pk_sign", ret ); + return( ret ); + } + } } else #endif /* POLARSSL_RSA_C */ #if defined(POLARSSL_ECDSA_C) if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) ) { - ecdsa_context ecdsa; - if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) ssl->out_msg[5] = SSL_SIG_ECDSA; - ecdsa_init( &ecdsa ); - - if( ( ret = ecdsa_from_keypair( &ecdsa, ssl->pk_key->pk_ctx ) ) == 0 ) + if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, + ssl->out_msg + 6 + offset, &n, + ssl->f_rng, ssl->p_rng ) ) != 0 ) { - ret = ecdsa_write_signature( &ecdsa, hash, hashlen, - ssl->out_msg + 6 + offset, &n, - ssl->f_rng, ssl->p_rng ); - } - - ecdsa_free( &ecdsa ); - - if( ret != 0 ) - { - SSL_DEBUG_RET( 1, "ecdsa_sign", ret ); + SSL_DEBUG_RET( 1, "pk_sign", ret ); return( ret ); } } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index e3f604fe9..ffd754e36 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2080,22 +2080,34 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) n += 2; } - if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng, - RSA_PRIVATE, md_alg, hashlen, hash, p + 2 ) ) != 0 ) + if( ssl->rsa_use_alt ) { - SSL_DEBUG_RET( 1, "rsa_sign", ret ); - return( ret ); - } + if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, + ssl->p_rng, RSA_PRIVATE, md_alg, hashlen, + hash, p + 2 ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "rsa_sign", ret ); + return( ret ); + } - signature_len = ssl->rsa_key_len( ssl->rsa_key ); + signature_len = ssl->rsa_key_len( ssl->rsa_key ); + } + else + { + if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, + p + 2 , &signature_len, + ssl->f_rng, ssl->p_rng ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "pk_sign", ret ); + return( ret ); + } + } } else #endif /* POLARSSL_RSA_C */ #if defined(POLARSSL_ECDSA_C) if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) ) { - ecdsa_context ecdsa; - if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) { *(p++) = ssl->handshake->sig_alg; @@ -2104,21 +2116,11 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) n += 2; } - ecdsa_init( &ecdsa ); - - ret = ecdsa_from_keypair( &ecdsa, ssl->pk_key->pk_ctx ); - if( ret == 0 ) + if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, + p + 2 , &signature_len, + ssl->f_rng, ssl->p_rng ) ) != 0 ) { - ret = ecdsa_write_signature( &ecdsa, hash, hashlen, - p + 2, &signature_len, - ssl->f_rng, ssl->p_rng ); - } - - ecdsa_free( &ecdsa ); - - if( ret != 0 ) - { - SSL_DEBUG_RET( 1, "ecdsa_sign", ret ); + SSL_DEBUG_RET( 1, "pk_sign", ret ); return( ret ); } } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4e5b3e6ae..d4723d759 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3169,6 +3169,7 @@ void ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert, rsa_key_len_func rsa_key_len ) { ssl->own_cert = own_cert; + ssl->rsa_use_alt = 1; ssl->rsa_key = rsa_key; ssl->rsa_decrypt = rsa_decrypt; ssl->rsa_sign = rsa_sign; From a2d3f22007319fc97170f5d4dfc82ac45db430c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Aug 2013 11:51:08 +0200 Subject: [PATCH 11/35] Add and use pk_encrypt(), pk_decrypt() --- include/polarssl/pk.h | 46 +++++++++++++++++++++++++++++++++++++++++++ library/pk.c | 36 +++++++++++++++++++++++++++++++++ library/pk_wrap.c | 36 +++++++++++++++++++++++++++++++++ library/ssl_cli.c | 26 +++++++++++------------- library/ssl_srv.c | 17 +++++++++++----- 5 files changed, 142 insertions(+), 19 deletions(-) diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h index cc8a2fcfb..ab21e50a5 100644 --- a/include/polarssl/pk.h +++ b/include/polarssl/pk.h @@ -136,6 +136,18 @@ typedef struct int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + /** Decrypt message */ + int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); + + /** Encrypt message */ + int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); + /** Allocate a new context */ void * (*ctx_alloc_func)( void ); @@ -244,6 +256,40 @@ int pk_sign( pk_context *ctx, md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +/** + * \brief Decrypt message + * + * \param ctx PK context to use + * \param input Input to decrypt + * \param ilen Input size + * \param output Decrypted output + * \param olen Decrypted message lenght + * \param osize Size of the output buffer + * + * \return 0 on success, or a specific error code. + */ +int pk_decrypt( pk_context *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + +/** + * \brief Encrypt message + * + * \param ctx PK context to use + * \param input Message to encrypt + * \param ilen Message size + * \param output Encrypted output + * \param olen Encrypted output length + * \param osize Size of the output buffer + * + * \return 0 on success, or a specific error code. + */ +int pk_encrypt( pk_context *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + /** * \brief Export debug information * diff --git a/library/pk.c b/library/pk.c index 6f68c7392..6e6057462 100644 --- a/library/pk.c +++ b/library/pk.c @@ -152,6 +152,42 @@ int pk_sign( pk_context *ctx, md_type_t md_alg, sig, sig_len, f_rng, p_rng ) ); } +/* + * Decrypt message + */ +int pk_decrypt( pk_context *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + if( ctx == NULL || ctx->pk_info == NULL ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); + + if( ctx->pk_info->decrypt_func == NULL ) + return( POLARSSL_ERR_PK_TYPE_MISMATCH ); + + return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen, + output, olen, osize, f_rng, p_rng ) ); +} + +/* + * Encrypt message + */ +int pk_encrypt( pk_context *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + if( ctx == NULL || ctx->pk_info == NULL ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); + + if( ctx->pk_info->encrypt_func == NULL ) + return( POLARSSL_ERR_PK_TYPE_MISMATCH ); + + return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen, + output, olen, osize, f_rng, p_rng ) ); +} + /* * Get key size in bits */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index eb91d895f..2c55ce08f 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -80,6 +80,34 @@ static int rsa_sign_wrap( void *ctx, md_type_t md_alg, md_alg, hash_len, hash, sig ) ); } +static int rsa_decrypt_wrap( void *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + ((void) f_rng); + ((void) p_rng); + + if( ilen != ((rsa_context *) ctx)->len ) + return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + + return( rsa_pkcs1_decrypt( (rsa_context *) ctx, + RSA_PRIVATE, olen, input, output, osize ) ); +} + +static int rsa_encrypt_wrap( void *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + ((void) osize); + + *olen = ((rsa_context *) ctx)->len; + + return( rsa_pkcs1_encrypt( (rsa_context *) ctx, + f_rng, p_rng, RSA_PUBLIC, ilen, input, output ) ); +} + static void *rsa_alloc_wrap( void ) { void *ctx = polarssl_malloc( sizeof( rsa_context ) ); @@ -116,6 +144,8 @@ const pk_info_t rsa_info = { rsa_can_do, rsa_verify_wrap, rsa_sign_wrap, + rsa_decrypt_wrap, + rsa_encrypt_wrap, rsa_alloc_wrap, rsa_free_wrap, rsa_debug, @@ -222,6 +252,8 @@ const pk_info_t eckey_info = { NULL, NULL, #endif + NULL, + NULL, eckey_alloc_wrap, eckey_free_wrap, eckey_debug, @@ -243,6 +275,8 @@ const pk_info_t eckeydh_info = { eckeydh_can_do, NULL, NULL, + NULL, + NULL, eckey_alloc_wrap, /* Same underlying key structure */ eckey_free_wrap, /* Same underlying key structure */ eckey_debug, /* Same underlying key structure */ @@ -299,6 +333,8 @@ const pk_info_t ecdsa_info = { ecdsa_can_do, ecdsa_verify_wrap, ecdsa_sign_wrap, + NULL, + NULL, ecdsa_alloc_wrap, ecdsa_free_wrap, eckey_debug, /* Compatible key structures */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 829e46b75..cd77eb82d 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1870,26 +1870,24 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH ); } - i = 4; - n = pk_get_size( &ssl->session_negotiate->peer_cert->pk ) / 8; + i = ssl->minor_ver == SSL_MINOR_VERSION_0 ? 4 : 6; - if( ssl->minor_ver != SSL_MINOR_VERSION_0 ) - { - i += 2; - ssl->out_msg[4] = (unsigned char)( n >> 8 ); - ssl->out_msg[5] = (unsigned char)( n ); - } - - ret = rsa_pkcs1_encrypt( - pk_rsa( ssl->session_negotiate->peer_cert->pk ), - ssl->f_rng, ssl->p_rng, RSA_PUBLIC, - ssl->handshake->pmslen, ssl->handshake->premaster, - ssl->out_msg + i ); + ret = pk_encrypt( &ssl->session_negotiate->peer_cert->pk, + ssl->handshake->premaster, ssl->handshake->pmslen, + ssl->out_msg + i, &n, SSL_BUFFER_LEN, + ssl->f_rng, ssl->p_rng ); if( ret != 0 ) { SSL_DEBUG_RET( 1, "rsa_pkcs1_encrypt", ret ); return( ret ); } + + if( ssl->minor_ver != SSL_MINOR_VERSION_0 ) + { + ssl->out_msg[4] = (unsigned char)( n >> 8 ); + ssl->out_msg[5] = (unsigned char)( n ); + } + } else #endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index ffd754e36..6fb16ecab 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2259,9 +2259,9 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl ) int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; size_t i, n = 0; - if( ssl->rsa_key == NULL ) + if( ! pk_can_do( ssl->pk_key, POLARSSL_PK_RSA ) ) { - SSL_DEBUG_MSG( 1, ( "got no private key" ) ); + SSL_DEBUG_MSG( 1, ( "got no RSA private key" ) ); return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED ); } @@ -2269,8 +2269,7 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl ) * Decrypt the premaster using own private RSA key */ i = 4; - if( ssl->rsa_key ) - n = ssl->rsa_key_len( ssl->rsa_key ); + n = ssl->rsa_key_len( ssl->rsa_key ); ssl->handshake->pmslen = 48; if( ssl->minor_ver != SSL_MINOR_VERSION_0 ) @@ -2290,13 +2289,21 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); } - if( ssl->rsa_key ) { + if( ssl->rsa_use_alt ) { ret = ssl->rsa_decrypt( ssl->rsa_key, RSA_PRIVATE, &ssl->handshake->pmslen, ssl->in_msg + i, ssl->handshake->premaster, sizeof(ssl->handshake->premaster) ); } + else + { + ret = pk_decrypt( ssl->pk_key, + ssl->in_msg + i, n, + ssl->handshake->premaster, &ssl->handshake->pmslen, + sizeof(ssl->handshake->premaster), + ssl->f_rng, ssl->p_rng ); + } if( ret != 0 || ssl->handshake->pmslen != 48 || ssl->handshake->premaster[0] != ssl->handshake->max_major_ver || From 12c1ff0ecb6fc2b91927a5b106b85f05a62b25ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Aug 2013 12:28:31 +0200 Subject: [PATCH 12/35] Add RSA-alt to the PK layer --- include/polarssl/pk.h | 39 +++++++++++++++++++-- include/polarssl/pk_wrap.h | 11 ++++++ library/error.c | 2 +- library/pk.c | 30 ++++++++++++++++ library/pk_wrap.c | 72 +++++++++++++++++++++++++++++++++++++- 5 files changed, 150 insertions(+), 4 deletions(-) diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h index ab21e50a5..6135bb013 100644 --- a/include/polarssl/pk.h +++ b/include/polarssl/pk.h @@ -82,6 +82,7 @@ typedef enum { POLARSSL_PK_ECKEY, POLARSSL_PK_ECKEY_DH, POLARSSL_PK_ECDSA, + POLARSSL_PK_RSA_ALT, } pk_type_t; /** @@ -168,6 +169,18 @@ typedef struct void * pk_ctx; /**< Underlying public key context */ } pk_context; +/** + * \brief Types for RSA-alt abstraction + */ +typedef int (*pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen, + const unsigned char *input, unsigned char *output, + size_t output_max_len ); +typedef int (*pk_rsa_alt_sign_func)( void *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + int mode, int hash_id, unsigned int hashlen, + const unsigned char *hash, unsigned char *sig ); +typedef size_t (*pk_rsa_alt_key_len_func)( void *ctx ); + /** * \brief Return information associated with the given PK type * @@ -182,6 +195,11 @@ const pk_info_t *pk_info_from_type( pk_type_t pk_type ); */ void pk_init( pk_context *ctx ); +/** + * \brief Free a pk_context + */ +void pk_free( pk_context *ctx ); + /** * \brief Initialize a PK context with the information given * and allocates the type-specific PK subcontext. @@ -192,13 +210,30 @@ void pk_init( pk_context *ctx ); * \return 0 on success, * POLARSSL_ERR_PK_BAD_INPUT_DATA on invalid input, * POLARSSL_ERR_PK_MALLOC_FAILED on allocation failure. + * + * \note For contexts holding an RSA-alt key, use + * \c pk_init_ctx_rsa_alt() instead. */ int pk_init_ctx( pk_context *ctx, const pk_info_t *info ); /** - * \brief Free a pk_context + * \brief Initialiaze an RSA-alt context + * + * \param ctx Context to initialize. Must be empty (type NONE). + * \param key RSA key pointer + * \param decrypt_func Decryption function + * \param sign_func Signing function + * \param key_len_func Function returning key length + * + * \return 0 on success, or POLARSSL_ERR_PK_BAD_INPUT_DATA if the + * context wasn't already initialized as RSA_ALT. + * + * \note This function replaces \c pk_init_ctx() for RSA-alt. */ -void pk_free( pk_context *ctx ); +int pk_init_ctx_rsa_alt( pk_context *ctx, void * key, + pk_rsa_alt_decrypt_func decrypt_func, + pk_rsa_alt_sign_func sign_func, + pk_rsa_alt_key_len_func key_len_func ); /** * \brief Get the size in bits of the underlying key diff --git a/include/polarssl/pk_wrap.h b/include/polarssl/pk_wrap.h index a24fbd1d1..91a671e02 100644 --- a/include/polarssl/pk_wrap.h +++ b/include/polarssl/pk_wrap.h @@ -32,6 +32,15 @@ #include "pk.h" +/* Container for RSA-alt */ +typedef struct +{ + void *key; + pk_rsa_alt_decrypt_func decrypt_func; + pk_rsa_alt_sign_func sign_func; + pk_rsa_alt_key_len_func key_len_func; +} rsa_alt_context; + #if defined(POLARSSL_RSA_C) extern const pk_info_t rsa_info; #endif @@ -45,4 +54,6 @@ extern const pk_info_t eckeydh_info; extern const pk_info_t ecdsa_info; #endif +extern const pk_info_t rsa_alt_info; + #endif /* POLARSSL_PK_WRAP_H */ diff --git a/library/error.c b/library/error.c index 0ea3c297c..35a4af086 100644 --- a/library/error.c +++ b/library/error.c @@ -251,7 +251,7 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(POLARSSL_ERR_PK_MALLOC_FAILED) ) snprintf( buf, buflen, "PK - Memory alloation failed" ); if( use_ret == -(POLARSSL_ERR_PK_TYPE_MISMATCH) ) - snprintf( buf, buflen, "PK - Type mismatch, eg attempt to use a RSA key as EC, or to modify key type" ); + snprintf( buf, buflen, "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" ); if( use_ret == -(POLARSSL_ERR_PK_BAD_INPUT_DATA) ) snprintf( buf, buflen, "PK - Bad input parameters to function" ); #endif /* POLARSSL_PK_C */ diff --git a/library/pk.c b/library/pk.c index 6e6057462..e0a252f2b 100644 --- a/library/pk.c +++ b/library/pk.c @@ -84,6 +84,7 @@ const pk_info_t * pk_info_from_type( pk_type_t pk_type ) case POLARSSL_PK_ECDSA: return &ecdsa_info; #endif + /* POLARSSL_PK_RSA_ALT ommited on purpose */ default: return NULL; } @@ -105,6 +106,35 @@ int pk_init_ctx( pk_context *ctx, const pk_info_t *info ) return( 0 ); } +/* + * Initialize an RSA-alt context + */ +int pk_init_ctx_rsa_alt( pk_context *ctx, void * key, + pk_rsa_alt_decrypt_func decrypt_func, + pk_rsa_alt_sign_func sign_func, + pk_rsa_alt_key_len_func key_len_func ) +{ + rsa_alt_context *rsa_alt; + const pk_info_t *info = &rsa_alt_info; + + if( ctx == NULL || ctx->pk_info != NULL ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); + + if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) + return( POLARSSL_ERR_PK_MALLOC_FAILED ); + + ctx->pk_info = info; + + rsa_alt = (rsa_alt_context *) ctx->pk_ctx; + + rsa_alt->key = key; + rsa_alt->decrypt_func = decrypt_func; + rsa_alt->sign_func = sign_func; + rsa_alt->key_len_func = key_len_func; + + return( 0 ); +} + /* * Tell if a PK can do the operations of the given type */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 2c55ce08f..9f650b631 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -53,7 +53,7 @@ static int rsa_can_do( pk_type_t type ) return( type == POLARSSL_PK_RSA ); } -static size_t rsa_get_size( const void * ctx ) +static size_t rsa_get_size( const void *ctx ) { return( 8 * ((rsa_context *) ctx)->len ); } @@ -340,3 +340,73 @@ const pk_info_t ecdsa_info = { eckey_debug, /* Compatible key structures */ }; #endif /* POLARSSL_ECDSA_C */ + +/* + * Support for alternative RSA-private implementations + */ + +static size_t rsa_alt_get_size( const void *ctx ) +{ + rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx; + + return( rsa_alt->key_len_func( rsa_alt->key ) ); +} + +static int rsa_alt_sign_wrap( void *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx; + + *sig_len = rsa_alt->key_len_func( rsa_alt->key ); + + return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, RSA_PRIVATE, + md_alg, hash_len, hash, sig ) ); +} + +static int rsa_alt_decrypt_wrap( void *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx; + + ((void) f_rng); + ((void) p_rng); + + if( ilen != rsa_alt->key_len_func( rsa_alt->key ) ) + return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); + + return( rsa_alt->decrypt_func( rsa_alt->key, + RSA_PRIVATE, olen, input, output, osize ) ); +} + +static void *rsa_alt_alloc_wrap( void ) +{ + void *ctx = polarssl_malloc( sizeof( rsa_alt_context ) ); + + if( ctx != NULL ) + memset( ctx, 0, sizeof( rsa_alt_context ) ); + + return ctx; +} + +static void rsa_alt_free_wrap( void *ctx ) +{ + polarssl_free( ctx ); +} + +const pk_info_t rsa_alt_info = { + POLARSSL_PK_RSA_ALT, + "RSA-alt", + rsa_alt_get_size, + rsa_can_do, + NULL, + rsa_alt_sign_wrap, + rsa_alt_decrypt_wrap, + NULL, + rsa_alt_alloc_wrap, + rsa_alt_free_wrap, + NULL, +}; From 070cc7fd2159bd12d9a1c62b2e760d3a54690405 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Aug 2013 15:09:31 +0200 Subject: [PATCH 13/35] Use the new PK RSA-alt interface --- include/polarssl/ssl.h | 5 ++++- library/ssl_cli.c | 25 +++++------------------ library/ssl_srv.c | 45 ++++++++++-------------------------------- library/ssl_tls.c | 20 ++++++++++++++++++- 4 files changed, 38 insertions(+), 57 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 9a1d22044..442dba28f 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -579,6 +579,7 @@ struct _ssl_context * PKI layer */ pk_context *pk_key; /*!< own private key */ + int pk_key_own_alloc; /*!< did we allocate pk_key? */ #if defined(POLARSSL_RSA_C) int rsa_use_alt; /*minor_ver == SSL_MINOR_VERSION_3 ) ssl->out_msg[5] = SSL_SIG_RSA; - if( ssl->rsa_use_alt ) + if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, + ssl->out_msg + 6 + offset, &n, + ssl->f_rng, ssl->p_rng ) ) != 0 ) { - if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng, - RSA_PRIVATE, md_alg, - hashlen, hash, ssl->out_msg + 6 + offset ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "rsa_sign", ret ); - return( ret ); - } - - n = ssl->rsa_key_len ( ssl->rsa_key ); - } - else - { - if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, - ssl->out_msg + 6 + offset, &n, - ssl->f_rng, ssl->p_rng ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "pk_sign", ret ); - return( ret ); - } + SSL_DEBUG_RET( 1, "pk_sign", ret ); + return( ret ); } } else diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 6fb16ecab..0fa4f66f0 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2080,27 +2080,12 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) n += 2; } - if( ssl->rsa_use_alt ) + if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, + p + 2 , &signature_len, + ssl->f_rng, ssl->p_rng ) ) != 0 ) { - if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, - ssl->p_rng, RSA_PRIVATE, md_alg, hashlen, - hash, p + 2 ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "rsa_sign", ret ); - return( ret ); - } - - signature_len = ssl->rsa_key_len( ssl->rsa_key ); - } - else - { - if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, - p + 2 , &signature_len, - ssl->f_rng, ssl->p_rng ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "pk_sign", ret ); - return( ret ); - } + SSL_DEBUG_RET( 1, "pk_sign", ret ); + return( ret ); } } else @@ -2289,21 +2274,11 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); } - if( ssl->rsa_use_alt ) { - ret = ssl->rsa_decrypt( ssl->rsa_key, RSA_PRIVATE, - &ssl->handshake->pmslen, - ssl->in_msg + i, - ssl->handshake->premaster, - sizeof(ssl->handshake->premaster) ); - } - else - { - ret = pk_decrypt( ssl->pk_key, - ssl->in_msg + i, n, - ssl->handshake->premaster, &ssl->handshake->pmslen, - sizeof(ssl->handshake->premaster), - ssl->f_rng, ssl->p_rng ); - } + ret = pk_decrypt( ssl->pk_key, + ssl->in_msg + i, n, + ssl->handshake->premaster, &ssl->handshake->pmslen, + sizeof(ssl->handshake->premaster), + ssl->f_rng, ssl->p_rng ); if( ret != 0 || ssl->handshake->pmslen != 48 || ssl->handshake->premaster[0] != ssl->handshake->max_major_ver || diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d4723d759..9e446f613 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3162,18 +3162,30 @@ void ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert, } #endif /* POLARSSL_RSA_C */ -void ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert, +int ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert, void *rsa_key, rsa_decrypt_func rsa_decrypt, rsa_sign_func rsa_sign, rsa_key_len_func rsa_key_len ) { + int ret; + ssl->own_cert = own_cert; ssl->rsa_use_alt = 1; ssl->rsa_key = rsa_key; ssl->rsa_decrypt = rsa_decrypt; ssl->rsa_sign = rsa_sign; ssl->rsa_key_len = rsa_key_len; + + if( ( ssl->pk_key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL ) + return( POLARSSL_ERR_SSL_MALLOC_FAILED ); + + ssl->pk_key_own_alloc = 1; + + pk_init( ssl->pk_key ); + + return( pk_init_ctx_rsa_alt( ssl->pk_key, rsa_key, + rsa_decrypt, rsa_sign, rsa_key_len ) ); } #endif /* POLARSSL_X509_PARSE_C */ @@ -3780,6 +3792,12 @@ void ssl_free( ssl_context *ssl ) ssl->hostname_len = 0; } + if( ssl->pk_key_own_alloc ) + { + pk_free( ssl->pk_key ); + polarssl_free( ssl->pk_key ); + } + #if defined(POLARSSL_SSL_HW_RECORD_ACCEL) if( ssl_hw_record_finish != NULL ) { From 0d4204944011bb2f202e3b1c08aa09127e6b6661 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 21 Aug 2013 16:14:26 +0200 Subject: [PATCH 14/35] Merge code for RSA and ECDSA in SSL --- include/polarssl/pk.h | 11 ++++++ include/polarssl/ssl.h | 18 +++++----- library/ssl_cli.c | 39 ++++----------------- library/ssl_srv.c | 51 ++++++--------------------- library/ssl_tls.c | 78 +++++++++++++++++++----------------------- 5 files changed, 71 insertions(+), 126 deletions(-) diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h index 6135bb013..7c674ab1f 100644 --- a/include/polarssl/pk.h +++ b/include/polarssl/pk.h @@ -244,6 +244,17 @@ int pk_init_ctx_rsa_alt( pk_context *ctx, void * key, */ size_t pk_get_size( const pk_context *ctx ); +/** + * \brief Get the length in bytes of the underlying key + * \param ctx Context to use + * + * \return Key lenght in bytes, or 0 on error + */ +static size_t pk_get_len( const pk_context *ctx ) +{ + return( ( pk_get_size( ctx ) + 7 ) / 8 ); +} + /** * \brief Tell if a context can do the operation given by type * diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 442dba28f..dfd649081 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -202,6 +202,7 @@ #define SSL_HASH_SHA384 5 #define SSL_HASH_SHA512 6 +#define SSL_SIG_ANON 0 #define SSL_SIG_RSA 1 #define SSL_SIG_ECDSA 3 @@ -580,13 +581,6 @@ struct _ssl_context */ pk_context *pk_key; /*!< own private key */ int pk_key_own_alloc; /*!< did we allocate pk_key? */ -#if defined(POLARSSL_RSA_C) - int rsa_use_alt; /*out_msg[4] = SSL_HASH_SHA256; } - /* SIG added later */ + ssl->out_msg[5] = ssl_sig_from_pk( ssl->pk_key ); if( ( md_info = md_info_from_type( md_alg ) ) == NULL ) { @@ -2036,40 +2036,13 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) offset = 2; } -#if defined(POLARSSL_RSA_C) - if( ssl->rsa_key != NULL ) + if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, + ssl->out_msg + 6 + offset, &n, + ssl->f_rng, ssl->p_rng ) ) != 0 ) { - if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) - ssl->out_msg[5] = SSL_SIG_RSA; - - if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, - ssl->out_msg + 6 + offset, &n, - ssl->f_rng, ssl->p_rng ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "pk_sign", ret ); - return( ret ); - } + SSL_DEBUG_RET( 1, "pk_sign", ret ); + return( ret ); } - else -#endif /* POLARSSL_RSA_C */ -#if defined(POLARSSL_ECDSA_C) - if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) ) - { - if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) - ssl->out_msg[5] = SSL_SIG_ECDSA; - - if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, - ssl->out_msg + 6 + offset, &n, - ssl->f_rng, ssl->p_rng ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "pk_sign", ret ); - return( ret ); - } - } - else -#endif /* POLARSSL_ECDSA_C */ - /* should never happen */ - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); ssl->out_msg[5 + offset] = (unsigned char)( n ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 0fa4f66f0..6c4bdf086 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2069,50 +2069,21 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED ); } -#if defined(POLARSSL_RSA_C) - if( ssl->rsa_key != NULL ) + if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) { - if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) - { - *(p++) = ssl->handshake->sig_alg; - *(p++) = SSL_SIG_RSA; + *(p++) = ssl->handshake->sig_alg; + *(p++) = ssl_sig_from_pk( ssl->pk_key ); - n += 2; - } - - if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, - p + 2 , &signature_len, - ssl->f_rng, ssl->p_rng ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "pk_sign", ret ); - return( ret ); - } + n += 2; } - else -#endif /* POLARSSL_RSA_C */ -#if defined(POLARSSL_ECDSA_C) - if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) ) + + if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, + p + 2 , &signature_len, + ssl->f_rng, ssl->p_rng ) ) != 0 ) { - if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) - { - *(p++) = ssl->handshake->sig_alg; - *(p++) = SSL_SIG_ECDSA; - - n += 2; - } - - if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, - p + 2 , &signature_len, - ssl->f_rng, ssl->p_rng ) ) != 0 ) - { - SSL_DEBUG_RET( 1, "pk_sign", ret ); - return( ret ); - } + SSL_DEBUG_RET( 1, "pk_sign", ret ); + return( ret ); } - else -#endif /* POLARSSL_ECDSA_C */ - /* should never happen */ - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); *(p++) = (unsigned char)( signature_len >> 8 ); *(p++) = (unsigned char)( signature_len ); @@ -2254,7 +2225,7 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl ) * Decrypt the premaster using own private RSA key */ i = 4; - n = ssl->rsa_key_len( ssl->rsa_key ); + n = pk_get_len( ssl->pk_key ); ssl->handshake->pmslen = 48; if( ssl->minor_ver != SSL_MINOR_VERSION_0 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9e446f613..527b333e6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -131,30 +131,6 @@ int (*ssl_hw_record_read)(ssl_context *ssl) = NULL; int (*ssl_hw_record_finish)(ssl_context *ssl) = NULL; #endif -#if defined(POLARSSL_RSA_C) -static int ssl_rsa_decrypt( void *ctx, int mode, size_t *olen, - const unsigned char *input, unsigned char *output, - size_t output_max_len ) -{ - return rsa_pkcs1_decrypt( (rsa_context *) ctx, mode, olen, input, output, - output_max_len ); -} - -static int ssl_rsa_sign( void *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, int hash_id, unsigned int hashlen, - const unsigned char *hash, unsigned char *sig ) -{ - return rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, mode, hash_id, - hashlen, hash, sig ); -} - -static size_t ssl_rsa_key_len( void *ctx ) -{ - return ( (rsa_context *) ctx )->len; -} -#endif /* POLARSSL_RSA_C */ - /* * Key material generation */ @@ -2858,12 +2834,6 @@ int ssl_init( ssl_context *ssl ) /* * Sane defaults */ -#if defined(POLARSSL_RSA_C) - ssl->rsa_decrypt = ssl_rsa_decrypt; - ssl->rsa_sign = ssl_rsa_sign; - ssl->rsa_key_len = ssl_rsa_key_len; -#endif - ssl->min_major_ver = SSL_MAJOR_VERSION_3; ssl->min_minor_ver = SSL_MINOR_VERSION_0; ssl->max_major_ver = SSL_MAJOR_VERSION_3; @@ -3147,18 +3117,31 @@ void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert, { ssl->own_cert = own_cert; ssl->pk_key = pk_key; - - /* Temporary, until everything is moved to PK */ - if( pk_key->pk_info->type == POLARSSL_PK_RSA ) - ssl->rsa_key = pk_key->pk_ctx; } #if defined(POLARSSL_RSA_C) -void ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert, +int ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert, rsa_context *rsa_key ) { + int ret; + ssl->own_cert = own_cert; - ssl->rsa_key = rsa_key; + + if( ( ssl->pk_key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL ) + return( POLARSSL_ERR_SSL_MALLOC_FAILED ); + + ssl->pk_key_own_alloc = 1; + + pk_init( ssl->pk_key ); + + ret = pk_init_ctx( ssl->pk_key, pk_info_from_type( POLARSSL_PK_RSA ) ); + if( ret != 0 ) + return( ret ); + + if( ( ret = rsa_copy( ssl->pk_key->pk_ctx, rsa_key ) ) != 0 ) + return( ret ); + + return( 0 ); } #endif /* POLARSSL_RSA_C */ @@ -3168,14 +3151,7 @@ int ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert, rsa_sign_func rsa_sign, rsa_key_len_func rsa_key_len ) { - int ret; - ssl->own_cert = own_cert; - ssl->rsa_use_alt = 1; - ssl->rsa_key = rsa_key; - ssl->rsa_decrypt = rsa_decrypt; - ssl->rsa_sign = rsa_sign; - ssl->rsa_key_len = rsa_key_len; if( ( ssl->pk_key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); @@ -3812,4 +3788,20 @@ void ssl_free( ssl_context *ssl ) memset( ssl, 0, sizeof( ssl_context ) ); } +/* + * Get the SSL_SIG_* constant corresponding to a public key + */ +unsigned char ssl_sig_from_pk( pk_context *pk ) +{ +#if defined(POLARSSL_RSA_C) + if( pk_can_do( pk, POLARSSL_PK_RSA ) ) + return( SSL_SIG_RSA ); +#endif +#if defined(POLARSSL_ECDSA_C) + if( pk_can_do( pk, POLARSSL_PK_ECDSA ) ) + return( SSL_SIG_ECDSA ); +#endif + return( SSL_SIG_ANON ); +} + #endif From c40b4c37083f563839aaa7c5b14a323f50585dcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Aug 2013 13:29:31 +0200 Subject: [PATCH 15/35] Add configuration item for the PK module --- include/polarssl/config.h | 24 ++++++++++++++++++++---- library/pk.c | 4 ++++ library/pk_wrap.c | 4 ++++ 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 0db1cd01d..a5e439653 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -1093,6 +1093,21 @@ */ #define POLARSSL_PEM_C +/** + * \def POLARSSL_PK_C + * + * Enable the generic public (asymetric) key layer. + * + * Module: library/pk.c + * Caller: library/x509parse.c + * library/ssl_tls.c + * library/ssl_cli.c + * library/ssl_srv.c + * + * Uncomment to enable generic public key wrappers. + */ +#define POLARSSL_PK_C + /** * \def POLARSSL_PKCS5_C * @@ -1248,7 +1263,7 @@ * Caller: library/ssl_cli.c * library/ssl_srv.c * - * Requires: POLARSSL_MD5_C, POLARSSL_SHA1_C, POLARSSL_CIPHER_C + * Requires: POLARSSL_MD5_C, POLARSSL_SHA1_C, POLARSSL_CIPHER_C, POLARSSL_PK_C * * This module is required for SSL/TLS. */ @@ -1288,7 +1303,7 @@ * library/ssl_tls.c * * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C, - * POLARSSL_RSA_C + * POLARSSL_PK_C * * This module is required for X.509 certificate parsing. */ @@ -1483,7 +1498,8 @@ #endif #if defined(POLARSSL_SSL_TLS_C) && ( !defined(POLARSSL_MD5_C) || \ - !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_CIPHER_C) ) + !defined(POLARSSL_SHA1_C) || !defined(POLARSSL_CIPHER_C) ) || \ + !defined(POLARSSL_PK_C) #error "POLARSSL_SSL_TLS_C defined, but not all prerequisites" #endif @@ -1498,7 +1514,7 @@ #if defined(POLARSSL_X509_PARSE_C) && ( !defined(POLARSSL_BIGNUM_C) || \ !defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_PARSE_C) || \ - !defined(POLARSSL_RSA_C) ) + !defined(POLARSSL_PK_C) ) #error "POLARSSL_X509_PARSE_C defined, but not all prerequisites" #endif diff --git a/library/pk.c b/library/pk.c index e0a252f2b..0923afe45 100644 --- a/library/pk.c +++ b/library/pk.c @@ -25,6 +25,8 @@ #include "polarssl/config.h" +#if defined(POLARSSL_PK_C) + #include "polarssl/pk.h" #include "polarssl/pk_wrap.h" @@ -251,3 +253,5 @@ const char * pk_get_name( const pk_context *ctx ) return( ctx->pk_info->name ); } + +#endif /* POLARSSL_PK_C */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 9f650b631..7e8a3f192 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -25,6 +25,8 @@ #include "polarssl/config.h" +#if defined(POLARSSL_PK_C) + #include "polarssl/pk_wrap.h" #if defined(POLARSSL_RSA_C) @@ -410,3 +412,5 @@ const pk_info_t rsa_alt_info = { rsa_alt_free_wrap, NULL, }; + +#endif /* POLARSSL_PK_C */ From 51be559c537e62f4057be7fda6723bd347e1ce2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Aug 2013 13:35:53 +0200 Subject: [PATCH 16/35] Fix PKCS#11 deps: now goes through PK --- include/polarssl/config.h | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/include/polarssl/config.h b/include/polarssl/config.h index a5e439653..3c709fecf 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -1126,11 +1126,10 @@ * * Enable wrapper for PKCS#11 smartcard support. * - * Module: library/ssl_srv.c - * Caller: library/ssl_cli.c - * library/ssl_srv.c + * Module: library/pkcs11.c + * Caller: library/pk.c * - * Requires: POLARSSL_SSL_TLS_C + * Requires: POLARSSL_PK_C * * This module enables SSL/TLS PKCS #11 smartcard support. * Requires the presence of the PKCS#11 helper library (libpkcs11-helper) @@ -1484,7 +1483,7 @@ #error "POLARSSL_PEM_C defined, but not all prerequisites" #endif -#if defined(POLARSSL_PKCS11_C) && !defined(POLARSSL_SSL_TLS_C) +#if defined(POLARSSL_PKCS11_C) && !defined(POLARSSL_PK_C) #error "POLARSSL_PKCS11_C defined, but not all prerequisites" #endif From a20c58c6f19453b966b0e36219be0c206b657e44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Aug 2013 13:52:48 +0200 Subject: [PATCH 17/35] Use convert functions for SSL_SIG_* and SSL_HASH_* --- include/polarssl/ssl.h | 2 ++ library/ssl_cli.c | 56 +++++---------------------------- library/ssl_srv.c | 71 +++++++----------------------------------- library/ssl_tls.c | 46 +++++++++++++++++++++++++++ 4 files changed, 67 insertions(+), 108 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index dfd649081..e83fbbf00 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -1385,6 +1385,8 @@ int ssl_write_finished( ssl_context *ssl ); void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info ); unsigned char ssl_sig_from_pk( pk_context *pk ); +pk_type_t ssl_pk_alg_from_sig( unsigned char sig ); +md_type_t ssl_md_alg_from_hash( unsigned char hash ); #ifdef __cplusplus } diff --git a/library/ssl_cli.c b/library/ssl_cli.c index ba2c68c3d..511d61d5b 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1183,38 +1183,11 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl, /* * Get hash algorithm */ - switch( (*p)[0] ) + if( ( *md_alg = ssl_md_alg_from_hash( (*p)[0] ) ) == POLARSSL_MD_NONE ) { -#if defined(POLARSSL_MD5_C) - case SSL_HASH_MD5: - *md_alg = POLARSSL_MD_MD5; - break; -#endif -#if defined(POLARSSL_SHA1_C) - case SSL_HASH_SHA1: - *md_alg = POLARSSL_MD_SHA1; - break; -#endif -#if defined(POLARSSL_SHA256_C) - case SSL_HASH_SHA224: - *md_alg = POLARSSL_MD_SHA224; - break; - case SSL_HASH_SHA256: - *md_alg = POLARSSL_MD_SHA256; - break; -#endif -#if defined(POLARSSL_SHA512_C) - case SSL_HASH_SHA384: - *md_alg = POLARSSL_MD_SHA384; - break; - case SSL_HASH_SHA512: - *md_alg = POLARSSL_MD_SHA512; - break; -#endif - default: - SSL_DEBUG_MSG( 2, ( "Server used unsupported " - "HashAlgorithm %d", *(p)[0] ) ); - return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + SSL_DEBUG_MSG( 2, ( "Server used unsupported " + "HashAlgorithm %d", *(p)[0] ) ); + return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } /* @@ -1232,24 +1205,11 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl, /* * Get signature algorithm */ - switch( (*p)[1] ) + if( ( *pk_alg = ssl_pk_alg_from_sig( (*p)[1] ) ) == POLARSSL_PK_NONE ) { -#if defined(POLARSSL_RSA_C) - case SSL_SIG_RSA: - *pk_alg = POLARSSL_PK_RSA; - break; -#endif - -#if defined(POLARSSL_ECDSA_C) - case SSL_SIG_ECDSA: - *pk_alg = POLARSSL_PK_ECDSA; - break; -#endif - - default: - SSL_DEBUG_MSG( 2, ( "server used unsupported " - "SignatureAlgorithm %d", (*p)[1] ) ); - return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + SSL_DEBUG_MSG( 2, ( "server used unsupported " + "SignatureAlgorithm %d", (*p)[1] ) ); + return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 6c4bdf086..f13b9c220 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1998,38 +1998,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) * ServerDHParams params; * }; */ - switch( ssl->handshake->sig_alg ) - { -#if defined(POLARSSL_MD5_C) - case SSL_HASH_MD5: - md_alg = POLARSSL_MD_MD5; - break; -#endif -#if defined(POLARSSL_SHA1_C) - case SSL_HASH_SHA1: - md_alg = POLARSSL_MD_SHA1; - break; -#endif -#if defined(POLARSSL_SHA256_C) - case SSL_HASH_SHA224: - md_alg = POLARSSL_MD_SHA224; - break; - case SSL_HASH_SHA256: - md_alg = POLARSSL_MD_SHA256; - break; -#endif -#if defined(POLARSSL_SHA512_C) - case SSL_HASH_SHA384: - md_alg = POLARSSL_MD_SHA384; - break; - case SSL_HASH_SHA512: - md_alg = POLARSSL_MD_SHA512; - break; -#endif - default: - /* Should never happen */ - return( -1 ); - } + md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg ); if( ( md_info = md_info_from_type( md_alg ) ) == NULL ) { @@ -2595,8 +2564,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) sa_len = 2; /* - * Hash: as server we know we either have SSL_HASH_SHA384 or - * SSL_HASH_SHA256 + * Hash */ if( ssl->in_msg[4] != ssl->handshake->verify_sig_alg ) { @@ -2605,10 +2573,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); } - if( ssl->handshake->verify_sig_alg == SSL_HASH_SHA384 ) - md_alg = POLARSSL_MD_SHA384; - else - md_alg = POLARSSL_MD_SHA256; + md_alg = ssl_md_alg_from_hash( ssl->handshake->verify_sig_alg ); /* * Get hashlen from MD @@ -2623,27 +2588,14 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) /* * Signature */ - switch( ssl->in_msg[5] ) + if( ( pk_alg = ssl_pk_alg_from_sig( ssl->in_msg[5] ) ) + == POLARSSL_PK_NONE ) { -#if defined(POLARSSL_RSA_C) - case SSL_SIG_RSA: - pk_alg = POLARSSL_PK_RSA; - break; -#endif - -#if defined(POLARSSL_ECDSA_C) - case SSL_SIG_ECDSA: - pk_alg = POLARSSL_PK_ECDSA; - break; -#endif - - default: - SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" - " for verify message" ) ); - return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" + " for verify message" ) ); + return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); } - /* * Check the certificate's key type matches the signature alg */ @@ -2663,10 +2615,9 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); } - ret = pk_verify( &ssl->session_negotiate->peer_cert->pk, - md_alg, hash, hashlen, - ssl->in_msg + 6 + sa_len, sig_len ); - if( ret != 0 ) + if( ( ret = pk_verify( &ssl->session_negotiate->peer_cert->pk, + md_alg, hash, hashlen, + ssl->in_msg + 6 + sa_len, sig_len ) ) != 0 ) { SSL_DEBUG_RET( 1, "pk_verify", ret ); return( ret ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 527b333e6..87a135ab7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3804,4 +3804,50 @@ unsigned char ssl_sig_from_pk( pk_context *pk ) return( SSL_SIG_ANON ); } +pk_type_t ssl_pk_alg_from_sig( unsigned char sig ) +{ + switch( sig ) + { +#if defined(POLARSSL_RSA_C) + case SSL_SIG_RSA: + return( POLARSSL_PK_RSA ); +#endif +#if defined(POLARSSL_ECDSA_C) + case SSL_SIG_ECDSA: + return( POLARSSL_PK_ECDSA ); +#endif + default: + return( POLARSSL_PK_NONE ); + } +} + +md_type_t ssl_md_alg_from_hash( unsigned char hash ) +{ + switch( hash ) + { +#if defined(POLARSSL_MD5_C) + case SSL_HASH_MD5: + return( POLARSSL_MD_MD5 ); +#endif +#if defined(POLARSSL_SHA1_C) + case SSL_HASH_SHA1: + return( POLARSSL_MD_SHA1 ); +#endif +#if defined(POLARSSL_SHA256_C) + case SSL_HASH_SHA224: + return( POLARSSL_MD_SHA224 ); + case SSL_HASH_SHA256: + return( POLARSSL_MD_SHA256 ); +#endif +#if defined(POLARSSL_SHA512_C) + case SSL_HASH_SHA384: + return( POLARSSL_MD_SHA384 ); + case SSL_HASH_SHA512: + return( POLARSSL_MD_SHA512 ); +#endif + default: + return( POLARSSL_MD_NONE ); + } +} + #endif From bfe32efb9b89aae6f011f8b61f0a2418a8b402d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Aug 2013 14:55:30 +0200 Subject: [PATCH 18/35] pk_{sign,verify}() now accept hash_len = 0 --- include/polarssl/pk.h | 18 ++++++++++++++---- library/pk.c | 23 +++++++++++++++++++++-- library/ssl_cli.c | 27 +++++---------------------- library/ssl_srv.c | 25 ++++++++----------------- 4 files changed, 48 insertions(+), 45 deletions(-) diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h index 7c674ab1f..d97f834e3 100644 --- a/include/polarssl/pk.h +++ b/include/polarssl/pk.h @@ -270,14 +270,19 @@ int pk_can_do( pk_context *ctx, pk_type_t type ); * \brief Verify signature * * \param ctx PK context to use - * \param md_alg Hash algorithm used + * \param md_alg Hash algorithm used (see notes) * \param hash Hash of the message to sign - * \param hash_len Hash length + * \param hash_len Hash length or 0 (see notes) * \param sig Signature to verify * \param sig_len Signature length * * \return 0 on success (signature is valid), * or a specific error code. + * + * \note If hash_len is 0, then the length associated with md_alg + * is used instead, or an error returned if it is invalid. + * + * \note md_alg may be POLARSSL_MD_NONE, only if hash_len != 0 */ int pk_verify( pk_context *ctx, md_type_t md_alg, const unsigned char *hash, size_t hash_len, @@ -287,15 +292,20 @@ int pk_verify( pk_context *ctx, md_type_t md_alg, * \brief Make signature * * \param ctx PK context to use - * \param md_alg Hash algorithm used + * \param md_alg Hash algorithm used (see notes) * \param hash Hash of the message to sign - * \param hash_len Hash length + * \param hash_len Hash length or 0 (see notes) * \param sig Place to write the signature * \param sig_len Number of bytes written * \param f_rng RNG function * \param p_rng RNG parameter * * \return 0 on success, or a specific error code. + * + * \note If hash_len is 0, then the length associated with md_alg + * is used instead, or an error returned if it is invalid. + * + * \note md_alg may be POLARSSL_MD_NONE, only if hash_len != 0 */ int pk_sign( pk_context *ctx, md_type_t md_alg, const unsigned char *hash, size_t hash_len, diff --git a/library/pk.c b/library/pk.c index 0923afe45..77f503404 100644 --- a/library/pk.c +++ b/library/pk.c @@ -149,6 +149,23 @@ int pk_can_do( pk_context *ctx, pk_type_t type ) return( ctx->pk_info->can_do( type ) ); } +/* + * Helper for pk_sign and pk_verify + */ +static inline int pk_hashlen_helper( md_type_t md_alg, size_t *hash_len ) +{ + const md_info_t *md_info; + + if( *hash_len != 0 ) + return( 0 ); + + if( ( md_info = md_info_from_type( md_alg ) ) == NULL ) + return( -1 ); + + *hash_len = md_info->size; + return( 0 ); +} + /* * Verify a signature */ @@ -156,7 +173,8 @@ int pk_verify( pk_context *ctx, md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { - if( ctx == NULL || ctx->pk_info == NULL ) + if( ctx == NULL || ctx->pk_info == NULL || + pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); if( ctx->pk_info->verify_func == NULL ) @@ -174,7 +192,8 @@ int pk_sign( pk_context *ctx, md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - if( ctx == NULL || ctx->pk_info == NULL ) + if( ctx == NULL || ctx->pk_info == NULL || + pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); if( ctx->pk_info->sign_func == NULL ) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 511d61d5b..6c584c01b 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1164,8 +1164,6 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl, size_t *hash_len, pk_type_t *pk_alg ) { - const md_info_t *md_info; - ((void) ssl); *md_alg = POLARSSL_MD_NONE; *pk_alg = POLARSSL_PK_NONE; @@ -1180,6 +1178,9 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl, if( (*p) + 2 > end ) return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + /* Info from md_alg will be used instead */ + *hash_len = 0; + /* * Get hash algorithm */ @@ -1190,18 +1191,6 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl, return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - /* - * Get hash_len from hash alg - */ - if( ( md_info = md_info_from_type( *md_alg ) ) == NULL ) - { - SSL_DEBUG_MSG( 2, ( "Server used unsupported " - "HashAlgorithm %d", *(p)[0] ) ); - return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - } - - *hash_len = md_info->size; - /* * Get signature algorithm */ @@ -1956,7 +1945,6 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) } else { - const md_info_t *md_info; /* * digitally-signed struct { * opaque handshake_messages[handshake_messages_length]; @@ -1985,13 +1973,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) } ssl->out_msg[5] = ssl_sig_from_pk( ssl->pk_key ); - if( ( md_info = md_info_from_type( md_alg ) ) == NULL ) - { - SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); - } - - hashlen = md_info->size; + /* Info from md_alg will be used instead */ + hashlen = 0; offset = 2; } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f13b9c220..731d2bdf2 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1989,7 +1989,9 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) else { md_context_t ctx; - const md_info_t *md_info; + + /* Info from md_alg will be used instead */ + hashlen = 0; /* * digitally-signed struct { @@ -1998,17 +2000,14 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) * ServerDHParams params; * }; */ - md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg ); - - if( ( md_info = md_info_from_type( md_alg ) ) == NULL ) + if( ( md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg ) ) + == POLARSSL_MD_NONE ) { SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); } - hashlen = md_info->size; - - if( ( ret = md_init_ctx( &ctx, md_info ) ) != 0 ) + if( ( ret = md_init_ctx( &ctx, md_info_from_type(md_alg) ) ) != 0 ) { SSL_DEBUG_RET( 1, "md_init_ctx", ret ); return( ret ); @@ -2502,7 +2501,6 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) size_t hashlen; pk_type_t pk_alg; md_type_t md_alg; - const md_info_t *md_info; const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); @@ -2575,15 +2573,8 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) md_alg = ssl_md_alg_from_hash( ssl->handshake->verify_sig_alg ); - /* - * Get hashlen from MD - */ - if( ( md_info = md_info_from_type( md_alg ) ) == NULL ) - { - SSL_DEBUG_MSG( 1, ( "requested hash not available " ) ); - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); - } - hashlen = md_info->size; + /* Info from md_alg will be used instead */ + hashlen = 0; /* * Signature From d11eb7c789488e99c4833f9a847583b0e3f93a0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Aug 2013 15:57:15 +0200 Subject: [PATCH 19/35] Fix sig_alg extension on client. Temporary solution on server. --- library/ssl_cli.c | 24 ++++++++++++++++++++++++ library/ssl_srv.c | 10 ++++------ 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 6c584c01b..08d3bda37 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -147,6 +147,7 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl, /* * Prepare signature_algorithms extension (TLS 1.2) */ +#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_SHA512_C) sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512; sig_alg_list[sig_alg_len++] = SSL_SIG_RSA; @@ -167,6 +168,29 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl, sig_alg_list[sig_alg_len++] = SSL_HASH_MD5; sig_alg_list[sig_alg_len++] = SSL_SIG_RSA; #endif +#endif /* POLARSSL_RSA_C */ +#if defined(POLARSSL_ECDSA_C) +#if defined(POLARSSL_SHA512_C) + sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512; + sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA; + sig_alg_list[sig_alg_len++] = SSL_HASH_SHA384; + sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA; +#endif +#if defined(POLARSSL_SHA256_C) + sig_alg_list[sig_alg_len++] = SSL_HASH_SHA256; + sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA; + sig_alg_list[sig_alg_len++] = SSL_HASH_SHA224; + sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA; +#endif +#if defined(POLARSSL_SHA1_C) + sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1; + sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA; +#endif +#if defined(POLARSSL_MD5_C) + sig_alg_list[sig_alg_len++] = SSL_HASH_MD5; + sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA; +#endif +#endif /* POLARSSL_ECDSA_C */ /* * enum { diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 731d2bdf2..c0808656f 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -442,12 +442,10 @@ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl, p = buf + 2; while( sig_alg_list_size > 0 ) { - if( p[1] != SSL_SIG_RSA ) - { - sig_alg_list_size -= 2; - p += 2; - continue; - } + /* + * For now, just ignore signature algorithm and rely on offered + * ciphersuites only. To be fixed later. + */ #if defined(POLARSSL_SHA512_C) if( p[0] == SSL_HASH_SHA512 ) { From f484282e965a94c79ae0b05b8a33a282d9176ee9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Aug 2013 16:03:41 +0200 Subject: [PATCH 20/35] Rm a few unneeded tests --- library/ssl_cli.c | 5 ++--- library/ssl_srv.c | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 08d3bda37..79bba4242 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1449,8 +1449,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) /* * Verify signature */ - if( pk_alg != POLARSSL_PK_NONE && - ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) ) + if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) ) { SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH ); @@ -1939,7 +1938,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) return( 0 ); } - if( ssl->pk_key == NULL || ssl->pk_key->pk_info == NULL ) + if( ssl->pk_key == NULL ) { SSL_DEBUG_MSG( 1, ( "got no private key" ) ); return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index c0808656f..ff914e552 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2029,7 +2029,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) /* * Make the signature */ - if( ssl->pk_key == NULL || ssl->pk_key->pk_info == NULL ) + if( ssl->pk_key == NULL ) { SSL_DEBUG_MSG( 1, ( "got no private key" ) ); return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED ); From ee98f8e7a3088371a230b3caa49740ab46ed1c5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Aug 2013 16:44:58 +0200 Subject: [PATCH 21/35] Add EC certificates in certs.c --- library/certs.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 74 insertions(+), 2 deletions(-) diff --git a/library/certs.c b/library/certs.c index e2d07f762..ecfc82942 100644 --- a/library/certs.c +++ b/library/certs.c @@ -27,6 +27,77 @@ #if defined(POLARSSL_CERTS_C) +#if defined(POLARSSL_ECDSA_C) +const char test_ca_crt[] = +"-----BEGIN CERTIFICATE-----\r\n" +"MIICEjCCAbmgAwIBAgIJAK1CeXaecvbhMAkGByqGSM49BAEwPjELMAkGA1UEBhMC\r\n" +"TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD\r\n" +"IENBMB4XDTEzMDgwOTA3NDk0NloXDTIzMDgwNzA3NDk0NlowPjELMAkGA1UEBhMC\r\n" +"TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD\r\n" +"IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElrizLPspIX2+kNvC+BOpJnw1\r\n" +"9tnAi5nsUnt8r6N+KDybdaVUWmLIqZCrjuaGKwOdOZtl/bBp8KOpLZ4UDujV/qOB\r\n" +"oDCBnTAdBgNVHQ4EFgQUvEDvue6auzY54S2porosu6a9EHEwbgYDVR0jBGcwZYAU\r\n" +"vEDvue6auzY54S2porosu6a9EHGhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQK\r\n" +"EwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAK1CeXae\r\n" +"cvbhMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNIADBFAiBs5rd9NzQs/wQZVS6D\r\n" +"rjpOpzFteqBkqe6YgKWkG5kDVwIhAKr4Lr4v+MU1G5D5oSZXYxvUPBa4yARcD7QM\r\n" +"espQnlFX\r\n" +"-----END CERTIFICATE-----\r\n"; + +const char test_ca_key[] = +"-----BEGIN EC PRIVATE KEY-----\r\n" +"Proc-Type: 4,ENCRYPTED\r\n" +"DEK-Info: AES-128-CBC,2A7435F5137D68C6402DB35E5BFD277A\r\n" +"\r\n" +"Sw5YgGVvNxXMvnGKYPuUqiDfjXhK/VTQ6dE9+33jwobKJvqR4pIrelw5QbJ5MCi2\r\n" +"dRGEMi4hT+EiS1UZtagqYUQyYZegZB48eoSRySsfW3kqQ4aG99+4iDLCY+JhICs9\r\n" +"aZdJhyUSOy2KRnFN/ZUy/Hvlsy10dw/Cp73TpJZmTz4=\r\n" +"-----END EC PRIVATE KEY-----\r\n"; + +const char test_ca_pwd[] = "PolarSSLTest"; + +const char test_srv_crt[] = +"-----BEGIN CERTIFICATE-----\r\n" +"MIIB7TCCAZSgAwIBAgIBAzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD\r\n" +"VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x\r\n" +"MzA4MDkwNzU3NDBaFw0yMzA4MDcwNzU3NDBaMDQxCzAJBgNVBAYTAk5MMREwDwYD\r\n" +"VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI\r\n" +"KoZIzj0DAQEDMgAEy0Lh3ZfhEwBiC8jmJfEg8NGxCDqHEtz+hPgYs37hDz9wTOoY\r\n" +"+CJDtEUcDedgFCpqo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKItALYotNzi\r\n" +"cfBPd7LwETtkYmdBMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk\r\n" +"QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv\r\n" +"bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCIE/J\r\n" +"rb3TrYL+z1OsZ2rtCmji7hrPj570X4Qkm1Pb5QEvAiEAiq46sM0+1DSAU0u8FcuL\r\n" +"jbRvSP9W7EJjb9QR3zNYbX4=\r\n" +"-----END CERTIFICATE-----\r\n"; + +const char test_srv_key[] = +"-----BEGIN EC PRIVATE KEY-----\r\n" +"MF8CAQEEGO82j8OXBoUhVyauCA8XZ288l595u7BXWqAKBggqhkjOPQMBAaE0AzIA\r\n" +"BMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzqGPgiQ7RFHA3nYBQq\r\n" +"ag==\r\n" +"-----END EC PRIVATE KEY-----\r\n"; + +const char test_cli_crt[] = +"-----BEGIN CERTIFICATE-----\r\n" +"MIIBUjCB+gIBEjAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ\r\n" +"b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0xMzA4MjIx\r\n" +"NDQyMTdaFw0yMzA4MjAxNDQyMTdaMD8xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ\r\n" +"b2xhclNTTDEdMBsGA1UEAxMUUG9sYXJTU0wgVGVzdCBDbGllbnQwSTATBgcqhkjO\r\n" +"PQIBBggqhkjOPQMBAQMyAATnnXkhKuPh1tou3B+DV9lyE4IlISuYVm86E776WBm5\r\n" +"+hNTqK0AaV6gqEL/XdLEGVwwCQYHKoZIzj0EAQNIADBFAiEA/xaze0PZk51nJJSR\r\n" +"Z5SmN9VlzqgN2aSmL4JQRPzjDr0CIFOmuwP8WRdPUJvXh7NQgvl4kW3xkcrmfd6a\r\n" +"zJbBMLxH\r\n" +"-----END CERTIFICATE-----\r\n"; + +const char test_cli_key[] = +"-----BEGIN EC PRIVATE KEY-----\r\n" +"MF8CAQEEGCTQxP5vTfEwCWdeLdPqgGQ4AuxGG3gPA6AKBggqhkjOPQMBAaE0AzIA\r\n" +"BOedeSEq4+HW2i7cH4NX2XITgiUhK5hWbzoTvvpYGbn6E1OorQBpXqCoQv9d0sQZ\r\n" +"XA==\r\n" +"-----END EC PRIVATE KEY-----\r\n"; + +#else /* !POLARSSL_ECDSA_C, so POLARSSL_RSA_C */ const char test_ca_crt[] = "-----BEGIN CERTIFICATE-----\r\n" "MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" @@ -123,7 +194,7 @@ const char test_srv_key[] = "oArQJGgkAdaq0pcTyOIjtTQVMFygdVmCEJmxh/3RutPcTeydqW9fphKDMej32J8e\r\n" "GniGmNGiclbcfNOS8E5TGp445yZb9P1+7AHng16bGg3Ykj5EA4G+HCcCgYEAyHAl\r\n" "//ekk8YjQElm+8izLtFkymIK0aCtEe9C/RIRhFYBeFaotC5dStNhBOncn4ovMAPD\r\n" -"lX/92yDi9OP8PPLN3a4B9XpW3k/SS5GrbT5cwOivBHNllZSmu/2qz5WPGcjVCOrB\r\n" +"Lx/92YdI9op8ppln3a4B9XpW3k/SS5GrbT5cwOivBHNllZSmu/2qz5WPGcjVCOrB\r\n" "LYl3YWr2h3EGKICT03kEoTkiDBvCeOpW7cCGl2cCgYBD5whoXHz1+ptPlI4YVjZt\r\n" "Xh86aU+ajpVPiEyJ84I6xXmO4SZXv8q6LaycR0ZMbcL+zBelMb4Z2nBv7jNrtuR7\r\n" "ZF28cdPv+YVr3esaybZE/73VjXup4SQPH6r3l7qKTVi+y6+FeJ4b2Xn8/MwgnT23\r\n" @@ -185,6 +256,7 @@ const char test_cli_key[] = "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" "-----END RSA PRIVATE KEY-----\r\n"; +#endif /* !POLARSSL_ECDSA_C, so POLARSSL_RSA_C */ const char test_dhm_params[] = "-----BEGIN DH PARAMETERS-----\r\n" @@ -193,4 +265,4 @@ const char test_dhm_params[] = "9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n" "-----END DH PARAMETERS-----\r\n"; -#endif +#endif /* POLARSSL_CERTS_C */ From e511ffca5020f25aed9df8249d853294f63c802f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Aug 2013 17:33:21 +0200 Subject: [PATCH 22/35] Allow compiling without RSA or DH Only library and programs now, need to check test suites later. --- include/polarssl/rsa.h | 8 ++++++-- library/pk_wrap.c | 6 +++--- library/ssl_cli.c | 6 ++++-- library/ssl_srv.c | 6 ++++-- library/x509parse.c | 12 +++++++----- 5 files changed, 24 insertions(+), 14 deletions(-) diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h index 8e52e7d1e..90cfd552a 100644 --- a/include/polarssl/rsa.h +++ b/include/polarssl/rsa.h @@ -29,8 +29,6 @@ #include "config.h" -#if defined(POLARSSL_RSA_C) - #include "bignum.h" #include "md.h" @@ -59,6 +57,12 @@ #define RSA_SIGN 1 #define RSA_CRYPT 2 +/* + * The above constants may be used even if the RSA module is compile out, + * eg for alternative (PKCS#11) RSA implemenations in the PK layers. + */ +#if defined(POLARSSL_RSA_C) + #ifdef __cplusplus extern "C" { #endif diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 7e8a3f192..94f5282e2 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -29,9 +29,8 @@ #include "polarssl/pk_wrap.h" -#if defined(POLARSSL_RSA_C) +/* Even if RSA not activated, for the sake of RSA-alt */ #include "polarssl/rsa.h" -#endif #if defined(POLARSSL_ECP_C) #include "polarssl/ecp.h" @@ -49,12 +48,13 @@ #define polarssl_free free #endif -#if defined(POLARSSL_RSA_C) +/* Used by RSA-alt too */ static int rsa_can_do( pk_type_t type ) { return( type == POLARSSL_PK_RSA ); } +#if defined(POLARSSL_RSA_C) static size_t rsa_get_size( const void *ctx ) { return( 8 * ((rsa_context *) ctx)->len ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 79bba4242..1beefab33 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1071,7 +1071,8 @@ static int ssl_parse_server_hello( ssl_context *ssl ) return( 0 ); } -#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p, unsigned char *end ) { @@ -1105,7 +1106,8 @@ static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p, return( ret ); } -#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */ +#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED || + POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index ff914e552..ce45898d0 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2144,7 +2144,8 @@ static int ssl_parse_client_dh_public( ssl_context *ssl, unsigned char **p, #endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED || POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) +#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) static int ssl_parse_client_ecdh_public( ssl_context *ssl ) { int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; @@ -2173,7 +2174,8 @@ static int ssl_parse_client_ecdh_public( ssl_context *ssl ) return( ret ); } -#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ +#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED || + POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) static int ssl_parse_encrypted_pms_secret( ssl_context *ssl ) diff --git a/library/x509parse.c b/library/x509parse.c index 9f90b5ab6..132d28525 100644 --- a/library/x509parse.c +++ b/library/x509parse.c @@ -3937,7 +3937,7 @@ int x509_self_test( int verbose ) size_t i, j; x509_cert cacert; x509_cert clicert; - rsa_context rsa; + pk_context pkey; #if defined(POLARSSL_DHM_C) dhm_context dhm; #endif @@ -3975,9 +3975,9 @@ int x509_self_test( int verbose ) i = strlen( test_ca_key ); j = strlen( test_ca_pwd ); - rsa_init( &rsa, RSA_PKCS_V15, 0 ); + pk_init( &pkey ); - if( ( ret = x509parse_key_rsa( &rsa, + if( ( ret = x509parse_key( &pkey, (const unsigned char *) test_ca_key, i, (const unsigned char *) test_ca_pwd, j ) ) != 0 ) { @@ -3990,12 +3990,14 @@ int x509_self_test( int verbose ) if( verbose != 0 ) printf( "passed\n X.509 signature verify: "); - ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &flags, NULL, NULL ); + ret = x509parse_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL ); if( ret != 0 ) { if( verbose != 0 ) printf( "failed\n" ); + printf("ret = %d, &flags = %04x\n", ret, flags); + return( ret ); } @@ -4020,7 +4022,7 @@ int x509_self_test( int verbose ) x509_free( &cacert ); x509_free( &clicert ); - rsa_free( &rsa ); + pk_free( &pkey ); #if defined(POLARSSL_DHM_C) dhm_free( &dhm ); #endif From c6b6803dcf408c23e7a42905bbe4f8b3974102b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Aug 2013 17:36:45 +0200 Subject: [PATCH 23/35] Add forgotten "inline" keyword --- include/polarssl/pk.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h index d97f834e3..4ff4747ca 100644 --- a/include/polarssl/pk.h +++ b/include/polarssl/pk.h @@ -250,7 +250,7 @@ size_t pk_get_size( const pk_context *ctx ); * * \return Key lenght in bytes, or 0 on error */ -static size_t pk_get_len( const pk_context *ctx ) +static inline size_t pk_get_len( const pk_context *ctx ) { return( ( pk_get_size( ctx ) + 7 ) / 8 ); } From 2fb15f694c90e95341709a5d3dc8bbf17117c5ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Aug 2013 17:54:20 +0200 Subject: [PATCH 24/35] Un-rename ssl_set_own_cert_alt() --- include/polarssl/ssl.h | 10 +++++----- library/ssl_tls.c | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index e83fbbf00..16643b285 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -944,11 +944,11 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert, * * \return 0 on success, or a specific error code. */ -int ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert, - void *rsa_key, - rsa_decrypt_func rsa_decrypt, - rsa_sign_func rsa_sign, - rsa_key_len_func rsa_key_len ); +int ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert, + void *rsa_key, + rsa_decrypt_func rsa_decrypt, + rsa_sign_func rsa_sign, + rsa_key_len_func rsa_key_len ); #endif /* POLARSSL_X509_PARSE_C */ #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 87a135ab7..00f79f4f2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3145,11 +3145,11 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert, } #endif /* POLARSSL_RSA_C */ -int ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert, - void *rsa_key, - rsa_decrypt_func rsa_decrypt, - rsa_sign_func rsa_sign, - rsa_key_len_func rsa_key_len ) +int ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert, + void *rsa_key, + rsa_decrypt_func rsa_decrypt, + rsa_sign_func rsa_sign, + rsa_key_len_func rsa_key_len ) { ssl->own_cert = own_cert; From df0142bd172952c4cf73b43f7381eda3ffc94ba0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Aug 2013 18:29:07 +0200 Subject: [PATCH 25/35] Fix some dependencies in tests --- library/bignum.c | 4 +- tests/suites/test_suite_mpi.data | 5 -- tests/suites/test_suite_mpi.function | 2 +- tests/suites/test_suite_x509parse.data | 57 ++++++++++++++++++---- tests/suites/test_suite_x509parse.function | 6 +-- 5 files changed, 52 insertions(+), 22 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index b0bbf8f9c..f94d08d22 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1980,7 +1980,7 @@ cleanup: return( ret ); } -#endif +#endif /* POLARSSL_GENPRIME */ #if defined(POLARSSL_SELF_TEST) @@ -2092,7 +2092,6 @@ int mpi_self_test( int verbose ) if( verbose != 0 ) printf( "passed\n" ); -#if defined(POLARSSL_GENPRIME) MPI_CHK( mpi_inv_mod( &X, &A, &N ) ); MPI_CHK( mpi_read_string( &U, 16, @@ -2113,7 +2112,6 @@ int mpi_self_test( int verbose ) if( verbose != 0 ) printf( "passed\n" ); -#endif if( verbose != 0 ) printf( " MPI test #5 (simple gcd): " ); diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 5f88ba787..8429182f5 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -463,23 +463,18 @@ Test GCD #1 mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1" Base test mpi_inv_mod #1 -depends_on:POLARSSL_GENPRIME mpi_inv_mod:10:"3":10:"11":10:"4":0 Base test mpi_inv_mod #2 -depends_on:POLARSSL_GENPRIME mpi_inv_mod:10:"3":10:"0":10:"0":POLARSSL_ERR_MPI_BAD_INPUT_DATA Base test mpi_inv_mod #3 -depends_on:POLARSSL_GENPRIME mpi_inv_mod:10:"3":10:"-11":10:"4":POLARSSL_ERR_MPI_BAD_INPUT_DATA Base test mpi_inv_mod #4 -depends_on:POLARSSL_GENPRIME mpi_inv_mod:10:"2":10:"4":10:"0":POLARSSL_ERR_MPI_NOT_ACCEPTABLE Test mpi_inv_mod #1 -depends_on:POLARSSL_GENPRIME mpi_inv_mod:16:"aa4df5cb14b4c31237f98bd1faf527c283c2d0f3eec89718664ba33f9762907c":16:"fffbbd660b94412ae61ead9c2906a344116e316a256fd387874c6c675b1d587d":16:"8d6a5c1d7adeae3e94b9bcd2c47e0d46e778bc8804a2cc25c02d775dc3d05b0c":0 Base test mpi_is_prime #1 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 6a99a60df..9bb5f0bbb 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -634,7 +634,7 @@ void mpi_inv_mod( int radix_X, char *input_X, int radix_Y, char *input_Y, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_GENPRIME */ void mpi_is_prime( int radix_X, char *input_X, int div_result ) { mpi X; diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a4a5257b3..6822ceb96 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -303,43 +303,43 @@ depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP521R x509parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0 X509 Get Distinguished Name #1 -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_dn_gets:"data_files/server1.crt":"subject":"C=NL, O=PolarSSL, CN=PolarSSL Server 1" X509 Get Distinguished Name #2 -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_dn_gets:"data_files/server1.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA" X509 Get Distinguished Name #3 -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_dn_gets:"data_files/server2.crt":"subject":"C=NL, O=PolarSSL, CN=localhost" X509 Get Distinguished Name #4 -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_dn_gets:"data_files/server2.crt":"issuer":"C=NL, O=PolarSSL, CN=PolarSSL Test CA" X509 Time Expired #1 -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_time_expired:"data_files/server1.crt":"valid_from":1 X509 Time Expired #2 -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_time_expired:"data_files/server1.crt":"valid_to":0 X509 Time Expired #3 -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_time_expired:"data_files/server2.crt":"valid_from":1 X509 Time Expired #4 -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_time_expired:"data_files/server2.crt":"valid_to":0 X509 Time Expired #5 -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_time_expired:"data_files/test-ca.crt":"valid_from":1 X509 Time Expired #6 -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_time_expired:"data_files/test-ca.crt":"valid_to":0 X509 Certificate verification #1 (Revoked Cert, Expired CRL) @@ -686,114 +686,151 @@ X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start) x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_INVALID_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length) +depends_on:POLARSSL_RSA_C x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring tag) +depends_on:POLARSSL_RSA_C x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, pubkey, invalid mpi) +depends_on:POLARSSL_RSA_C x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, pubkey, total length mismatch) +depends_on:POLARSSL_RSA_C x509parse_crt:"30753073a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300d06092A864886F70D0101010500030b0030080202ffff0202ffff00":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate, pubkey, check failed) +depends_on:POLARSSL_RSA_C x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff":"":POLARSSL_ERR_RSA_KEY_CHECK_FAILED X509 Certificate ASN1 (TBSCertificate, pubkey, check failed, expanded length notation) +depends_on:POLARSSL_RSA_C x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff":"":POLARSSL_ERR_RSA_KEY_CHECK_FAILED X509 Certificate ASN1 (TBSCertificate v3, Optional UIDs, Extensions not present) +depends_on:POLARSSL_RSA_C x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, issuerID wrong tag) +depends_on:POLARSSL_RSA_C x509parse_crt:"308184308181a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate v3, UIDs, no ext) +depends_on:POLARSSL_RSA_C x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, UIDs, invalid length) +depends_on:POLARSSL_RSA_C x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185aaa201bb":"":POLARSSL_ERR_ASN1_INVALID_LENGTH X509 Certificate ASN1 (TBSCertificate v3, ext empty) +depends_on:POLARSSL_RSA_C x509parse_crt:"30818b308188a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext length mismatch) +depends_on:POLARSSL_RSA_C x509parse_crt:"30818e30818ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate v3, first ext invalid) +depends_on:POLARSSL_RSA_C x509parse_crt:"30818f30818ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, first ext invalid tag) +depends_on:POLARSSL_RSA_C x509parse_crt:"30819030818da0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba3043002310000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing) +depends_on:POLARSSL_RSA_C x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, data missing) +depends_on:POLARSSL_RSA_C x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30080603551d1301010100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no octet present) +depends_on:POLARSSL_RSA_C x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30d300b30090603551d1301010100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet data missing) +depends_on:POLARSSL_RSA_C x509parse_crt:"30819c308199a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba311300f300d0603551d130101010403300100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no pathlen) +depends_on:POLARSSL_RSA_C x509parse_crt:"30819f30819ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba314301230100603551d130101010406300402010102":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet len mismatch) +depends_on:POLARSSL_RSA_C x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (correct pubkey, no sig_alg) +depends_on:POLARSSL_RSA_C x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (sig_alg mismatch) +depends_on:POLARSSL_RSA_C x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500":"":POLARSSL_ERR_X509_CERT_SIG_MISMATCH X509 Certificate ASN1 (sig_alg, no sig) +depends_on:POLARSSL_RSA_C x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (signature, invalid sig data) +depends_on:POLARSSL_RSA_C x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_INVALID_DATA X509 Certificate ASN1 (signature, data left) +depends_on:POLARSSL_RSA_C x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (correct) +depends_on:POLARSSL_RSA_C x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (GeneralizedTime instead of UTCTime) +depends_on:POLARSSL_RSA_C x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 CN) +depends_on:POLARSSL_RSA_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 C) +depends_on:POLARSSL_RSA_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 L) +depends_on:POLARSSL_RSA_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 ST) +depends_on:POLARSSL_RSA_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 O) +depends_on:POLARSSL_RSA_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 OU) +depends_on:POLARSSL_RSA_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with unknown X520 part) +depends_on:POLARSSL_RSA_C x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with PKCS9 email) +depends_on:POLARSSL_RSA_C x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with unknown PKCS9 part) +depends_on:POLARSSL_RSA_C x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (ECDSA signature, RSA key) +depends_on:POLARSSL_RSA_C x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0 X509 Certificate ASN1 (ECDSA signature, EC key) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index ce27a9f39..26ce8f5f3 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -165,7 +165,7 @@ void x509_time_expired( char *crt_file, char *entity, int result ) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_RSA_C */ void x509parse_keyfile_rsa( char *key_file, char *password, int result ) { rsa_context rsa; @@ -190,7 +190,7 @@ void x509parse_keyfile_rsa( char *key_file, char *password, int result ) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_RSA_C */ void x509parse_public_keyfile_rsa( char *key_file, int result ) { rsa_context rsa; @@ -317,7 +317,7 @@ void x509parse_crl( char *crl_data, char *result_str, int result ) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:POLARSSL_RSA_C */ void x509parse_key_rsa( char *key_data, char *result_str, int result ) { rsa_context rsa; From 9c9812a299246b95a9591b6b36d4d8a6dbfa7d65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 23 Aug 2013 12:18:46 +0200 Subject: [PATCH 26/35] Fix bug introduced in dbf69cf (Was writing outside array bounds.) --- library/ssl_cli.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 1beefab33..38b402954 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -134,7 +134,7 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl, size_t *olen ) { unsigned char *p = buf; - unsigned char sig_alg_list[20]; + unsigned char *sig_alg_list = buf + 6; size_t sig_alg_len = 0; *olen = 0; @@ -218,8 +218,6 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl, *p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( sig_alg_len ) & 0xFF ); - memcpy( p, sig_alg_list, sig_alg_len ); - *olen = 6 + sig_alg_len; } From 4bd1284f590c5e26e78615af08d03ac6d8ea6494 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Aug 2013 13:31:28 +0200 Subject: [PATCH 27/35] Fix ECDSA hash selection bug with TLS 1.0 and 1.1 --- library/ssl_cli.c | 36 ++++++++++++++++++++++++++++-------- library/ssl_srv.c | 46 ++++++++++++++++++++++++++++++++++++---------- 2 files changed, 64 insertions(+), 18 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 38b402954..29e931635 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1185,7 +1185,6 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl, unsigned char **p, unsigned char *end, md_type_t *md_alg, - size_t *hash_len, pk_type_t *pk_alg ) { ((void) ssl); @@ -1195,16 +1194,12 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl, /* Only in TLS 1.2 */ if( ssl->minor_ver != SSL_MINOR_VERSION_3 ) { - *hash_len = 36; return( 0 ); } if( (*p) + 2 > end ) return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - /* Info from md_alg will be used instead */ - *hash_len = 0; - /* * Get hash algorithm */ @@ -1361,7 +1356,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) * Handle the digitally-signed structure */ if( ssl_parse_signature_algorithm( ssl, &p, end, - &md_alg, &hashlen, &pk_alg ) != 0 ) + &md_alg, &pk_alg ) != 0 ) { SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); @@ -1380,6 +1375,13 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); } + /* Default hash for ECDSA is SHA-1 */ + if( pk_alg == POLARSSL_PK_ECDSA && md_alg == POLARSSL_MD_NONE ) + md_alg = POLARSSL_MD_SHA1; + + /* + * Read signature + */ sig_len = ( p[0] << 8 ) | p[1]; p += 2; @@ -1389,14 +1391,18 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } + SSL_DEBUG_BUF( 3, "signature", p, sig_len ); + /* * Compute the hash that has been signed */ - if( ssl->minor_ver != SSL_MINOR_VERSION_3 ) + if( md_alg == POLARSSL_MD_NONE ) { md5_context md5; sha1_context sha1; + hashlen = 36; + /* * digitally-signed struct { * opaque md5_hash[16]; @@ -1424,6 +1430,9 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) { md_context_t ctx; + /* Info from md_alg will be used instead */ + hashlen = 0; + /* * digitally-signed struct { * opaque client_random[32]; @@ -1918,6 +1927,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; size_t n = 0, offset = 0; unsigned char hash[48]; + unsigned char *hash_start = hash; md_type_t md_alg = POLARSSL_MD_NONE; unsigned int hashlen; @@ -1965,6 +1975,16 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) */ hashlen = 36; md_alg = POLARSSL_MD_NONE; + + /* + * For ECDSA, default hash is SHA-1 only + */ + if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) ) + { + hash_start += 16; + hashlen -= 16; + md_alg = POLARSSL_MD_SHA1; + } } else { @@ -2002,7 +2022,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) offset = 2; } - if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen, + if( ( ret = pk_sign( ssl->pk_key, md_alg, hash_start, hashlen, ssl->out_msg + 6 + offset, &n, ssl->f_rng, ssl->p_rng ) ) != 0 ) { diff --git a/library/ssl_srv.c b/library/ssl_srv.c index ce45898d0..8efd57e82 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1950,10 +1950,34 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) { size_t signature_len = 0; + /* + * Choose hash algorithm. NONE means MD5 + SHA1 here. + */ + if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) + { + md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg ); + + if( md_alg == POLARSSL_MD_NONE ) + { + SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + } + } + else if ( ciphersuite_info->key_exchange == + POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA ) + { + md_alg = POLARSSL_MD_SHA1; + } + else + { + md_alg = POLARSSL_MD_NONE; + } + + /* * Compute the hash to be signed */ - if( ssl->minor_ver != SSL_MINOR_VERSION_3 ) + if( md_alg == POLARSSL_MD_NONE ) { md5_context md5; sha1_context sha1; @@ -1982,7 +2006,6 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) sha1_finish( &sha1, hash + 16 ); hashlen = 36; - md_alg = POLARSSL_MD_NONE; } else { @@ -1998,13 +2021,6 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) * ServerDHParams params; * }; */ - if( ( md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg ) ) - == POLARSSL_MD_NONE ) - { - SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); - } - if( ( ret = md_init_ctx( &ctx, md_info_from_type(md_alg) ) ) != 0 ) { SSL_DEBUG_RET( 1, "md_init_ctx", ret ); @@ -2498,6 +2514,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; size_t sa_len, sig_len; unsigned char hash[48]; + unsigned char *hash_start = hash; size_t hashlen; pk_type_t pk_alg; md_type_t md_alg; @@ -2556,6 +2573,15 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) md_alg = POLARSSL_MD_NONE; hashlen = 36; + + /* For ECDSA, use SHA-1, not MD-5 + SHA-1 */ + if( pk_can_do( &ssl->session_negotiate->peer_cert->pk, + POLARSSL_PK_ECDSA ) ) + { + hash_start += 16; + hashlen -= 16; + md_alg = POLARSSL_MD_SHA1; + } } else { @@ -2607,7 +2633,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) } if( ( ret = pk_verify( &ssl->session_negotiate->peer_cert->pk, - md_alg, hash, hashlen, + md_alg, hash_start, hashlen, ssl->in_msg + 6 + sa_len, sig_len ) ) != 0 ) { SSL_DEBUG_RET( 1, "pk_verify", ret ); From 9cc6f5c61b87ddbdf151f701909562105efc5da4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Aug 2013 14:29:44 +0200 Subject: [PATCH 28/35] Fix some hash debugging --- library/ssl_cli.c | 3 ++- library/ssl_srv.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 29e931635..a821a317a 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1453,7 +1453,8 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) md_free_ctx( &ctx ); } - SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen ); + SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen : + (unsigned int) ( md_info_from_type( md_alg ) )->size ); /* * Verify signature diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 8efd57e82..53f12f445 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2040,7 +2040,8 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) } - SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen ); + SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen : + (unsigned int) ( md_info_from_type( md_alg ) )->size ); /* * Make the signature From db77175e992311dd76f8f54475a8762fb76fbacc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Aug 2013 15:11:23 +0200 Subject: [PATCH 29/35] Make ecdsa_verify() return value more explicit --- include/polarssl/ecp.h | 3 ++- library/ecdsa.c | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h index 36c618546..ad31bff66 100644 --- a/include/polarssl/ecp.h +++ b/include/polarssl/ecp.h @@ -34,8 +34,9 @@ */ #define POLARSSL_ERR_ECP_BAD_INPUT_DATA -0x4F80 /**< Bad input parameters to function. */ #define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL -0x4F00 /**< The buffer is too small to write to. */ -#define POLARSSL_ERR_ECP_GENERIC -0x4E80 /**< Generic ECP error */ +#define POLARSSL_ERR_ECP_GENERIC -0x4E80 /**< Generic ECP error. */ #define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE -0x4E00 /**< Requested curve not available. */ +#define POLARSSL_ERR_ECP_VERIFY_FAILED -0x4E00 /**< The signature is not valid. */ #ifdef __cplusplus extern "C" { diff --git a/library/ecdsa.c b/library/ecdsa.c index bdb356750..67774c9d0 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -134,7 +134,7 @@ int ecdsa_verify( const ecp_group *grp, if( mpi_cmp_int( r, 1 ) < 0 || mpi_cmp_mpi( r, &grp->N ) >= 0 || mpi_cmp_int( s, 1 ) < 0 || mpi_cmp_mpi( s, &grp->N ) >= 0 ) { - ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA; + ret = POLARSSL_ERR_ECP_VERIFY_FAILED; goto cleanup; } @@ -168,7 +168,7 @@ int ecdsa_verify( const ecp_group *grp, if( ecp_is_zero( &R ) ) { - ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA; + ret = POLARSSL_ERR_ECP_VERIFY_FAILED; goto cleanup; } @@ -177,7 +177,7 @@ int ecdsa_verify( const ecp_group *grp, */ if( mpi_cmp_mpi( &R.X, r ) != 0 ) { - ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA; + ret = POLARSSL_ERR_ECP_VERIFY_FAILED; goto cleanup; } From acc7505a353395279d94cf071a7959f5a7330641 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Aug 2013 15:48:03 +0200 Subject: [PATCH 30/35] Temporary fix for size of cipher contexts --- include/polarssl/ssl.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 16643b285..0227bb832 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -404,9 +404,9 @@ struct _ssl_transform md_context_t md_ctx_enc; /*!< MAC (encryption) */ md_context_t md_ctx_dec; /*!< MAC (decryption) */ - /* 151 == 604 bytes is size of gcm_context (largest context in PolarSSL) */ - uint32_t ctx_enc[151]; /*!< encryption context */ - uint32_t ctx_dec[151]; /*!< decryption context */ + /* 154 == 616 bytes is size of gcm_context (largest context in PolarSSL) */ + uint32_t ctx_enc[154]; /*!< encryption context */ + uint32_t ctx_dec[154]; /*!< decryption context */ /* * Session specific compression layer From 57a8783364f9925ede7b0dc8a7ca1bb4faeb2f1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Aug 2013 16:13:54 +0200 Subject: [PATCH 31/35] Make more room for ciphersuites --- library/ssl_ciphersuites.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 759845ee9..6089ca802 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -160,7 +160,7 @@ static const int ciphersuite_preference[] = 0 }; -#define MAX_CIPHERSUITES 60 +#define MAX_CIPHERSUITES 128 static int supported_ciphersuites[MAX_CIPHERSUITES]; static int supported_init = 0; From 9791a4043e55926a998f9956e58bc923634e50d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Aug 2013 19:57:15 +0200 Subject: [PATCH 32/35] Refactor compat.sh to prepare for ECDSA --- tests/compat.sh | 328 +++++++++++++++++++++++++++--------------------- 1 file changed, 183 insertions(+), 145 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 24c08c31c..9054a8177 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -4,6 +4,7 @@ killall -q openssl ssl_server ssl_server2 MODES="ssl3 tls1 tls1_1 tls1_2" VERIFIES="NO YES" +TYPES="RSA PSK" OPENSSL=openssl FILTER="" VERBOSE="" @@ -54,124 +55,149 @@ log () { for VERIFY in $VERIFIES; do -P_SERVER_ARGS="psk=6162636465666768696a6b6c6d6e6f70" -P_CLIENT_ARGS="psk=6162636465666768696a6b6c6d6e6f70" -O_SERVER_ARGS="-psk 6162636465666768696a6b6c6d6e6f70" -O_CLIENT_ARGS="-psk 6162636465666768696a6b6c6d6e6f70" if [ "X$VERIFY" = "XYES" ]; then - P_SERVER_ARGS="$P_SERVER_ARGS auth_mode=required crt_file=data_files/server1.crt key_file=data_files/server1.key ca_file=data_files/test-ca.crt" - P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key ca_file=data_files/test-ca.crt" - O_SERVER_ARGS="$O_SERVER_ARGS -verify 10 -CAfile data_files/test-ca.crt -cert data_files/server1.crt -key data_files/server1.key" - O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server2.crt -key data_files/server2.key -CAfile data_files/test-ca.crt" + P_SERVER_ARGS="ca_file=data_files/test-ca.crt auth_mode=required" + P_CLIENT_ARGS="ca_file=data_files/test-ca.crt" + O_SERVER_ARGS="-CAfile data_files/test-ca.crt -verify 10" + O_CLIENT_ARGS="-CAfile data_files/test-ca.crt" +else + P_SERVER_ARGS="" + P_CLIENT_ARGS="" + O_SERVER_ARGS="" + O_CLIENT_ARGS="" fi + for MODE in $MODES; do echo "Running for $MODE (Verify: $VERIFY)" echo "-----------" -P_CIPHERS=" \ - TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ - TLS-DHE-RSA-WITH-AES-256-CBC-SHA \ - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \ - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \ - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \ - TLS-RSA-WITH-AES-256-CBC-SHA \ - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \ - TLS-RSA-WITH-AES-128-CBC-SHA \ - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \ - TLS-RSA-WITH-3DES-EDE-CBC-SHA \ - TLS-RSA-WITH-RC4-128-SHA \ - TLS-RSA-WITH-RC4-128-MD5 \ - TLS-RSA-EXPORT-WITH-RC4-40-MD5 \ - TLS-RSA-WITH-NULL-MD5 \ - TLS-RSA-WITH-NULL-SHA \ - TLS-RSA-WITH-DES-CBC-SHA \ - TLS-DHE-RSA-WITH-DES-CBC-SHA \ - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \ - TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \ - TLS-ECDHE-RSA-WITH-RC4-128-SHA \ - TLS-ECDHE-RSA-WITH-NULL-SHA \ - TLS-PSK-WITH-RC4-128-SHA \ - TLS-PSK-WITH-3DES-EDE-CBC-SHA \ - TLS-PSK-WITH-AES-128-CBC-SHA \ - TLS-PSK-WITH-AES-256-CBC-SHA \ - " +for TYPE in $TYPES; +do -O_CIPHERS=" \ - DHE-RSA-AES128-SHA \ - DHE-RSA-AES256-SHA \ - DHE-RSA-CAMELLIA128-SHA \ - DHE-RSA-CAMELLIA256-SHA \ - EDH-RSA-DES-CBC3-SHA \ - AES256-SHA \ - CAMELLIA256-SHA \ - AES128-SHA \ - CAMELLIA128-SHA \ - DES-CBC3-SHA \ - RC4-SHA \ - RC4-MD5 \ - EXP-RC4-MD5 \ - NULL-MD5 \ - NULL-SHA \ - DES-CBC-SHA \ - EDH-RSA-DES-CBC-SHA \ - ECDHE-RSA-AES256-SHA \ - ECDHE-RSA-AES128-SHA \ - ECDHE-RSA-DES-CBC3-SHA \ - ECDHE-RSA-RC4-SHA \ - ECDHE-RSA-NULL-SHA \ - PSK-RC4-SHA \ - PSK-3DES-EDE-CBC-SHA \ - PSK-AES128-CBC-SHA \ - PSK-AES256-CBC-SHA - " +case $TYPE in -# Also add SHA256 ciphersuites -# -if [ "$MODE" = "tls1_2" ]; -then - P_CIPHERS="$P_CIPHERS \ - TLS-RSA-WITH-NULL-SHA256 \ - TLS-RSA-WITH-AES-128-CBC-SHA256 \ - TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ - TLS-RSA-WITH-AES-256-CBC-SHA256 \ - TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \ - TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \ - TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \ - " + "RSA") - O_CIPHERS="$O_CIPHERS \ - NULL-SHA256 \ - AES128-SHA256 \ - DHE-RSA-AES128-SHA256 \ - AES256-SHA256 \ - DHE-RSA-AES256-SHA256 \ - ECDHE-RSA-AES128-SHA256 \ - ECDHE-RSA-AES256-SHA384 \ - " + P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key" + P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server2.crt key_file=data_files/server2.key" + O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server1.crt -key data_files/server1.key" + O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server2.crt -key data_files/server2.key" - P_CIPHERS="$P_CIPHERS \ - TLS-RSA-WITH-AES-128-GCM-SHA256 \ - TLS-RSA-WITH-AES-256-GCM-SHA384 \ - TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \ - TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \ - TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \ - " + P_CIPHERS=" \ + TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + TLS-DHE-RSA-WITH-AES-256-CBC-SHA \ + TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \ + TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \ + TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \ + TLS-RSA-WITH-AES-256-CBC-SHA \ + TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \ + TLS-RSA-WITH-AES-128-CBC-SHA \ + TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \ + TLS-RSA-WITH-3DES-EDE-CBC-SHA \ + TLS-RSA-WITH-RC4-128-SHA \ + TLS-RSA-WITH-RC4-128-MD5 \ + TLS-RSA-EXPORT-WITH-RC4-40-MD5 \ + TLS-RSA-WITH-NULL-MD5 \ + TLS-RSA-WITH-NULL-SHA \ + TLS-RSA-WITH-DES-CBC-SHA \ + TLS-DHE-RSA-WITH-DES-CBC-SHA \ + TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \ + TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \ + TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \ + TLS-ECDHE-RSA-WITH-RC4-128-SHA \ + TLS-ECDHE-RSA-WITH-NULL-SHA \ + " - O_CIPHERS="$O_CIPHERS \ - AES128-GCM-SHA256 \ - DHE-RSA-AES128-GCM-SHA256 \ - AES256-GCM-SHA384 \ - DHE-RSA-AES256-GCM-SHA384 \ - ECDHE-RSA-AES128-GCM-SHA256 \ - ECDHE-RSA-AES256-GCM-SHA384 \ - " -fi + O_CIPHERS=" \ + DHE-RSA-AES128-SHA \ + DHE-RSA-AES256-SHA \ + DHE-RSA-CAMELLIA128-SHA \ + DHE-RSA-CAMELLIA256-SHA \ + EDH-RSA-DES-CBC3-SHA \ + AES256-SHA \ + CAMELLIA256-SHA \ + AES128-SHA \ + CAMELLIA128-SHA \ + DES-CBC3-SHA \ + RC4-SHA \ + RC4-MD5 \ + EXP-RC4-MD5 \ + NULL-MD5 \ + NULL-SHA \ + DES-CBC-SHA \ + EDH-RSA-DES-CBC-SHA \ + ECDHE-RSA-AES256-SHA \ + ECDHE-RSA-AES128-SHA \ + ECDHE-RSA-DES-CBC3-SHA \ + ECDHE-RSA-RC4-SHA \ + ECDHE-RSA-NULL-SHA \ + " + + if [ "$MODE" = "tls1_2" ]; + then + P_CIPHERS="$P_CIPHERS \ + TLS-RSA-WITH-NULL-SHA256 \ + TLS-RSA-WITH-AES-128-CBC-SHA256 \ + TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \ + TLS-RSA-WITH-AES-256-CBC-SHA256 \ + TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \ + TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \ + TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \ + TLS-RSA-WITH-AES-128-GCM-SHA256 \ + TLS-RSA-WITH-AES-256-GCM-SHA384 \ + TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \ + TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \ + TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ + TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \ + " + + O_CIPHERS="$O_CIPHERS \ + NULL-SHA256 \ + AES128-SHA256 \ + DHE-RSA-AES128-SHA256 \ + AES256-SHA256 \ + DHE-RSA-AES256-SHA256 \ + ECDHE-RSA-AES128-SHA256 \ + ECDHE-RSA-AES256-SHA384 \ + AES128-GCM-SHA256 \ + DHE-RSA-AES128-GCM-SHA256 \ + AES256-GCM-SHA384 \ + DHE-RSA-AES256-GCM-SHA384 \ + ECDHE-RSA-AES128-GCM-SHA256 \ + ECDHE-RSA-AES256-GCM-SHA384 \ + " + fi + + ;; + + "PSK") + + P_SERVER_ARGS="$P_SERVER_ARGS psk=6162636465666768696a6b6c6d6e6f70" + P_CLIENT_ARGS="$P_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70" + O_SERVER_ARGS="$O_SERVER_ARGS -psk 6162636465666768696a6b6c6d6e6f70" + O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70" + + P_CIPHERS=" \ + TLS-PSK-WITH-RC4-128-SHA \ + TLS-PSK-WITH-3DES-EDE-CBC-SHA \ + TLS-PSK-WITH-AES-128-CBC-SHA \ + TLS-PSK-WITH-AES-256-CBC-SHA \ + " + + O_CIPHERS=" \ + PSK-RC4-SHA \ + PSK-3DES-EDE-CBC-SHA \ + PSK-AES128-CBC-SHA \ + PSK-AES256-CBC-SHA \ + " + + ;; + +esac filter() { @@ -261,49 +287,60 @@ PROCESS_ID=$! sleep 1 -# OpenSSL does not support RFC5246 and RFC6367 Camellia ciphers with SHA256 -# or SHA384 -# Add for PolarSSL only test, which does support them. -# -if [ "$MODE" = "tls1_2" ]; -then - P_CIPHERS="$P_CIPHERS \ - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ - TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ - TLS-PSK-WITH-AES-128-CBC-SHA256 \ - TLS-PSK-WITH-AES-256-CBC-SHA384 \ - TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ - TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - TLS-PSK-WITH-AES-128-GCM-SHA256 \ - TLS-PSK-WITH-AES-256-GCM-SHA384 \ - TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \ - TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \ - TLS-PSK-WITH-NULL-SHA256 \ - TLS-PSK-WITH-NULL-SHA384 \ - TLS-DHE-PSK-WITH-NULL-SHA256 \ - TLS-DHE-PSK-WITH-NULL-SHA384 \ - TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ - TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ - " -fi +# Add ciphersuites supported by PolarSSL only -# OpenSSL does not support DHE-PSK ciphers -# Add for PolarSSL only test, which does support them. -# -P_CIPHERS="$P_CIPHERS \ - TLS-DHE-PSK-WITH-RC4-128-SHA \ - TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ - TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ - TLS-PSK-WITH-NULL-SHA \ - TLS-DHE-PSK-WITH-NULL-SHA \ - " +case $TYPE in + + "RSA") + + if [ "$MODE" = "tls1_2" ]; + then + P_CIPHERS="$P_CIPHERS \ + TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ + TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ + TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ + " + fi + + ;; + + "PSK") + + P_CIPHERS="$P_CIPHERS \ + TLS-DHE-PSK-WITH-RC4-128-SHA \ + TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA \ + TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ + TLS-DHE-PSK-WITH-AES-256-CBC-SHA \ + TLS-PSK-WITH-NULL-SHA \ + TLS-DHE-PSK-WITH-NULL-SHA \ + " + + if [ "$MODE" = "tls1_2" ]; + then + P_CIPHERS="$P_CIPHERS \ + TLS-PSK-WITH-AES-128-CBC-SHA256 \ + TLS-PSK-WITH-AES-256-CBC-SHA384 \ + TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ + TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ + TLS-PSK-WITH-AES-128-GCM-SHA256 \ + TLS-PSK-WITH-AES-256-GCM-SHA384 \ + TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \ + TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \ + TLS-PSK-WITH-NULL-SHA256 \ + TLS-PSK-WITH-NULL-SHA384 \ + TLS-DHE-PSK-WITH-NULL-SHA256 \ + TLS-DHE-PSK-WITH-NULL-SHA384 \ + TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ + TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \ + " + fi + +esac # Filter ciphersuites if [ "X" != "X$FILTER" ]; @@ -334,3 +371,4 @@ wait $PROCESS_ID 2>/dev/null done done +done From dfc8d5accc9372be3e04658404bd90095ad7adb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Aug 2013 20:48:40 +0200 Subject: [PATCH 33/35] Small adjustments in compat.sh --- tests/compat.sh | 47 ++++++++++++++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 9054a8177..e5d82b093 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -24,6 +24,16 @@ do shift MODES=$1 ;; + -t|--types) + # Key exchange types + shift + TYPES=$1 + ;; + -V|--verify) + # Verifiction modes + shift + VERIFIES=$1 + ;; -v|--verbose) # Set verbosity shift @@ -35,6 +45,8 @@ do echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)" echo -e " -h|--help\t\tPrint this help." echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")" + echo -e " -t|--types\tWhich key exchange type to perform (Default: \"RSA PSK\")" + echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")" echo -e " -v|--verbose\t\tSet verbose output." exit 1 ;; @@ -53,6 +65,21 @@ log () { fi } +filter() +{ + LIST=$1 + FILTER=$2 + + NEW_LIST="" + + for i in $LIST; + do + NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )" + done + + echo "$NEW_LIST" +} + for VERIFY in $VERIFIES; do @@ -60,7 +87,7 @@ if [ "X$VERIFY" = "XYES" ]; then P_SERVER_ARGS="ca_file=data_files/test-ca.crt auth_mode=required" P_CLIENT_ARGS="ca_file=data_files/test-ca.crt" - O_SERVER_ARGS="-CAfile data_files/test-ca.crt -verify 10" + O_SERVER_ARGS="-CAfile data_files/test-ca.crt -Verify 10" O_CLIENT_ARGS="-CAfile data_files/test-ca.crt" else P_SERVER_ARGS="" @@ -72,6 +99,7 @@ fi for MODE in $MODES; do +echo "-----------" echo "Running for $MODE (Verify: $VERIFY)" echo "-----------" @@ -199,21 +227,6 @@ case $TYPE in esac -filter() -{ - LIST=$1 - FILTER=$2 - - NEW_LIST="" - - for i in $LIST; - do - NEW_LIST="$NEW_LIST $( echo "$i" | grep "$FILTER" )" - done - - echo "$NEW_LIST" -} - # Filter ciphersuites if [ "X" != "X$FILTER" ]; then @@ -223,7 +236,7 @@ fi log "$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE" -$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE & +$OPENSSL s_server -cert data_files/server2.crt -key data_files/server2.key -www -quiet -cipher NULL,ALL $O_SERVER_ARGS -$MODE >/dev/null 2>&1 & PROCESS_ID=$! sleep 1 From 7ebaf376f90bb424d835aeda82411058da55c25f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Aug 2013 21:03:33 +0200 Subject: [PATCH 34/35] Add ECDSA suites to compat.sh --- tests/compat.sh | 80 +++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 67 insertions(+), 13 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index e5d82b093..2a7ab88e0 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -4,7 +4,7 @@ killall -q openssl ssl_server ssl_server2 MODES="ssl3 tls1 tls1_1 tls1_2" VERIFIES="NO YES" -TYPES="RSA PSK" +TYPES="ECDSA RSA PSK" OPENSSL=openssl FILTER="" VERBOSE="" @@ -45,7 +45,7 @@ do echo -e " -f|--filter\tFilter ciphersuites to test (Default: all)" echo -e " -h|--help\t\tPrint this help." echo -e " -m|--modes\tWhich modes to perform (Default: \"ssl3 tls1 tls1_1 tls1_2\")" - echo -e " -t|--types\tWhich key exchange type to perform (Default: \"RSA PSK\")" + echo -e " -t|--types\tWhich key exchange type to perform (Default: \"ECDSA RSA PSK\")" echo -e " -V|--verify\tWhich verification modes to perform (Default: \"NO YES\")" echo -e " -v|--verbose\t\tSet verbose output." exit 1 @@ -85,10 +85,10 @@ do if [ "X$VERIFY" = "XYES" ]; then - P_SERVER_ARGS="ca_file=data_files/test-ca.crt auth_mode=required" - P_CLIENT_ARGS="ca_file=data_files/test-ca.crt" - O_SERVER_ARGS="-CAfile data_files/test-ca.crt -Verify 10" - O_CLIENT_ARGS="-CAfile data_files/test-ca.crt" + P_SERVER_ARGS="ca_file=data_files/test-ca_cat12.crt auth_mode=required" + P_CLIENT_ARGS="ca_file=data_files/test-ca_cat12.crt" + O_SERVER_ARGS="-CAfile data_files/test-ca_cat12.crt -Verify 10" + O_CLIENT_ARGS="-CAfile data_files/test-ca_cat12.crt" else P_SERVER_ARGS="" P_CLIENT_ARGS="" @@ -108,6 +108,48 @@ do case $TYPE in + "ECDSA") + + P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server5.crt key_file=data_files/server5.key" + P_CLIENT_ARGS="$P_CLIENT_ARGS crt_file=data_files/server6.crt key_file=data_files/server6.key" + O_SERVER_ARGS="$O_SERVER_ARGS -cert data_files/server5.crt -key data_files/server5.key" + O_CLIENT_ARGS="$O_CLIENT_ARGS -cert data_files/server6.crt -key data_files/server6.key" + + P_CIPHERS=" \ + TLS-ECDHE-ECDSA-WITH-NULL-SHA \ + TLS-ECDHE-ECDSA-WITH-RC4-128-SHA \ + TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA \ + TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \ + TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \ + " + + O_CIPHERS=" \ + ECDHE-ECDSA-NULL-SHA \ + ECDHE-ECDSA-RC4-SHA \ + ECDHE-ECDSA-DES-CBC3-SHA \ + ECDHE-ECDSA-AES128-SHA \ + ECDHE-ECDSA-AES256-SHA \ + " + + if [ "$MODE" = "tls1_2" ]; + then + P_CIPHERS="$P_CIPHERS \ + TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ + TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \ + TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \ + " + + O_CIPHERS=" \ + ECDHE-ECDSA-AES128-SHA256 \ + ECDHE-ECDSA-AES256-SHA384 \ + ECDHE-ECDSA-AES128-GCM-SHA256 \ + ECDHE-ECDSA-AES256-GCM-SHA384 \ + " + fi + + ;; + "RSA") P_SERVER_ARGS="$P_SERVER_ARGS crt_file=data_files/server1.crt key_file=data_files/server1.key" @@ -304,17 +346,29 @@ sleep 1 case $TYPE in + "ECDSA") + + if [ "$MODE" = "tls1_2" ]; + then + P_CIPHERS="$P_CIPHERS \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \ + " + fi + + ;; + "RSA") if [ "$MODE" = "tls1_2" ]; then - P_CIPHERS="$P_CIPHERS \ - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ - TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ - TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ - TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ + P_CIPHERS="$P_CIPHERS \ + TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ + TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \ + TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \ + TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \ " fi From 70064fd72151cf1b6511b39b225d075403917b11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 27 Aug 2013 22:00:47 +0200 Subject: [PATCH 35/35] compat.sh: report results --- tests/compat.sh | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/tests/compat.sh b/tests/compat.sh index 2a7ab88e0..ef6b0e0d3 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -2,6 +2,10 @@ killall -q openssl ssl_server ssl_server2 +let "tests = 0" +let "failed = 0" +let "skipped = 0" + MODES="ssl3 tls1 tls1_1 tls1_2" VERIFIES="NO YES" TYPES="ECDSA RSA PSK" @@ -285,6 +289,7 @@ sleep 1 for i in $P_CIPHERS; do + let "tests++" log "../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE" RESULT="$( ../programs/ssl/ssl_client2 $P_CLIENT_ARGS force_ciphersuite=$i force_version=$MODE )" EXIT=$? @@ -292,10 +297,12 @@ do if [ "$EXIT" = "2" ]; then echo Ciphersuite not supported in client + let "skipped++" elif [ "$EXIT" != "0" ]; then echo Failed echo $RESULT + let "failed++" else echo Success fi @@ -311,6 +318,7 @@ sleep 1 for i in $O_CIPHERS; do + let "tests++" log "$OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS" RESULT="$( ( echo -e 'GET HTTP/1.0'; echo; sleep 1 ) | $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS 2>&1 )" EXIT=$? @@ -322,11 +330,13 @@ do if [ "X$SUPPORTED" != "X" ] then echo "Ciphersuite not supported in server" + let "skipped++" else echo Failed echo ../programs/ssl/ssl_server2 $P_SERVER_ARGS echo $OPENSSL s_client -$MODE -cipher $i $O_CLIENT_ARGS echo $RESULT + let "failed++" fi else echo Success @@ -418,6 +428,7 @@ fi for i in $P_CIPHERS; do + let "tests++" log "../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS" RESULT="$( ../programs/ssl/ssl_client2 force_ciphersuite=$i force_version=$MODE $P_CLIENT_ARGS )" EXIT=$? @@ -425,10 +436,12 @@ do if [ "$EXIT" = "2" ]; then echo Ciphersuite not supported in client + let "skipped++" elif [ "$EXIT" != "0" ]; then echo Failed echo $RESULT + let "failed++" else echo Success fi @@ -439,3 +452,19 @@ wait $PROCESS_ID 2>/dev/null done done done + +echo "" +echo "-------------------------------------------------------------------------" +echo "" + +if (( failed != 0 )); +then + echo -n "FAILED" +else + echo -n "PASSED" +fi + +let "passed = tests - failed" +echo " ($passed / $tests tests ($skipped skipped))" + +exit $failed