From: Denis Kenzior <denkenz@gmail.com>
To: ell@lists.linux.dev
Cc: Denis Kenzior <denkenz@gmail.com>
Subject: [PATCH v2 05/10] tls: Add helper for DigitallySigned validation
Date: Mon, 18 Jul 2022 13:00:40 -0500 [thread overview]
Message-ID: <20220718180045.5845-5-denkenz@gmail.com> (raw)
In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com>
To support additional signature algorithms, move the logic
that validates DigitallySigned structure to a helper function.
---
ell/tls-suites.c | 87 +++++++++++++++++++++++++++++++++---------------
1 file changed, 60 insertions(+), 27 deletions(-)
diff --git a/ell/tls-suites.c b/ell/tls-suites.c
index 1c1ca078b3d8..d5d2ec8f741f 100644
--- a/ell/tls-suites.c
+++ b/ell/tls-suites.c
@@ -40,6 +40,57 @@
#include "ecdh.h"
#include "missing.h"
+enum signature_algorithm {
+ SIGNATURE_ALGORITHM_ANONYMOUS = 0,
+ SIGNATURE_ALGORITHM_RSA = 1,
+ SIGNATURE_ALGORITHM_DSA = 2,
+ SIGNATURE_ALGORITHM_ECDSA = 3,
+};
+
+/*
+ * Sanitize DigitallySigned struct input, making sure the lengths
+ * are valid and correspond to what we expect.
+ *
+ * Returns: start of the opaque portion
+ */
+static const uint8_t *validate_digitally_signed(struct l_tls *tls,
+ const uint8_t *in, size_t in_len,
+ enum signature_algorithm expected_alg,
+ uint16_t *opaque_len)
+{
+ size_t offset = 2;
+ uint16_t len;
+
+ if (tls->negotiated_version < L_TLS_V12)
+ offset = 0;
+
+ if (in_len < offset + 2)
+ goto size_error;
+
+ len = l_get_be16(in + offset);
+ if (len != in_len - offset - 2)
+ goto size_error;
+
+ if (tls->negotiated_version >= L_TLS_V12) {
+ if (in[1] != expected_alg) {
+ TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0,
+ "Unknown signature algorithm %i",
+ in[1]);
+
+ return NULL;
+ }
+ }
+
+ *opaque_len = len;
+ return in + offset + 2;
+
+size_error:
+ TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0, "Signature msg too "
+ "short (%zi) or signature length doesn't match",
+ in_len);
+ return NULL;
+}
+
static bool tls_rsa_validate_cert_key(struct l_cert *cert)
{
return l_cert_get_pubkey_type(cert) == L_CERT_KEY_RSA;
@@ -112,29 +163,20 @@ static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in, size_t in_len,
enum l_checksum_type sign_checksum_type;
uint8_t expected[HANDSHAKE_HASH_MAX_SIZE + 36];
size_t expected_len;
- unsigned int offset;
+ const uint8_t *opaque;
+ uint16_t opaque_len;
bool success;
- /* 2 bytes for SignatureAndHashAlgorithm if version >= 1.2 */
- offset = 2;
- if (tls->negotiated_version < L_TLS_V12)
- offset = 0;
-
- if (in_len < offset + 2 ||
- (size_t) l_get_be16(in + offset) + offset + 2 !=
- in_len) {
- TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0, "Signature msg too "
- "short (%zi) or signature length doesn't match",
- in_len);
-
+ opaque = validate_digitally_signed(tls, in, in_len,
+ SIGNATURE_ALGORITHM_RSA, &opaque_len);
+ if (!opaque)
return false;
- }
/* Only the default hash type supported */
- if (in_len != offset + 2 + tls->peer_pubkey_size) {
+ if (opaque_len != tls->peer_pubkey_size) {
TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0,
- "Signature length %zi not equal %zi", in_len,
- offset + 2 + tls->peer_pubkey_size);
+ "Signature length %hu not equal %zi",
+ opaque_len, tls->peer_pubkey_size);
return false;
}
@@ -142,15 +184,6 @@ static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in, size_t in_len,
if (tls->negotiated_version >= L_TLS_V12) {
enum handshake_hash_type hash;
- /* Only RSA supported */
- if (in[1] != 1 /* RSA_sign */) {
- TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0,
- "Unknown signature algorithm %i",
- in[1]);
-
- return false;
- }
-
for (hash = 0; hash < __HANDSHAKE_HASH_COUNT; hash++)
if (tls_handshake_hash_data[hash].tls_id == in[0])
break;
@@ -203,7 +236,7 @@ static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in, size_t in_len,
}
success = l_key_verify(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5,
- sign_checksum_type, expected, in + offset + 2,
+ sign_checksum_type, expected, opaque,
expected_len, tls->peer_pubkey_size);
if (!success)
--
2.35.1
next prev parent reply other threads:[~2022-07-18 18:07 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-18 18:00 [PATCH v2 01/10] cert/key: Add support for EC based certificates Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 02/10] unit: Add basic EC-DSA verification test Denis Kenzior
2022-07-18 19:07 ` Mat Martineau
2022-07-18 20:21 ` Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 03/10] key: ECDSA data is given in x962 format Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 04/10] tls: Support peer certificates that use ECDSA Denis Kenzior
2022-07-18 18:00 ` Denis Kenzior [this message]
2022-07-18 18:00 ` [PATCH v2 06/10] tls: Add helper to find hash function by id Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 07/10] tls-suites: Add ECDSA suites from RFC 8422 Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 08/10] unit: Skip ECDSA cipher suite tests Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 09/10] useful: Add maxsize() Denis Kenzior
2022-07-18 18:00 ` [PATCH v2 10/10] tls: Do not set verify_data_length unless needed Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220718180045.5845-5-denkenz@gmail.com \
--to=denkenz@gmail.com \
--cc=ell@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).