From patchwork Mon Jul 18 18:00:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921567 Received: from mail-oa1-f51.google.com (mail-oa1-f51.google.com [209.85.160.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4718433CC for ; Mon, 18 Jul 2022 18:07:11 +0000 (UTC) Received: by mail-oa1-f51.google.com with SMTP id 586e51a60fabf-10c0052da61so25823756fac.12 for ; Mon, 18 Jul 2022 11:07:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=KVl4FR/UvUMnUD+PgXmBC9MO7CbdSnwg0TP7pYIG/8M=; b=hwhBv7F1KcW+O+HiNC/F71pZNztq0HsbibDOSR1u5QozkBOcp2nnK/uIg2Kxig+yG3 Wgk6LIJEZqjslv74+M114QgMc3bnv4o1ifydUzy+Xo30XVz6Qm32qNAPYFi1SpFp0Xni mQmayqwsCEMX1Yg6Niq7RkDH39PYQQ6UWrnN8r6xKu8u1r0+TrdvsMABrfRepix5JQFc Pt3nlyD0RUyt0V2rQ77iWctW9m1RlC2jQQnLtxMyF4ej8ZPHl1YmvfkmN8TIKM/KeDyw JVHGCO2t5adaPunl8/ldo3RFfMIHiHPS5L5WnfP5lShijPzKPCvkbqZ8UQz2lxazrew2 k6fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=KVl4FR/UvUMnUD+PgXmBC9MO7CbdSnwg0TP7pYIG/8M=; b=PncmTqUod247LY7MzX5VJxtPU9AQJFuydUIw6NBCXgypg9Ni3OHePoqxSlNYxHK5wD zVnjptmbFdzx+/5HlGausk8e2ueepRwxk/YduQCL0kU2GvzaEzGt3dZoNC5a2873obJe dy8rF8VKh8eYA0AwhfSVaTlg7V1TdSm158KvzLKy79NFfTOIZ9ozI3WcaWm0BWWGhd7p q84YFi1AWyzMkYBWYW/amdL5J/ZUL2Lwip1YF2kLJVvf8cMfOMkUIFHuuV88CsvfE51D +i1/cpalBzey0EgGt6Ml/QHK56M6D0u9KNLOl5c3NgAngnPD2IzOFXnsp6HRAfvHpfS0 IxhA== X-Gm-Message-State: AJIora8tpGbH7Wo9RZ6qsIJui6jRkBc7MEngvH6aB163TqL8aF8BrQd4 jQLW99c1n537yR3jfAQdYWyYKaGEA4E= X-Google-Smtp-Source: AGRyM1szlAGxp7E73GXhkbixMJPJByzArS+3aLBYnjFzIdYa3tdb8QgBGdn3QCiKF4/QWjpugYGjpg== X-Received: by 2002:a05:6870:e248:b0:10d:215d:1b41 with SMTP id d8-20020a056870e24800b0010d215d1b41mr7936823oac.179.1658167629704; Mon, 18 Jul 2022 11:07:09 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id n23-20020a056870559700b0010c727a3c79sm6808467oao.26.2022.07.18.11.07.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 11:07:09 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH v2 01/10] cert/key: Add support for EC based certificates Date: Mon, 18 Jul 2022 13:00:36 -0500 Message-Id: <20220718180045.5845-1-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Mostly for use with Elliptic Curve (EC) Digital Signature Algorithm (DSA) based certificates. Other combinations of EC + signature algorithms are also possible. This requires your kernel to be built with CRYPTO_ECDSA support. --- NOTE: At the time this patch was created, kernel had to be patched with the following fix in order for ECDSA support to function properly from userspace: https://lore.kernel.org/linux-crypto/20220715182810.30505-1-denkenz@gmail.com/ ell/cert.c | 18 ++++++++++++++++-- ell/cert.h | 1 + ell/key.c | 1 + ell/key.h | 1 + 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/ell/cert.c b/ell/cert.c index 141ea1cec038..a158142445ec 100644 --- a/ell/cert.c +++ b/ell/cert.c @@ -77,7 +77,15 @@ static const struct pkcs1_encryption_oid { } pkcs1_encryption_oids[] = { { /* rsaEncryption */ L_CERT_KEY_RSA, - { 9, { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 } }, + { .asn1_len = 9, .asn1 = { + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 } + }, + }, + { /* ecPublicKey */ + L_CERT_KEY_ECC, + { .asn1_len = 7, .asn1 = { + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01 } + }, }, }; @@ -261,8 +269,14 @@ LIB_EXPORT struct l_key *l_cert_get_pubkey(struct l_cert *cert) return NULL; /* Use kernel's ASN.1 certificate parser to find the key data for us */ - if (cert->pubkey_type == L_CERT_KEY_RSA) + switch (cert->pubkey_type) { + case L_CERT_KEY_RSA: return l_key_new(L_KEY_RSA, cert->asn1, cert->asn1_len); + case L_CERT_KEY_ECC: + return l_key_new(L_KEY_ECC, cert->asn1, cert->asn1_len); + case L_CERT_KEY_UNKNOWN: + break; + } return NULL; } diff --git a/ell/cert.h b/ell/cert.h index 605e427c3d05..f637588e6d66 100644 --- a/ell/cert.h +++ b/ell/cert.h @@ -36,6 +36,7 @@ struct l_certchain; enum l_cert_key_type { L_CERT_KEY_RSA, + L_CERT_KEY_ECC, L_CERT_KEY_UNKNOWN, }; diff --git a/ell/key.c b/ell/key.c index b28bf4dbf085..73f38581f736 100644 --- a/ell/key.c +++ b/ell/key.c @@ -108,6 +108,7 @@ struct l_keyring { static const char * const key_type_names[] = { [L_KEY_RAW] = "user", [L_KEY_RSA] = "asymmetric", + [L_KEY_ECC] = "asymmetric", }; static long kernel_add_key(const char *type, const char *description, diff --git a/ell/key.h b/ell/key.h index d25d09385b6f..f26f7ecb26c3 100644 --- a/ell/key.h +++ b/ell/key.h @@ -45,6 +45,7 @@ enum l_key_feature { enum l_key_type { L_KEY_RAW = 0, L_KEY_RSA, + L_KEY_ECC, }; enum l_keyring_restriction { From patchwork Mon Jul 18 18:00:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921568 Received: from mail-oa1-f52.google.com (mail-oa1-f52.google.com [209.85.160.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E4B333DE for ; Mon, 18 Jul 2022 18:07:11 +0000 (UTC) Received: by mail-oa1-f52.google.com with SMTP id 586e51a60fabf-10bf634bc50so25866196fac.3 for ; Mon, 18 Jul 2022 11:07:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=eJv6T4eZlPUQrv96VWRsGjDiVJ2iugN0FZGR84yt/kA=; b=DQtZnL2kWdcShFuehGPgKzpj6YJ1FAvClhkknLcl4DaK0NStuBq8xYfA8hw7yMFsrH QDvH+06feTP2Vpqrpx3kZoIiqVIx3qNPxyD19vSb8tOo+udH0CO7RohZeH6Ynrp+dFoH oJx8x9RbncYgQSMgllBcwY036hSozfJ285dXoKW7QX6cnZ62OkcCouVVNpE1YWyZctzW 4sasKCWR2WXsmaUPYHVY2DgF4I9vQxLRIUFXEccFR84kc1q5vVI7g8/oDzDLRW7+T8uz V3TMNjGkV+wVEUPV+/anqYq6oMh6xC9eTS4KAakjCWtOjo5taaVGpZycidq68XSzOEcu g6WQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=eJv6T4eZlPUQrv96VWRsGjDiVJ2iugN0FZGR84yt/kA=; b=iP0pYFUwRGoIcngvGVdLLdFk1AUfPQLo+wwEWHvcMAQnn9/MhHZhtP8rb6A6AcJ2Yt gl91RNAM0Kj03WJW5+LYkPJyrExlNT09c9tbclUj8ndsfnGkY78Z+PUB6V8Seydy3RfI i9ENaAi1kHytRSlv/XLemzGpuyVOKUv7zdGR5Ec7wGiB1c0dLSd0+DZUJhaEUYicuXvi 2FMZAn0g8UvtyZtbPG+BVuTmedEhR8Vwy4dW2wnm3jxHJGmsul097tnPz/bEbAvo9jHW 72XzWoOOd7oZNbpHImELoDLt1a4wHDJtWCC8v0G8rEBwisSeYnf0pRGDHaAyiaAbuhw5 U6KA== X-Gm-Message-State: AJIora9eIxdmdcmIccde7emV5Z1EHMsD8a18+dv3DT+hNLv2YzlQQ9Yk JCtqw7Sk4v2VFBrg2nrAssaCWXZpZyA= X-Google-Smtp-Source: AGRyM1tyMt4x2ohBVVJDwldBtnrfC4QsD7UzXNn+ArCisOAkAAsMf8sFrLXKuCgCAxDU+Sfh9mw08w== X-Received: by 2002:a05:6870:829e:b0:10c:240b:cbb9 with SMTP id q30-20020a056870829e00b0010c240bcbb9mr15044385oae.115.1658167630415; Mon, 18 Jul 2022 11:07:10 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id n23-20020a056870559700b0010c727a3c79sm6808467oao.26.2022.07.18.11.07.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 11:07:10 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH v2 02/10] unit: Add basic EC-DSA verification test Date: Mon, 18 Jul 2022 13:00:37 -0500 Message-Id: <20220718180045.5845-2-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com> References: <20220718180045.5845-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- .gitignore | 2 ++ Makefile.am | 39 ++++++++++++++++++++++++++++++++++++++- unit/test-tls.c | 22 +++++++++++++++++++++- 3 files changed, 61 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 346243a8f9c7..76f10aecfdd3 100644 --- a/.gitignore +++ b/.gitignore @@ -67,6 +67,8 @@ unit/cert-*.csr unit/cert-*.srl unit/cert-*.crt unit/cert-*.p12 +unit/ec-cert-*.pem +unit/ec-cert-*.csr unit/key-*.dat unit/key-*.h unit/*.log diff --git a/Makefile.am b/Makefile.am index 2bf728bbde7a..e5d7143af236 100644 --- a/Makefile.am +++ b/Makefile.am @@ -219,6 +219,7 @@ cert_tests = unit/test-pem \ cert_files = unit/cert-chain.pem \ unit/cert-entity-int.pem \ unit/cert-server.pem \ + unit/ec-cert-server.pem \ unit/cert-server-key-pkcs8.pem \ unit/cert-client.pem \ unit/cert-client.crt \ @@ -246,6 +247,7 @@ cert_files = unit/cert-chain.pem \ cert_checks = unit/cert-intca \ unit/cert-entity-int \ unit/cert-server \ + unit/ec-cert-server \ unit/cert-client \ unit/cert-no-keyid @@ -417,15 +419,30 @@ false_redirect_openssl = 2>/dev/null unit/cert-ca-key.pem: $(AM_V_GEN)openssl genrsa -out $@ 2048 $($(AM_V_P)_redirect_openssl) +unit/ec-cert-ca-key.pem: + $(AM_V_GEN)openssl ecparam -out $@ -name secp384r1 \ + -genkey $($(AM_V_P)_redirect_openssl) + + unit/cert-ca.pem: unit/cert-ca-key.pem unit/gencerts.cnf $(AM_V_GEN)openssl req -x509 -new -nodes -extensions ca_ext \ -config $(srcdir)/unit/gencerts.cnf \ -subj '/O=International Union of Example Organizations/CN=Certificate issuer guy/emailAddress=ca@mail.example' \ -key $< -sha256 -days 10000 -out $@ +unit/ec-cert-ca.pem: unit/ec-cert-ca-key.pem unit/gencerts.cnf + $(AM_V_GEN)openssl req -x509 -new -nodes -extensions ca_ext \ + -config $(srcdir)/unit/gencerts.cnf \ + -subj '/O=International Union of Example Organizations/CN=Certificate issuer guy/emailAddress=ca@mail.example' \ + -key $< -sha256 -days 10000 -out $@ + unit/cert-server-key.pem: $(AM_V_GEN)openssl genrsa -out $@ $($(AM_V_P)_redirect_openssl) +unit/ec-cert-server-key.pem: + $(AM_V_GEN)openssl ecparam -out $@ -name secp384r1 \ + -genkey $($(AM_V_P)_redirect_openssl) + unit/cert-server-key-pkcs8.pem: unit/cert-server-key.pem $(AM_V_GEN)openssl pkcs8 -topk8 -nocrypt -in $< -out $@ @@ -435,6 +452,12 @@ unit/cert-server.csr: unit/cert-server-key.pem unit/gencerts.cnf -subj '/O=Foo Example Organization/CN=Foo Example Organization/emailAddress=foo@mail.example' \ -key $< -out $@ +unit/ec-cert-server.csr: unit/ec-cert-server-key.pem unit/gencerts.cnf + $(AM_V_GEN)openssl req -new -extensions cert_ext \ + -config $(srcdir)/unit/gencerts.cnf \ + -subj '/O=Foo Example Organization/CN=Foo Example Organization/emailAddress=foo@mail.example' \ + -key $< -out $@ + unit/cert-server.pem: unit/cert-server.csr unit/cert-ca.pem unit/gencerts.cnf $(AM_V_GEN)openssl x509 -req -extensions server_ext \ -extfile $(srcdir)/unit/gencerts.cnf \ @@ -443,9 +466,22 @@ unit/cert-server.pem: unit/cert-server.csr unit/cert-ca.pem unit/gencerts.cnf -CAserial $(builddir)/unit/cert-ca.srl \ -CAcreateserial -sha256 -days 10000 -out $@ $($(AM_V_P)_redirect_openssl) +unit/ec-cert-server.pem: unit/ec-cert-server.csr unit/ec-cert-ca.pem \ + unit/gencerts.cnf + $(AM_V_GEN)openssl x509 -req -extensions server_ext \ + -extfile $(srcdir)/unit/gencerts.cnf \ + -in $< -CA $(builddir)/unit/ec-cert-ca.pem \ + -CAkey $(builddir)/unit/ec-cert-ca-key.pem \ + -CAserial $(builddir)/unit/cert-ca.srl \ + -CAcreateserial -sha256 -days 10000 \ + -out $@ $($(AM_V_P)_redirect_openssl) + unit/cert-server: unit/cert-server.pem unit/cert-ca.pem $(AM_V_GEN)openssl verify -CAfile $(builddir)/unit/cert-ca.pem $< +unit/ec-cert-server: unit/ce-cert-server.pem unit/ce-cert-ca.pem + $(AM_V_GEN)openssl verify -CAfile $(builddir)/unit/ce-cert-ca.pem $< + unit/cert-client-key-pkcs1.pem: $(AM_V_GEN)openssl genrsa -out $@ $($(AM_V_P)_redirect_openssl) @@ -623,7 +659,8 @@ check-local: $(cert_checks) endif clean-local: - -rm -f unit/cert-*.pem unit/cert-*.csr unit/cert-*.srl unit/key-*.dat + -rm -f unit/ec-cert*.pem unit/ec-cert-*.csr \ + unit/cert-*.pem unit/cert-*.csr unit/cert-*.srl unit/key-*.dat maintainer-clean-local: -rm -rf build-aux diff --git a/unit/test-tls.c b/unit/test-tls.c index 7937962cf8a0..aee5b2e36b78 100644 --- a/unit/test-tls.c +++ b/unit/test-tls.c @@ -325,6 +325,24 @@ static void test_certificates(const void *data) l_queue_destroy(twocas, (l_queue_destroy_func_t) l_cert_free); } +static void test_ec_certificates(const void *data) +{ + struct l_queue *cacert; + struct l_certchain *chain; + + cacert = l_pem_load_certificate_list(CERTDIR "ec-cert-ca.pem"); + assert(cacert && !l_queue_isempty(cacert)); + + chain = l_pem_load_certificate_chain(CERTDIR "ec-cert-server.pem"); + assert(chain); + + assert(l_certchain_verify(chain, cacert, NULL)); + assert(l_certchain_verify(chain, NULL, NULL)); + + l_certchain_free(chain); + l_queue_destroy(cacert, (l_queue_destroy_func_t) l_cert_free); +} + struct tls_conn_test { const char *server_cert_path; const char *server_key_path; @@ -948,8 +966,10 @@ int main(int argc, char *argv[]) l_test_add("TLS 1.2 PRF with SHA512", test_tls12_prf, &tls12_prf_sha512_0); - if (l_key_is_supported(L_KEY_FEATURE_RESTRICT)) + if (l_key_is_supported(L_KEY_FEATURE_RESTRICT)) { l_test_add("Certificate chains", test_certificates, NULL); + l_test_add("ECDSA Certificates", test_ec_certificates, NULL); + } if (!l_getrandom_is_supported()) { printf("getrandom missing, skipping TLS connection tests...\n"); From patchwork Mon Jul 18 18:00:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921569 Received: from mail-oa1-f53.google.com (mail-oa1-f53.google.com [209.85.160.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6121433DF for ; Mon, 18 Jul 2022 18:07:12 +0000 (UTC) Received: by mail-oa1-f53.google.com with SMTP id 586e51a60fabf-10d4691a687so10546341fac.10 for ; Mon, 18 Jul 2022 11:07:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kW99CkzG/sAtLGON6i1sEngEB0b9gBWe/XHcegnda2w=; b=amqwidALx/Dv5Ap76dgNn2IUuAhB94SS9DHMmW/7Q9w1Lj1UFnQ+9wjolgy+pJNsR9 yteplVZrGpaaDpBdHX9j3+jgO7CHiy27uVwC3LP2G7C60rJ2EggeyP/BNG3k7Q4t2Mrf cGXgTTEN3upCUR2+Z0Czntfdito4I0R533ivxeTOK6YFp23S4EaqR263pbWf1TR13EwM 0WDKbdqYxVn3Hm+iNGLeyKs6bNs66iJvZs/iWeHaq1hn3ItinS9CW6TbsjESJJMQwims sl5baSufcK9cEZhnD2xILfcfN/fi52ULXFEiesGKfUuMppNdEyBrVCUGZPZJ3r3lgR56 1oYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kW99CkzG/sAtLGON6i1sEngEB0b9gBWe/XHcegnda2w=; b=PnYqwAAaVeF7B5ZVAzWI6fsmevhHcyH4guvKSeIY3a2IFYd2OKK0b6DwfVBN6CAqo2 Vk5/lLQc/rJ5PXOCgOxA1KYIsxHXrwyj+Qubygm62+A9FPmXnwACczHp+4d+h3XIRoy8 VwJDpKPPMVKJcZrFjRNcs5NWd3CkGVSli4exfVdF5HoseDWlIfQpzzYKKYGb60idSQsi 18dNviaiAVYLGe84Ft+jsxM263ZCezNKU82phpYusXB5Uhwr+MpWC82fGbm7r6vXbI6c A2Kzwby3rL8mU0VBzuApTl9B4rNTKLKsU/hLMMEYLx02Ckj/3QjZDGmG971nwsPJIz4O ozIQ== X-Gm-Message-State: AJIora9m7dj9j964wcQGy9uyigdNGwqvAjWHU50EthE03rdbPB+BKYjj OuNjLX0kk1Ydw3Rf0R3c6HbuNwtqH5g= X-Google-Smtp-Source: AGRyM1t/1IYmuGaeDB9zimYVRe35SF8g92IboegT9tnDmaPWUddB2gnUS7qcDu2ykuqAwkxXkiBPLg== X-Received: by 2002:a05:6870:80ca:b0:10c:4ca:285b with SMTP id r10-20020a05687080ca00b0010c04ca285bmr17420654oab.52.1658167631264; Mon, 18 Jul 2022 11:07:11 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id n23-20020a056870559700b0010c727a3c79sm6808467oao.26.2022.07.18.11.07.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 11:07:10 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH v2 03/10] key: ECDSA data is given in x962 format Date: Mon, 18 Jul 2022 13:00:38 -0500 Message-Id: <20220718180045.5845-3-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com> References: <20220718180045.5845-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When using the verify operation with ECDSA based public keys, the new format type must be used. --- ell/key.c | 12 +++++------- ell/key.h | 1 + 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/ell/key.c b/ell/key.c index 73f38581f736..24374a5d836d 100644 --- a/ell/key.c +++ b/ell/key.c @@ -383,18 +383,16 @@ LIB_EXPORT ssize_t l_key_get_payload_size(struct l_key *key) static const char *lookup_cipher(enum l_key_cipher_type cipher) { - const char* ret = NULL; - switch (cipher) { case L_KEY_RSA_PKCS1_V1_5: - ret = "pkcs1"; - break; + return "pkcs1"; case L_KEY_RSA_RAW: - ret = "raw"; - break; + return "raw"; + case L_KEY_ECDSA_X962: + return "x962"; } - return ret; + return NULL; } static const char *lookup_checksum(enum l_checksum_type checksum) diff --git a/ell/key.h b/ell/key.h index f26f7ecb26c3..68971052ffde 100644 --- a/ell/key.h +++ b/ell/key.h @@ -56,6 +56,7 @@ enum l_keyring_restriction { enum l_key_cipher_type { L_KEY_RSA_PKCS1_V1_5, L_KEY_RSA_RAW, + L_KEY_ECDSA_X962, }; struct l_key *l_key_new(enum l_key_type type, const void *payload, From patchwork Mon Jul 18 18:00:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921570 Received: from mail-ot1-f53.google.com (mail-ot1-f53.google.com [209.85.210.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2377333DE for ; Mon, 18 Jul 2022 18:07:13 +0000 (UTC) Received: by mail-ot1-f53.google.com with SMTP id l9-20020a056830268900b006054381dd35so9827109otu.4 for ; Mon, 18 Jul 2022 11:07:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=29oFm2MRd8WOXPiKgW+CwuARozgbB44LaPdvRkUKu2k=; b=l7sryX0ZlMkl2iJK86JxHzI4ge5ilQriuWFECNuAVTYFeOyy7GxraBujO5iwyiCnKe SPe1oZPp2wg4x7rTP97WoD6eSlfkbfOQPTJY+0GFosiARtN8f3KcMweMLTLFXWc78y/t nmSXGfWna4JkzVO5937yppeOQgEdFp0VjYnCP3tcK3eOtuNvaxq9i0MOlL6f5Ulnc6vv hfoFdGpmZHT83WCfV5Y5QaZKpcx/bDWVSnnZYM5BCx2jJEy6g+9VpODD8t29kRg12ujl BOCAKRDeZJGYcAtpnVS+yBYfhCdm624ipxEzHSN8cf/C78yrlrnT0yhVZxzNNP6HEjYq asmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=29oFm2MRd8WOXPiKgW+CwuARozgbB44LaPdvRkUKu2k=; b=sUbv0UdCBdNhBrsKeIrdk7f04b+rkNY7K3ZRxgMIsKOavTcEV/H7JB/A88S04XlU9v qJzea9KD508+CIgvKSiTsETM6UdgU7uwTsu9iawU7BcQTAPNak8tZ6w1ZCF3KEYyu0qL Z8Fo4syL1acqT+iQbzVS+i1urWkEFZRYRDObTtDV/GFBWLohnrRhFL84MN31tnSkO0+a l7st5BPF1kuO/yn9u8zfPIBmXpHksgye1OV/mhR2dRt1/FrI1Mrcb3v+JPQVBlPTm1B+ +tlQHdsv6474lbPe6Vi4hg5GDeWyJW8oG4fawPCZl+5drOweRtbM7A9aHT7wmX+js57b Fbqg== X-Gm-Message-State: AJIora/IzBOgU4ZcGHNmL2F+xBoTqc5onwaj4Dn7NbWS6jDiqnu58iWr zJ5wsnuUBiJdOmNzYhoMn48qe5T2R0I= X-Google-Smtp-Source: AGRyM1tS9MCz2Wed6zxwPtbiBXQ9LgGFGnABCljP/fhVMyIHOlehoOmQW4jgam9yUp22AquKnhStmA== X-Received: by 2002:a05:6830:608d:b0:616:ecd7:de2 with SMTP id by13-20020a056830608d00b00616ecd70de2mr11390750otb.119.1658167632023; Mon, 18 Jul 2022 11:07:12 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id n23-20020a056870559700b0010c727a3c79sm6808467oao.26.2022.07.18.11.07.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 11:07:11 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH v2 04/10] tls: Support peer certificates that use ECDSA Date: Mon, 18 Jul 2022 13:00:39 -0500 Message-Id: <20220718180045.5845-4-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com> References: <20220718180045.5845-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- v2 - Rework slightly to fix (false-positive) compiler warnings ell/tls.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/ell/tls.c b/ell/tls.c index b2f7411f3b36..136aa8660c2a 100644 --- a/ell/tls.c +++ b/ell/tls.c @@ -2028,12 +2028,22 @@ static void tls_handle_certificate(struct l_tls *tls, return; } - if (!l_key_get_info(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5, - L_CHECKSUM_NONE, &tls->peer_pubkey_size, - &dummy)) { + switch (l_cert_get_pubkey_type(tls->peer_cert)) { + case L_CERT_KEY_RSA: + if (!l_key_get_info(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5, + L_CHECKSUM_NONE, + &tls->peer_pubkey_size, &dummy)) + goto pubkey_unsupported; + break; + case L_CERT_KEY_ECC: + if (!l_key_get_info(tls->peer_pubkey, L_KEY_ECDSA_X962, + L_CHECKSUM_SHA1, + &tls->peer_pubkey_size, &dummy)) + goto pubkey_unsupported; + break; + case L_CERT_KEY_UNKNOWN: TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0, - "Can't l_key_get_info for peer public key"); - + "Unknown public key type"); return; } @@ -2047,6 +2057,10 @@ static void tls_handle_certificate(struct l_tls *tls, return; +pubkey_unsupported: + TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0, + "Can't l_key_get_info for peer public key"); + return; decode_error: TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0, "TLS_CERTIFICATE decode error"); From patchwork Mon Jul 18 18:00:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921571 Received: from mail-oa1-f54.google.com (mail-oa1-f54.google.com [209.85.160.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C36BE33DF for ; Mon, 18 Jul 2022 18:07:13 +0000 (UTC) Received: by mail-oa1-f54.google.com with SMTP id 586e51a60fabf-10c0d96953fso25864830fac.0 for ; Mon, 18 Jul 2022 11:07:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=UrbZzJ+osT7V9yxY2YbB20yfocYy/O08Dm5/Dv6Uer0=; b=BsfQHK0NUUcu6srM/jSI38CGzGk8/7qEcdMxgnSgSnoAXf/K8+5DZBqTBJtFQekjeK oqOo3V/nFRDTDqxwpplpUW8QOFCbWcach03b0+tWH8wqI+3ZLpkb84wdyb0Pki+wvBiu iIXhpiQcWtet4PlW88DIeogHiaovEmzj2AGBS9RWLsrPgxCUYEzSAoIjylJlO+gjMiHh qdJiUzddUc5sFij0B8d/FCvc7UXcq6zzR9AWEsv5b85mHGNoyzc2B8UL8ATAK+fMyBbA hK+JTBSFo7nhEQzfZlrKHudX+sLjMv7Xpp8tNym8MdSAcs5MnUntCIjsC2WMTq/OcLMw 4w5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=UrbZzJ+osT7V9yxY2YbB20yfocYy/O08Dm5/Dv6Uer0=; b=rqnfFe8Wmbi2m/zSoWLo5YB9uSX3ctnBD4KHwd3ENXM0+9Vu+P5UHkmJaOk64BpBGr agdQ4B8BCkT6Uoyz0W5WoPs1KAYcv0j/zW+xR70fwwIxhKvqjFZbYnvQ2RjFfuiHAQ8k s07YB0535IYpvpx30tKjWrxU7ZCgPzfO6QNlJL7Aw7OZC1zv1ihXAL1CrTUrQtD+4rHb fwoldrmfh0YAsBHUR3NBozxaKAoeIn9KPkx85bkF4MXBH7PHaELyV8sVDgJFfppcM5i2 Ryu3xPr9TwLnG7qBskZdRsyWpYZMmIPwjlbg85yynj6rGsFhuRxbKC5LTqtlgRxPMq17 qJ9Q== X-Gm-Message-State: AJIora+ixmmrbqTWFcUFLelnUQScDgEe6fLcKexox+hQENKZzQ99j+1U /rnd+rnBMT8xY7NUUv/uf2nEVisMcek= X-Google-Smtp-Source: AGRyM1vR23nxpLBc2q0vw4zqbebnlnd85M0agzNd3538uVOh+uHWXskVaQipdL3cJgv+781LtLBzug== X-Received: by 2002:a05:6808:1da:b0:33a:5174:a06f with SMTP id x26-20020a05680801da00b0033a5174a06fmr7956376oic.246.1658167632721; Mon, 18 Jul 2022 11:07:12 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id n23-20020a056870559700b0010c727a3c79sm6808467oao.26.2022.07.18.11.07.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 11:07:12 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH v2 05/10] tls: Add helper for DigitallySigned validation Date: Mon, 18 Jul 2022 13:00:40 -0500 Message-Id: <20220718180045.5845-5-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com> References: <20220718180045.5845-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To support additional signature algorithms, move the logic that validates DigitallySigned structure to a helper function. --- ell/tls-suites.c | 87 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 60 insertions(+), 27 deletions(-) diff --git a/ell/tls-suites.c b/ell/tls-suites.c index 1c1ca078b3d8..d5d2ec8f741f 100644 --- a/ell/tls-suites.c +++ b/ell/tls-suites.c @@ -40,6 +40,57 @@ #include "ecdh.h" #include "missing.h" +enum signature_algorithm { + SIGNATURE_ALGORITHM_ANONYMOUS = 0, + SIGNATURE_ALGORITHM_RSA = 1, + SIGNATURE_ALGORITHM_DSA = 2, + SIGNATURE_ALGORITHM_ECDSA = 3, +}; + +/* + * Sanitize DigitallySigned struct input, making sure the lengths + * are valid and correspond to what we expect. + * + * Returns: start of the opaque portion + */ +static const uint8_t *validate_digitally_signed(struct l_tls *tls, + const uint8_t *in, size_t in_len, + enum signature_algorithm expected_alg, + uint16_t *opaque_len) +{ + size_t offset = 2; + uint16_t len; + + if (tls->negotiated_version < L_TLS_V12) + offset = 0; + + if (in_len < offset + 2) + goto size_error; + + len = l_get_be16(in + offset); + if (len != in_len - offset - 2) + goto size_error; + + if (tls->negotiated_version >= L_TLS_V12) { + if (in[1] != expected_alg) { + TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0, + "Unknown signature algorithm %i", + in[1]); + + return NULL; + } + } + + *opaque_len = len; + return in + offset + 2; + +size_error: + TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0, "Signature msg too " + "short (%zi) or signature length doesn't match", + in_len); + return NULL; +} + static bool tls_rsa_validate_cert_key(struct l_cert *cert) { return l_cert_get_pubkey_type(cert) == L_CERT_KEY_RSA; @@ -112,29 +163,20 @@ static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in, size_t in_len, enum l_checksum_type sign_checksum_type; uint8_t expected[HANDSHAKE_HASH_MAX_SIZE + 36]; size_t expected_len; - unsigned int offset; + const uint8_t *opaque; + uint16_t opaque_len; bool success; - /* 2 bytes for SignatureAndHashAlgorithm if version >= 1.2 */ - offset = 2; - if (tls->negotiated_version < L_TLS_V12) - offset = 0; - - if (in_len < offset + 2 || - (size_t) l_get_be16(in + offset) + offset + 2 != - in_len) { - TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0, "Signature msg too " - "short (%zi) or signature length doesn't match", - in_len); - + opaque = validate_digitally_signed(tls, in, in_len, + SIGNATURE_ALGORITHM_RSA, &opaque_len); + if (!opaque) return false; - } /* Only the default hash type supported */ - if (in_len != offset + 2 + tls->peer_pubkey_size) { + if (opaque_len != tls->peer_pubkey_size) { TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0, - "Signature length %zi not equal %zi", in_len, - offset + 2 + tls->peer_pubkey_size); + "Signature length %hu not equal %zi", + opaque_len, tls->peer_pubkey_size); return false; } @@ -142,15 +184,6 @@ static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in, size_t in_len, if (tls->negotiated_version >= L_TLS_V12) { enum handshake_hash_type hash; - /* Only RSA supported */ - if (in[1] != 1 /* RSA_sign */) { - TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0, - "Unknown signature algorithm %i", - in[1]); - - return false; - } - for (hash = 0; hash < __HANDSHAKE_HASH_COUNT; hash++) if (tls_handshake_hash_data[hash].tls_id == in[0]) break; @@ -203,7 +236,7 @@ static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in, size_t in_len, } success = l_key_verify(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5, - sign_checksum_type, expected, in + offset + 2, + sign_checksum_type, expected, opaque, expected_len, tls->peer_pubkey_size); if (!success) From patchwork Mon Jul 18 18:00:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921572 Received: from mail-oa1-f50.google.com (mail-oa1-f50.google.com [209.85.160.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 766EA33DE for ; Mon, 18 Jul 2022 18:07:14 +0000 (UTC) Received: by mail-oa1-f50.google.com with SMTP id 586e51a60fabf-10c0430e27dso25869121fac.4 for ; Mon, 18 Jul 2022 11:07:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=P8es6darHQSIrKvCc3RqVOFWWjrBgz6LjZJJi9XhwmQ=; b=Qp6TSvyXgvbr3mdTOrD9objpPcgNU7tOkKs5pJ0ZIpNCkpNHDDnno4PTEt0RArCL6d FsDHHefTXewFdF5i2w+0WzFMyoq9C6Th3NU1iocQg54VDVNSQPHTFtDlwFhZ7x61QP+j QTwO26wzxRxBJ3b5o5WOsk2kDUD9E7octw33D4+BYfghQsE9CUpWtCSRMKPdXo1yWwtr 6KlNvjzNaXds4kmFTq1OI7IhktkbmFMqxenBOJlPfmUq+BbiKMdqQ9JU4AjCHHxc0u38 8XsZmX8NDh4D2nSpAMpPuPOAMo8GvxLNPhMaLXfias92EIFjPeJ5EiHQKMoSMo5r7RBC nSGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=P8es6darHQSIrKvCc3RqVOFWWjrBgz6LjZJJi9XhwmQ=; b=3cJxsaUoncQYd0sEm/F0TqdKZIRxoHPIB4SptvBhbeYhuAQL2tb//iK+HRCCygpmPe gBNguaAPPq4AoKOoCOPK7vMJpzKpKYwK1Q6J/a0SsbEGZjSohwG1V+pHhFSHLyDuFNDt SiFIE42hdEtriV/a/wsn++M7S9lss3MQbLeL8fDTACyXayGqaahF95Yapo0qIa4V5g7+ z5tQDQn/Hi4aJZJwjc7G6hgA1e30w16apWvk9WopaudWYhyN6Taw+32vpnGf8rIo5P7R f2/a8MrhRLX56nP0aO/I20rTBXnlqiol4rJbh/7/GAUVauBvrnpkkZglFwdegupxeftu QFDA== X-Gm-Message-State: AJIora9QcfKC3dI/uibArMaDoliOUEbLOEOC6z0uK6pRzSZN5qlTBV4N fZ6Oh9lrzPS9OHDLdIa/FmlYv+9pBOU= X-Google-Smtp-Source: AGRyM1tr3gjrLlhOy4Eel4VMfVbum6IIHtKUdMU177I8POox1LAnOlhncOa2Wu1d37qkR/fCAGFxgQ== X-Received: by 2002:a54:4105:0:b0:33a:3de4:3316 with SMTP id l5-20020a544105000000b0033a3de43316mr9827830oic.145.1658167633455; Mon, 18 Jul 2022 11:07:13 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id n23-20020a056870559700b0010c727a3c79sm6808467oao.26.2022.07.18.11.07.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 11:07:13 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH v2 06/10] tls: Add helper to find hash function by id Date: Mon, 18 Jul 2022 13:00:41 -0500 Message-Id: <20220718180045.5845-6-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com> References: <20220718180045.5845-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Instead of open-coding a loop to map the hash id from SignatureAndHashAlgorithm structure to a supported hash function. --- ell/tls-suites.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/ell/tls-suites.c b/ell/tls-suites.c index d5d2ec8f741f..bc6a756422b3 100644 --- a/ell/tls-suites.c +++ b/ell/tls-suites.c @@ -47,6 +47,17 @@ enum signature_algorithm { SIGNATURE_ALGORITHM_ECDSA = 3, }; +static enum handshake_hash_type find_hash_by_id(uint8_t id) +{ + enum handshake_hash_type hash; + + for (hash = 0; hash < __HANDSHAKE_HASH_COUNT; hash++) + if (tls_handshake_hash_data[hash].tls_id == id) + break; + + return hash; +} + /* * Sanitize DigitallySigned struct input, making sure the lengths * are valid and correspond to what we expect. @@ -182,11 +193,7 @@ static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in, size_t in_len, } if (tls->negotiated_version >= L_TLS_V12) { - enum handshake_hash_type hash; - - for (hash = 0; hash < __HANDSHAKE_HASH_COUNT; hash++) - if (tls_handshake_hash_data[hash].tls_id == in[0]) - break; + enum handshake_hash_type hash = find_hash_by_id(in[0]); if (hash == __HANDSHAKE_HASH_COUNT) { TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0, From patchwork Mon Jul 18 18:00:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921573 Received: from mail-oa1-f41.google.com (mail-oa1-f41.google.com [209.85.160.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F6C133DF for ; Mon, 18 Jul 2022 18:07:15 +0000 (UTC) Received: by mail-oa1-f41.google.com with SMTP id 586e51a60fabf-10c0430e27dso25869224fac.4 for ; Mon, 18 Jul 2022 11:07:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=unu6ORPw6j+/SmyNfiGgFZxAK6xKh4SCn2G4Tz01QfQ=; b=LmiHde33KGjY3NdNFYsUDCmBxDAC/HHusMp69tSaNGEmbzQA04P2PR4Yr0tUFbxAlO YP4O++Wx/UxMA+mVtkC2pvT8P7doobJdz1W5KuijOkmkRptvRqAPl4pwNfCJfWro+T5p S/oYXcRlgBt4ct6xbHK7Sl5F2c4xwHdnWNE/jYyRHsbtK0iFHpfZFdwH+v+7ql6Acpb1 TRyu6ohg+xxoVkwRLvxY6GqK36l+LlqcM7HhzQGretnpNUR2nzI0DM/4Js+C5z3+FYtk iEWwqvBwPWOwxty4hGJmSCc3isiK98dL0hvX8CK2Aaq2zpAQO0P2zQEvZXRtDZ7KF25u C0qQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=unu6ORPw6j+/SmyNfiGgFZxAK6xKh4SCn2G4Tz01QfQ=; b=Vke2KUu3pJ8muZeHQ52JEa9NMW76z+Alect+83I0w99SV0GzcNMd6HcBBOLl/jMQWN Z9m15jY30V1g2mE2G6SLrJETT5E62hBS8NdtOMIleHQRHReGWG9VRAhYRAbZJaW68CX5 zU/eGhPmyNpG/x4lZ3iWjcBTwNVRKseBecx8d8gTH5qG0yKTjVzWu+lQieSZtii6jzjW 2nxrnAMlQC6Om9Yqv5ikGrCjPaDJwHQRzFwk9kl7T0Sidmz/tB4BfJ6a1nrp7oVQO3ez YQcBFmm3zhB39+oc8hFkA2wjnzWXnw3pLxlS6g4aQirR+Xg84KH36jt4ViOpBMiHo39b QVfw== X-Gm-Message-State: AJIora87W78iDGUUhj5Gns342PWbF8vlBWBmpwBAFK0Gh/8OqgfZHeQW AbHG3cCNkC/Ezl2r5aCZ77nVSmZzGWw= X-Google-Smtp-Source: AGRyM1vWVCS8+5zgcmefqZDZQ/IhoaWqMA0QiKuKNptxfrJpkdktxbQLak7Z8sICJalcXbUDZleISA== X-Received: by 2002:a05:6808:1d4:b0:33a:782f:b3ad with SMTP id x20-20020a05680801d400b0033a782fb3admr2889711oic.161.1658167634277; Mon, 18 Jul 2022 11:07:14 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id n23-20020a056870559700b0010c727a3c79sm6808467oao.26.2022.07.18.11.07.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 11:07:13 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH v2 07/10] tls-suites: Add ECDSA suites from RFC 8422 Date: Mon, 18 Jul 2022 13:00:42 -0500 Message-Id: <20220718180045.5845-7-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com> References: <20220718180045.5845-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- ell/tls-suites.c | 119 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) diff --git a/ell/tls-suites.c b/ell/tls-suites.c index bc6a756422b3..34141ab7fa56 100644 --- a/ell/tls-suites.c +++ b/ell/tls-suites.c @@ -262,6 +262,81 @@ static struct tls_signature_algorithm tls_rsa_signature = { .verify = tls_rsa_verify, }; +static bool tls_ecdsa_validate_cert_key(struct l_cert *cert) +{ + return l_cert_get_pubkey_type(cert) == L_CERT_KEY_ECC; +} + +static bool tls_ecdsa_verify(struct l_tls *tls, + const uint8_t *in, size_t in_len, + tls_get_hash_t get_hash, + const uint8_t *data, size_t data_len) +{ + /* RFC 8422, Section 5.10: "SHA-1 is used in TLS 1.1 and earlier" */ + enum handshake_hash_type hash = HANDSHAKE_HASH_SHA1; + enum l_checksum_type sign_checksum_type; + const uint8_t *opaque; + uint16_t opaque_len; + uint8_t expected[HANDSHAKE_HASH_MAX_SIZE]; + size_t expected_len; + bool success; + + opaque = validate_digitally_signed(tls, in, in_len, + SIGNATURE_ALGORITHM_ECDSA, &opaque_len); + if (!opaque) + return false; + + if (tls->negotiated_version >= L_TLS_V12) { + hash = find_hash_by_id(in[0]); + if (hash == __HANDSHAKE_HASH_COUNT) { + TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0, + "Unknown hash type %i", in[0]); + return false; + } + + /* Hash should match the curve, refer to RFC 5480, Section 4 */ + switch (tls->peer_pubkey_size) { + case 32: + if (hash != HANDSHAKE_HASH_SHA256 && + hash != HANDSHAKE_HASH_SHA384) + goto bad_hash; + + break; + case 48: + if (hash != HANDSHAKE_HASH_SHA384) + goto bad_hash; + + break; + bad_hash: + default: + TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0, + "Invalid hash %i", + in[0]); + } + } + + get_hash(tls, hash, data, data_len, expected, &expected_len); + sign_checksum_type = tls_handshake_hash_data[hash].l_id; + + success = l_key_verify(tls->peer_pubkey, L_KEY_ECDSA_X962, + sign_checksum_type, expected, opaque, + expected_len, opaque_len); + + if (!success) + TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0, + "Peer signature verification failed"); + else + TLS_DEBUG("Peer signature verified"); + + return success; +} + +static struct tls_signature_algorithm tls_ecdsa_signature = { + .id = 3, /* SignatureAlgorithm.ecdsa */ + .validate_cert_key_type = tls_ecdsa_validate_cert_key, + .verify = tls_ecdsa_verify, +}; + static bool tls_send_rsa_client_key_xchg(struct l_tls *tls) { uint8_t buf[1024 + 32]; @@ -1350,11 +1425,52 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { .prf_hmac = L_CHECKSUM_SHA384, .signature = &tls_rsa_signature, .key_xchg = &tls_ecdhe, +}, tls_ecdhe_ecdsa_with_3des_ede_cbc_sha = { + .id = { 0xc0, 0x08 }, + .name = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + .verify_data_length = 12, + .encryption = &tls_3des_ede, + .mac = &tls_sha, + .signature = &tls_ecdsa_signature, + .key_xchg = &tls_ecdhe, +}, tls_ecdhe_ecdsa_with_aes_128_cbc_sha = { + .id = { 0xc0, 0x09 }, + .name = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + .verify_data_length = 12, + .encryption = &tls_aes128, + .mac = &tls_sha, + .signature = &tls_ecdsa_signature, + .key_xchg = &tls_ecdhe, +}, tls_ecdhe_ecdsa_with_aes_256_cbc_sha = { + .id = { 0xc0, 0x0a }, + .name = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + .verify_data_length = 12, + .encryption = &tls_aes256, + .mac = &tls_sha, + .signature = &tls_ecdsa_signature, + .key_xchg = &tls_ecdhe, +}, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256 = { + .id = { 0xc0, 0x2b }, + .name = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + .verify_data_length = 12, + .encryption = &tls_aes128_gcm, + .signature = &tls_ecdsa_signature, + .key_xchg = &tls_ecdhe, +}, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384 = { + .id = { 0xc0, 0x2c }, + .name = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + .verify_data_length = 12, + .encryption = &tls_aes256_gcm, + .prf_hmac = L_CHECKSUM_SHA384, + .signature = &tls_ecdsa_signature, + .key_xchg = &tls_ecdhe, }; struct tls_cipher_suite *tls_cipher_suite_pref[] = { &tls_ecdhe_rsa_with_aes_256_cbc_sha, + &tls_ecdhe_ecdsa_with_aes_256_cbc_sha, &tls_ecdhe_rsa_with_aes_128_cbc_sha, + &tls_ecdhe_ecdsa_with_aes_128_cbc_sha, &tls_dhe_rsa_with_aes_256_cbc_sha, &tls_dhe_rsa_with_aes_128_cbc_sha, &tls_rsa_with_aes_256_cbc_sha, @@ -1367,11 +1483,14 @@ struct tls_cipher_suite *tls_cipher_suite_pref[] = { &tls_rsa_with_aes_128_cbc_sha256, &tls_ecdhe_rsa_with_aes_256_gcm_sha384, &tls_ecdhe_rsa_with_aes_128_gcm_sha256, + &tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, + &tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, &tls_dhe_rsa_with_aes_256_gcm_sha384, &tls_dhe_rsa_with_aes_128_gcm_sha256, &tls_rsa_with_aes_256_gcm_sha384, &tls_rsa_with_aes_128_gcm_sha256, &tls_ecdhe_rsa_with_3des_ede_cbc_sha, + &tls_ecdhe_ecdsa_with_3des_ede_cbc_sha, &tls_dhe_rsa_with_3des_ede_cbc_sha, &tls_rsa_with_3des_ede_cbc_sha, NULL, From patchwork Mon Jul 18 18:00:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921574 Received: from mail-oa1-f43.google.com (mail-oa1-f43.google.com [209.85.160.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0FC3F33DE for ; Mon, 18 Jul 2022 18:07:16 +0000 (UTC) Received: by mail-oa1-f43.google.com with SMTP id 586e51a60fabf-10c0119dd16so25857964fac.6 for ; Mon, 18 Jul 2022 11:07:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=pMAzSKeE5FuNXbvrHPS5yhXcTBNmrECY11tiJECwGqc=; b=XHrdzhFSIcaRT7pS+5bBfsUq8Zo48H52Rhj0KxJYNg0OkEQHtlULcavTVAKpZ4QXkF 6TQ8Ulsq+oXdOcyOQP5rhwDae7F8YsnWln5ySkpspVTpQlLf+MSQEQfmPFHw1Z9hwrZR 6mMzzVZr+NgiCNA1QHzuiyRDjmoPv2kFYiDAdSvnuRuB/Ht1g1E4B7Yj8agS1GNiJnkb e7GpvOuYHrPPRFM5+1u0o0GO9S3E4Or4dOGRQOmPyomyQijlQe2sWQezq8OFojivtMB5 4w9Eseau2v2EIPFrM6bRvGmPfBideKuY7FUG4yEnM2Ly97qev919lHBXYAn8b9WK+hG1 aBIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pMAzSKeE5FuNXbvrHPS5yhXcTBNmrECY11tiJECwGqc=; b=L6YfqlL092Ou4vgD46GkPOZWtg5tkej75NhE8AlIDTE4WGG9cbsr3ZWJVtK/UVBCdW G4i14wGsfMikPSoN6wPaspUjMY1cE4226pxa81tFOAxnnK4xXmPoXmYeg8Rapo34k6o3 LLWnIs8hTHhzUuMbY0qE/bsnOWf1PqpAjnuDsYLzZTfmdcnfr+GTgMb7LLjNcAPKUwIu PVhoGQDArESiInej5ngT2PhGllCJoOw+qTFNEGCGD9W0Vy3tMHZ0e/30eP6OgVrjcoR+ iKpS8cq98g+pCWkgeU2PB7V2oAnLdlfFFDtUEWUaL95kDVSulGAf4E/AUR30U63gdAna GSQA== X-Gm-Message-State: AJIora/Fam47H4dMvwMmd/8E59VOuJ9gEoDHXgpayk0+WiZFwf0iEWx3 5Qbcf4dL3lNzOwawo574wF5+OgMKKmY= X-Google-Smtp-Source: AGRyM1uV19TI4nAL9ELOZ+fn8tElTvt7t5Yy3NhTDKOiTO0G3JeK0DT8Z3l2uWO8E37wG9XIq+uQjQ== X-Received: by 2002:a05:6808:e88:b0:337:9676:ddd4 with SMTP id k8-20020a0568080e8800b003379676ddd4mr13052181oil.9.1658167635052; Mon, 18 Jul 2022 11:07:15 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id n23-20020a056870559700b0010c727a3c79sm6808467oao.26.2022.07.18.11.07.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 11:07:14 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH v2 08/10] unit: Skip ECDSA cipher suite tests Date: Mon, 18 Jul 2022 13:00:43 -0500 Message-Id: <20220718180045.5845-8-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com> References: <20220718180045.5845-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Since ECDSA sign operation is currently not supported, ECDSA in server mode cannot work. Skip tests for these cipher suites for now. --- unit/test-tls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/unit/test-tls.c b/unit/test-tls.c index aee5b2e36b78..53d4f38ef875 100644 --- a/unit/test-tls.c +++ b/unit/test-tls.c @@ -1050,6 +1050,9 @@ int main(int argc, char *argv[]) struct tls_bulk_encryption_algorithm *alg = suite->encryption; bool supported; + if (l_str_has_prefix(suite->name, "TLS_ECDHE_ECDSA")) + continue; + if (alg->cipher_type == TLS_CIPHER_AEAD) supported = l_aead_cipher_is_supported(alg->l_aead_id); else From patchwork Mon Jul 18 18:00:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921575 Received: from mail-ot1-f51.google.com (mail-ot1-f51.google.com [209.85.210.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6AC333DF for ; Mon, 18 Jul 2022 18:07:16 +0000 (UTC) Received: by mail-ot1-f51.google.com with SMTP id br15-20020a056830390f00b0061c9d73b8bdso3719184otb.6 for ; Mon, 18 Jul 2022 11:07:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Jj8SzOc4fPGKTCmDSCizZ0kMBR+BMY1DeLBui51Bxng=; b=m8uA5HUPka495onoTbfVOGwD8mBVbNizflUEo5OqIgNU+2N87c4IXEY3XVK3qwEUjj cudYF8QXtQHrnNYLPSwGvV1wwRED69folGkw4Vx2aqJc73OKsmmCmP20XgL/sR23jwFH QaSL2AtWlnKJbr7yFsOCh1R+TTNkA/Cot/Z1YZl2uU8C9VZo/fsIRbhJW0SCTwfO7mCc 32G93OOBKmwQg+HTq0/f1nEl+k0SblhJVFH0DKhounqZLP2jhghPHJmFG2cXJ/fSgoOw /Cxi19lcGTHxARlzej70IjWQ0EF8RktJui5SQffQy8dExh+UA3A1mCey+frNkDPBtc2A E25w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Jj8SzOc4fPGKTCmDSCizZ0kMBR+BMY1DeLBui51Bxng=; b=qwHDer9BckyERxbCWPmFVi0TZFwynKYZwMIJ8VZVun/T8kmz/i4tVlLG0Y85ruOklq yac5DKzHpm+ukBtn9T1K0y2qg3EXb69Jx/9v9nQigWduJIorXNN34b1/Ev2rxZoDGnNz BHOYCEidRMnnoCGydAaz7fQDgwUKnfGqcfdRrXk2adXCV7H3cBK4qz+DlG8MTghmNkG9 8J/a0ZInDucH6o+tIRapE/Uhx9EDh/fkYNF0whq+ldY5CG9pA4COJ7m3Vj0U7VGmMe1o CJz9gcFkD2vZ1gLMuT60NjvF0A9Fq1pKkO1rraGbABwHWAtOdbWsEmfOCagPvm20mOJN 4JOA== X-Gm-Message-State: AJIora8Cu2TxcEgpIKyCsgMdJcMjqk0M8CdjnphsWBRYEpbKO+HUmeAw //J6hfMj+0zVILJsIZD9UBAtdjjobjE= X-Google-Smtp-Source: AGRyM1tKUw9kATb878hT+PGD2UCYqjiyLjjtanEVKPPOEJDj1nnBe7L9cyqDilWXsZUUUBZDOjE+8g== X-Received: by 2002:a05:6830:248c:b0:61c:98a2:105d with SMTP id u12-20020a056830248c00b0061c98a2105dmr4446760ots.158.1658167635742; Mon, 18 Jul 2022 11:07:15 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id n23-20020a056870559700b0010c727a3c79sm6808467oao.26.2022.07.18.11.07.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 11:07:15 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH v2 09/10] useful: Add maxsize() Date: Mon, 18 Jul 2022 13:00:44 -0500 Message-Id: <20220718180045.5845-9-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com> References: <20220718180045.5845-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Similar to minsize(), but for finding the maximum of two sizes --- ell/useful.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ell/useful.h b/ell/useful.h index 791fa2006494..efd91d78b3f2 100644 --- a/ell/useful.h +++ b/ell/useful.h @@ -38,6 +38,14 @@ static inline size_t minsize(size_t a, size_t b) return b; } +static inline size_t maxsize(size_t a, size_t b) +{ + if (a >= b) + return a; + + return b; +} + static inline void set_bit(void *addr, unsigned int bit) { unsigned char *field = addr; From patchwork Mon Jul 18 18:00:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Kenzior X-Patchwork-Id: 12921576 Received: from mail-oa1-f46.google.com (mail-oa1-f46.google.com [209.85.160.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BB64833DE for ; Mon, 18 Jul 2022 18:07:17 +0000 (UTC) Received: by mail-oa1-f46.google.com with SMTP id 586e51a60fabf-f2a4c51c45so25825304fac.9 for ; Mon, 18 Jul 2022 11:07:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2azAAHQ6fsFnnhnY4mJKJ9tLp5x4obJcyIKrfiVPHTw=; b=p44GwBD0l6oEF2OIYVlrcoIwBt0le85Gay84giC0adbFISIsfrr1Y7HsrVPnS0Fkvm ckqELwa+DH+WzKWcyGBqwbow0LMJXstLU7AvYCIKd+vTUW4Akei+em7Cu0LO1GvG0T0J dlL4/cd0p8+8EU1DWQKkip9foi2FlaFwtjF/2qT5b+JSnmbsKlsT3quuz6RHKV1UyvDp lMiAarLphQ7FnsP48Gwvm+fDujeWQjHAuTnKO1RoS1k5T/POOcur4Cw7rKbPyVhqHQBC wdpN1bvzf1CQYLm/GYFAcSPORcred21sSnFIRBWjZ17CrI7KlEhrkyh+mqU5Q3YMzBt+ kDaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2azAAHQ6fsFnnhnY4mJKJ9tLp5x4obJcyIKrfiVPHTw=; b=S9hB63nvPNUvpGbsaU4MJl0zZq/06ne1Pv4n5Bf4RSjruIBXtHd07EMVy4g6NKzSpW Arrbf5GAi/6ASerecnvyQjsPLz2Gj7M4Aw9t5iRx11lxU028lbjM73HPFjzfZOVZwHhJ 3jkul27xEAL1j0L7UAza5FMC1rSXJKxFrdzWuz2f2/aMfZpFsAX6UKdUQmxcdt+1pbup ZHSz0h/f/TIrJM0tYH8RVQZAOUZavM5zfHcbb1L4J2xmlDyOJDiHr8SE+z96Js4cLqbe eUT6N4aGnTBPoGTbv+AJLzGVy9MgXr+xN3ujZYaB468uwARk22e5389wusIIWxAxrxAN 6zVA== X-Gm-Message-State: AJIora9jPmJaifnGzEbz9IeRqkDix8Tc0stzS3SVl/uwPvpMLjieAx97 J9NFW2HWahmLV6JaLb0MNP/4puieAUM= X-Google-Smtp-Source: AGRyM1u2s4CY9woUz7SFfgvASmKBRy7BWWq9Wgdxy6gprdlW7ukbdmfI20TbI8kLdMbvYfSnthbsOQ== X-Received: by 2002:aca:c282:0:b0:32f:546:61ff with SMTP id s124-20020acac282000000b0032f054661ffmr12980462oif.39.1658167636569; Mon, 18 Jul 2022 11:07:16 -0700 (PDT) Received: from localhost.localdomain (216.106.68.145.reverse.socket.net. [216.106.68.145]) by smtp.gmail.com with ESMTPSA id n23-20020a056870559700b0010c727a3c79sm6808467oao.26.2022.07.18.11.07.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 11:07:16 -0700 (PDT) From: Denis Kenzior To: ell@lists.linux.dev Cc: Denis Kenzior Subject: [PATCH v2 10/10] tls: Do not set verify_data_length unless needed Date: Mon, 18 Jul 2022 13:00:45 -0500 Message-Id: <20220718180045.5845-10-denkenz@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220718180045.5845-1-denkenz@gmail.com> References: <20220718180045.5845-1-denkenz@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 All current TLS cipher suites use a verify_data_length of 12. In fact, according to RFC 5246, most cipher suites are expected to be 12 bytes unless specified otherwise. Use this fact to simplify the cipher suite definition: initialization of verify_data_length is no longer necessary unless the length is greater than 12 bytes. While here, also update struct tls_cipher_suite to use a size_t member for verify_data_length instead of an int. --- ell/tls-private.h | 2 +- ell/tls-suites.c | 26 -------------------------- ell/tls.c | 29 +++++++++++++++++++++-------- 3 files changed, 22 insertions(+), 35 deletions(-) diff --git a/ell/tls-private.h b/ell/tls-private.h index 8ceeb68df40b..8941e90d03ca 100644 --- a/ell/tls-private.h +++ b/ell/tls-private.h @@ -112,7 +112,7 @@ struct tls_mac_algorithm { struct tls_cipher_suite { uint8_t id[2]; const char *name; - int verify_data_length; + size_t verify_data_length; struct tls_bulk_encryption_algorithm *encryption; struct tls_signature_algorithm *signature; diff --git a/ell/tls-suites.c b/ell/tls-suites.c index 34141ab7fa56..ee4e7ee6c310 100644 --- a/ell/tls-suites.c +++ b/ell/tls-suites.c @@ -1262,7 +1262,6 @@ static struct tls_mac_algorithm tls_sha = { static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { .id = { 0x00, 0x0a }, .name = "TLS_RSA_WITH_3DES_EDE_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_3des_ede, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1270,7 +1269,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_dhe_rsa_with_3des_ede_cbc_sha = { .id = { 0x00, 0x16 }, .name = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_3des_ede, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1278,7 +1276,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_rsa_with_aes_128_cbc_sha = { .id = { 0x00, 0x2f }, .name = "TLS_RSA_WITH_AES_128_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1286,7 +1283,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_dhe_rsa_with_aes_128_cbc_sha = { .id = { 0x00, 0x33 }, .name = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1294,7 +1290,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_rsa_with_aes_256_cbc_sha = { .id = { 0x00, 0x35 }, .name = "TLS_RSA_WITH_AES_256_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1302,7 +1297,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_dhe_rsa_with_aes_256_cbc_sha = { .id = { 0x00, 0x39 }, .name = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1310,7 +1304,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_rsa_with_aes_128_cbc_sha256 = { .id = { 0x00, 0x3c }, .name = "TLS_RSA_WITH_AES_128_CBC_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha256, .signature = &tls_rsa_signature, @@ -1318,7 +1311,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_rsa_with_aes_256_cbc_sha256 = { .id = { 0x00, 0x3d }, .name = "TLS_RSA_WITH_AES_256_CBC_SHA256", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha256, .signature = &tls_rsa_signature, @@ -1326,7 +1318,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_dhe_rsa_with_aes_128_cbc_sha256 = { .id = { 0x00, 0x67 }, .name = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha256, .signature = &tls_rsa_signature, @@ -1334,7 +1325,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_dhe_rsa_with_aes_256_cbc_sha256 = { .id = { 0x00, 0x6b }, .name = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha256, .signature = &tls_rsa_signature, @@ -1342,14 +1332,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_rsa_with_aes_128_gcm_sha256 = { .id = { 0x00, 0x9c }, .name = "TLS_RSA_WITH_AES_128_GCM_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128_gcm, .signature = &tls_rsa_signature, .key_xchg = &tls_rsa_key_xchg, }, tls_rsa_with_aes_256_gcm_sha384 = { .id = { 0x00, 0x9d }, .name = "TLS_RSA_WITH_AES_256_GCM_SHA384", - .verify_data_length = 12, .encryption = &tls_aes256_gcm, .prf_hmac = L_CHECKSUM_SHA384, .signature = &tls_rsa_signature, @@ -1357,14 +1345,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_dhe_rsa_with_aes_128_gcm_sha256 = { .id = { 0x00, 0x9e }, .name = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128_gcm, .signature = &tls_rsa_signature, .key_xchg = &tls_dhe, }, tls_dhe_rsa_with_aes_256_gcm_sha384 = { .id = { 0x00, 0x9f }, .name = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", - .verify_data_length = 12, .encryption = &tls_aes256_gcm, .prf_hmac = L_CHECKSUM_SHA384, .signature = &tls_rsa_signature, @@ -1372,7 +1358,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_rsa_with_3des_ede_cbc_sha = { .id = { 0xc0, 0x12 }, .name = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_3des_ede, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1380,7 +1365,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_rsa_with_aes_128_cbc_sha = { .id = { 0xc0, 0x13 }, .name = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1388,7 +1372,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_rsa_with_aes_256_cbc_sha = { .id = { 0xc0, 0x14 }, .name = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha, .signature = &tls_rsa_signature, @@ -1396,7 +1379,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_rsa_with_aes_128_cbc_sha256 = { .id = { 0xc0, 0x27 }, .name = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha256, .signature = &tls_rsa_signature, @@ -1404,7 +1386,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_rsa_with_aes_256_cbc_sha384 = { .id = { 0xc0, 0x28 }, .name = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha384, .prf_hmac = L_CHECKSUM_SHA384, @@ -1413,14 +1394,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_rsa_with_aes_128_gcm_sha256 = { .id = { 0xc0, 0x2f }, .name = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128_gcm, .signature = &tls_rsa_signature, .key_xchg = &tls_ecdhe, }, tls_ecdhe_rsa_with_aes_256_gcm_sha384 = { .id = { 0xc0, 0x30 }, .name = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", - .verify_data_length = 12, .encryption = &tls_aes256_gcm, .prf_hmac = L_CHECKSUM_SHA384, .signature = &tls_rsa_signature, @@ -1428,7 +1407,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_ecdsa_with_3des_ede_cbc_sha = { .id = { 0xc0, 0x08 }, .name = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_3des_ede, .mac = &tls_sha, .signature = &tls_ecdsa_signature, @@ -1436,7 +1414,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_ecdsa_with_aes_128_cbc_sha = { .id = { 0xc0, 0x09 }, .name = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes128, .mac = &tls_sha, .signature = &tls_ecdsa_signature, @@ -1444,7 +1421,6 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_ecdsa_with_aes_256_cbc_sha = { .id = { 0xc0, 0x0a }, .name = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", - .verify_data_length = 12, .encryption = &tls_aes256, .mac = &tls_sha, .signature = &tls_ecdsa_signature, @@ -1452,14 +1428,12 @@ static struct tls_cipher_suite tls_rsa_with_3des_ede_cbc_sha = { }, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256 = { .id = { 0xc0, 0x2b }, .name = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - .verify_data_length = 12, .encryption = &tls_aes128_gcm, .signature = &tls_ecdsa_signature, .key_xchg = &tls_ecdhe, }, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384 = { .id = { 0xc0, 0x2c }, .name = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", - .verify_data_length = 12, .encryption = &tls_aes256_gcm, .prf_hmac = L_CHECKSUM_SHA384, .signature = &tls_ecdsa_signature, diff --git a/ell/tls.c b/ell/tls.c index 136aa8660c2a..fa3df5d3c260 100644 --- a/ell/tls.c +++ b/ell/tls.c @@ -1370,11 +1370,25 @@ static void tls_send_change_cipher_spec(struct l_tls *tls) tls_tx_record(tls, TLS_CT_CHANGE_CIPHER_SPEC, &buf, 1); } +static size_t tls_verify_data_length(struct l_tls *tls, unsigned int index) +{ + /* + * RFC 5246, Section 7.4.9: + * + * In previous versions of TLS, the verify_data was always 12 octets + * long. In the current version of TLS, it depends on the cipher + * suite. Any cipher suite which does not explicitly specify + * verify_data_length has a verify_data_length equal to 12. + */ + return maxsize(tls->cipher_suite[index]->verify_data_length, 12); +} + static void tls_send_finished(struct l_tls *tls) { uint8_t buf[512]; uint8_t *ptr = buf + TLS_HANDSHAKE_HEADER_SIZE; uint8_t seed[HANDSHAKE_HASH_MAX_SIZE * 2]; + size_t vdl = tls_verify_data_length(tls, 1); size_t seed_len; if (tls->negotiated_version >= L_TLS_V12) { @@ -1391,8 +1405,8 @@ static void tls_send_finished(struct l_tls *tls) tls->server ? "server finished" : "client finished", seed, seed_len, - ptr, tls->cipher_suite[1]->verify_data_length); - ptr += tls->cipher_suite[1]->verify_data_length; + ptr, vdl); + ptr += vdl; tls_tx_handshake(tls, TLS_FINISHED, buf, ptr - buf); } @@ -1400,14 +1414,14 @@ static void tls_send_finished(struct l_tls *tls) static bool tls_verify_finished(struct l_tls *tls, const uint8_t *received, size_t len) { - uint8_t expected[tls->cipher_suite[0]->verify_data_length]; + size_t vdl = tls_verify_data_length(tls, 0); + uint8_t expected[vdl]; uint8_t *seed; size_t seed_len; - if (len != (size_t) tls->cipher_suite[0]->verify_data_length) { + if (len != vdl) { TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0, - "TLS_FINISHED length not %i", - tls->cipher_suite[0]->verify_data_length); + "TLS_FINISHED length not %zu", vdl); return false; } @@ -1428,8 +1442,7 @@ static bool tls_verify_finished(struct l_tls *tls, const uint8_t *received, tls->server ? "client finished" : "server finished", seed, seed_len, - expected, - tls->cipher_suite[0]->verify_data_length); + expected, vdl); if (memcmp(received, expected, len)) { TLS_DISCONNECT(TLS_ALERT_DECRYPT_ERROR, 0,