lib/auth_rsa_export.c

   1 /*
   2  * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GNUTLS.
   7  *
   8  * The GNUTLS library is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 /* This file contains the RSA key exchange part of the certificate
  26  * authentication.
  27  */
  28
  29 #include "gnutls_int.h"
  30 #include "gnutls_auth.h"
  31 #include "gnutls_errors.h"
  32 #include "gnutls_dh.h"
  33 #include "gnutls_num.h"
  34 #include "gnutls_datum.h"
  35 #include "auth_cert.h"
  36 #include <gnutls_pk.h>
  37 #include <gnutls_algorithms.h>
  38 #include <gnutls_global.h>
  39 #include "debug.h"
  40 #include <gnutls_sig.h>
  41 #include <gnutls_x509.h>
  42 #include <gnutls_rsa_export.h>
  43 #include <gnutls_state.h>
  44
  45 int _gnutls_gen_rsa_client_kx (gnutls_session_t, opaque **);
  46 int _gnutls_proc_rsa_client_kx (gnutls_session_t, opaque *, size_t);
  47 static int gen_rsa_export_server_kx (gnutls_session_t, opaque **);
  48 static int proc_rsa_export_server_kx (gnutls_session_t, opaque *, size_t);
  49
  50 const mod_auth_st rsa_export_auth_struct = {
  51   "RSA EXPORT",
  52   _gnutls_gen_cert_server_certificate,
  53   _gnutls_gen_cert_client_certificate,
  54   gen_rsa_export_server_kx,
  55   _gnutls_gen_rsa_client_kx,
  56   _gnutls_gen_cert_client_cert_vrfy,    /* gen client cert vrfy */
  57   _gnutls_gen_cert_server_cert_req,     /* server cert request */
  58
  59   _gnutls_proc_cert_server_certificate,
  60   _gnutls_proc_cert_client_certificate,
  61   proc_rsa_export_server_kx,
  62   _gnutls_proc_rsa_client_kx,   /* proc client kx */
  63   _gnutls_proc_cert_client_cert_vrfy,   /* proc client cert vrfy */
  64   _gnutls_proc_cert_cert_req    /* proc server cert request */
  65 };
  66
  67 static int
  68 gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data)
  69 {
  70   gnutls_rsa_params_t rsa_params;
  71   const bigint_t *rsa_mpis;
  72   size_t n_e, n_m;
  73   uint8_t *data_e, *data_m;
  74   int ret = 0, data_size;
  75   gnutls_cert *apr_cert_list;
  76   gnutls_privkey *apr_pkey;
  77   int apr_cert_list_length;
  78   gnutls_datum_t signature, ddata;
  79   cert_auth_info_t info;
  80   gnutls_certificate_credentials_t cred;
  81
  82   cred = (gnutls_certificate_credentials_t)
  83     _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
  84   if (cred == NULL)
  85     {
  86       gnutls_assert ();
  87       return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
  88     }
  89
  90   /* find the appropriate certificate */
  91   if ((ret =
  92        _gnutls_get_selected_cert (session, &apr_cert_list,
  93                                   &apr_cert_list_length, &apr_pkey)) < 0)
  94     {
  95       gnutls_assert ();
  96       return ret;
  97     }
  98
  99   /* abort sending this message if we have a certificate
 100    * of 512 bits or less.
 101    */
 102   if (apr_pkey && _gnutls_mpi_get_nbits (apr_pkey->params[0]) <= 512)
 103     {
 104       gnutls_assert ();
 105       return GNUTLS_E_INT_RET_0;
 106     }
 107
 108   rsa_params =
 109     _gnutls_certificate_get_rsa_params (cred->rsa_params, cred->params_func,
 110                                         session);
 111   rsa_mpis = _gnutls_rsa_params_to_mpi (rsa_params);
 112   if (rsa_mpis == NULL)
 113     {
 114       gnutls_assert ();
 115       return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
 116     }
 117
 118   if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
 119                                     sizeof (cert_auth_info_st), 0)) < 0)
 120     {
 121       gnutls_assert ();
 122       return ret;
 123     }
 124
 125   info = _gnutls_get_auth_info (session);
 126   _gnutls_rsa_export_set_pubkey (session, rsa_mpis[1], rsa_mpis[0]);
 127
 128   _gnutls_mpi_print (rsa_mpis[0], NULL, &n_m);
 129   _gnutls_mpi_print (rsa_mpis[1], NULL, &n_e);
 130
 131   (*data) = gnutls_malloc (n_e + n_m + 4);
 132   if (*data == NULL)
 133     {
 134       return GNUTLS_E_MEMORY_ERROR;
 135     }
 136
 137   data_m = &(*data)[0];
 138   _gnutls_mpi_print (rsa_mpis[0], &data_m[2], &n_m);
 139
 140   _gnutls_write_uint16 (n_m, data_m);
 141
 142   data_e = &data_m[2 + n_m];
 143   _gnutls_mpi_print (rsa_mpis[1], &data_e[2], &n_e);
 144
 145   _gnutls_write_uint16 (n_e, data_e);
 146
 147   data_size = n_m + n_e + 4;
 148
 149
 150   /* Generate the signature. */
 151
 152   ddata.data = *data;
 153   ddata.size = data_size;
 154
 155   if (apr_cert_list_length > 0)
 156     {
 157       if ((ret =
 158            _gnutls_tls_sign_params (session, &apr_cert_list[0],
 159                                     apr_pkey, &ddata, &signature)) < 0)
 160         {
 161           gnutls_assert ();
 162           gnutls_free (*data);
 163           *data = NULL;
 164           return ret;
 165         }
 166     }
 167   else
 168     {
 169       gnutls_assert ();
 170       return data_size;         /* do not put a signature - ILLEGAL! */
 171     }
 172
 173   *data = gnutls_realloc_fast (*data, data_size + signature.size + 2);
 174   if (*data == NULL)
 175     {
 176       _gnutls_free_datum (&signature);
 177       gnutls_assert ();
 178       return GNUTLS_E_MEMORY_ERROR;
 179     }
 180
 181   _gnutls_write_datum16 (&((*data)[data_size]), signature);
 182   data_size += signature.size + 2;
 183
 184   _gnutls_free_datum (&signature);
 185
 186   return data_size;
 187 }
 188
 189 /* if the peer's certificate is of 512 bits or less, returns non zero.
 190  */
 191 int
 192 _gnutls_peers_cert_less_512 (gnutls_session_t session)
 193 {
 194   gnutls_cert peer_cert;
 195   int ret;
 196   cert_auth_info_t info = _gnutls_get_auth_info (session);
 197
 198   if (info == NULL || info->ncerts == 0)
 199     {
 200       gnutls_assert ();
 201       /* we need this in order to get peer's certificate */
 202       return 0;
 203     }
 204
 205   if ((ret =
 206        _gnutls_get_auth_info_gcert (&peer_cert,
 207                                     session->security_parameters.cert_type,
 208                                     info, CERT_NO_COPY)) < 0)
 209     {
 210       gnutls_assert ();
 211       return 0;
 212     }
 213
 214   if (peer_cert.subject_pk_algorithm != GNUTLS_PK_RSA)
 215     {
 216       gnutls_assert ();
 217       _gnutls_gcert_deinit (&peer_cert);
 218       return 0;
 219     }
 220
 221   if (_gnutls_mpi_get_nbits (peer_cert.params[0]) <= 512)
 222     {
 223       _gnutls_gcert_deinit (&peer_cert);
 224       return 1;
 225     }
 226
 227   _gnutls_gcert_deinit (&peer_cert);
 228
 229   return 0;
 230 }
 231
 232 static int
 233 proc_rsa_export_server_kx (gnutls_session_t session,
 234                            opaque * data, size_t _data_size)
 235 {
 236   uint16_t n_m, n_e;
 237   size_t _n_m, _n_e;
 238   uint8_t *data_m;
 239   uint8_t *data_e;
 240   int i, sigsize;
 241   gnutls_datum_t vparams, signature;
 242   int ret;
 243   ssize_t data_size = _data_size;
 244   cert_auth_info_t info;
 245   gnutls_cert peer_cert;
 246
 247   info = _gnutls_get_auth_info (session);
 248   if (info == NULL || info->ncerts == 0)
 249     {
 250       gnutls_assert ();
 251       /* we need this in order to get peer's certificate */
 252       return GNUTLS_E_INTERNAL_ERROR;
 253     }
 254
 255
 256   i = 0;
 257
 258   DECR_LEN (data_size, 2);
 259   n_m = _gnutls_read_uint16 (&data[i]);
 260   i += 2;
 261
 262   DECR_LEN (data_size, n_m);
 263   data_m = &data[i];
 264   i += n_m;
 265
 266   DECR_LEN (data_size, 2);
 267   n_e = _gnutls_read_uint16 (&data[i]);
 268   i += 2;
 269
 270   DECR_LEN (data_size, n_e);
 271   data_e = &data[i];
 272   i += n_e;
 273
 274   _n_e = n_e;
 275   _n_m = n_m;
 276
 277   if (_gnutls_mpi_scan_nz (&session->key->rsa[0], data_m, _n_m) != 0)
 278     {
 279       gnutls_assert ();
 280       return GNUTLS_E_MPI_SCAN_FAILED;
 281     }
 282
 283   if (_gnutls_mpi_scan_nz (&session->key->rsa[1], data_e, _n_e) != 0)
 284     {
 285       gnutls_assert ();
 286       return GNUTLS_E_MPI_SCAN_FAILED;
 287     }
 288
 289   _gnutls_rsa_export_set_pubkey (session, session->key->rsa[1],
 290                                  session->key->rsa[0]);
 291
 292   /* VERIFY SIGNATURE */
 293
 294   vparams.size = n_m + n_e + 4;
 295   vparams.data = data;
 296
 297   DECR_LEN (data_size, 2);
 298   sigsize = _gnutls_read_uint16 (&data[vparams.size]);
 299
 300   DECR_LEN (data_size, sigsize);
 301   signature.data = &data[vparams.size + 2];
 302   signature.size = sigsize;
 303
 304   if ((ret =
 305        _gnutls_get_auth_info_gcert (&peer_cert,
 306                                     session->security_parameters.cert_type,
 307                                     info, CERT_NO_COPY)) < 0)
 308     {
 309       gnutls_assert ();
 310       return ret;
 311     }
 312
 313   ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature);
 314
 315   _gnutls_gcert_deinit (&peer_cert);
 316   if (ret < 0)
 317     {
 318       gnutls_assert ();
 319     }
 320
 321   return ret;
 322 }