44
44
#include <gnutls_mpi.h>
46
46
int _gnutls_gen_rsa_client_kx (gnutls_session_t, opaque **);
47
int _gnutls_proc_rsa_client_kx (gnutls_session_t, opaque *, size_t);
47
static int proc_rsa_client_kx (gnutls_session_t, opaque *, size_t);
49
49
const mod_auth_st rsa_auth_struct = {
51
51
_gnutls_gen_cert_server_certificate,
52
52
_gnutls_gen_cert_client_certificate,
53
NULL, /* gen server kx */
53
NULL, /* gen server kx */
54
54
_gnutls_gen_rsa_client_kx,
55
_gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
56
_gnutls_gen_cert_server_cert_req, /* server cert request */
55
_gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
56
_gnutls_gen_cert_server_cert_req, /* server cert request */
58
58
_gnutls_proc_cert_server_certificate,
59
59
_gnutls_proc_cert_client_certificate,
60
NULL, /* proc server kx */
61
_gnutls_proc_rsa_client_kx, /* proc client kx */
62
_gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
63
_gnutls_proc_cert_cert_req /* proc server cert request */
60
NULL, /* proc server kx */
61
proc_rsa_client_kx, /* proc client kx */
62
_gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
63
_gnutls_proc_cert_cert_req /* proc server cert request */
66
66
/* This function reads the RSA parameters from peer's certificate;
69
69
_gnutls_get_public_rsa_params (gnutls_session_t session,
70
bigint_t params[MAX_PUBLIC_PARAMS_SIZE],
70
bigint_t params[MAX_PUBLIC_PARAMS_SIZE],
74
74
cert_auth_info_t info;
89
89
_gnutls_get_auth_info_gcert (&peer_cert,
90
session->security_parameters.cert_type,
91
info, CERT_ONLY_PUBKEY | CERT_NO_COPY);
90
session->security_parameters.cert_type,
91
info, CERT_ONLY_PUBKEY | CERT_NO_COPY);
107
107
_gnutls_gcert_deinit (&peer_cert);
109
109
if (session->key->rsa[0] == NULL || session->key->rsa[1] == NULL)
112
return GNUTLS_E_INTERNAL_ERROR;
112
return GNUTLS_E_INTERNAL_ERROR;
115
115
if (*params_len < 2)
118
return GNUTLS_E_INTERNAL_ERROR;
118
return GNUTLS_E_INTERNAL_ERROR;
121
121
for (i = 0; i < *params_len; i++)
123
params[i] = _gnutls_mpi_copy (session->key->rsa[i]);
123
params[i] = _gnutls_mpi_copy (session->key->rsa[i]);
147
/* This function reads the RSA parameters from the private key
150
_gnutls_get_private_rsa_params (gnutls_session_t session,
151
bigint_t ** params, int *params_size)
154
gnutls_certificate_credentials_t cred;
155
gnutls_rsa_params_t rsa_params;
157
cred = (gnutls_certificate_credentials_t)
158
_gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
162
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
165
if (session->internals.selected_cert_list == NULL)
168
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
172
_gnutls_mpi_get_nbits (session->internals.
173
selected_cert_list[0].params[0]);
175
if (_gnutls_cipher_suite_get_kx_algo
176
(&session->security_parameters.current_cipher_suite)
177
== GNUTLS_KX_RSA_EXPORT && bits > 512)
181
_gnutls_certificate_get_rsa_params (cred->rsa_params,
182
cred->params_func, session);
184
if (rsa_params == NULL)
187
return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
190
/* In the export case, we do use temporary RSA params
191
* of 512 bits size. The params in the certificate are
192
* used to sign this temporary stuff.
194
*params_size = RSA_PRIVATE_PARAMS;
195
*params = rsa_params->params;
200
/* non export cipher suites. */
202
*params_size = session->internals.selected_key->params_size;
203
*params = session->internals.selected_key->params;
209
_gnutls_proc_rsa_client_kx (gnutls_session_t session, opaque * data,
148
proc_rsa_client_kx (gnutls_session_t session, opaque * data,
212
151
gnutls_datum_t plaintext;
213
152
gnutls_datum_t ciphertext;
217
154
int randomize_key = 0;
218
155
ssize_t data_size = _data_size;
233
170
dsize = _gnutls_read_uint16 (data);
235
172
if (dsize != data_size)
238
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
175
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
240
177
ciphertext.size = dsize;
243
ret = _gnutls_get_private_rsa_params (session, ¶ms, ¶ms_len);
250
ret = _gnutls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */
181
gnutls_privkey_decrypt_data (session->internals.selected_key, 0,
182
&ciphertext, &plaintext);
252
184
if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE)
265
197
* check the version number.
267
199
if (_gnutls_get_adv_version_major (session) != plaintext.data[0]
268
|| _gnutls_get_adv_version_minor (session) != plaintext.data[1])
270
/* No error is returned here, if the version number check
271
* fails. We proceed normally.
272
* That is to defend against the attack described in the paper
273
* "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
274
* Ondej Pokorny and Tomas Rosa.
278
("auth_rsa: Possible PKCS #1 version check format attack\n");
200
|| _gnutls_get_adv_version_minor (session) != plaintext.data[1])
202
/* No error is returned here, if the version number check
203
* fails. We proceed normally.
204
* That is to defend against the attack described in the paper
205
* "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
206
* Ondej Pokorny and Tomas Rosa.
210
("auth_rsa: Possible PKCS #1 version check format attack\n");
282
214
if (randomize_key != 0)
284
216
session->key->key.size = GNUTLS_MASTER_SIZE;
285
217
session->key->key.data = gnutls_malloc (session->key->key.size);
286
218
if (session->key->key.data == NULL)
289
return GNUTLS_E_MEMORY_ERROR;
221
return GNUTLS_E_MEMORY_ERROR;
292
224
/* we do not need strong random numbers here.
294
226
ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data,
295
session->key->key.size);
227
session->key->key.size);
323
255
_gnutls_gen_rsa_client_kx (gnutls_session_t session, opaque ** data)
325
257
cert_auth_info_t auth = session->key->auth_info;
326
gnutls_datum_t sdata; /* data to send */
258
gnutls_datum_t sdata; /* data to send */
327
259
bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
328
260
int params_len = MAX_PUBLIC_PARAMS_SIZE;
363
295
session->key->key.data[1] = _gnutls_version_get_minor (ver);
366
{ /* use the version provided */
298
{ /* use the version provided */
367
299
session->key->key.data[0] = session->internals.rsa_pms_version[0];
368
300
session->key->key.data[1] = session->internals.rsa_pms_version[1];
381
313
_gnutls_pkcs1_rsa_encrypt (&sdata, &session->key->key,
382
params, params_len, 2)) < 0)
314
params, params_len, 2)) < 0)
384
316
gnutls_assert ();
395
327
return sdata.size;
399
331
*data = gnutls_malloc (sdata.size + 2);
400
332
if (*data == NULL)
402
_gnutls_free_datum (&sdata);
403
return GNUTLS_E_MEMORY_ERROR;
334
_gnutls_free_datum (&sdata);
335
return GNUTLS_E_MEMORY_ERROR;
405
337
_gnutls_write_datum16 (*data, sdata);
406
338
ret = sdata.size + 2;
407
339
_gnutls_free_datum (&sdata);