mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-30 15:32:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Make mbedtls_ssl_check_cert_usage() work for 1.3

Browse Source 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2024-08-09 11:49:12 +02:00
parent 94f70228e9
commit 7a4aa4d133
4 changed files with 33 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
library/ssl_misc.h
View File

@ -1678,6 +1678,8 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl)
* keyUsage and extendedKeyUsage. * keyUsage and extendedKeyUsage.
* (Note: nSCertType is deprecated and not standard, we don't check it.) * (Note: nSCertType is deprecated and not standard, we don't check it.)
* *
* Note: if tls_version is 1.3, ciphersuite is ignored and can be NULL.
*
* Note: recv_endpoint is the receiver's endpoint. * Note: recv_endpoint is the receiver's endpoint.
* *
* Return 0 if everything is OK, -1 if not. * Return 0 if everything is OK, -1 if not.
@ -1686,6 +1688,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
const mbedtls_ssl_ciphersuite_t *ciphersuite, const mbedtls_ssl_ciphersuite_t *ciphersuite,
int recv_endpoint, int recv_endpoint,
mbedtls_ssl_protocol_version tls_version,
uint32_t *flags); uint32_t *flags);
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */

26
library/ssl_tls.c
View File

@ -6362,6 +6362,7 @@ const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id)
int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
const mbedtls_ssl_ciphersuite_t *ciphersuite, const mbedtls_ssl_ciphersuite_t *ciphersuite,
int recv_endpoint, int recv_endpoint,
mbedtls_ssl_protocol_version tls_version,
uint32_t *flags) uint32_t *flags)
{ {
int ret = 0; int ret = 0;
@ -6369,11 +6370,17 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
const char *ext_oid; const char *ext_oid;
size_t ext_len; size_t ext_len;
/*
* keyUsage
*/
/* Note: don't guard this with MBEDTLS_SSL_CLI_C because the server wants /* Note: don't guard this with MBEDTLS_SSL_CLI_C because the server wants
* to check what a compliant client will think while choosing which cert * to check what a compliant client will think while choosing which cert
* to send to the client. */ * to send to the client. */
if (recv_endpoint == MBEDTLS_SSL_IS_CLIENT) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* Server part of the key exchange */ if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
recv_endpoint == MBEDTLS_SSL_IS_CLIENT) {
/* TLS 1.2 server part of the key exchange */
switch (ciphersuite->key_exchange) { switch (ciphersuite->key_exchange) {
case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK: case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
@ -6399,8 +6406,14 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
case MBEDTLS_KEY_EXCHANGE_ECJPAKE: case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
usage = 0; usage = 0;
} }
} else { } else
/* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */ #endif
{
/* This is either TLS 1.3 autentication, which always uses signatures,
* or 1.2 client auth: rsa_sign and mbedtls_ecdsa_sign are the only
* options we implement, both using signatures. */
(void) tls_version;
(void) ciphersuite;
usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
} }
@ -6409,6 +6422,10 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
ret = -1; ret = -1;
} }
/*
* extKeyUsage
*/
if (recv_endpoint == MBEDTLS_SSL_IS_CLIENT) { if (recv_endpoint == MBEDTLS_SSL_IS_CLIENT) {
ext_oid = MBEDTLS_OID_SERVER_AUTH; ext_oid = MBEDTLS_OID_SERVER_AUTH;
ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH); ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH);
@ -8065,6 +8082,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
if (mbedtls_ssl_check_cert_usage(chain, if (mbedtls_ssl_check_cert_usage(chain,
ciphersuite_info, ciphersuite_info,
ssl->conf->endpoint, ssl->conf->endpoint,
MBEDTLS_SSL_VERSION_TLS1_2,
&ssl->session_negotiate->verify_result) != 0) { &ssl->session_negotiate->verify_result) != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)")); MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
if (ret == 0) { if (ret == 0) {

4
library/ssl_tls12_server.c
View File

@ -756,7 +756,9 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl,
* and decrypting with the same RSA key. * and decrypting with the same RSA key.
*/ */
if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info, if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info,
MBEDTLS_SSL_IS_CLIENT, &flags) != 0) { MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_VERSION_TLS1_2,
&flags) != 0) {
MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: " MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: "
"(extended) key usage extension")); "(extended) key usage extension"));
continue; continue;

31
library/ssl_tls13_generic.c
View File

@ -631,8 +631,6 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
int authmode = MBEDTLS_SSL_VERIFY_REQUIRED; int authmode = MBEDTLS_SSL_VERIFY_REQUIRED;
mbedtls_x509_crt *ca_chain; mbedtls_x509_crt *ca_chain;
mbedtls_x509_crl *ca_crl; mbedtls_x509_crl *ca_crl;
const char *ext_oid;
size_t ext_len;
uint32_t verify_result = 0; uint32_t verify_result = 0;
/* If SNI was used, overwrite authentication mode /* If SNI was used, overwrite authentication mode
@ -714,34 +712,15 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
/* /*
* Secondary checks: always done, but change 'ret' only if it was 0 * Secondary checks: always done, but change 'ret' only if it was 0
*/ */
/* keyUsage */ if (mbedtls_ssl_check_cert_usage(ssl->session_negotiate->peer_cert,
if ((mbedtls_x509_crt_check_key_usage( NULL,
ssl->session_negotiate->peer_cert, ssl->conf->endpoint,
MBEDTLS_X509_KU_DIGITAL_SIGNATURE) != 0)) { MBEDTLS_SSL_VERSION_TLS1_3,
&verify_result) != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)")); MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
if (ret == 0) { if (ret == 0) {
ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
} }
verify_result |= MBEDTLS_X509_BADCERT_KEY_USAGE;
}
/* extKeyUsage */
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
ext_oid = MBEDTLS_OID_SERVER_AUTH;
ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH);
} else {
ext_oid = MBEDTLS_OID_CLIENT_AUTH;
ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH);
}
if ((mbedtls_x509_crt_check_extended_key_usage(
ssl->session_negotiate->peer_cert,
ext_oid, ext_len) != 0)) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)"));
if (ret == 0) {
ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
}
verify_result |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
} }
/* mbedtls_x509_crt_verify_with_profile is supposed to report a /* mbedtls_x509_crt_verify_with_profile is supposed to report a