RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 08:27:45 +00:00
Code Issues Activity Actions

LibTLS: Add certificate verification for ECDSA with SECP256r1 curves

Browse source
This commit is contained in:
Andrew Kaster 2023-09-23 18:03:22 -06:00 committed by Andrew Kaster
parent c548dca174
commit f9386737a6
2 changed files with 66 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Userland/Libraries/LibTLS/HandshakeServer.cpp
View file

@ -493,11 +493,6 @@ ssize_t TLSv12::verify_ecdsa_server_key_exchange(ReadonlyBytes server_key_info_b
res = curve.verify(digest.bytes(), server_point, signature);
break;
}
case SupportedGroup::X25519: {
Crypto::Curves::Ed25519 curve;
res = curve.verify(public_key.raw_key, signature, message);
break;
}
default: {
dbgln("verify_ecdsa_server_key_exchange failed: Server certificate public key algorithm is not supported: {}", to_underlying(public_key.algorithm.ec_parameters));
break;

87
Userland/Libraries/LibTLS/TLSv12.cpp
View file

@ -14,6 +14,8 @@
#include <LibCore/Timer.h>
#include <LibCrypto/ASN1/ASN1.h>
#include <LibCrypto/ASN1/PEM.h>
#include <LibCrypto/Curves/Ed25519.h>
#include <LibCrypto/Curves/SECP256r1.h>
#include <LibCrypto/PK/Code/EMSA_PKCS1_V1_5.h>
#include <LibCrypto/PK/Code/EMSA_PSS.h>
#include <LibFileSystem/FileSystem.h>
@ -347,40 +349,83 @@ bool Context::verify_certificate_pair(Certificate const& subject, Certificate co
Crypto::Hash::HashKind kind = Crypto::Hash::HashKind::Unknown;
auto identifier = subject.signature_algorithm.identifier;
if (identifier == rsa_encryption_oid)
bool is_rsa = true;
if (identifier == rsa_encryption_oid) {
kind = Crypto::Hash::HashKind::None;
if (identifier == rsa_md5_encryption_oid)
} else if (identifier == rsa_md5_encryption_oid) {
kind = Crypto::Hash::HashKind::MD5;
if (identifier == rsa_sha1_encryption_oid)
} else if (identifier == rsa_sha1_encryption_oid) {
kind = Crypto::Hash::HashKind::SHA1;
if (identifier == rsa_sha256_encryption_oid)
} else if (identifier == rsa_sha256_encryption_oid) {
kind = Crypto::Hash::HashKind::SHA256;
if (identifier == rsa_sha384_encryption_oid)
} else if (identifier == rsa_sha384_encryption_oid) {
kind = Crypto::Hash::HashKind::SHA384;
if (identifier == rsa_sha512_encryption_oid)
} else if (identifier == rsa_sha512_encryption_oid) {
kind = Crypto::Hash::HashKind::SHA512;
} else if (identifier == ecdsa_with_sha256_encryption_oid) {
kind = Crypto::Hash::HashKind::SHA256;
is_rsa = false;
} else if (identifier == ecdsa_with_sha384_encryption_oid) {
kind = Crypto::Hash::HashKind::SHA384;
is_rsa = false;
} else if (identifier == ecdsa_with_sha512_encryption_oid) {
kind = Crypto::Hash::HashKind::SHA512;
is_rsa = false;
}
if (kind == Crypto::Hash::HashKind::Unknown) {
dbgln("verify_certificate_pair: Unknown signature algorithm, expected RSA with SHA1/256/384/512, got OID {}", identifier);
dbgln("verify_certificate_pair: Unknown signature algorithm, expected RSA or ECDSA with SHA1/256/384/512, got OID {}", identifier);
return false;
}
Crypto::PK::RSAPrivateKey dummy_private_key;
Crypto::PK::RSAPublicKey public_key_copy { issuer.public_key.rsa };
auto rsa = Crypto::PK::RSA(public_key_copy, dummy_private_key);
auto verification_buffer_result = ByteBuffer::create_uninitialized(subject.signature_value.size());
if (verification_buffer_result.is_error()) {
dbgln("verify_certificate_pair: Unable to allocate buffer for verification");
if (is_rsa) {
Crypto::PK::RSAPrivateKey dummy_private_key;
Crypto::PK::RSAPublicKey public_key_copy { issuer.public_key.rsa };
auto rsa = Crypto::PK::RSA(public_key_copy, dummy_private_key);
auto verification_buffer_result = ByteBuffer::create_uninitialized(subject.signature_value.size());
if (verification_buffer_result.is_error()) {
dbgln("verify_certificate_pair: Unable to allocate buffer for verification");
return false;
}
auto verification_buffer = verification_buffer_result.release_value();
auto verification_buffer_bytes = verification_buffer.bytes();
rsa.verify(subject.signature_value, verification_buffer_bytes);
ReadonlyBytes message = subject.tbs_asn1.bytes();
auto pkcs1 = Crypto::PK::EMSA_PKCS1_V1_5<Crypto::Hash::Manager>(kind);
auto verification = pkcs1.verify(message, verification_buffer_bytes, subject.signature_value.size() * 8);
return verification == Crypto::VerificationConsistency::Consistent;
}
// ECDSA hash verification: hash, then check signature against the specific curve
switch (issuer.public_key.algorithm.ec_parameters) {
case SupportedGroup::SECP256R1: {
Crypto::Hash::Manager hasher(kind);
hasher.update(subject.tbs_asn1.bytes());
auto hash = hasher.digest();
Crypto::Curves::SECP256r1 curve;
auto result = curve.verify(hash.bytes(), issuer.public_key.raw_key, subject.signature_value);
if (result.is_error()) {
dbgln("verify_certificate_pair: Failed to check SECP256r1 signature {}", result.release_error());
return false;
}
return result.value();
}
case SupportedGroup::X25519: {
Crypto::Curves::Ed25519 curve;
auto result = curve.verify(issuer.public_key.raw_key, subject.signature_value, subject.tbs_asn1.bytes());
if (!result) {
dbgln("verify_certificate_pair: Failed to check Ed25519 signature");
return false;
}
return result;
}
default:
dbgln("verify_certificate_pair: Don't know how to verify signature for curve {}", to_underlying(issuer.public_key.algorithm.ec_parameters));
return false;
}
auto verification_buffer = verification_buffer_result.release_value();
auto verification_buffer_bytes = verification_buffer.bytes();
rsa.verify(subject.signature_value, verification_buffer_bytes);
ReadonlyBytes message = subject.tbs_asn1.bytes();
auto pkcs1 = Crypto::PK::EMSA_PKCS1_V1_5<Crypto::Hash::Manager>(kind);
auto verification = pkcs1.verify(message, verification_buffer_bytes, subject.signature_value.size() * 8);
return verification == Crypto::VerificationConsistency::Consistent;
}
template<typename HMACType>