Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: c1baa486d9
Branches Tags
ydb
/
contrib
/
restricted
/
aws
/
s2n
/
tls
/
s2n_client_cert.c

s2n_client_cert.c 6.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169 
  1. /*
    2. 

  2.  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License, Version 2.0 (the "License").
    5. 

  5.  * You may not use this file except in compliance with the License.
    6. 

  6.  * A copy of the License is located at
    7. 

  7.  *
    8. 

  8.  *  http://aws.amazon.com/apache2.0
    9. 

  9.  *
    10. 

  10.  * or in the "license" file accompanying this file. This file is distributed
    11. 

  11.  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
    12. 

  12.  * express or implied. See the License for the specific language governing
    13. 

  13.  * permissions and limitations under the License.
    14. 

  14.  */
    15. 

  15. 

  16. #include "api/s2n.h"
    17. 

  17. #include "crypto/s2n_certificate.h"
    18. 

  18. #include "error/s2n_errno.h"
    19. 

  19. #include "stuffer/s2n_stuffer.h"
    20. 

  20. #include "tls/s2n_cipher_suites.h"
    21. 

  21. #include "tls/s2n_config.h"
    22. 

  22. #include "tls/s2n_connection.h"
    23. 

  23. #include "tls/s2n_tls.h"
    24. 

  24. #include "utils/s2n_blob.h"
    25. 

  25. #include "utils/s2n_safety.h"
    26. 

  26. 

  27. /* In TLS1.2, the certificate list is just an opaque vector of certificates:
    28. 

  28.  *
    29. 

  29.  *      opaque ASN.1Cert<1..2^24-1>;
    30. 

  30.  *
    31. 

  31.  *      struct {
    32. 

  32.  *          ASN.1Cert certificate_list<0..2^24-1>;
    33. 

  33.  *      } Certificate;
    34. 

  34.  *
    35. 

  35.  * This construction allowed us to store the entire certificate_list blob
    36. 

  36.  * and return it from the s2n_connection_get_client_cert_chain method for
    37. 

  37.  * customers to examine.
    38. 

  38.  *
    39. 

  39.  * However, TLS1.3 introduced per-certificate extensions:
    40. 

  40.  *
    41. 

  41.  *      struct {
    42. 

  42.  *          opaque cert_data<1..2^24-1>;
    43. 

  43.  * ---->    Extension extensions<0..2^16-1>;    <----
    44. 

  44.  *      } CertificateEntry;
    45. 

  45.  *
    46. 

  46.  *      struct {
    47. 

  47.  *          opaque certificate_request_context<0..2^8-1>;
    48. 

  48.  *          CertificateEntry certificate_list<0..2^24-1>;
    49. 

  49.  *      } Certificate;
    50. 

  50.  *
    51. 

  51.  * So in order to store / return the certificates in the same format as in TLS1.2,
    52. 

  52.  * we need to first strip out the extensions.
    53. 

  53.  */
    54. 

  54. static S2N_RESULT s2n_client_cert_chain_store(struct s2n_connection *conn,
    55. 

  55.         struct s2n_blob *raw_cert_chain)
    56. 

  56. {
    57. 

  57.     RESULT_ENSURE_REF(conn);
    58. 

  58.     RESULT_ENSURE_REF(raw_cert_chain);
    59. 

  59. 

  60.     /* There shouldn't already be a client cert chain, but free just in case */
    61. 

  61.     RESULT_GUARD_POSIX(s2n_free(&conn->handshake_params.client_cert_chain));
    62. 

  62. 

  63.     /* Earlier versions are a basic copy */
    64. 

  64.     if (conn->actual_protocol_version < S2N_TLS13) {
    65. 

  65.         RESULT_GUARD_POSIX(s2n_dup(raw_cert_chain, &conn->handshake_params.client_cert_chain));
    66. 

  66.         return S2N_RESULT_OK;
    67. 

  67.     }
    68. 

  68. 

  69.     DEFER_CLEANUP(struct s2n_blob output = { 0 }, s2n_free);
    70. 

  70.     RESULT_GUARD_POSIX(s2n_realloc(&output, raw_cert_chain->size));
    71. 

  71. 

  72.     struct s2n_stuffer cert_chain_in = { 0 };
    73. 

  73.     RESULT_GUARD_POSIX(s2n_stuffer_init_written(&cert_chain_in, raw_cert_chain));
    74. 

  74. 

  75.     struct s2n_stuffer cert_chain_out = { 0 };
    76. 

  76.     RESULT_GUARD_POSIX(s2n_stuffer_init(&cert_chain_out, &output));
    77. 

  77. 

  78.     uint32_t cert_size = 0;
    79. 

  79.     uint16_t extensions_size = 0;
    80. 

  80.     while (s2n_stuffer_data_available(&cert_chain_in)) {
    81. 

  81.         RESULT_GUARD_POSIX(s2n_stuffer_read_uint24(&cert_chain_in, &cert_size));
    82. 

  82.         RESULT_GUARD_POSIX(s2n_stuffer_write_uint24(&cert_chain_out, cert_size));
    83. 

  83.         RESULT_GUARD_POSIX(s2n_stuffer_copy(&cert_chain_in, &cert_chain_out, cert_size));
    84. 

  84. 

  85.         /* The new TLS1.3 format includes extensions, which we must skip.
    86. 

  86.          * Customers will not expect TLS extensions in a DER-encoded certificate.
    87. 

  87.          */
    88. 

  88.         RESULT_GUARD_POSIX(s2n_stuffer_read_uint16(&cert_chain_in, &extensions_size));
    89. 

  89.         RESULT_GUARD_POSIX(s2n_stuffer_skip_read(&cert_chain_in, extensions_size));
    90. 

  90.     }
    91. 

  91. 

  92.     /* We will have allocated more memory than actually necessary.
    93. 

  93.      * If this becomes a problem, we should consider reallocing the correct amount of memory here.
    94. 

  94.      */
    95. 

  95.     output.size = s2n_stuffer_data_available(&cert_chain_out);
    96. 

  96. 

  97.     conn->handshake_params.client_cert_chain = output;
    98. 

  98.     ZERO_TO_DISABLE_DEFER_CLEANUP(output);
    99. 

  99.     return S2N_RESULT_OK;
    100. 

  100. }
    101. 

  101. 

  102. int s2n_client_cert_recv(struct s2n_connection *conn)
    103. 

  103. {
    104. 

  104.     if (conn->actual_protocol_version == S2N_TLS13) {
    105. 

  105.         uint8_t certificate_request_context_len;
    106. 

  106.         POSIX_GUARD(s2n_stuffer_read_uint8(&conn->handshake.io, &certificate_request_context_len));
    107. 

  107.         S2N_ERROR_IF(certificate_request_context_len != 0, S2N_ERR_BAD_MESSAGE);
    108. 

  108.     }
    109. 

  109. 

  110.     struct s2n_stuffer *in = &conn->handshake.io;
    111. 

  111. 

  112.     uint32_t cert_chain_size = 0;
    113. 

  113.     POSIX_GUARD(s2n_stuffer_read_uint24(in, &cert_chain_size));
    114. 

  114.     POSIX_ENSURE(cert_chain_size <= s2n_stuffer_data_available(in), S2N_ERR_BAD_MESSAGE);
    115. 

  115.     if (cert_chain_size == 0) {
    116. 

  116.         POSIX_GUARD(s2n_conn_set_handshake_no_client_cert(conn));
    117. 

  117.         return S2N_SUCCESS;
    118. 

  118.     }
    119. 

  119. 

  120.     uint8_t *cert_chain_data = s2n_stuffer_raw_read(in, cert_chain_size);
    121. 

  121.     POSIX_ENSURE_REF(cert_chain_data);
    122. 

  122. 

  123.     struct s2n_blob cert_chain = { 0 };
    124. 

  124.     POSIX_GUARD(s2n_blob_init(&cert_chain, cert_chain_data, cert_chain_size));
    125. 

  125.     POSIX_ENSURE(s2n_result_is_ok(s2n_client_cert_chain_store(conn, &cert_chain)),
    126. 

  126.             S2N_ERR_BAD_MESSAGE);
    127. 

  127. 

  128.     s2n_cert_public_key public_key = { 0 };
    129. 

  129.     POSIX_GUARD(s2n_pkey_zero_init(&public_key));
    130. 

  130. 

  131.     /* Determine the Cert Type, Verify the Cert, and extract the Public Key */
    132. 

  132.     s2n_pkey_type pkey_type = S2N_PKEY_TYPE_UNKNOWN;
    133. 

  133.     POSIX_GUARD_RESULT(s2n_x509_validator_validate_cert_chain(&conn->x509_validator, conn, cert_chain_data,
    134. 

  134.             cert_chain_size, &pkey_type, &public_key));
    135. 

  135. 

  136.     conn->handshake_params.client_cert_pkey_type = pkey_type;
    137. 

  137.     POSIX_GUARD(s2n_pkey_setup_for_type(&public_key, pkey_type));
    138. 

  138. 

  139.     POSIX_GUARD(s2n_pkey_check_key_exists(&public_key));
    140. 

  140.     conn->handshake_params.client_public_key = public_key;
    141. 

  141. 

  142.     return S2N_SUCCESS;
    143. 

  143. }
    144. 

  144. 

  145. int s2n_client_cert_send(struct s2n_connection *conn)
    146. 

  146. {
    147. 

  147.     struct s2n_cert_chain_and_key *chain_and_key = conn->handshake_params.our_chain_and_key;
    148. 

  148. 

  149.     if (conn->actual_protocol_version >= S2N_TLS13) {
    150. 

  150.         /* If this message is in response to a CertificateRequest, the value of
    151. 

  151.          * certificate_request_context in that message.
    152. 

  152.          * https://tools.ietf.org/html/rfc8446#section-4.4.2
    153. 

  153.          *
    154. 

  154.          * This field SHALL be zero length unless used for the post-handshake authentication
    155. 

  155.          * https://tools.ietf.org/html/rfc8446#section-4.3.2
    156. 

  156.          */
    157. 

  157.         uint8_t certificate_request_context_len = 0;
    158. 

  158.         POSIX_GUARD(s2n_stuffer_write_uint8(&conn->handshake.io, certificate_request_context_len));
    159. 

  159.     }
    160. 

  160. 

  161.     if (chain_and_key == NULL) {
    162. 

  162.         POSIX_GUARD(s2n_conn_set_handshake_no_client_cert(conn));
    163. 

  163.         POSIX_GUARD(s2n_send_empty_cert_chain(&conn->handshake.io));
    164. 

  164.         return 0;
    165. 

  165.     }
    166. 

  166. 

  167.     POSIX_GUARD(s2n_send_cert_chain(conn, &conn->handshake.io, chain_and_key));
    168. 

  168.     return S2N_SUCCESS;
    169. 

  169. }
    170.