From 15fd0dbcd45dbb3798146022b6caf7c1e7d6ae56 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Sun, 24 Jul 2022 23:35:45 +0800 Subject: [PATCH] TLS 1.3 client auth --- include/gmssl/tls.h | 1 + src/sm2_lib.c | 4 -- src/tls13.c | 126 ++++++++++++++++++++++++++------------------ src/tls_trace.c | 2 + 4 files changed, 79 insertions(+), 54 deletions(-) diff --git a/include/gmssl/tls.h b/include/gmssl/tls.h index dbe817d8..390489be 100644 --- a/include/gmssl/tls.h +++ b/include/gmssl/tls.h @@ -874,6 +874,7 @@ int tls13_extensions_print(FILE *fp, int fmt, int ind, int handshake_type, const uint8_t *exts, size_t extslen); int tls13_certificate_print(FILE *fp, int fmt, int ind, const uint8_t *cert, size_t certlen); +int tls13_certificate_request_print(FILE *fp, int fmt, int ind, const uint8_t *cert, size_t certlen); int tls13_record_print(FILE *fp, int format, int indent, const uint8_t *record, size_t recordlen); diff --git a/src/sm2_lib.c b/src/sm2_lib.c index d35c29c2..193450fd 100644 --- a/src/sm2_lib.c +++ b/src/sm2_lib.c @@ -69,8 +69,6 @@ int sm2_do_sign_ex(const SM2_KEY *key, int fixed_outlen, const uint8_t dgst[32], SM2_BN r; SM2_BN s; - format_bytes(stderr, 0, 0, "sm2_do_sign_ex dgst", dgst, 32); - retry: sm2_bn_from_bytes(d, key->private_key); @@ -145,8 +143,6 @@ int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATUR SM2_BN x; SM2_BN t; - format_bytes(stderr, 0, 0, "sm2_do_verify dgst", dgst, 32); - // parse signature values sm2_bn_from_bytes(r, sig->r); //print_bn("r", r); sm2_bn_from_bytes(s, sig->s); //print_bn("s", s); diff --git a/src/tls13.c b/src/tls13.c index 883b823c..c7efdb04 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -146,6 +146,7 @@ int tls13_gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], } *outlen = clen; free(mbuf); + return 1; } @@ -252,7 +253,7 @@ int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t pa uint8_t *record = conn->record; size_t recordlen; - tls_trace("<<<< [ApplicationData]\n"); + tls_trace("send {ApplicationData}\n"); if (conn->is_client) { key = &conn->client_write_key; @@ -294,7 +295,7 @@ int tls13_recv(TLS_CONNECT *conn, uint8_t *data, size_t *datalen) uint8_t *seq_num; - tls_trace(">>>> [ApplicationData]\n"); + tls_trace("recv {ApplicationData}\n"); if (conn->is_client) { key = &conn->client_write_key; @@ -427,8 +428,6 @@ int tls13_sign_certificate_verify(int tls_mode, dgst_ctx = *tbs_dgst_ctx; digest_finish(&dgst_ctx, dgst, &dgstlen); - format_bytes(stderr, 0, 0, "tls13_sign_certificate_verify dgst", dgst, dgstlen); - sm2_sign_init(&sign_ctx, key, signer_id, signer_id_len); sm2_sign_update(&sign_ctx, prefix, 64); sm2_sign_update(&sign_ctx, context_str_and_zero, context_str_and_zero_len); @@ -471,15 +470,11 @@ int tls13_verify_certificate_verify(int tls_mode, dgst_ctx = *tbs_dgst_ctx; digest_finish(&dgst_ctx, dgst, &dgstlen); - format_bytes(stderr, 0, 0, "tls13_verify_certificate_verify dgst", dgst, dgstlen); - sm2_verify_init(&verify_ctx, public_key, signer_id, signer_id_len); sm2_verify_update(&verify_ctx, prefix, 64); sm2_verify_update(&verify_ctx, context_str_and_zero, context_str_and_zero_len); sm2_verify_update(&verify_ctx, dgst, dgstlen); - format_bytes(stderr, 0, 0, "477", sig, siglen); - if ((ret = sm2_verify_finish(&verify_ctx, sig, siglen)) < 0) { error_print(); return -1; @@ -926,7 +921,6 @@ int tls13_record_get_handshake_certificate_request(const uint8_t *record, } if (tls_uint8array_from_bytes(requst_context, request_context_len, &p, &len) != 1 || tls_uint16array_from_bytes(exts, exts_len, &p, &len) != 1 - || tls_length_is_zero(*exts_len) != 1 || tls_length_is_zero(len) != 1) { error_print(); return -1; @@ -1013,11 +1007,36 @@ int tls13_certificate_print(FILE *fp, int fmt, int ind, const uint8_t *cert, siz return -1; } x509_cert_print(fp, fmt, ind, "cert_data", cert_data, cert_data_len); + x509_cert_to_pem(cert_data, cert_data_len, fp); tls13_extensions_print(fp, fmt, ind, TLS_handshake_certificate, exts, extslen); } return 1; } +int tls13_certificate_request_print(FILE *fp, int fmt, int ind, const uint8_t *certreq, size_t certreqlen) +{ + const uint8_t *p; + size_t len; + + if (tls_uint8array_from_bytes(&p, &len, &certreq, &certreqlen) != 1) { + error_print(); + return -1; + } + format_bytes(fp, fmt, ind, "certificate_request_context", p, len); + + if (tls_uint16array_from_bytes(&p, &len, &certreq, &certreqlen) != 1) { + error_print(); + return -1; + } + format_bytes(fp, fmt, ind, "extensions", p, len); + + if (tls_length_is_zero(certreqlen) != 1) { + error_print(); + return -1; + } + return 1; +} + int tls13_certificate_list_to_bytes(const uint8_t *certs, size_t certslen, uint8_t **out, size_t *outlen) { @@ -1402,7 +1421,8 @@ int tls13_do_connect(TLS_CONNECT *conn) tls_record_set_protocol(enced_record, TLS_protocol_tls12); digest_init(&dgst_ctx, digest); - null_dgst_ctx = dgst_ctx;// null_dgst_ctx已经初始化了,这个是干什么的? + null_dgst_ctx = dgst_ctx; + // 1. send ClientHello tls_trace("send ClientHello\n"); @@ -1494,24 +1514,18 @@ int tls13_do_connect(TLS_CONNECT *conn) block_cipher_set_encrypt_key(&conn->client_write_key, cipher, client_write_key); block_cipher_set_encrypt_key(&conn->server_write_key, cipher, server_write_key); - format_bytes(stderr, 0, 0, "client_write_key", client_write_key, 16); format_bytes(stderr, 0, 0, "server_write_key", server_write_key, 16); format_bytes(stderr, 0, 0, "client_write_iv", conn->client_write_iv, 12); format_bytes(stderr, 0, 0, "server_write_iv", conn->server_write_iv, 12); - - // 后面的消息都是加密的了 - // 3. recv {EncryptedExtensions} printf("recv {EncryptedExtensions}\n"); if (tls_record_recv(enced_record, &enced_recordlen, conn->sock) != 1) { error_print(); return -1; } - format_bytes(stderr, 0, 0, "{EncryptedExtensions}", enced_record, enced_recordlen); - if (tls13_record_decrypt(&conn->server_write_key, conn->server_write_iv, conn->server_seq_num, enced_record, enced_recordlen, record, &recordlen) != 1) { @@ -1546,13 +1560,16 @@ int tls13_do_connect(TLS_CONNECT *conn) return -1; } if (type == TLS_handshake_certificate_request) { - tls_trace("<<<< CertificateRequest\n"); + tls_trace("recv {CertificateRequest*}\n"); const uint8_t *request_context; size_t request_context_len; const uint8_t *cert_request_exts; size_t cert_request_extslen; + tls13_record_trace(stderr, record, recordlen, 0, 0); + + // 暂时不处理certificate_request数据 if (tls13_record_get_handshake_certificate_request(record, &request_context, &request_context_len, @@ -1560,8 +1577,10 @@ int tls13_do_connect(TLS_CONNECT *conn) error_print(); return -1; } + // request_context 应该为空,当前实现中不支持Post-Handshake Auth - if (tls_record_recv(record, &recordlen, conn->sock) != 1) { + // 这个时候是要接收Certificate + if (tls_record_recv(enced_record, &enced_recordlen, conn->sock) != 1) { error_print(); return -1; } @@ -1612,7 +1631,7 @@ int tls13_do_connect(TLS_CONNECT *conn) // 7. recv Server {CertificateVerify} - tls_trace(">>>> {CertificateVerify}\n"); + tls_trace("recv Server {CertificateVerify}\n"); if (tls_record_recv(enced_record, &enced_recordlen, conn->sock) != 1) { error_print(); return -1; @@ -1688,13 +1707,16 @@ int tls13_do_connect(TLS_CONNECT *conn) uint8_t sig[TLS_MAX_SIGNATURE_SIZE]; size_t siglen; - error_print(); - // send client {Certificate*} tls_trace("send Client {Certificate}\n"); - if (tls_record_set_handshake_certificate(record, &recordlen, conn->client_certs, conn->client_certs_len) != 1) { + uint8_t *request_context = NULL; + size_t request_context_len = 0; + + if (tls13_record_set_handshake_certificate(record, &recordlen, + request_context, request_context_len, + conn->client_certs, conn->client_certs_len) != 1) { error_print(); tls_send_alert(conn, TLS_alert_internal_error); goto end; @@ -1717,8 +1739,10 @@ int tls13_do_connect(TLS_CONNECT *conn) // 10. send client {CertificateVerify*} - tls_trace("<<<< client {CertificateVerify}\n"); + tls_trace("send Client {CertificateVerify*}\n"); client_sign_algor = TLS_sig_sm2sig_sm3; // 应该放在conn里面 + + tls13_sign_certificate_verify(TLS_client_mode, &conn->sign_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH, &dgst_ctx, sig, &siglen); if (tls13_record_set_handshake_certificate_verify(record, &recordlen, @@ -1854,6 +1878,7 @@ int tls13_do_accept(TLS_CONNECT *conn) tls13_record_trace(stderr, record, recordlen, 0, 0); tls_seq_num_incr(conn->client_seq_num); + if (tls_record_get_handshake_client_hello(record, &protocol, &random, &session_id, &session_id_len, // 不支持SessionID,不做任何处理 @@ -1915,8 +1940,7 @@ int tls13_do_accept(TLS_CONNECT *conn) error_print(); return -1; } - tls_seq_num_incr(conn->server_seq_num); - + tls_seq_num_incr(conn->server_seq_num); // 1 sm2_ecdh(&server_ecdhe, &client_ecdhe_public, &client_ecdhe_public); @@ -1954,9 +1978,6 @@ int tls13_do_accept(TLS_CONNECT *conn) tls13_padding_len_rand(&padding_len); - format_bytes(stderr, 0, 0, "EncedExts", record, recordlen); - - if (tls13_record_encrypt(&conn->server_write_key, conn->server_write_iv, conn->server_seq_num, record, recordlen, padding_len, enced_record, &enced_recordlen) != 1) { @@ -1966,23 +1987,19 @@ int tls13_do_accept(TLS_CONNECT *conn) // FIXME: tls13_record_encrypt需要支持握手消息 // tls_record_data(enced_record)[0] = TLS_handshake_encrypted_extensions; - printf("enced_recordlen = %zu\n", enced_recordlen); - if (tls_record_send(enced_record, enced_recordlen, conn->sock) != 1) { error_print(); return -1; } - tls_seq_num_incr(conn->server_seq_num); - + tls_seq_num_incr(conn->server_seq_num); // 2 // 4. Send {CertificateRequest*} if (client_verify) { tls_trace("send {CertificateRequest*}\n"); - uint8_t request_context[32]; + // TODO: 设置certificate_request中的extensions! - if (tls13_record_set_handshake_certificate_request(record, &recordlen, - request_context, 32, NULL, 0) != 1) { + if (tls13_record_set_handshake_certificate_request_default(record, &recordlen) != 1) { error_print(); return -1; } @@ -1990,6 +2007,7 @@ int tls13_do_accept(TLS_CONNECT *conn) tls13_record_trace(stderr, record, recordlen, 0, 0); tls13_padding_len_rand(&padding_len); + if (tls13_record_encrypt(&conn->server_write_key, conn->server_write_iv, conn->server_seq_num, record, recordlen, padding_len, enced_record, &enced_recordlen) != 1) { @@ -2006,8 +2024,6 @@ int tls13_do_accept(TLS_CONNECT *conn) // 6. send Server {Certificate} tls_trace("send Server {Certificate}\n"); - // 我们需要首先将原始的证书准备好,然后再输入到这个结构里面 - if (tls13_record_set_handshake_certificate(record, &recordlen, NULL, 0, conn->server_certs, conn->server_certs_len) != 1) { error_print(); goto end; @@ -2022,7 +2038,6 @@ int tls13_do_accept(TLS_CONNECT *conn) error_print(); goto end; } - if (tls_record_send(enced_record, enced_recordlen, conn->sock) != 1) { error_print(); goto end; @@ -2030,14 +2045,6 @@ int tls13_do_accept(TLS_CONNECT *conn) tls_seq_num_incr(conn->server_seq_num); - /* - // 这个函数不对啊,怎么出现在此处了? - if (tls_record_get_handshake_certificate(record, conn->server_certs, &conn->server_certs_len) != 1) { - error_print(); - goto end; - } - */ - // 7. Send Server {CertificateVerify} @@ -2135,10 +2142,26 @@ int tls13_do_accept(TLS_CONNECT *conn) error_print(); return -1; } + + + if (tls13_process_certificate_list(cert_list, cert_list_len, conn->client_certs, &conn->client_certs_len) != 1) { + error_print(); + return -1; + } + + + const uint8_t *cert; size_t certlen; - if (x509_certs_get_cert_by_index(conn->client_certs, conn->client_certs_len, 0, &cert, &certlen) != 1 - || x509_cert_get_subject_public_key(cert, certlen, &client_sign_key) != 1) { + + + + + if (x509_certs_get_cert_by_index(conn->client_certs, conn->client_certs_len, 0, &cert, &certlen) != 1) { + error_print(); + return -1; + } + if (x509_cert_get_subject_public_key(cert, certlen, &client_sign_key) != 1) { error_print(); return -1; } @@ -2163,7 +2186,6 @@ int tls13_do_accept(TLS_CONNECT *conn) return -1; } tls_seq_num_incr(conn->client_seq_num); - digest_update(&dgst_ctx, record + 5, recordlen - 5); tls13_record_trace(stderr, record, recordlen, 0, 0); if (tls13_record_get_handshake_certificate_verify(record, &client_sign_algor, &client_sig, &client_siglen) != 1) { @@ -2174,6 +2196,10 @@ int tls13_do_accept(TLS_CONNECT *conn) error_print(); return -1; } + + + digest_update(&dgst_ctx, record + 5, recordlen - 5); + } // 12. Recv Client {Finished} @@ -2183,13 +2209,13 @@ int tls13_do_accept(TLS_CONNECT *conn) error_print(); return -1; } - if (tls13_record_decrypt(&conn->client_write_key, conn->client_write_iv, conn->client_seq_num, enced_record, enced_recordlen, record, &recordlen) != 1) { error_print(); return -1; } + tls13_record_trace(stderr, record, recordlen, 0, 0); tls_seq_num_incr(conn->client_seq_num); if (tls13_record_get_handshake_finished(record, &client_verify_data, &client_verify_data_len) != 1) { diff --git a/src/tls_trace.c b/src/tls_trace.c index 03a26dc5..5ef6b120 100644 --- a/src/tls_trace.c +++ b/src/tls_trace.c @@ -903,6 +903,8 @@ int tls13_handshake_print(FILE *fp, int fmt, int ind, const uint8_t *handshake, switch (type) { case TLS_handshake_certificate: return tls13_certificate_print(fp, fmt, ind, data, datalen); + case TLS_handshake_certificate_request: + return tls13_certificate_request_print(fp, fmt, ind, data, datalen); } return tls_handshake_print(fp, p, len, fmt, ind);