1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15 #include "securec.h"
16 #include "tls_binlog_id.h"
17 #include "bsl_log_internal.h"
18 #include "bsl_log.h"
19 #include "bsl_err_internal.h"
20 #include "bsl_sal.h"
21 #include "bsl_bytes.h"
22 #include "bsl_list.h"
23 #include "bsl_user_data.h"
24 #include "hitls_error.h"
25 #include "hitls_cert_reg.h"
26 #include "hitls_security.h"
27 #include "tls.h"
28 #ifdef HITLS_TLS_FEATURE_SECURITY
29 #include "security.h"
30 #endif
31 #include "cert_mgr_ctx.h"
32 #include "cert_method.h"
33 #include "cert_mgr.h"
34 #include "cert.h"
35 #include "config_type.h"
36
37 #ifdef HITLS_TLS_FEATURE_SECURITY
CheckKeySecbits(HITLS_Ctx * ctx,HITLS_CERT_X509 * cert,HITLS_CERT_Key * key)38 static int32_t CheckKeySecbits(HITLS_Ctx *ctx, HITLS_CERT_X509 *cert, HITLS_CERT_Key *key)
39 {
40 int32_t ret;
41 int32_t secBits = 0;
42 HITLS_Config *config = &ctx->config.tlsConfig;
43
44 ret = SAL_CERT_KeyCtrl(config, key, CERT_KEY_CTRL_GET_SECBITS, NULL, (void *)&secBits);
45 if (ret != HITLS_SUCCESS) {
46 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16303, "GET_SECBITS fail");
47 }
48 ret = SECURITY_SslCheck((HITLS_Ctx *)ctx, HITLS_SECURITY_SECOP_EE_KEY, secBits, 0, cert);
49 if (ret != SECURITY_SUCCESS) {
50 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16304, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
51 "SslCheck fail, ret %d", ret, 0, 0, 0);
52 BSL_ERR_PUSH_ERROR(HITLS_CERT_ERR_EE_KEY_WITH_INSECURE_SECBITS);
53 ctx->method.sendAlert((TLS_Ctx *)ctx, ALERT_LEVEL_FATAL, ALERT_INSUFFICIENT_SECURITY);
54 return HITLS_CERT_ERR_EE_KEY_WITH_INSECURE_SECBITS;
55 }
56
57 return HITLS_SUCCESS;
58 }
59 #endif
60
CertKeyType2CertType(HITLS_CERT_KeyType keyType)61 CERT_Type CertKeyType2CertType(HITLS_CERT_KeyType keyType)
62 {
63 switch (keyType) {
64 case TLS_CERT_KEY_TYPE_RSA:
65 case TLS_CERT_KEY_TYPE_RSA_PSS:
66 return CERT_TYPE_RSA_SIGN;
67 case TLS_CERT_KEY_TYPE_DSA:
68 return CERT_TYPE_DSS_SIGN;
69 case TLS_CERT_KEY_TYPE_SM2:
70 case TLS_CERT_KEY_TYPE_ECDSA:
71 case TLS_CERT_KEY_TYPE_ED25519:
72 return CERT_TYPE_ECDSA_SIGN;
73 default:
74 break;
75 }
76 return CERT_TYPE_UNKNOWN;
77 }
78
SAL_CERT_SignScheme2CertKeyType(const HITLS_Ctx * ctx,HITLS_SignHashAlgo signScheme)79 HITLS_CERT_KeyType SAL_CERT_SignScheme2CertKeyType(const HITLS_Ctx *ctx, HITLS_SignHashAlgo signScheme)
80 {
81 const TLS_SigSchemeInfo *info = ConfigGetSignatureSchemeInfo(&ctx->config.tlsConfig, signScheme);
82 if (info == NULL) {
83 return TLS_CERT_KEY_TYPE_UNKNOWN;
84 }
85 return info->keyType;
86 }
87
SAL_CERT_GetDefaultSignHashAlgo(HITLS_CERT_KeyType keyType)88 HITLS_SignHashAlgo SAL_CERT_GetDefaultSignHashAlgo(HITLS_CERT_KeyType keyType)
89 {
90 switch (keyType) {
91 case TLS_CERT_KEY_TYPE_RSA:
92 return CERT_SIG_SCHEME_RSA_PKCS1_SHA1;
93 case TLS_CERT_KEY_TYPE_RSA_PSS:
94 return CERT_SIG_SCHEME_RSA_PSS_PSS_SHA256;
95 case TLS_CERT_KEY_TYPE_DSA:
96 return CERT_SIG_SCHEME_DSA_SHA1;
97 case TLS_CERT_KEY_TYPE_ECDSA:
98 return CERT_SIG_SCHEME_ECDSA_SHA1;
99 case TLS_CERT_KEY_TYPE_ED25519:
100 return CERT_SIG_SCHEME_ED25519;
101 #ifdef HITLS_TLS_PROTO_TLCP11
102 case TLS_CERT_KEY_TYPE_SM2:
103 return CERT_SIG_SCHEME_SM2_SM3;
104 #endif
105 default:
106 break;
107 }
108 return CERT_SIG_SCHEME_UNKNOWN;
109 }
110
CheckCertType(CERT_Type expectCertType,HITLS_CERT_KeyType checkedKeyType)111 int32_t CheckCertType(CERT_Type expectCertType, HITLS_CERT_KeyType checkedKeyType)
112 {
113 if (expectCertType == CERT_TYPE_UNKNOWN) {
114 /* The certificate type is not specified. This check is not required. */
115 return HITLS_SUCCESS;
116 }
117 /* Convert the key type to the certificate type. */
118 CERT_Type checkedCertType = CertKeyType2CertType(checkedKeyType);
119 if (expectCertType != checkedCertType) {
120 BSL_ERR_PUSH_ERROR(HITLS_MSG_HANDLE_UNSUPPORT_CERT);
121 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15034, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
122 "unexpect cert: expect cert type = %u, checked key type = %u.", expectCertType, checkedKeyType, 0, 0);
123 return HITLS_MSG_HANDLE_UNSUPPORT_CERT;
124 }
125
126 return HITLS_SUCCESS;
127 }
128
IsSignSchemeExist(const uint16_t * signSchemeList,uint32_t signSchemeNum,HITLS_SignHashAlgo signScheme)129 static bool IsSignSchemeExist(const uint16_t *signSchemeList, uint32_t signSchemeNum, HITLS_SignHashAlgo signScheme)
130 {
131 for (uint32_t i = 0; i < signSchemeNum; i++) {
132 if (signSchemeList[i] == signScheme) {
133 return true;
134 }
135 }
136 return false;
137 }
138 typedef struct {
139 uint32_t baseSignAlgorithmsSize;
140 const uint16_t *baseSignAlgorithms;
141 uint32_t selectSignAlgorithmsSize;
142 const uint16_t *selectSignAlgorithms;
143 } SelectSignAlgorithms;
144
CheckSelectSignAlgorithms(TLS_Ctx * ctx,const SelectSignAlgorithms * select,HITLS_CERT_KeyType checkedKeyType,HITLS_CERT_Key * pubkey,bool isNegotiateSignAlgo)145 static int32_t CheckSelectSignAlgorithms(TLS_Ctx *ctx, const SelectSignAlgorithms *select,
146 HITLS_CERT_KeyType checkedKeyType, HITLS_CERT_Key *pubkey, bool isNegotiateSignAlgo)
147 {
148 uint32_t baseSignAlgorithmsSize = select->baseSignAlgorithmsSize;
149 const uint16_t *baseSignAlgorithms = select->baseSignAlgorithms;
150 uint32_t selectSignAlgorithmsSize = select->selectSignAlgorithmsSize;
151 const uint16_t *selectSignAlgorithms = select->selectSignAlgorithms;
152 const TLS_SigSchemeInfo *info = NULL;
153 (void)pubkey;
154 #ifdef HITLS_TLS_PROTO_TLS13
155 int32_t paraId = 0;
156 (void)SAL_CERT_KeyCtrl(&ctx->config.tlsConfig, pubkey, CERT_KEY_CTRL_GET_PARAM_ID, NULL, (void *)¶Id);
157 #endif
158 for (uint32_t i = 0; i < baseSignAlgorithmsSize; i++) {
159 info = ConfigGetSignatureSchemeInfo(&ctx->config.tlsConfig, baseSignAlgorithms[i]);
160 if (info == NULL || info->keyType != (int32_t)checkedKeyType) {
161 continue;
162 }
163 #ifdef HITLS_TLS_PROTO_TLS13
164 if (ctx->negotiatedInfo.version == HITLS_VERSION_TLS13 && info->paraId != 0 && info->paraId != paraId) {
165 continue;
166 }
167 #endif
168 if (!IsSignSchemeExist(selectSignAlgorithms, selectSignAlgorithmsSize, baseSignAlgorithms[i])) {
169 /* The signature algorithm must be the same as the algorithm configured on the peer end. */
170 continue;
171 }
172 #ifdef HITLS_TLS_FEATURE_SECURITY
173 if (SECURITY_SslCheck(ctx, HITLS_SECURITY_SECOP_SIGALG_CHECK, 0, baseSignAlgorithms[i],
174 NULL) != SECURITY_SUCCESS) {
175 continue;
176 }
177 #endif
178 if (!isNegotiateSignAlgo) {
179 /* Only the signature algorithm in the certificate is checked.
180 The signature algorithm in the handshake message is not negotiated. */
181 return HITLS_SUCCESS;
182 }
183
184 #ifdef HITLS_TLS_PROTO_TLS13
185 const uint32_t rsaPkcsv15Mask = 0x01;
186 const uint32_t dsaMask = 0x02;
187 const uint32_t sha1Mask = 0x0200;
188 const uint32_t sha224Mask = 0x0300;
189 /* rfc8446 4.2.3. Signature Algorithms */
190 if (ctx->negotiatedInfo.version == HITLS_VERSION_TLS13) {
191 if (((baseSignAlgorithms[i] & 0xff) == rsaPkcsv15Mask) ||
192 ((baseSignAlgorithms[i] & 0xff) == dsaMask) ||
193 ((baseSignAlgorithms[i] & 0xff00) == sha1Mask) ||
194 ((baseSignAlgorithms[i] & 0xff00) == sha224Mask)) {
195 /* not defined for use in signed TLS handshake messages in TLS1.3 */
196 continue;
197 }
198 }
199 #endif
200 ctx->negotiatedInfo.signScheme = baseSignAlgorithms[i];
201 return HITLS_SUCCESS;
202 }
203 BSL_ERR_PUSH_ERROR(HITLS_CERT_ERR_NO_SIGN_SCHEME_MATCH);
204 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15981, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
205 "unexpect cert: no available signature scheme, key type = %u.", checkedKeyType, 0, 0, 0);
206 return HITLS_CERT_ERR_NO_SIGN_SCHEME_MATCH;
207 }
208
CheckSignScheme(TLS_Ctx * ctx,const uint16_t * signSchemeList,uint32_t signSchemeNum,HITLS_CERT_KeyType checkedKeyType,HITLS_CERT_Key * pubkey,bool isNegotiateSignAlgo)209 static int32_t CheckSignScheme(TLS_Ctx *ctx, const uint16_t *signSchemeList, uint32_t signSchemeNum,
210 HITLS_CERT_KeyType checkedKeyType, HITLS_CERT_Key *pubkey, bool isNegotiateSignAlgo)
211 {
212 if (signSchemeList == NULL) {
213 if (!isNegotiateSignAlgo) {
214 /* Do not save the signature algorithm used for sending handshake messages. */
215 return HITLS_SUCCESS;
216 }
217 /* No signature algorithm is specified.
218 The default signature algorithm is used when handshake messages are sent. */
219 HITLS_SignHashAlgo signScheme = SAL_CERT_GetDefaultSignHashAlgo(checkedKeyType);
220 if (signScheme == CERT_SIG_SCHEME_UNKNOWN
221 #ifdef HITLS_TLS_FEATURE_SECURITY
222 || SECURITY_SslCheck(ctx, HITLS_SECURITY_SECOP_SIGALG_CHECK, 0, signScheme, NULL) != SECURITY_SUCCESS
223 #endif
224 ) {
225 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16074, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
226 "unexpect key type: no available signature scheme, key type = %u.", checkedKeyType, 0, 0, 0);
227 return HITLS_CERT_ERR_NO_SIGN_SCHEME_MATCH;
228 }
229 ctx->negotiatedInfo.signScheme = signScheme;
230 return HITLS_SUCCESS;
231 }
232
233 SelectSignAlgorithms select = { 0 };
234 bool supportServer = ctx->config.tlsConfig.isSupportServerPreference;
235 select.baseSignAlgorithmsSize = supportServer ? ctx->config.tlsConfig.signAlgorithmsSize : signSchemeNum;
236 select.baseSignAlgorithms = supportServer ? ctx->config.tlsConfig.signAlgorithms : signSchemeList;
237 select.selectSignAlgorithmsSize = supportServer ? signSchemeNum : ctx->config.tlsConfig.signAlgorithmsSize;
238 select.selectSignAlgorithms = supportServer ? signSchemeList : ctx->config.tlsConfig.signAlgorithms;
239
240 return CheckSelectSignAlgorithms(ctx, &select, checkedKeyType, pubkey, isNegotiateSignAlgo);
241 }
242
CheckCurveName(HITLS_Config * config,const uint16_t * curveList,uint32_t curveNum,HITLS_CERT_Key * pubkey)243 int32_t CheckCurveName(HITLS_Config *config, const uint16_t *curveList, uint32_t curveNum, HITLS_CERT_Key *pubkey)
244 {
245 uint32_t curveName = HITLS_NAMED_GROUP_BUTT;
246 int32_t ret = SAL_CERT_KeyCtrl(config, pubkey, CERT_KEY_CTRL_GET_CURVE_NAME, NULL, (void *)&curveName);
247 if (ret != HITLS_SUCCESS) {
248 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15036, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
249 "internal error: unable to get curve name.", 0, 0, 0, 0);
250 return ret;
251 }
252 for (uint32_t i = 0; i < curveNum; i++) {
253 if (curveName == curveList[i]) {
254 return HITLS_SUCCESS;
255 }
256 }
257 BSL_ERR_PUSH_ERROR(HITLS_CERT_ERR_NO_CURVE_MATCH);
258 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15037, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
259 "unexpect cert: no curve match, which used %u.", curveName, 0, 0, 0);
260 return HITLS_CERT_ERR_NO_CURVE_MATCH;
261 }
262
CheckPointFormat(HITLS_Config * config,const uint8_t * ecPointFormatList,uint32_t listSize,HITLS_CERT_Key * pubkey)263 int32_t CheckPointFormat(HITLS_Config *config, const uint8_t *ecPointFormatList, uint32_t listSize,
264 HITLS_CERT_Key *pubkey)
265 {
266 uint32_t ecPointFormat = HITLS_POINT_FORMAT_BUTT;
267 int32_t ret = SAL_CERT_KeyCtrl(config, pubkey, CERT_KEY_CTRL_GET_POINT_FORMAT, NULL, (void *)&ecPointFormat);
268 if (ret != HITLS_SUCCESS) {
269 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15038, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
270 "internal error: unable to get point format.", 0, 0, 0, 0);
271 return ret;
272 }
273 for (uint32_t i = 0; i < listSize; i++) {
274 if (ecPointFormat == ecPointFormatList[i]) {
275 return HITLS_SUCCESS;
276 }
277 }
278 BSL_ERR_PUSH_ERROR(HITLS_CERT_ERR_NO_POINT_FORMAT_MATCH);
279 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15039, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
280 "unexpect cert: no point format match, which used %u.", ecPointFormat, 0, 0, 0);
281 return HITLS_CERT_ERR_NO_POINT_FORMAT_MATCH;
282 }
283
IsEcParamCompatible(HITLS_Config * config,const CERT_ExpectInfo * info,HITLS_CERT_Key * pubkey)284 int32_t IsEcParamCompatible(HITLS_Config *config, const CERT_ExpectInfo *info, HITLS_CERT_Key *pubkey)
285 {
286 int32_t ret;
287
288 /* If the client has used a Supported Elliptic Curves Extension, the public key in the server's certificate MUST
289 respect the client's choice of elliptic curves */
290 if (info->ellipticCurveNum != 0) {
291 ret = CheckCurveName(config, info->ellipticCurveList, info->ellipticCurveNum, pubkey);
292 if (ret != HITLS_SUCCESS) {
293 return ret;
294 }
295 }
296
297 if (info->ecPointFormatNum != 0) {
298 ret = CheckPointFormat(config, info->ecPointFormatList, info->ecPointFormatNum, pubkey);
299 if (ret != HITLS_SUCCESS) {
300 return ret;
301 }
302 }
303
304 return HITLS_SUCCESS;
305 }
306
CheckCertTypeAndSignScheme(HITLS_Ctx * ctx,const CERT_ExpectInfo * expectCertInfo,HITLS_CERT_Key * pubkey,bool isNegotiateSignAlgo,bool signCheck)307 static int32_t CheckCertTypeAndSignScheme(HITLS_Ctx *ctx, const CERT_ExpectInfo *expectCertInfo, HITLS_CERT_Key *pubkey,
308 bool isNegotiateSignAlgo, bool signCheck)
309 {
310 HITLS_Config *config = &ctx->config.tlsConfig;
311 uint32_t keyType = TLS_CERT_KEY_TYPE_UNKNOWN;
312 int32_t ret = SAL_CERT_KeyCtrl(config, pubkey, CERT_KEY_CTRL_GET_TYPE, NULL, (void *)&keyType);
313 if (ret != HITLS_SUCCESS) {
314 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15041, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
315 "check certificate error: pubkey type unknown.", 0, 0, 0, 0);
316 return ret;
317 }
318
319 ret = CheckCertType(expectCertInfo->certType, keyType);
320 if (ret != HITLS_SUCCESS) {
321 return ret;
322 }
323
324 if (signCheck == true) {
325 ret = CheckSignScheme(ctx, expectCertInfo->signSchemeList, expectCertInfo->signSchemeNum,
326 keyType, pubkey, isNegotiateSignAlgo);
327 if (ret != HITLS_SUCCESS) {
328 return ret;
329 }
330 }
331
332 /* ECDSA certificate. The curve ID and point format must be checked.
333 TLS_CERT_KEY_TYPE_SM2 does not check the curve ID and point format. TLCP curves is sm2 and is not compressed. */
334 if (keyType == TLS_CERT_KEY_TYPE_ECDSA && ctx->negotiatedInfo.version != HITLS_VERSION_TLS13) {
335 ret = IsEcParamCompatible(config, expectCertInfo, pubkey);
336 }
337
338 return ret;
339 }
340
SAL_CERT_CheckCertInfo(HITLS_Ctx * ctx,const CERT_ExpectInfo * expectCertInfo,HITLS_CERT_X509 * cert,bool isNegotiateSignAlgo,bool signCheck)341 int32_t SAL_CERT_CheckCertInfo(HITLS_Ctx *ctx, const CERT_ExpectInfo *expectCertInfo, HITLS_CERT_X509 *cert,
342 bool isNegotiateSignAlgo, bool signCheck)
343 {
344 HITLS_Config *config = &ctx->config.tlsConfig;
345 CERT_MgrCtx *mgrCtx = config->certMgrCtx;
346 HITLS_CERT_Key *pubkey = NULL;
347 int32_t ret = SAL_CERT_X509Ctrl(config, cert, CERT_CTRL_GET_PUB_KEY, NULL, (void *)&pubkey);
348 if (ret != HITLS_SUCCESS) {
349 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID15040, "get pubkey fail");
350 }
351
352 do {
353 #ifdef HITLS_TLS_FEATURE_SECURITY
354 ret = CheckKeySecbits(ctx, cert, pubkey);
355 if (ret != HITLS_SUCCESS) {
356 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16307, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
357 "CheckKeySecbits fail", 0, 0, 0, 0);
358 break;
359 }
360 #endif
361
362 ret = CheckCertTypeAndSignScheme(ctx, expectCertInfo, pubkey, isNegotiateSignAlgo, signCheck);
363 if (ret != HITLS_SUCCESS) {
364 break;
365 }
366 } while (false);
367
368 SAL_CERT_KeyFree(mgrCtx, pubkey);
369 return ret;
370 }
371
372 /*
373 * Server: Currently, two certificates are required for either of the two cipher suites supported.
374 * If the ECDHE cipher suite is used, the client needs to obtain the encrypted certificate to generate the premaster key
375 * and the signature certificate authenticates the identity.
376 * If the ECC cipher suite is used, the server public key is required to encrypt the premaster key
377 * and the signature certificate authentication is required.
378 * Client: Only the ECDHE cipher suite requires the client encryption certificate.
379 * In this case, the value of isNeedClientCert is true and may not be two-way authentication. (The specific value
380 * depends on the server configuration.)
381 * Therefore, the client does not verify any certificate and only sets the index.
382 * */
383 #ifdef HITLS_TLS_PROTO_TLCP11
TlcpSelectCertByInfo(HITLS_Ctx * ctx,CERT_ExpectInfo * info)384 static int32_t TlcpSelectCertByInfo(HITLS_Ctx *ctx, CERT_ExpectInfo *info)
385 {
386 int32_t encCertKeyType = TLS_CERT_KEY_TYPE_SM2;
387 CERT_MgrCtx *mgrCtx = ctx->config.tlsConfig.certMgrCtx;
388 CERT_Pair *certPair = NULL;
389 int32_t ret = BSL_HASH_At(mgrCtx->certPairs, (uintptr_t)encCertKeyType, (uintptr_t *)&certPair);
390 if (ret != HITLS_SUCCESS || certPair == NULL) {
391 return RETURN_ERROR_NUMBER_PROCESS(HITLS_CERT_ERR_SELECT_CERTIFICATE, BINLOG_ID17336,
392 "The certificate required by TLCP is not loaded");
393 }
394 HITLS_CERT_X509 *cert = certPair->cert;
395 HITLS_CERT_X509 *encCert = certPair->encCert;
396 if (ctx->isClient == false || ctx->negotiatedInfo.cipherSuiteInfo.kxAlg == HITLS_KEY_EXCH_ECDHE) {
397 if (cert == NULL || encCert == NULL) {
398 return RETURN_ERROR_NUMBER_PROCESS(HITLS_CERT_ERR_SELECT_CERTIFICATE, BINLOG_ID15042,
399 "The certificate required by TLCP is not loaded");
400 }
401
402 ret = SAL_CERT_CheckCertInfo(ctx, info, cert, true, true);
403 if (ret != HITLS_SUCCESS) {
404 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16308, "CheckCertInfo fail");
405 }
406
407 ret = SAL_CERT_CheckCertInfo(ctx, info, encCert, true, false);
408 if (ret != HITLS_SUCCESS) {
409 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16309, "CheckCertInfo fail");
410 }
411 } else {
412 /* Check whether the certificate is missing when the client sends the certificate
413 or sends it to the server for processing. Check whether the authentication-related signature certificate
414 or derived encryption certificate exists when the client uses the certificate. */
415 if (cert != NULL) {
416 ret = SAL_CERT_CheckCertInfo(ctx, info, cert, true, true);
417 if (ret != HITLS_SUCCESS) {
418 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16310, "CheckCertInfo fail");
419 }
420 }
421 if (encCert != NULL) {
422 ret = SAL_CERT_CheckCertInfo(ctx, info, encCert, true, false);
423 if (ret != HITLS_SUCCESS) {
424 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16311, "CheckCertInfo fail");
425 }
426 }
427 }
428 mgrCtx->currentCertKeyType = TLS_CERT_KEY_TYPE_SM2;
429 return HITLS_SUCCESS;
430 }
431 #endif
432
SelectCertByInfo(HITLS_Ctx * ctx,CERT_ExpectInfo * info)433 static int32_t SelectCertByInfo(HITLS_Ctx *ctx, CERT_ExpectInfo *info)
434 {
435 int32_t ret;
436 CERT_MgrCtx *mgrCtx = ctx->config.tlsConfig.certMgrCtx;
437 if (mgrCtx == NULL) {
438 BSL_ERR_PUSH_ERROR(HITLS_UNREGISTERED_CALLBACK);
439 return RETURN_ERROR_NUMBER_PROCESS(HITLS_UNREGISTERED_CALLBACK, BINLOG_ID16312, "unregistered callback");
440 }
441
442 BSL_HASH_Hash *certPairs = mgrCtx->certPairs;
443 BSL_HASH_Iterator it = BSL_HASH_IterBegin(certPairs);
444 while (it != BSL_HASH_IterEnd(certPairs)) {
445 uint32_t keyType = (uint32_t)BSL_HASH_HashIterKey(certPairs, it);
446 CERT_Pair *certPair = (CERT_Pair *)BSL_HASH_IterValue(certPairs, it);
447 if (certPair == NULL || certPair->cert == NULL) {
448 it = BSL_HASH_IterNext(certPairs, it);
449 continue;
450 }
451 ret = SAL_CERT_CheckCertInfo(ctx, info, certPair->cert, true, true);
452 if (ret != HITLS_SUCCESS) {
453 it = BSL_HASH_IterNext(certPairs, it);
454 continue;
455 }
456 /* Find a proper certificate and record the corresponding subscript. */
457 mgrCtx->currentCertKeyType = keyType;
458 return HITLS_SUCCESS;
459 }
460 return HITLS_CERT_ERR_SELECT_CERTIFICATE;
461 }
462
SAL_CERT_SelectCertByInfo(HITLS_Ctx * ctx,CERT_ExpectInfo * info)463 int32_t SAL_CERT_SelectCertByInfo(HITLS_Ctx *ctx, CERT_ExpectInfo *info)
464 {
465 int32_t ret = HITLS_SUCCESS;
466 CERT_MgrCtx *mgrCtx = ctx->config.tlsConfig.certMgrCtx;
467 if (mgrCtx == NULL) {
468 return RETURN_ERROR_NUMBER_PROCESS(HITLS_UNREGISTERED_CALLBACK, BINLOG_ID16313, "unregistered callback");
469 }
470 if (ctx->negotiatedInfo.version == HITLS_VERSION_TLCP_DTLCP11) {
471 #ifdef HITLS_TLS_PROTO_TLCP11
472 ret = TlcpSelectCertByInfo(ctx, info);
473 #endif
474 } else {
475 ret = SelectCertByInfo(ctx, info);
476 }
477 if (ret == HITLS_SUCCESS) {
478 return ret;
479 }
480 BSL_ERR_PUSH_ERROR(HITLS_CERT_ERR_SELECT_CERTIFICATE);
481 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16151, BSL_LOG_LEVEL_INFO, BSL_LOG_BINLOG_TYPE_RUN,
482 "select certificate fail. ret %d", ret, 0, 0, 0);
483 mgrCtx->currentCertKeyType = TLS_CERT_KEY_TYPE_UNKNOWN;
484 return HITLS_CERT_ERR_SELECT_CERTIFICATE;
485 }
486
EncodeCertificate(HITLS_Ctx * ctx,HITLS_CERT_X509 * cert,uint8_t * buf,uint32_t bufLen,uint32_t * usedLen,uint32_t certIndex)487 int32_t EncodeCertificate(HITLS_Ctx *ctx, HITLS_CERT_X509 *cert, uint8_t *buf, uint32_t bufLen, uint32_t *usedLen, uint32_t certIndex)
488 {
489 if (ctx == NULL || buf == NULL || cert == NULL || usedLen == NULL) {
490 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16314, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "input null", 0, 0, 0, 0);
491 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
492 return HITLS_NULL_INPUT;
493 }
494 (void)certIndex;
495 int32_t ret;
496 HITLS_Config *config = &ctx->config.tlsConfig;
497 uint32_t certLen = 0;
498 ret = SAL_CERT_X509Ctrl(config, cert, CERT_CTRL_GET_ENCODE_LEN, NULL, (void *)&certLen);
499 if (ret != HITLS_SUCCESS) {
500 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15043, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
501 "encode certificate error: unable to get encode length.", 0, 0, 0, 0);
502 return ret;
503 }
504 /* Reserve at least 3 bytes length + data length. */
505 if ((bufLen < CERT_LEN_TAG_SIZE) || (bufLen - CERT_LEN_TAG_SIZE < certLen) || (certLen == 0)) {
506 BSL_ERR_PUSH_ERROR(HITLS_CERT_ERR_ENCODE_CERT);
507 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15044, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
508 "encode cert out of buffer, encode len = %u, buffer len = %u.", certLen, bufLen, 0, 0);
509 return HITLS_CERT_ERR_ENCODE_CERT;
510 }
511 *usedLen = 0;
512 /* Write the length of the certificate data. */
513 BSL_Uint24ToByte(certLen, buf);
514 /* Write the certificate data. */
515 ret = SAL_CERT_X509Encode(ctx, cert, &buf[CERT_LEN_TAG_SIZE], bufLen - CERT_LEN_TAG_SIZE, usedLen);
516 if (ret != HITLS_SUCCESS) {
517 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16315, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "X509Encode err", 0, 0, 0, 0);
518 return ret;
519 }
520 uint32_t offset = CERT_LEN_TAG_SIZE + *usedLen;
521
522 #ifdef HITLS_TLS_PROTO_TLS13
523 if (ctx->negotiatedInfo.version == HITLS_VERSION_TLS13) {
524 /* If an extension applies to the entire chain, it SHOULD be included in the first CertificateEntry. */
525 if (bufLen - offset < sizeof(uint16_t)) {
526 BSL_ERR_PUSH_ERROR(HITLS_CERT_ERR_ENCODE_CERT);
527 return RETURN_ERROR_NUMBER_PROCESS(HITLS_CERT_ERR_ENCODE_CERT, BINLOG_ID16316, "bufLen err");
528 }
529
530 uint32_t exLen = 0;
531 #ifdef HITLS_TLS_FEATURE_CUSTOM_EXTENSION
532 if (IsPackNeedCustomExtensions(CUSTOM_EXT_FROM_CTX(ctx), HITLS_EX_TYPE_TLS1_3_CERTIFICATE)) {
533 ret = PackCustomExtensions(ctx, &buf[offset + sizeof(uint16_t)], bufLen - offset - sizeof(uint16_t), &exLen,
534 HITLS_EX_TYPE_TLS1_3_CERTIFICATE, cert, certIndex);
535 if (ret != HITLS_SUCCESS) {
536 return ret;
537 }
538 }
539 #endif /* HITLS_TLS_FEATURE_CUSTOM_EXTENSION */
540 /* Valid extensions for server certificates at present include the OCSP Status extension [RFC6066]
541 and the SignedCertificateTimestamp extension [RFC6962] */
542 BSL_Uint16ToByte(exLen, &buf[offset]);
543 offset += sizeof(uint16_t) + exLen;
544 }
545 #endif
546
547 *usedLen = offset;
548 return HITLS_SUCCESS;
549 }
550
FreeCertList(HITLS_CERT_X509 ** certList,uint32_t certNum)551 void FreeCertList(HITLS_CERT_X509 **certList, uint32_t certNum)
552 {
553 if (certList == NULL) {
554 return;
555 }
556 for (uint32_t i = 0; i < certNum; i++) {
557 SAL_CERT_X509Free(certList[i]);
558 }
559 }
560
EncodeEECert(HITLS_Ctx * ctx,uint8_t * buf,uint32_t bufLen,uint32_t * usedLen,HITLS_CERT_X509 ** cert)561 static int32_t EncodeEECert(HITLS_Ctx *ctx, uint8_t *buf, uint32_t bufLen, uint32_t *usedLen,
562 HITLS_CERT_X509 **cert)
563 {
564 uint32_t offset = 0;
565 CERT_MgrCtx *mgrCtx = ctx->config.tlsConfig.certMgrCtx;
566 CERT_Pair *currentCertPair = NULL;
567 int32_t ret = BSL_HASH_At(mgrCtx->certPairs, (uintptr_t)mgrCtx->currentCertKeyType, (uintptr_t *)¤tCertPair);
568 if (ret != HITLS_SUCCESS || currentCertPair == NULL || currentCertPair->cert == NULL) {
569 BSL_ERR_PUSH_ERROR(HITLS_CERT_ERR_EXP_CERT);
570 return RETURN_ERROR_NUMBER_PROCESS(HITLS_CERT_ERR_EXP_CERT, BINLOG_ID16152, "first cert is null");
571 }
572 HITLS_CERT_X509 *tmpCert = currentCertPair->cert;
573
574 #ifdef HITLS_TLS_FEATURE_SECURITY
575 HITLS_CERT_Key *key = currentCertPair->privateKey;
576 ret = CheckKeySecbits(ctx, tmpCert, key);
577 if (ret != HITLS_SUCCESS) {
578 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16317, "check key fail");
579 }
580 #endif
581
582 /* Write the first device certificate. */
583 ret = EncodeCertificate(ctx, tmpCert, buf, bufLen, usedLen, 0);
584 if (ret != HITLS_SUCCESS) {
585 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16153, "encode fail");
586 }
587 offset += *usedLen;
588 #ifdef HITLS_TLS_PROTO_TLCP11
589 /* If the TLCP algorithm is used and the encryption certificate is required, write the
590 second encryption certificate. */
591 HITLS_CERT_X509 *certEnc = currentCertPair->encCert;
592 if (ctx->negotiatedInfo.version == HITLS_VERSION_TLCP_DTLCP11 && certEnc != NULL) {
593 #ifdef HITLS_TLS_FEATURE_SECURITY
594 HITLS_CERT_Key *keyEnc = currentCertPair->encPrivateKey;
595 ret = CheckKeySecbits(ctx, certEnc, keyEnc);
596 if (ret != HITLS_SUCCESS) {
597 return ret;
598 }
599 #endif
600 ret = EncodeCertificate(ctx, certEnc, &buf[offset], bufLen - offset, usedLen, 1);
601 if (ret != HITLS_SUCCESS) {
602 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16154, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
603 "TLCP encode device certificate error.", 0, 0, 0, 0);
604 return ret;
605 }
606 offset += *usedLen;
607 }
608 #endif
609 *usedLen = offset;
610 *cert = tmpCert;
611 return HITLS_SUCCESS;
612 }
613
614 #ifdef HITLS_TLS_FEATURE_SECURITY
CheckCertChainFromStore(HITLS_Config * config,HITLS_CERT_X509 * cert)615 static int32_t CheckCertChainFromStore(HITLS_Config *config, HITLS_CERT_X509 *cert)
616 {
617 HITLS_CERT_Key *pubkey = NULL;
618 CERT_MgrCtx *mgrCtx = config->certMgrCtx;
619 int32_t ret = SAL_CERT_X509Ctrl(config, cert, CERT_CTRL_GET_PUB_KEY, NULL, (void *)&pubkey);
620 if (ret != HITLS_SUCCESS) {
621 return RETURN_ERROR_NUMBER_PROCESS(HITLS_CFG_ERR_LOAD_CERT_FILE, BINLOG_ID16318, "GET_PUB_KEY fail");
622 }
623
624 int32_t secBits = 0;
625 ret = SAL_CERT_KeyCtrl(config, pubkey, CERT_KEY_CTRL_GET_SECBITS, NULL, (void *)&secBits);
626 SAL_CERT_KeyFree(mgrCtx, pubkey);
627 if (ret != HITLS_SUCCESS) {
628 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16319, "GET_SECBITS fail");
629 }
630
631 ret = SECURITY_CfgCheck(config, HITLS_SECURITY_SECOP_CA_KEY, secBits, 0, cert); // cert key
632 if (ret != SECURITY_SUCCESS) {
633 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16320, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
634 "CfgCheck fail, ret %d", ret, 0, 0, 0);
635 return HITLS_CERT_ERR_CA_KEY_WITH_INSECURE_SECBITS;
636 }
637
638 int32_t signAlg = 0;
639 ret = SAL_CERT_X509Ctrl(config, cert, CERT_CTRL_GET_SIGN_ALGO, NULL, (void *)&signAlg);
640 if (ret != HITLS_SUCCESS) {
641 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16321, "GET_SIGN_ALGO fail");
642 }
643
644 ret = SECURITY_CfgCheck(config, HITLS_SECURITY_SECOP_SIGALG_CHECK, 0, signAlg, NULL);
645 if (ret != SECURITY_SUCCESS) {
646 return HITLS_CERT_ERR_INSECURE_SIG_ALG ;
647 }
648 return HITLS_SUCCESS;
649 }
650 #endif
651
EncodeCertificateChain(HITLS_Ctx * ctx,uint8_t * buf,uint32_t bufLen,uint32_t * usedLen,uint32_t offset)652 static int32_t EncodeCertificateChain(HITLS_Ctx *ctx, uint8_t *buf, uint32_t bufLen, uint32_t *usedLen, uint32_t offset)
653 {
654 HITLS_CERT_X509 *tempCert = NULL;
655 HITLS_Config *config = &ctx->config.tlsConfig;
656 CERT_MgrCtx *mgrCtx = config->certMgrCtx;
657 CERT_Pair *currentCertPair = NULL;
658 int32_t ret = BSL_HASH_At(mgrCtx->certPairs, (uintptr_t)mgrCtx->currentCertKeyType, (uintptr_t *)¤tCertPair);
659 if (ret != HITLS_SUCCESS || currentCertPair == NULL) {
660 *usedLen = offset;
661 return HITLS_SUCCESS;
662 }
663 tempCert = (HITLS_CERT_X509 *)BSL_LIST_GET_FIRST(currentCertPair->chain);
664 uint32_t tempOffset = offset;
665 uint32_t certIndex = 1;
666 while (tempCert != NULL) {
667 ret = EncodeCertificate(ctx, tempCert, &buf[tempOffset], bufLen - tempOffset, usedLen, certIndex);
668 if (ret != HITLS_SUCCESS) {
669 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID15048, "encode cert chain err");
670 }
671 tempOffset += *usedLen;
672 certIndex++;
673 tempCert = BSL_LIST_GET_NEXT(currentCertPair->chain);
674 }
675 *usedLen = tempOffset;
676 return HITLS_SUCCESS;
677 }
678
EncodeCertStore(HITLS_Ctx * ctx,uint8_t * buf,uint32_t bufLen,uint32_t * usedLen,HITLS_CERT_X509 * cert)679 static int32_t EncodeCertStore(HITLS_Ctx *ctx, uint8_t *buf, uint32_t bufLen, uint32_t *usedLen, HITLS_CERT_X509 *cert)
680 {
681 HITLS_Config *config = &ctx->config.tlsConfig;
682 CERT_MgrCtx *mgrCtx = config->certMgrCtx;
683 HITLS_CERT_Store *store = (mgrCtx->chainStore != NULL) ? mgrCtx->chainStore : mgrCtx->certStore;
684 uint32_t offset = *usedLen;
685 HITLS_CERT_X509 *certList[TLS_DEFAULT_VERIFY_DEPTH] = {0};
686 uint32_t certNum = TLS_DEFAULT_VERIFY_DEPTH;
687 if (store != NULL) {
688 int32_t ret = SAL_CERT_BuildChain(config, store, cert, certList, &certNum);
689 if (ret != HITLS_SUCCESS) {
690 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16322, "BuildChain fail");
691 }
692 /* The first device certificate has been written. The certificate starts from the second one. */
693 for (uint32_t i = 1; i < certNum; i++) {
694 #ifdef HITLS_TLS_FEATURE_SECURITY
695 ret = CheckCertChainFromStore(config, certList[i]);
696 if (ret != HITLS_SUCCESS) {
697 return ret;
698 }
699 #endif
700 ret = EncodeCertificate(ctx, certList[i], &buf[offset], bufLen - offset, usedLen, i);
701 if (ret != HITLS_SUCCESS) {
702 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16155, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
703 "encode cert chain error in No.%u.", i, 0, 0, 0);
704 FreeCertList(certList, certNum);
705 return ret;
706 }
707 offset += *usedLen;
708 }
709 }
710 FreeCertList(certList, certNum);
711 *usedLen = offset;
712 return HITLS_SUCCESS;
713 }
714 /*
715 * The constructed certificate chain is incomplete (excluding the root certificate).
716 * Therefore, in the buildCertChain callback, the return value is ignored, even if the error returned by this call.
717 * In fact, certificates are not verified but chains are constructed as many as possible.
718 * So do not need to invoke buildCertChain if the certificate is encrypted using the TLCP.
719 * If the TLCP is used, the server has checked that the two certificates are not empty.
720 * The client does not check, the message is sent based on the configuration.
721 * If the message will be sent, the signature certificate must exist.
722 * */
SAL_CERT_EncodeCertChain(HITLS_Ctx * ctx,uint8_t * buf,uint32_t bufLen,uint32_t * usedLen)723 int32_t SAL_CERT_EncodeCertChain(HITLS_Ctx *ctx, uint8_t *buf, uint32_t bufLen, uint32_t *usedLen)
724 {
725 if (ctx == NULL || buf == NULL || usedLen == NULL) {
726 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
727 return RETURN_ERROR_NUMBER_PROCESS(HITLS_NULL_INPUT, BINLOG_ID16323, "input null");
728 }
729 HITLS_CERT_X509 *cert = NULL;
730 HITLS_Config *config = &ctx->config.tlsConfig;
731 CERT_MgrCtx *mgrCtx = config->certMgrCtx;
732 if (mgrCtx == NULL) {
733 return RETURN_ERROR_NUMBER_PROCESS(HITLS_UNREGISTERED_CALLBACK, BINLOG_ID16324, "unregistered callback");
734 }
735
736 CERT_Pair *currentCertPair = NULL;
737 int32_t ret = BSL_HASH_At(mgrCtx->certPairs, (uintptr_t)mgrCtx->currentCertKeyType, (uintptr_t *)¤tCertPair);
738 if (ret != HITLS_SUCCESS || currentCertPair == NULL) {
739 /* No certificate needs to be sent at the local end. */
740 *usedLen = 0;
741 return HITLS_SUCCESS;
742 }
743 uint32_t offset = 0;
744 ret = EncodeEECert(ctx, buf, bufLen, usedLen, &cert);
745 if (ret != HITLS_SUCCESS) {
746 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID15046, "encode device cert err");
747 }
748 offset += *usedLen;
749 uint32_t listSize = (uint32_t)BSL_LIST_COUNT(currentCertPair->chain);
750 // Check the size. If a certificate exists in the chain, directly put the data in the chain into the buf and return.
751 if (listSize > 0) {
752 return EncodeCertificateChain(ctx, buf, bufLen, usedLen, offset);
753 }
754 *usedLen = offset;
755 return EncodeCertStore(ctx, buf, bufLen, usedLen, cert);
756 }
757
758 #ifdef HITLS_TLS_PROTO_TLS13
759 // rfc8446 4.4.2.4. Receiving a Certificate Message
760 // Any endpoint receiving any certificate which it would need to validate using any signature algorithm using an MD5
761 // hash MUST abort the handshake with a "bad_certificate" alert.
762 // Currently, the MD5 signature algorithm is not available, but it is still an unknown one.
CheckCertSignature(HITLS_Ctx * ctx,HITLS_CERT_X509 * cert)763 int32_t CheckCertSignature(HITLS_Ctx *ctx, HITLS_CERT_X509 *cert)
764 {
765 HITLS_Config *config = &ctx->config.tlsConfig;
766 if (ctx->negotiatedInfo.version == HITLS_VERSION_TLS13) {
767 HITLS_SignHashAlgo signAlg = CERT_SIG_SCHEME_UNKNOWN;
768 const uint32_t md5Mask = 0x0100;
769 (void)SAL_CERT_X509Ctrl(config, cert, CERT_CTRL_GET_SIGN_ALGO, NULL, (void *)&signAlg);
770 if ((signAlg == CERT_SIG_SCHEME_UNKNOWN) || (((uint32_t)signAlg & 0xff00) == md5Mask)) {
771 return RETURN_ERROR_NUMBER_PROCESS(HITLS_CERT_CTRL_ERR_GET_SIGN_ALGO, BINLOG_ID16325, "signAlg unknow");
772 }
773 }
774 return HITLS_SUCCESS;
775 }
776 #endif
777
DestoryParseChain(HITLS_CERT_X509 * encCert,HITLS_CERT_X509 * cert,HITLS_CERT_Chain * newChain)778 static void DestoryParseChain(HITLS_CERT_X509 *encCert, HITLS_CERT_X509 *cert, HITLS_CERT_Chain *newChain)
779 {
780 SAL_CERT_X509Free(encCert);
781 SAL_CERT_X509Free(cert);
782 SAL_CERT_ChainFree(newChain);
783 }
784
785 #ifdef HITLS_TLS_PROTO_TLCP11
TlcpCheckSignCertKeyUsage(HITLS_Ctx * ctx,HITLS_CERT_X509 * cert)786 static bool TlcpCheckSignCertKeyUsage(HITLS_Ctx *ctx, HITLS_CERT_X509 *cert)
787 {
788 if (ctx->negotiatedInfo.version == HITLS_VERSION_TLCP_DTLCP11) {
789 return SAL_CERT_CheckCertKeyUsage(ctx, cert, CERT_KEY_CTRL_IS_DIGITAL_SIGN_USAGE) ||
790 SAL_CERT_CheckCertKeyUsage(ctx, cert, CERT_KEY_CTRL_IS_NON_REPUDIATION_USAGE);
791 }
792 return true;
793 }
794
TlcpCheckEncCertKeyUsage(HITLS_Ctx * ctx,HITLS_CERT_X509 * encCert)795 static bool TlcpCheckEncCertKeyUsage(HITLS_Ctx *ctx, HITLS_CERT_X509 *encCert)
796 {
797 if (ctx->negotiatedInfo.version == HITLS_VERSION_TLCP_DTLCP11) {
798 return SAL_CERT_CheckCertKeyUsage(ctx, encCert, CERT_KEY_CTRL_IS_KEYENC_USAGE) ||
799 SAL_CERT_CheckCertKeyUsage(ctx, encCert, CERT_KEY_CTRL_IS_DATA_ENC_USAGE) ||
800 SAL_CERT_CheckCertKeyUsage(ctx, encCert, CERT_KEY_CTRL_IS_KEY_AGREEMENT_USAGE);
801 }
802 return false;
803 }
804 #endif
805
ParseChain(HITLS_Ctx * ctx,CERT_Item * item,HITLS_CERT_Chain ** chain,HITLS_CERT_X509 ** encCert)806 int32_t ParseChain(HITLS_Ctx *ctx, CERT_Item *item, HITLS_CERT_Chain **chain, HITLS_CERT_X509 **encCert)
807 {
808 if (ctx == NULL || chain == NULL) {
809 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
810 return RETURN_ERROR_NUMBER_PROCESS(HITLS_NULL_INPUT, BINLOG_ID16326, "input null");
811 }
812 HITLS_CERT_X509 *encCertLocal = NULL;
813 HITLS_Config *config = &ctx->config.tlsConfig;
814 HITLS_CERT_Chain *newChain = SAL_CERT_ChainNew();
815 if (newChain == NULL) {
816 return RETURN_ERROR_NUMBER_PROCESS(HITLS_MEMALLOC_FAIL, BINLOG_ID15049, "ChainNew fail");
817 }
818
819 CERT_Item *listNode = item;
820 while (listNode != NULL) {
821 HITLS_CERT_X509 *cert = SAL_CERT_X509Parse(LIBCTX_FROM_CONFIG(config),
822 ATTRIBUTE_FROM_CONFIG(config), config, listNode->data, listNode->dataSize,
823 TLS_PARSE_TYPE_BUFF, TLS_PARSE_FORMAT_ASN1);
824 if (cert == NULL) {
825 DestoryParseChain(encCertLocal, NULL, newChain);
826 return RETURN_ERROR_NUMBER_PROCESS(HITLS_CERT_ERR_PARSE_MSG, BINLOG_ID15050, "parse cert chain err");
827 }
828 #ifdef HITLS_TLS_PROTO_TLS13
829 if (CheckCertSignature(ctx, cert) != HITLS_SUCCESS) {
830 DestoryParseChain(encCertLocal, cert, newChain);
831 return HITLS_CERT_CTRL_ERR_GET_SIGN_ALGO;
832 }
833 #endif
834
835 #ifdef HITLS_TLS_PROTO_TLCP11
836 if ((encCert != NULL) && (TlcpCheckEncCertKeyUsage(ctx, cert) == true)) {
837 SAL_CERT_X509Free(encCertLocal);
838 encCertLocal = cert;
839 listNode = listNode->next;
840 continue;
841 }
842 #endif
843 /* Add a certificate to the certificate chain. */
844 if (SAL_CERT_ChainAppend(newChain, cert) != HITLS_SUCCESS) {
845 DestoryParseChain(encCertLocal, cert, newChain);
846 return RETURN_ERROR_NUMBER_PROCESS(HITLS_MEMALLOC_FAIL, BINLOG_ID15051, "ChainAppend fail");
847 }
848 listNode = listNode->next;
849 }
850 if (encCert != NULL) {
851 *encCert = encCertLocal;
852 }
853 *chain = newChain;
854 return HITLS_SUCCESS;
855 }
856
SAL_CERT_ParseCertChain(HITLS_Ctx * ctx,CERT_Item * item,CERT_Pair ** certPair)857 int32_t SAL_CERT_ParseCertChain(HITLS_Ctx *ctx, CERT_Item *item, CERT_Pair **certPair)
858 {
859 if (ctx == NULL || item == NULL || certPair == NULL) {
860 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
861 return RETURN_ERROR_NUMBER_PROCESS(HITLS_NULL_INPUT, BINLOG_ID16327, "input null");
862 }
863 HITLS_CERT_X509 *encCert = NULL;
864 HITLS_Config *config = &ctx->config.tlsConfig;
865 if (config->certMgrCtx == NULL) {
866 BSL_ERR_PUSH_ERROR(HITLS_UNREGISTERED_CALLBACK);
867 return RETURN_ERROR_NUMBER_PROCESS(HITLS_UNREGISTERED_CALLBACK, BINLOG_ID16328, "unregistered callback");
868 }
869
870 /* Parse the first device certificate. */
871 HITLS_CERT_X509 *cert = SAL_CERT_X509Parse(LIBCTX_FROM_CONFIG(config),
872 ATTRIBUTE_FROM_CONFIG(config), config, item->data, item->dataSize,
873 TLS_PARSE_TYPE_BUFF, TLS_PARSE_FORMAT_ASN1);
874 if (cert == NULL) {
875 return RETURN_ERROR_NUMBER_PROCESS(HITLS_CERT_ERR_PARSE_MSG, BINLOG_ID15052, "X509Parse fail");
876 }
877 #ifdef HITLS_TLS_PROTO_TLS13
878 if (CheckCertSignature(ctx, cert) != HITLS_SUCCESS) {
879 SAL_CERT_X509Free(cert);
880 return RETURN_ERROR_NUMBER_PROCESS(HITLS_CERT_CTRL_ERR_GET_SIGN_ALGO, BINLOG_ID16329, "check signature fail");
881 }
882 #endif
883
884 #ifdef HITLS_TLS_PROTO_TLCP11
885 if (!TlcpCheckSignCertKeyUsage(ctx, cert)) {
886 SAL_CERT_X509Free(cert);
887 return RETURN_ERROR_NUMBER_PROCESS(HITLS_CERT_ERR_KEYUSAGE, BINLOG_ID15341, "check sign cert keyusage fail");
888 }
889 #endif
890
891 /* Parse other certificates in the certificate chain. */
892 HITLS_CERT_Chain *chain = NULL;
893 HITLS_CERT_X509 **inParseEnc = ctx->negotiatedInfo.version == HITLS_VERSION_TLCP_DTLCP11 ? &encCert : NULL;
894 int32_t ret = ParseChain(ctx, item->next, &chain, inParseEnc);
895 if (ret != HITLS_SUCCESS) {
896 SAL_CERT_X509Free(cert);
897 return RETURN_ERROR_NUMBER_PROCESS(ret, BINLOG_ID16330, "ParseChain fail");
898 }
899
900 CERT_Pair *newCertPair = BSL_SAL_Calloc(1u, sizeof(CERT_Pair));
901 if (newCertPair == NULL) {
902 BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
903 SAL_CERT_X509Free(cert);
904 SAL_CERT_X509Free(encCert);
905 SAL_CERT_ChainFree(chain);
906 return RETURN_ERROR_NUMBER_PROCESS(HITLS_MEMALLOC_FAIL, BINLOG_ID15053, "Calloc fail");
907 }
908 newCertPair->cert = cert;
909 #ifdef HITLS_TLS_PROTO_TLCP11
910 newCertPair->encCert = encCert;
911 #endif
912 newCertPair->chain = chain;
913 *certPair = newCertPair;
914 return HITLS_SUCCESS;
915 }
916
SAL_CERT_VerifyCertChain(HITLS_Ctx * ctx,CERT_Pair * certPair,bool isTlcpEncCert)917 int32_t SAL_CERT_VerifyCertChain(HITLS_Ctx *ctx, CERT_Pair *certPair, bool isTlcpEncCert)
918 {
919 (void)isTlcpEncCert;
920 if (ctx == NULL || certPair == NULL) {
921 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
922 return RETURN_ERROR_NUMBER_PROCESS(HITLS_NULL_INPUT, BINLOG_ID16331, "input null");
923 }
924 int32_t ret;
925 uint32_t i = 0;
926 HITLS_Config *config = &ctx->config.tlsConfig;
927 CERT_MgrCtx *mgrCtx = config->certMgrCtx;
928 if (mgrCtx == NULL) {
929 BSL_ERR_PUSH_ERROR(HITLS_UNREGISTERED_CALLBACK);
930 return RETURN_ERROR_NUMBER_PROCESS(HITLS_UNREGISTERED_CALLBACK, BINLOG_ID16332, "mgrCtx null");
931 }
932
933 HITLS_CERT_Chain *chain = certPair->chain;
934 /* Obtain the number of certificates. The first device certificate must also be included. */
935 uint32_t certNum = (uint32_t)(BSL_LIST_COUNT(chain) + 1);
936
937 HITLS_CERT_X509 **certList = (HITLS_CERT_X509 **)BSL_SAL_Calloc(1u, sizeof(HITLS_CERT_X509 *) * certNum);
938 if (certList == NULL) {
939 BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
940 return RETURN_ERROR_NUMBER_PROCESS(HITLS_MEMALLOC_FAIL, BINLOG_ID15054, "Calloc fail");
941 }
942 certList[i++] =
943 #ifdef HITLS_TLS_PROTO_TLCP11
944 isTlcpEncCert ? certPair->encCert :
945 #endif
946 certPair->cert;
947 HITLS_CERT_X509 *currCert = NULL;
948 for (uint32_t index = 0u; index < (certNum - 1); ++index) {
949 currCert = (HITLS_CERT_X509 *)BSL_LIST_GetIndexNode(index, chain);
950 certList[i++] = currCert;
951 }
952
953 /* Verify the certificate chain. */
954 HITLS_CERT_Store *store = (mgrCtx->verifyStore != NULL) ? mgrCtx->verifyStore : mgrCtx->certStore;
955 uint32_t depth = mgrCtx->verifyParam.verifyDepth;
956 if (store == NULL ||
957 (SAL_CERT_StoreCtrl(config, store, CERT_STORE_CTRL_SET_VERIFY_DEPTH, &depth, NULL) != HITLS_SUCCESS)) {
958 BSL_SAL_FREE(certList);
959 return RETURN_ERROR_NUMBER_PROCESS(HITLS_CERT_ERR_VERIFY_CERT_CHAIN, BINLOG_ID16333, "Calloc fail");
960 }
961
962 ret = SAL_CERT_VerifyChain(ctx, store, certList, i);
963 BSL_SAL_FREE(certList);
964 return ret;
965 }
966
SAL_CERT_GetSignMaxLen(HITLS_Config * config,HITLS_CERT_Key * key)967 uint32_t SAL_CERT_GetSignMaxLen(HITLS_Config *config, HITLS_CERT_Key *key)
968 {
969 uint32_t len = 0;
970 int32_t ret = SAL_CERT_KeyCtrl(config, key, CERT_KEY_CTRL_GET_SIGN_LEN, NULL, &len);
971 if (ret != HITLS_SUCCESS) {
972 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID15056, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
973 "get signature length error: callback ret = 0x%x.", ret, 0, 0, 0);
974 return 0;
975 }
976 return len;
977 }
978
979 #ifdef HITLS_TLS_CONFIG_CERT_CALLBACK
HITLS_CFG_SetCheckPriKeyCb(HITLS_Config * config,CERT_CheckPrivateKeyCallBack checkPrivateKey)980 int32_t HITLS_CFG_SetCheckPriKeyCb(HITLS_Config *config, CERT_CheckPrivateKeyCallBack checkPrivateKey)
981 {
982 if (config == NULL || config->certMgrCtx == NULL || checkPrivateKey == NULL) {
983 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
984 return HITLS_NULL_INPUT;
985 }
986
987 #ifndef HITLS_TLS_FEATURE_PROVIDER
988 config->certMgrCtx->method.checkPrivateKey = checkPrivateKey;
989 #endif
990 return HITLS_SUCCESS;
991 }
992
HITLS_CFG_GetCheckPriKeyCb(HITLS_Config * config)993 CERT_CheckPrivateKeyCallBack HITLS_CFG_GetCheckPriKeyCb(HITLS_Config *config)
994 {
995 if (config == NULL || config->certMgrCtx == NULL) {
996 return NULL;
997 }
998 #ifndef HITLS_TLS_FEATURE_PROVIDER
999 return config->certMgrCtx->method.checkPrivateKey;
1000 #else
1001 return NULL;
1002 #endif
1003 }
1004 #endif /* HITLS_TLS_CONFIG_CERT_CALLBACK */
1005
1006 #ifdef HITLS_TLS_PROTO_TLCP11
EncodeEncCert(HITLS_Ctx * ctx,HITLS_CERT_X509 * cert,uint32_t * useLen)1007 static uint8_t *EncodeEncCert(HITLS_Ctx *ctx, HITLS_CERT_X509 *cert, uint32_t *useLen)
1008 {
1009 if (ctx == NULL || cert == NULL || useLen == NULL) {
1010 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16336, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "input null", 0, 0, 0, 0);
1011 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
1012 return NULL;
1013 }
1014 uint32_t certLen;
1015 HITLS_Config *config = &ctx->config.tlsConfig;
1016 int32_t ret = SAL_CERT_X509Ctrl(config, cert, CERT_CTRL_GET_ENCODE_LEN, NULL, (void *)&certLen);
1017 if (ret != HITLS_SUCCESS) {
1018 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16157, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
1019 "encode gm enc certificate error: unable to get encode length.", 0, 0, 0, 0);
1020 return NULL;
1021 }
1022
1023 uint8_t *data = BSL_SAL_Calloc(1u, certLen);
1024 if (data == NULL) {
1025 BSL_ERR_PUSH_ERROR(HITLS_INTERNAL_EXCEPTION);
1026 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16158, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
1027 "signature data memory alloc fail.", 0, 0, 0, 0);
1028 return NULL;
1029 }
1030
1031 ret = SAL_CERT_X509Encode(ctx, cert, data, certLen, useLen);
1032 if (ret != HITLS_SUCCESS) {
1033 BSL_SAL_FREE(data);
1034 BSL_ERR_PUSH_ERROR(HITLS_INTERNAL_EXCEPTION);
1035 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16232, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN,
1036 "encode cert error: callback ret = 0x%x.", (uint32_t)ret, 0, 0, 0);
1037 return NULL;
1038 }
1039 return data;
1040 }
1041
SAL_CERT_SrvrGmEncodeEncCert(HITLS_Ctx * ctx,uint32_t * useLen)1042 uint8_t *SAL_CERT_SrvrGmEncodeEncCert(HITLS_Ctx *ctx, uint32_t *useLen)
1043 {
1044 if (ctx == NULL || useLen == NULL) {
1045 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16337, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "input null", 0, 0, 0, 0);
1046 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
1047 return NULL;
1048 }
1049 int keyType = TLS_CERT_KEY_TYPE_SM2;
1050
1051 CERT_MgrCtx *mgrCtx = ctx->config.tlsConfig.certMgrCtx;
1052 CERT_Pair *currentCertPair = NULL;
1053 int32_t ret = BSL_HASH_At(mgrCtx->certPairs, (uintptr_t)keyType, (uintptr_t *)¤tCertPair);
1054 if (ret != HITLS_SUCCESS || currentCertPair == NULL) {
1055 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID17337, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "encCert null", 0, 0, 0, 0);
1056 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
1057 return NULL;
1058 }
1059 HITLS_CERT_X509 *cert = currentCertPair->encCert;
1060
1061 return EncodeEncCert(ctx, cert, useLen);
1062 }
1063
SAL_CERT_ClntGmEncodeEncCert(HITLS_Ctx * ctx,CERT_Pair * peerCert,uint32_t * useLen)1064 uint8_t *SAL_CERT_ClntGmEncodeEncCert(HITLS_Ctx *ctx, CERT_Pair *peerCert, uint32_t *useLen)
1065 {
1066 return EncodeEncCert(ctx, peerCert->encCert, useLen);
1067 }
1068
1069 #endif
1070
1071 #if defined(HITLS_TLS_PROTO_TLCP11) || defined(HITLS_TLS_CONFIG_KEY_USAGE)
SAL_CERT_CheckCertKeyUsage(HITLS_Ctx * ctx,HITLS_CERT_X509 * cert,HITLS_CERT_CtrlCmd keyusage)1072 bool SAL_CERT_CheckCertKeyUsage(HITLS_Ctx *ctx, HITLS_CERT_X509 *cert, HITLS_CERT_CtrlCmd keyusage)
1073 {
1074 if (ctx == NULL || cert == NULL) {
1075 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16338, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "input null", 0, 0, 0, 0);
1076 BSL_ERR_PUSH_ERROR(HITLS_NULL_INPUT);
1077 return HITLS_NULL_INPUT;
1078 }
1079 uint8_t isUsage = false;
1080 if (keyusage != CERT_KEY_CTRL_IS_KEYENC_USAGE && keyusage != CERT_KEY_CTRL_IS_DIGITAL_SIGN_USAGE &&
1081 keyusage != CERT_KEY_CTRL_IS_KEY_CERT_SIGN_USAGE && keyusage != CERT_KEY_CTRL_IS_KEY_AGREEMENT_USAGE &&
1082 keyusage != CERT_KEY_CTRL_IS_DATA_ENC_USAGE && keyusage != CERT_KEY_CTRL_IS_NON_REPUDIATION_USAGE) {
1083 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16339, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "keyusage err", 0, 0, 0, 0);
1084 return (bool)isUsage;
1085 }
1086 HITLS_Config *config = &ctx->config.tlsConfig;
1087 if (SAL_CERT_X509Ctrl(config, cert, keyusage, NULL, (void *)&isUsage) != HITLS_SUCCESS) {
1088 BSL_LOG_BINLOG_FIXLEN(BINLOG_ID16340, BSL_LOG_LEVEL_ERR, BSL_LOG_BINLOG_TYPE_RUN, "%d fail", keyusage, 0, 0, 0);
1089 return false;
1090 }
1091
1092 return (bool)isUsage;
1093 }
1094 #endif