From patchwork Mon Jan 24 15:51:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 2250 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id YLeqLvll72EiCAAAqwncew (envelope-from ) for ; Mon, 24 Jan 2022 21:52:41 -0500 Received: from proxy1.mail.ord1d.rsapps.net ([172.30.191.6]) by director15.mail.ord1d.rsapps.net with LMTP id sK4zCfpl72FkcwAAIcMcQg (envelope-from ) for ; Mon, 24 Jan 2022 21:52:42 -0500 Received: from smtp40.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy1.mail.ord1d.rsapps.net with LMTPS id 2F3zCPpl72FcIgAAasrz9Q (envelope-from ) for ; Mon, 24 Jan 2022 21:52:42 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp40.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: dcf531de-7d89-11ec-b592-525400b3abc9-1-1 Received: from [216.105.38.7] ([216.105.38.7:53796] helo=lists.sourceforge.net) by smtp40.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B8/4F-02554-9F56FE16; Mon, 24 Jan 2022 21:52:41 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nCBvx-0007io-7W; Tue, 25 Jan 2022 02:51:48 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nCBvv-0007ii-BC for openvpn-devel@lists.sourceforge.net; Tue, 25 Jan 2022 02:51:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Vxo0K1B4iMeCr6MbPwTxjFvXnu0JAx57bmNGmAuXGAo=; b=EcjDlg2JTn8+3Cyyrben1SjnTl KR3sgBYXXkIBRv4jbWg+pr2GPr8BAr+3RiWeWPQ1MCoHQLWf3l8yTyI2fYtNVTWBrTUPFNQbozqP8 we9Lc8V1OEfwqEzK7yG5nOA8tpIorv9vkL2LA9lHYMznJEcPKlaauwJa/EUuDoML3ldc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Vxo0K1B4iMeCr6MbPwTxjFvXnu0JAx57bmNGmAuXGAo=; b=kmrNRFInJzRRWCEl1+p0eoT8OL IxJeblbyvJr/FLEGCrb547qY7E9PUZd/MeYvC3nf5sP8Yh5UCb1jXFvZ42xZKRJKMtjm2Go0FBnch nQNUY0/t21oeRTeKR72qqs2zY64v8tdOL4GH+vrl4L/u6OxBghSJzy5JiueKZTXBGAwY=; Received: from mail-qk1-f169.google.com ([209.85.222.169]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1nCBvq-00026N-TO for openvpn-devel@lists.sourceforge.net; Tue, 25 Jan 2022 02:51:46 +0000 Received: by mail-qk1-f169.google.com with SMTP id g145so7451502qke.3 for ; Mon, 24 Jan 2022 18:51:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Vxo0K1B4iMeCr6MbPwTxjFvXnu0JAx57bmNGmAuXGAo=; b=QC/m6SRTvuu0BYSFJjxcXq9aoYX0487qMO74zEbQdk1dBA9OZaKs2BePCzrbB6mz5O ZyadwvjTpyRccHbbzmYq3iEta1gmKimoIV02Obd9mgVaFHuN7Lup5a9adrokYpKQAbOr xPL0BlnpfS7aIf4r98qxafkGFzTPplWsoEqCj+19d2gIiPJh5INLzNGwqBlzk4+LweI8 cfQlVKhJsR+qGedqfMsqEciPPE8JeDaYUi5PGXQfFhi6GQU5b1aFQTlmUwz6W2EuodxE 0Pvy57nEY2bIxMTniTsjjBWXry8kdbGqMOhXoyUPNsXF4wbovvU2329qSbS/y0O8TOIz EhFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Vxo0K1B4iMeCr6MbPwTxjFvXnu0JAx57bmNGmAuXGAo=; b=7qluUit65Spx9U9mUN2JkPhZ6HG4uK503oXLC75pjmda9eVkYImxYD+qiaOBC7nVe6 ZUI7YI2dSOFPGzYjXW5JnddnL+vQ5Znzon9Wcq1JQHcU6XlfKPvM7ve1RuhPHWO5BHUr XB1sagVr6oLnfSDO6TLxCLE9ge71xoSCcpeUzDIzYEjJkACsPGstMDGMyX+YQhbJDwji DzrcxCexoG1nokixHFD5oJ/miSdFHe0L/cYsi5B3LH8yZQ4SvfCdKORbhxMLG7wcGy28 xjKOIQvoHxXPHqNwdI52pX6wC9Nexj4jPc1sP9JNgbFbukTwIQrmKmrZLNzc6GaPZtkZ QmWg== X-Gm-Message-State: AOAM532OrtRk7zge0BPG+rAS9aacORyaCv7hccZpG4mbM4LYbMeexor9 1JrxEeR1iTumgh0jNyVP8PR2dEzuIXoVXQ== X-Google-Smtp-Source: ABdhPJywbu+9tH3/7APXipFzpIHQAyOXNysvzzRPaoW6g8sPVNDv/OQcNE5x+wJvYv8ho/CAuM2sVw== X-Received: by 2002:a05:620a:8dc:: with SMTP id z28mr13247965qkz.723.1643079096918; Mon, 24 Jan 2022 18:51:36 -0800 (PST) Received: from uranus.home.sansel.ca (bras-vprn-tnhlon4053w-lp130-03-70-53-19-97.dsl.bell.ca. [70.53.19.97]) by smtp.gmail.com with ESMTPSA id g21sm8027663qtb.49.2022.01.24.18.51.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 Jan 2022 18:51:36 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Mon, 24 Jan 2022 21:51:28 -0500 Message-Id: <20220125025128.2117-3-selva.nair@gmail.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220125025128.2117-1-selva.nair@gmail.com> References: <20220125025128.2117-1-selva.nair@gmail.com> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair - Call pkcs11h_certificate_signAny_ex() when available so that the signature mechanism parameters can be pased. (Required for RSA-PSS signature). Signed-off-by: Selva Nair --- src/openvpn/pkcs11_openssl.c | 123 +++++++++++++++++++++++++++++++++-- 1 file changed, 118 insertions(+), 5 deletions(-) Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [selva.nair[at]gmail.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.222.169 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.222.169 listed in wl.mailspike.net] -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1nCBvq-00026N-TO Subject: [Openvpn-devel] [PATCH 3/3] Support PSS signing using pkcs11-helper >= 1.28 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair - Call pkcs11h_certificate_signAny_ex() when available so that the signature mechanism parameters can be pased. (Required for RSA-PSS signature). Signed-off-by: Selva Nair --- src/openvpn/pkcs11_openssl.c | 123 +++++++++++++++++++++++++++++++++-- 1 file changed, 118 insertions(+), 5 deletions(-) diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c index 9cf46b2c..5d1a5de6 100644 --- a/src/openvpn/pkcs11_openssl.c +++ b/src/openvpn/pkcs11_openssl.c @@ -45,10 +45,112 @@ #ifdef HAVE_XKEY_PROVIDER static XKEY_EXTERNAL_SIGN_fn xkey_pkcs11h_sign; +#if PKCS11H_VERSION > ((1<<16) | (27<<8)) /* version > 1.27 */ + +/* Table linking OpenSSL digest NID with CKM and CKG constants in PKCS#11 */ +#define MD_TYPE(n) {NID_sha##n, CKM_SHA##n, CKG_MGF1_SHA##n} +static const struct +{ + int nid; + unsigned long ckm_id; + unsigned long mgf_id; +} mdtypes[] = {MD_TYPE(224), MD_TYPE(256), MD_TYPE(384), MD_TYPE(512), + {NID_sha1, CKM_SHA_1, CKG_MGF1_SHA1}, /* SHA_1 naming is an oddity */ + {NID_undef, 0, 0}}; + +/* From sigalg, derive parameters for pss signature and fill in pss_params. + * Its of type CK_RSA_PKCS_PSS_PARAMS struct with three fields to be filled in: + * {enum hashAlg, enum mgf, ulong sLen} + * where hashAlg is CKM_SHA256 etc., mgf is CKG_MGF1_SHA256 etc. + */ +static int +set_pss_params(CK_RSA_PKCS_PSS_PARAMS *pss_params, XKEY_SIGALG sigalg, + pkcs11h_certificate_t cert) +{ + int ret = 0; + X509 *x509 = NULL; + EVP_PKEY *pubkey = NULL; + + if ((x509 = pkcs11h_openssl_getX509(cert)) == NULL + || (pubkey = X509_get0_pubkey(x509)) == NULL) + { + msg(M_WARN, "PKCS#11: Unable get public key"); + goto cleanup; + } + + /* map mdname to CKM and CKG constants for hash and mgf algorithms */ + int i = 0; + int nid = OBJ_sn2nid(sigalg.mdname); + while (mdtypes[i].nid != NID_undef && mdtypes[i].nid != nid) + { + i++; + } + pss_params->hashAlg = mdtypes[i].ckm_id; + pss_params->mgf = mdtypes[i].mgf_id; + + /* determine salt length */ + int mdsize = EVP_MD_size(EVP_get_digestbyname(sigalg.mdname)); + + int saltlen = -1; + if (!strcmp(sigalg.saltlen, "digest")) /* same as digest size */ + { + saltlen = mdsize; + } + else if (!strcmp(sigalg.saltlen, "max")) /* maximum possible value */ + { + saltlen = xkey_max_saltlen(EVP_PKEY_get_bits(pubkey), mdsize); + } + + if (saltlen < 0 || pss_params->hashAlg == 0) + { + msg(M_WARN, "WARN: invalid RSA_PKCS1_PSS parameters: saltlen = <%s> " + "mdname = <%s>.", sigalg.saltlen, sigalg.mdname); + goto cleanup; + } + pss_params->sLen = (unsigned long) saltlen; /* saltlen >= 0 at this point */ + + msg(D_XKEY, "set_pss_params: sLen = %lu, hashAlg = %lu, mgf = %lu", + pss_params->sLen, pss_params->hashAlg, pss_params->mgf); + + ret = 1; + +cleanup: + if (x509) + { + X509_free(x509); + } + return ret; +} + +#else + +/* Make set_pss_params a no-op that always succeeds */ +#define set_pss_params(...) (1) + +/* Use a wrapper for pkcs11h_certificate_signAny_ex() for versions < 1.28 + * where its not available. + * We just call pkcs11h_certificate_signAny() unless the padding + * is PSS in which case we return an error. + */ +static CK_RV +pkcs11h_certificate_signAny_ex(const pkcs11h_certificate_t cert, + const CK_MECHANISM *mech, const unsigned char *tbs, + size_t tbslen, unsigned char *sig, size_t *siglen) +{ + if (mech->mechanism == CKM_RSA_PKCS_PSS) + { + msg(M_NONFATAL, "PKCS#11: Error: PSS padding is not supported by " + "this version of pkcs11-helper library."); + return CKR_MECHANISM_INVALID; + } + return pkcs11h_certificate_signAny(cert, mech->mechanism, tbs, tbslen, sig, siglen); +} +#endif /* PKCS11H_VERSION > 1.27 */ + /** * Sign op called from xkey provider * - * We support ECDSA, RSA_NO_PADDING, RSA_PKCS1_PADDING + * We support ECDSA, RSA_NO_PADDING, RSA_PKCS1_PADDING, RSA_PKCS_PSS_PADDING */ static int xkey_pkcs11h_sign(void *handle, unsigned char *sig, @@ -62,7 +164,7 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, if (!strcmp(sigalg.op, "DigestSign")) { - dmsg(D_LOW, "xkey_pkcs11h_sign: computing digest"); + msg(D_XKEY, "xkey_pkcs11h_sign: computing digest"); if (xkey_digest(tbs, tbslen, buf, &buflen, sigalg.mdname)) { tbs = buf; @@ -77,18 +179,29 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, if (!strcmp(sigalg.keytype, "EC")) { + msg(D_XKEY, "xkey_pkcs11h_sign: signing with EC key"); mech.mechanism = CKM_ECDSA; } else if (!strcmp(sigalg.keytype, "RSA")) { + msg(D_XKEY, "xkey_pkcs11h_sign: signing with RSA key: padmode = %s", + sigalg.padmode); if (!strcmp(sigalg.padmode,"none")) { mech.mechanism = CKM_RSA_X_509; } else if (!strcmp(sigalg.padmode, "pss")) { - msg(M_NONFATAL, "PKCS#11: Error: PSS padding is not yet supported."); - return 0; + CK_RSA_PKCS_PSS_PARAMS pss_params = {0}; + mech.mechanism = CKM_RSA_PKCS_PSS; + + if (!set_pss_params(&pss_params, sigalg, cert)) + { + return 0; + } + + mech.pParameter = &pss_params; + mech.ulParameterLen = sizeof(pss_params); } else if (!strcmp(sigalg.padmode, "pkcs1")) { @@ -114,7 +227,7 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, ASSERT(0); /* coding error -- we couldnt have created any such key */ } - return CKR_OK == pkcs11h_certificate_signAny(cert, mech.mechanism, + return CKR_OK == pkcs11h_certificate_signAny_ex(cert, &mech, tbs, tbslen, sig, siglen); }