-
Notifications
You must be signed in to change notification settings - Fork 564
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: RawPublicKey authentication in TLS 1.3 (RFC 7250) #3771
Conversation
d8fd0f1
to
4f8d02b
Compare
ecc08d9
to
4c38741
Compare
This should be ready for a review now. Two things:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good job. Looks very clean! I only left some comments and suggestions.
Do we also want to update doc/cli.rst?
} else if(cert_type == Certificate_Type::RawPublicKey) { | ||
auto raw_public_key = credentials_manager.find_raw_public_key(key_types, op_type, hostname); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there some check that prevents servers from asking for a RawPublicKey in the server's ClientCertTypeExtension even if the client does not list it in its initial ClientCertTypeExtension? If not, a malicious server could force raw public key client authentication even if the client's policy forbids it (of course, find_raw_public_key must be implemented for this scenario to work).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No there wasn't! Very important catch. Thanks.
Thanks for the reviews. I had a quick skim-through. Lot's of valuable remarks, I believe. I'm hoping to get back to this on Monday, but it might slip to Thursday. |
4c38741
to
c4e5fd9
Compare
Co-Authored-By: Fabian Albert <fabian.albert@rohde-schwarz.com>
Co-Authored-By: Fabian Albert <fabian.albert@rohde-schwarz.com>
Co-Authored-By: Fabian Albert <fabian.albert@rohde-schwarz.com>
This allows for both client and server authentication using raw public keys instead of X.509 certificates. Co-Authored-By: Fabian Albert <fabian.albert@rohde-schwarz.com>
c4e5fd9
to
ba11760
Compare
@FAlbertDev @lieser I addressed your comments. Thanks a lot. You've both found very relevant issues. |
Pull Request Dependencies
FIX: Some minor TLS bugs found along the way #3792Description
This adds support for authentication with "raw public keys" to the TLS 1.3 implementation. This is useful for applications that want to avoid or don't need the complexity of a PKI. Such applications bear the responsibility to manage the trust-relationship of the public key pairs they use.
The commits build the feature from the ground up, starting with the public API, new TLS extensions, integration into
Certificate
/CertificateVerify
messages, and the actual implementation in client and server. I hope this aids in reviewing this patch.New user-facing APIs
TLS::Policy
::accepted_client_certificate_types()
/::accepted_server_certificate_types()
determines what trust credentials are supported for client and server authentication respectively. By default, this returns X.509. Applications that want to use raw public keys need to override or configure this accordingly.Credentials_Manager
::find_raw_public_key()
is called when usage of raw public keys was negotiated to obtain a public key from the downstream application. This is the very same concept as the existing::find_cert_chain()
::private_key_for(Public_Key&)
is called to obtain the associated private key. It is an overload of the existing::private_key_for(X509_Certificate&)
method.TLS::Callbacks
::tls_verify_raw_public_key()
must be implemented by the downstream application to establish trust in a raw public key received from a peer. In contrast totls_verify_cert_chain()
this does not provide a best-effort default implementation; instead it rejects all raw public keys.TLS::Channel
::peer_raw_public_key()
returns the raw public key used to authenticate this Channel's active session (ornullptr
) if no raw public key was used.TLS::Session_Summary
::peer_raw_public_key()
returns the raw public key used to authenticate the session (ornullptr
) if no raw public key was used.Test Examples
GnuTLS Client connects to Botan Server
Start a Botan Server
Create a policy.txt:
... and run the server:
Connect with a GnuTLS Client
gnutls-cli --port=5555 --priority="NORMAL:+CTYPE-RAWPK" --insecure --print-cert localhost
Botan Client connects to GnuTLS Server
Start a gnutls server
Connect with a Botan client
Create a policy.txt:
... and run the client: