[PATCH 1/4] tls: Pass full Subject DN contents to "ready" callback

[PATCH 1/4] tls: Pass full Subject DN contents to "ready" callback

[Andrew Zaborowski]

[-- Attachment #1: Type: text/plain, Size: 5283 bytes --]

Until now the ready callback would receive a displayable string as
peer_identity (if peer was authenticated) which was either the Common
Name or the Organization Name extracted from the subject DN in the
peer's certificate.

In order to implement functionality similat to wpa_supplicant's
substring_match= option for EAP-TLS, we need to look specifically at
Common Name although if we have the full contents of the Subject DN
that's even better as wpa_supplicant allows configurations to match
against any element in the Subject DN, so if we do that iwd and wpa_s
config files may be easier to convert in either direction.

We could also just pass the whole certificate struct to the callback but
then we'd need to also have utilities for parsing the DN so instead we
parse it in tls.c and convert it into the same string format that is
used by wpa_s, openssl, etc.  Parsing that string in user code is easier
than parsing the original DER struct.
---
 ell/asn1-private.h |  1 +
 ell/tls.c          | 76 ++++++++++++++++++++++++++++++++--------------
 2 files changed, 55 insertions(+), 22 deletions(-)

diff --git a/ell/asn1-private.h b/ell/asn1-private.h
index 53bba4c..71a4ae6 100644
--- a/ell/asn1-private.h
+++ b/ell/asn1-private.h
@@ -30,6 +30,7 @@
 #define ASN1_ID_OID		ASN1_ID(ASN1_CLASS_UNIVERSAL, 0, 0x06)
 #define ASN1_ID_UTF8STRING	ASN1_ID(ASN1_CLASS_UNIVERSAL, 0, 0x0c)
 #define ASN1_ID_PRINTABLESTRING	ASN1_ID(ASN1_CLASS_UNIVERSAL, 0, 0x13)
+#define ASN1_ID_IA5STRING	ASN1_ID(ASN1_CLASS_UNIVERSAL, 0, 0x16)
 
 struct asn1_oid {
 	uint8_t asn1_len;
diff --git a/ell/tls.c b/ell/tls.c
index 58ccd6a..c3591a8 100644
--- a/ell/tls.c
+++ b/ell/tls.c
@@ -44,6 +44,7 @@
 #include "asn1-private.h"
 #include "strv.h"
 #include "missing.h"
+#include "string.h"
 
 bool tls10_prf(const void *secret, size_t secret_len,
 		const char *label,
@@ -1990,17 +1991,41 @@ static void tls_handle_certificate_verify(struct l_tls *tls,
 	TLS_SET_STATE(TLS_HANDSHAKE_WAIT_CHANGE_CIPHER_SPEC);
 }
 
-static const struct asn1_oid dn_organization_name_oid =
-	{ 3, { 0x55, 0x04, 0x0a } };
-static const struct asn1_oid dn_common_name_oid =
-	{ 3, { 0x55, 0x04, 0x03 } };
+struct dn_element_info {
+	const char *str;
+	const struct asn1_oid oid;
+};
+
+static const struct dn_element_info dn_elements[] = {
+	{ "CN", { 3, { 0x55, 0x04, 0x03 } } },
+	{ "SN", { 3, { 0x55, 0x04, 0x04 } } },
+	{ "serialNumber", { 3, { 0x55, 0x04, 0x05 } } },
+	{ "C", { 3, { 0x55, 0x04, 0x06 } } },
+	{ "ST", { 3, { 0x55, 0x04, 0x07 } } },
+	{ "L", { 3, { 0x55, 0x04, 0x08 } } },
+	{ "street", { 3, { 0x55, 0x04, 0x09 } } },
+	{ "O", { 3, { 0x55, 0x04, 0x0a } } },
+	{ "OU", { 3, { 0x55, 0x04, 0x0b } } },
+	{ "title", { 3, { 0x55, 0x04, 0x0c } } },
+	{ "telephoneNumber", { 3, { 0x55, 0x04, 0x14 } } },
+	{ "givenName", { 3, { 0x55, 0x04, 0x2a } } },
+	{ "initials", { 3, { 0x55, 0x04, 0x2b } } },
+	{ "emailAddress", {
+		9,
+		{ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01 }
+	} },
+	{ "domainComponent", {
+		10,
+		{ 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19 }
+	} },
+	{}
+};
 
 static char *tls_get_peer_identity_str(struct l_cert *cert)
 {
 	const uint8_t *dn, *end;
 	size_t dn_size;
-	const uint8_t *printable_str = NULL;
-	size_t printable_str_len;
+	struct l_string *id_str;
 
 	if (!cert)
 		return NULL;
@@ -2009,45 +2034,52 @@ static char *tls_get_peer_identity_str(struct l_cert *cert)
 	if (!dn)
 		return NULL;
 
+	id_str = l_string_new(200);
+
 	end = dn + dn_size;
 	while (dn < end) {
 		const uint8_t *set, *seq, *oid, *name;
 		uint8_t tag;
 		size_t len, oid_len, name_len;
+		const struct dn_element_info *info;
 
 		set = asn1_der_find_elem(dn, end - dn, 0, &tag, &len);
 		if (!set || tag != ASN1_ID_SET)
-			return NULL;
+			goto error;
 
 		dn = set + len;
 
 		seq = asn1_der_find_elem(set, len, 0, &tag, &len);
 		if (!seq || tag != ASN1_ID_SEQUENCE)
-			return NULL;
+			goto error;
 
 		oid = asn1_der_find_elem(seq, len, 0, &tag, &oid_len);
 		if (!oid || tag != ASN1_ID_OID)
-			return NULL;
+			goto error;
 
 		name = asn1_der_find_elem(seq, len, 1, &tag, &name_len);
 		if (!oid || (tag != ASN1_ID_PRINTABLESTRING &&
-					tag != ASN1_ID_UTF8STRING))
+					tag != ASN1_ID_UTF8STRING &&
+					tag != ASN1_ID_IA5STRING))
 			continue;
 
-		/* organizationName takes priority, commonName is second */
-		if (asn1_oid_eq(&dn_organization_name_oid, oid_len, oid) ||
-				(!printable_str &&
-				 asn1_oid_eq(&dn_common_name_oid,
-						oid_len, oid))) {
-			printable_str = name;
-			printable_str_len = name_len;
-		}
+		for (info = dn_elements; info->str; info++)
+			if (asn1_oid_eq(&info->oid, oid_len, oid))
+				break;
+		if (!info->str)
+			continue;
+
+		l_string_append_c(id_str, '/');
+		l_string_append(id_str, info->str);
+		l_string_append_c(id_str, '=');
+		l_string_append_fixed(id_str, (char *) name, name_len);
 	}
 
-	if (printable_str)
-		return l_strndup((char *) printable_str, printable_str_len);
-	else
-		return NULL;
+	return l_string_unwrap(id_str);
+
+error:
+	l_string_free(id_str);
+	return NULL;
 }
 
 static void tls_finished(struct l_tls *tls)
-- 
2.20.1

[PATCH 2/4] unit: Update expected peer identity strings in TLS

[Andrew Zaborowski]

[-- Attachment #1: Type: text/plain, Size: 5193 bytes --]

---
 unit/test-tls.c | 33 ++++++++++++++++++++++-----------
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/unit/test-tls.c b/unit/test-tls.c
index 03c5370..d701f42 100644
--- a/unit/test-tls.c
+++ b/unit/test-tls.c
@@ -326,7 +326,8 @@ static const struct tls_conn_test tls_conn_test_server_auth = {
 	.server_key_path = CERTDIR "cert-server-key-pkcs8.pem",
 	.server_expect_identity = NULL,
 	.client_ca_cert_path = CERTDIR "cert-ca.pem",
-	.client_expect_identity = "Foo Example Organization",
+	.client_expect_identity = "/O=Foo Example Organization"
+		"/CN=Foo Example Organization/emailAddress=foo(a)mail.example",
 };
 
 static const struct tls_conn_test tls_conn_test_client_auth_attempt = {
@@ -341,7 +342,8 @@ static const struct tls_conn_test tls_conn_test_client_auth = {
 	.server_cert_path = CERTDIR "cert-server.pem",
 	.server_key_path = CERTDIR "cert-server-key-pkcs8.pem",
 	.server_ca_cert_path = CERTDIR "cert-ca.pem",
-	.server_expect_identity = "Bar Example Organization",
+	.server_expect_identity = "/O=Bar Example Organization"
+		"/CN=Bar Example Organization/emailAddress=bar(a)mail.example",
 	.client_cert_path = CERTDIR "cert-client.pem",
 	.client_key_path = CERTDIR "cert-client-key-pkcs8.pem",
 	.client_expect_identity = NULL,
@@ -353,29 +355,34 @@ static const struct tls_conn_test tls_conn_test_full_auth_attempt = {
 	.server_ca_cert_path = CERTDIR "cert-ca.pem",
 	.server_expect_identity = NULL,
 	.client_ca_cert_path = CERTDIR "cert-ca.pem",
-	.client_expect_identity = "Foo Example Organization",
+	.client_expect_identity = "/O=Foo Example Organization"
+		"/CN=Foo Example Organization/emailAddress=foo(a)mail.example",
 };
 
 static const struct tls_conn_test tls_conn_test_full_auth = {
 	.server_cert_path = CERTDIR "cert-server.pem",
 	.server_key_path = CERTDIR "cert-server-key-pkcs8.pem",
 	.server_ca_cert_path = CERTDIR "cert-ca.pem",
-	.server_expect_identity = "Bar Example Organization",
+	.server_expect_identity = "/O=Bar Example Organization"
+		"/CN=Bar Example Organization/emailAddress=bar(a)mail.example",
 	.client_cert_path = CERTDIR "cert-client.pem",
 	.client_key_path = CERTDIR "cert-client-key-pkcs8.pem",
 	.client_ca_cert_path = CERTDIR "cert-ca.pem",
-	.client_expect_identity = "Foo Example Organization",
+	.client_expect_identity = "/O=Foo Example Organization"
+		"/CN=Foo Example Organization/emailAddress=foo(a)mail.example",
 };
 
 static const struct tls_conn_test tls_conn_test_bad_client_suite = {
 	.server_cert_path = CERTDIR "cert-server.pem",
 	.server_key_path = CERTDIR "cert-server-key-pkcs8.pem",
 	.server_ca_cert_path = CERTDIR "cert-ca.pem",
-	.server_expect_identity = "Bar Example Organization",
+	.server_expect_identity = "/O=Bar Example Organization"
+		"/CN=Bar Example Organization/emailAddress=bar(a)mail.example",
 	.client_cert_path = CERTDIR "cert-client.pem",
 	.client_key_path = CERTDIR "cert-client-key-pkcs8.pem",
 	.client_ca_cert_path = CERTDIR "cert-ca.pem",
-	.client_expect_identity = "Foo Example Organization",
+	.client_expect_identity = "/O=Foo Example Organization"
+		"/CN=Foo Example Organization/emailAddress=foo(a)mail.example",
 	.client_cipher_suites = (const char *[]) { "UNKNOWN", NULL },
 	.expect_client_start_fail = true,
 };
@@ -384,13 +391,15 @@ static const struct tls_conn_test tls_conn_test_suite_mismatch = {
 	.server_cert_path = CERTDIR "cert-server.pem",
 	.server_key_path = CERTDIR "cert-server-key-pkcs8.pem",
 	.server_ca_cert_path = CERTDIR "cert-ca.pem",
-	.server_expect_identity = "Bar Example Organization",
+	.server_expect_identity = "/O=Bar Example Organization"
+		"/CN=Bar Example Organization/emailAddress=bar(a)mail.example",
 	.server_cipher_suites =
 		(const char *[]) { "TLS_RSA_WITH_AES_128_CBC_SHA256", NULL },
 	.client_cert_path = CERTDIR "cert-client.pem",
 	.client_key_path = CERTDIR "cert-client-key-pkcs8.pem",
 	.client_ca_cert_path = CERTDIR "cert-ca.pem",
-	.client_expect_identity = "Foo Example Organization",
+	.client_expect_identity = "/O=Foo Example Organization"
+		"/CN=Foo Example Organization/emailAddress=foo(a)mail.example",
 	.client_cipher_suites =
 		(const char *[]) { "TLS_RSA_WITH_AES_256_CBC_SHA256", NULL },
 	.expect_alert = true,
@@ -401,11 +410,13 @@ static const struct tls_conn_test tls_conn_test_version_mismatch = {
 	.server_cert_path = CERTDIR "cert-server.pem",
 	.server_key_path = CERTDIR "cert-server-key-pkcs8.pem",
 	.server_ca_cert_path = CERTDIR "cert-ca.pem",
-	.server_expect_identity = "Bar Example Organization",
+	.server_expect_identity = "/O=Bar Example Organization"
+		"/CN=Bar Example Organization/emailAddress=bar(a)mail.example",
 	.client_cert_path = CERTDIR "cert-client.pem",
 	.client_key_path = CERTDIR "cert-client-key-pkcs8.pem",
 	.client_ca_cert_path = CERTDIR "cert-ca.pem",
-	.client_expect_identity = "Foo Example Organization",
+	.client_expect_identity = "/O=Foo Example Organization"
+		"/CN=Foo Example Organization/emailAddress=foo(a)mail.example",
 	.expect_alert = true,
 	.alert_desc = TLS_ALERT_PROTOCOL_VERSION,
 };
-- 
2.20.1

[PATCH 3/4] tls: Make l_tls_free reentrant

[Andrew Zaborowski]

[-- Attachment #1: Type: text/plain, Size: 1978 bytes --]

Handle l_tls_free being called from inside user callbacks that our code
may have called.  Use flags because in this case it's not possible to
move all of the callbacks to the end of our functions.
---
 ell/tls-private.h |  3 +++
 ell/tls.c         | 19 +++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/ell/tls-private.h b/ell/tls-private.h
index bf9e2ec..c1de257 100644
--- a/ell/tls-private.h
+++ b/ell/tls-private.h
@@ -215,6 +215,9 @@ struct l_tls {
 
 	struct tls_cipher_suite **cipher_suite_pref_list;
 
+	bool in_callback;
+	bool pending_destroy;
+
 	/* Record layer */
 
 	uint8_t *record_buf;
diff --git a/ell/tls.c b/ell/tls.c
index c3591a8..4b23076 100644
--- a/ell/tls.c
+++ b/ell/tls.c
@@ -2098,7 +2098,9 @@ static void tls_finished(struct l_tls *tls)
 	TLS_SET_STATE(TLS_HANDSHAKE_DONE);
 	tls->ready = true;
 
+	tls->in_callback = true;
 	tls->ready_handle(peer_identity, tls->user_data);
+	tls->in_callback = false;
 	l_free(peer_identity);
 
 	tls_cleanup_handshake(tls);
@@ -2389,6 +2391,11 @@ LIB_EXPORT void l_tls_free(struct l_tls *tls)
 	if (unlikely(!tls))
 		return;
 
+	if (tls->in_callback) {
+		tls->pending_destroy = true;
+		return;
+	}
+
 	l_tls_set_cacert(tls, NULL);
 	l_tls_set_auth_data(tls, NULL, NULL, NULL);
 
@@ -2537,6 +2544,11 @@ bool tls_handle_message(struct l_tls *tls, const uint8_t *message,
 					message + TLS_HANDSHAKE_HEADER_SIZE,
 					len - TLS_HANDSHAKE_HEADER_SIZE);
 
+		if (tls->pending_destroy) {
+			l_tls_free(tls);
+			return false;
+		}
+
 		return true;
 
 	case TLS_CT_APPLICATION_DATA:
@@ -2551,7 +2563,14 @@ bool tls_handle_message(struct l_tls *tls, const uint8_t *message,
 		if (!len)
 			return true;
 
+		tls->in_callback = true;
 		tls->rx(message, len, tls->user_data);
+		tls->in_callback = false;
+
+		if (tls->pending_destroy) {
+			l_tls_free(tls);
+			return false;
+		}
 
 		return true;
 	}
-- 
2.20.1

[PATCH 4/4] tls: Fix an error check

[Andrew Zaborowski]

[-- Attachment #1: Type: text/plain, Size: 542 bytes --]

---
 ell/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ell/tls.c b/ell/tls.c
index 4b23076..7405098 100644
--- a/ell/tls.c
+++ b/ell/tls.c
@@ -2058,7 +2058,7 @@ static char *tls_get_peer_identity_str(struct l_cert *cert)
 			goto error;
 
 		name = asn1_der_find_elem(seq, len, 1, &tag, &name_len);
-		if (!oid || (tag != ASN1_ID_PRINTABLESTRING &&
+		if (!name || (tag != ASN1_ID_PRINTABLESTRING &&
 					tag != ASN1_ID_UTF8STRING &&
 					tag != ASN1_ID_IA5STRING))
 			continue;
-- 
2.20.1

Re: [PATCH 1/4] tls: Pass full Subject DN contents to "ready" callback

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 3343 bytes --]

Hi Andrew,

On 8/6/19 8:45 AM, Andrew Zaborowski wrote:
> Until now the ready callback would receive a displayable string as
> peer_identity (if peer was authenticated) which was either the Common
> Name or the Organization Name extracted from the subject DN in the
> peer's certificate.
> 
> In order to implement functionality similat to wpa_supplicant's
> substring_match= option for EAP-TLS, we need to look specifically at
> Common Name although if we have the full contents of the Subject DN
> that's even better as wpa_supplicant allows configurations to match
> against any element in the Subject DN, so if we do that iwd and wpa_s
> config files may be easier to convert in either direction.
> 
> We could also just pass the whole certificate struct to the callback but
> then we'd need to also have utilities for parsing the DN so instead we
> parse it in tls.c and convert it into the same string format that is
> used by wpa_s, openssl, etc.  Parsing that string in user code is easier
> than parsing the original DER struct.
> ---
>   ell/asn1-private.h |  1 +
>   ell/tls.c          | 76 ++++++++++++++++++++++++++++++++--------------
>   2 files changed, 55 insertions(+), 22 deletions(-)
> 

Applied, but..

> @@ -2009,45 +2034,52 @@ static char *tls_get_peer_identity_str(struct l_cert *cert)
>   	if (!dn)
>   		return NULL;
>   
> +	id_str = l_string_new(200);
> +
>   	end = dn + dn_size;
>   	while (dn < end) {
>   		const uint8_t *set, *seq, *oid, *name;
>   		uint8_t tag;
>   		size_t len, oid_len, name_len;
> +		const struct dn_element_info *info;
>   
>   		set = asn1_der_find_elem(dn, end - dn, 0, &tag, &len);
>   		if (!set || tag != ASN1_ID_SET)
> -			return NULL;
> +			goto error;
>   
>   		dn = set + len;
>   
>   		seq = asn1_der_find_elem(set, len, 0, &tag, &len);
>   		if (!seq || tag != ASN1_ID_SEQUENCE)
> -			return NULL;
> +			goto error;
>   
>   		oid = asn1_der_find_elem(seq, len, 0, &tag, &oid_len);
>   		if (!oid || tag != ASN1_ID_OID)
> -			return NULL;
> +			goto error;
>   
>   		name = asn1_der_find_elem(seq, len, 1, &tag, &name_len);
>   		if (!oid || (tag != ASN1_ID_PRINTABLESTRING &&

Should this be !name and not !oid?

> -					tag != ASN1_ID_UTF8STRING))
> +					tag != ASN1_ID_UTF8STRING &&
> +					tag != ASN1_ID_IA5STRING))
>   			continue;
>   
> -		/* organizationName takes priority, commonName is second */
> -		if (asn1_oid_eq(&dn_organization_name_oid, oid_len, oid) ||
> -				(!printable_str &&
> -				 asn1_oid_eq(&dn_common_name_oid,
> -						oid_len, oid))) {
> -			printable_str = name;
> -			printable_str_len = name_len;
> -		}
> +		for (info = dn_elements; info->str; info++)
> +			if (asn1_oid_eq(&info->oid, oid_len, oid))
> +				break;
> +		if (!info->str)
> +			continue;
> +
> +		l_string_append_c(id_str, '/');
> +		l_string_append(id_str, info->str);
> +		l_string_append_c(id_str, '=');
> +		l_string_append_fixed(id_str, (char *) name, name_len);
>   	}
>   
> -	if (printable_str)
> -		return l_strndup((char *) printable_str, printable_str_len);
> -	else
> -		return NULL;
> +	return l_string_unwrap(id_str);
> +
> +error:
> +	l_string_free(id_str);
> +	return NULL;
>   }
>   
>   static void tls_finished(struct l_tls *tls)
> 

Regards,
-Denis

Re: [PATCH 2/4] unit: Update expected peer identity strings in TLS

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 1030 bytes --]

Hi Andrew,

On 8/6/19 8:45 AM, Andrew Zaborowski wrote:
> ---
>   unit/test-tls.c | 33 ++++++++++++++++++++++-----------
>   1 file changed, 22 insertions(+), 11 deletions(-)
> 

Applied, but any chance we can get some spoofed certs for negative testing?

> diff --git a/unit/test-tls.c b/unit/test-tls.c
> index 03c5370..d701f42 100644
> --- a/unit/test-tls.c
> +++ b/unit/test-tls.c
> @@ -326,7 +326,8 @@ static const struct tls_conn_test tls_conn_test_server_auth = {
>   	.server_key_path = CERTDIR "cert-server-key-pkcs8.pem",
>   	.server_expect_identity = NULL,
>   	.client_ca_cert_path = CERTDIR "cert-ca.pem",
> -	.client_expect_identity = "Foo Example Organization",
> +	.client_expect_identity = "/O=Foo Example Organization"
> +		"/CN=Foo Example Organization/emailAddress=foo(a)mail.example",

Also, what happens if the strings contain a '/' character? Or is that 
not possible?

>   };
>   
>   static const struct tls_conn_test tls_conn_test_client_auth_attempt = {

Regards,
-Denis

Re: [PATCH 3/4] tls: Make l_tls_free reentrant

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 873 bytes --]

Hi Andrew,

On 8/6/19 8:45 AM, Andrew Zaborowski wrote:
> Handle l_tls_free being called from inside user callbacks that our code
> may have called.  Use flags because in this case it's not possible to
> move all of the callbacks to the end of our functions.
> ---
>   ell/tls-private.h |  3 +++
>   ell/tls.c         | 19 +++++++++++++++++++
>   2 files changed, 22 insertions(+)
> 

Applied, thanks.

> diff --git a/ell/tls-private.h b/ell/tls-private.h
> index bf9e2ec..c1de257 100644
> --- a/ell/tls-private.h
> +++ b/ell/tls-private.h
> @@ -215,6 +215,9 @@ struct l_tls {
>   
>   	struct tls_cipher_suite **cipher_suite_pref_list;
>   
> +	bool in_callback;
> +	bool pending_destroy;
> +
>   	/* Record layer */
>   
>   	uint8_t *record_buf;

By the way, do you want to make all these bools here a bitfield instead?

Regards,
-Denis

Re: [PATCH 4/4] tls: Fix an error check

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 234 bytes --]

Hi Andrew,

On 8/6/19 8:45 AM, Andrew Zaborowski wrote:
> ---
>   ell/tls.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 

Guess my question from patch 1 is answered ;)

Applied, thanks.

Regards,
-Denis

Re: [PATCH 2/4] unit: Update expected peer identity strings in TLS

[Andrew Zaborowski]

[-- Attachment #1: Type: text/plain, Size: 1793 bytes --]

Hi Denis,

On Thu, 8 Aug 2019 at 00:53, Denis Kenzior <denkenz@gmail.com> wrote:
>
> Hi Andrew,
>
> On 8/6/19 8:45 AM, Andrew Zaborowski wrote:
> > ---
> >   unit/test-tls.c | 33 ++++++++++++++++++++++-----------
> >   1 file changed, 22 insertions(+), 11 deletions(-)
> >
>
> Applied, but any chance we can get some spoofed certs for negative testing?

We've got one negative test for the subject matching in the iwd
patches (which I still need to respin I think) but we don't need a
special cert for that we just use a wrong subject_match string. And I
think we've got some test cases in ell where the actual RSA crypto is
supposed to fail if we're verifying against a wrong cert.

>
> > diff --git a/unit/test-tls.c b/unit/test-tls.c
> > index 03c5370..d701f42 100644
> > --- a/unit/test-tls.c
> > +++ b/unit/test-tls.c
> > @@ -326,7 +326,8 @@ static const struct tls_conn_test tls_conn_test_server_auth = {
> >       .server_key_path = CERTDIR "cert-server-key-pkcs8.pem",
> >       .server_expect_identity = NULL,
> >       .client_ca_cert_path = CERTDIR "cert-ca.pem",
> > -     .client_expect_identity = "Foo Example Organization",
> > +     .client_expect_identity = "/O=Foo Example Organization"
> > +             "/CN=Foo Example Organization/emailAddress=foo(a)mail.example",
>
> Also, what happens if the strings contain a '/' character? Or is that
> not possible?

So apparently openssl has some \ unescaping support for these strings
when you generate the certificate and probably the characters are
escaped again when you extract this string from a cert.  We could
replicate this but in terms of security I think it doesn't add
anything, users will just need to remember to not escape the
characters in the iwd configs.

Best regards

Re: [PATCH 2/4] unit: Update expected peer identity strings in TLS

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 699 bytes --]

Hi Andrew,

>> Also, what happens if the strings contain a '/' character? Or is that
>> not possible?
> 
> So apparently openssl has some \ unescaping support for these strings
> when you generate the certificate and probably the characters are
> escaped again when you extract this string from a cert.  We could
> replicate this but in terms of security I think it doesn't add
> anything, users will just need to remember to not escape the
> characters in the iwd configs.
> 

This response doesn't fill me with a lot of confidence :)  How is domain 
name suffix matching code (for example) going to deal with random '/' 
characters if they serve as delimiters?

Regards,
-Denis

Re: [PATCH 2/4] unit: Update expected peer identity strings in TLS

[Andrew Zaborowski]

[-- Attachment #1: Type: text/plain, Size: 1302 bytes --]

On Thu, 8 Aug 2019 at 01:40, Denis Kenzior <denkenz@gmail.com> wrote:
> >> Also, what happens if the strings contain a '/' character? Or is that
> >> not possible?
> >
> > So apparently openssl has some \ unescaping support for these strings
> > when you generate the certificate and probably the characters are
> > escaped again when you extract this string from a cert.  We could
> > replicate this but in terms of security I think it doesn't add
> > anything, users will just need to remember to not escape the
> > characters in the iwd configs.
> >
>
> This response doesn't fill me with a lot of confidence :)  How is domain
> name suffix matching code (for example) going to deal with random '/'
> characters if they serve as delimiters?

So with the simple fnmatch or substring matching this wasn't really a
problem as without a regex you had no way to distinguish a '/' from an
escaped "\/".  I mean, it was just as bad in both cases :)

With a proper parser for this string in the client code though, and
with proper escaping, we may be able to prevent some attacks where
someone convinces the CA to sell them a certificate with e.g.
"/CN=example.com" contained inside another field in the subject DN, so
yeah, perhaps it's worth adding, I'll do that.

Best regards