/src/gnutls/lib/extv.c

Source
/*
 * Copyright (C) 2017-2018 Red Hat, Inc.
 *
 * Author: Nikos Mavrogiannopoulos
 *
 * This file is part of GnuTLS.
 *
 * The GnuTLS is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
 *
 */

#include "gnutls_int.h"
#include "hello_ext.h"
#include "errors.h"
#include "extv.h"

/* Iterates through all extensions found, and calls the cb()
 * function with their data */
int _gnutls_extv_parse(void *ctx, gnutls_ext_raw_process_func cb,
           const uint8_t *data, int data_size)
{
  int next, ret;
  int pos = 0;
  uint16_t tls_id;
  const uint8_t *sdata;
  uint16_t size;

  if (data_size == 0)
    return 0;

  DECR_LENGTH_RET(data_size, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
  next = _gnutls_read_uint16(data);
  pos += 2;

  DECR_LENGTH_RET(data_size, next, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);

  if (next == 0 &&
      data_size ==
        0) /* field is present, but has zero length? Ignore it. */
    return 0;
  else if (data_size > 0) /* forbid unaccounted data */
    return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);

  do {
    DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
    tls_id = _gnutls_read_uint16(&data[pos]);
    pos += 2;

    DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
    size = _gnutls_read_uint16(&data[pos]);
    pos += 2;

    DECR_LENGTH_RET(next, size,
        GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
    sdata = &data[pos];
    pos += size;

    ret = cb(ctx, tls_id, sdata, size);
    if (ret < 0)
      return gnutls_assert_val(ret);
  } while (next > 2);

  /* forbid leftovers */
  if (next > 0)
    return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);

  return 0;
}

#define HANDSHAKE_SESSION_ID_POS (34)
/**
 * gnutls_ext_raw_parse:
 * @ctx: a pointer to pass to callback function
 * @cb: callback function to process each extension found
 * @data: TLS extension data
 * @flags: should be zero or %GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO or %GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO
 *
 * This function iterates through the TLS extensions as passed in
 * @data, passing the individual extension data to callback. The
 * @data must conform to Extension extensions<0..2^16-1> format.
 *
 * If flags is %GNUTLS_EXT_RAW_TLS_FLAG_CLIENT_HELLO then this function
 * will parse the extension data from the position, as if the packet in
 * @data is a client hello (without record or handshake headers) -
 * as provided by gnutls_handshake_set_hook_function().
 *
 * The return value of the callback will be propagated.
 *
 * Returns: %GNUTLS_E_SUCCESS on success, or an error code. On unknown
 *   flags it returns %GNUTLS_E_INVALID_REQUEST.
 *
 * Since: 3.6.3
 **/
int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb,
       const gnutls_datum_t *data, unsigned int flags)
{
  if (flags & GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO) {
    size_t size = data->size;
    size_t len;
    uint8_t *p = data->data;

    DECR_LEN(size, HANDSHAKE_SESSION_ID_POS);

    if (p[0] != 0x03)
      return gnutls_assert_val(
        GNUTLS_E_UNSUPPORTED_VERSION_PACKET);

    p += HANDSHAKE_SESSION_ID_POS;

    /* skip session id */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    /* CipherSuites */
    DECR_LEN(size, 2);
    len = _gnutls_read_uint16(p);
    p += 2;
    DECR_LEN(size, len);
    p += len;

    /* legacy_compression_methods */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    if (size == 0)
      return gnutls_assert_val(
        GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);

    return _gnutls_extv_parse(ctx, cb, p, size);
  } else if (flags & GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO) {
    size_t size = data->size;
    size_t len;
    uint8_t *p = data->data;

    DECR_LEN(size, HANDSHAKE_SESSION_ID_POS);

    if (p[0] != 254)
      return gnutls_assert_val(
        GNUTLS_E_UNSUPPORTED_VERSION_PACKET);

    p += HANDSHAKE_SESSION_ID_POS;

    /* skip session id */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    /* skip cookie */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    /* CipherSuites */
    DECR_LEN(size, 2);
    len = _gnutls_read_uint16(p);
    p += 2;
    DECR_LEN(size, len);
    p += len;

    /* legacy_compression_methods */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    if (size == 0)
      return gnutls_assert_val(
        GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);

    return _gnutls_extv_parse(ctx, cb, p, size);
  }

  if (flags != 0)
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

  return _gnutls_extv_parse(ctx, cb, data->data, data->size);
}

/* Returns:
 *  * On success the number of bytes appended (always positive), or zero if not sent
 *  * On failure, a negative error code.
 */
int _gnutls_extv_append(gnutls_buffer_st *buf, uint16_t tls_id, void *ctx,
      int (*cb)(void *ctx, gnutls_buffer_st *buf))
{
  int size_pos, appended, ret;
  size_t size_prev;

  ret = _gnutls_buffer_append_prefix(buf, 16, tls_id);
  if (ret < 0)
    return gnutls_assert_val(ret);

  size_pos = buf->length;
  ret = _gnutls_buffer_append_prefix(buf, 16, 0);
  if (ret < 0)
    return gnutls_assert_val(ret);

  size_prev = buf->length;
  ret = cb(ctx, buf);
  if (ret < 0 && ret != GNUTLS_E_INT_RET_0) {
    return gnutls_assert_val(ret);
  }

  /* returning GNUTLS_E_INT_RET_0 means to send an empty
   * extension of this type.
   */
  appended = buf->length - size_prev;

  if (appended > 0 || ret == GNUTLS_E_INT_RET_0) {
    if (ret == GNUTLS_E_INT_RET_0)
      appended = 0;

    /* write the real size */
    _gnutls_write_uint16(appended, &buf->data[size_pos]);
  } else if (appended == 0) {
    buf->length -= 4; /* reset type and size */
    return 0;
  }

  return appended + 4;
}

Coverage Report

Created: 2026-02-14 06:49

Line	Count	Source
1		/*
2		* Copyright (C) 2017-2018 Red Hat, Inc.
3		*
4		* Author: Nikos Mavrogiannopoulos
5		*
6		* This file is part of GnuTLS.
7		*
8		* The GnuTLS is free software; you can redistribute it and/or
9		* modify it under the terms of the GNU Lesser General Public License
10		* as published by the Free Software Foundation; either version 2.1 of
11		* the License, or (at your option) any later version.
12		*
13		* This library is distributed in the hope that it will be useful, but
14		* WITHOUT ANY WARRANTY; without even the implied warranty of
15		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16		* Lesser General Public License for more details.
17		*
18		* You should have received a copy of the GNU Lesser General Public License
19		* along with this program. If not, see <https://www.gnu.org/licenses/>
20		*
21		*/
22
23		#include "gnutls_int.h"
24		#include "hello_ext.h"
25		#include "errors.h"
26		#include "extv.h"
27
28		/* Iterates through all extensions found, and calls the cb()
29		* function with their data */
30		int _gnutls_extv_parse(void *ctx, gnutls_ext_raw_process_func cb,
31		const uint8_t *data, int data_size)
32	134k	{
33	134k	int next, ret;
34	134k	int pos = 0;
35	134k	uint16_t tls_id;
36	134k	const uint8_t *sdata;
37	134k	uint16_t size;
38
39	134k	if (data_size == 0)
40	28.4k	return 0;
41
42	105k	DECR_LENGTH_RET(data_size, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
43	105k	next = _gnutls_read_uint16(data);
44	105k	pos += 2;
45
46	105k	DECR_LENGTH_RET(data_size, next, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
47
48	105k	if (next == 0 &&
49	4.62k	data_size ==
50	4.62k	0) /* field is present, but has zero length? Ignore it. */
51	4.26k	return 0;
52	101k	else if (data_size > 0) /* forbid unaccounted data */
53	651	return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
54
55	415k	do {
56	415k	DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
57	415k	tls_id = _gnutls_read_uint16(&data[pos]);
58	415k	pos += 2;
59
60	415k	DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
61	415k	size = _gnutls_read_uint16(&data[pos]);
62	415k	pos += 2;
63
64	415k	DECR_LENGTH_RET(next, size,
65	414k	GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
66	414k	sdata = &data[pos];
67	414k	pos += size;
68
69	414k	ret = cb(ctx, tls_id, sdata, size);
70	414k	if (ret < 0)
71	4.32k	return gnutls_assert_val(ret);
72	414k	} while (next > 2);
73
74		/* forbid leftovers */
75	95.6k	if (next > 0)
76	40	return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
77
78	95.6k	return 0;
79	95.6k	}
80
81	429	#define HANDSHAKE_SESSION_ID_POS (34)
82		/**
83		* gnutls_ext_raw_parse:
84		* @ctx: a pointer to pass to callback function
85		* @cb: callback function to process each extension found
86		* @data: TLS extension data
87		* @flags: should be zero or %GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO or %GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO
88		*
89		* This function iterates through the TLS extensions as passed in
90		* @data, passing the individual extension data to callback. The
91		* @data must conform to Extension extensions<0..2^16-1> format.
92		*
93		* If flags is %GNUTLS_EXT_RAW_TLS_FLAG_CLIENT_HELLO then this function
94		* will parse the extension data from the position, as if the packet in
95		* @data is a client hello (without record or handshake headers) -
96		* as provided by gnutls_handshake_set_hook_function().
97		*
98		* The return value of the callback will be propagated.
99		*
100		* Returns: %GNUTLS_E_SUCCESS on success, or an error code. On unknown
101		* flags it returns %GNUTLS_E_INVALID_REQUEST.
102		*
103		* Since: 3.6.3
104		**/
105		int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb,
106		const gnutls_datum_t *data, unsigned int flags)
107	1.82k	{
108	1.82k	if (flags & GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO) {
109	607	size_t size = data->size;
110	607	size_t len;
111	607	uint8_t *p = data->data;
112
113	607	DECR_LEN(size, HANDSHAKE_SESSION_ID_POS);
114
115	535	if (p[0] != 0x03)
116	339	return gnutls_assert_val(
117	535	GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
118
119	196	p += HANDSHAKE_SESSION_ID_POS;
120
121		/* skip session id */
122	196	DECR_LEN(size, 1);
123	195	len = p[0];
124	195	p++;
125	195	DECR_LEN(size, len);
126	186	p += len;
127
128		/* CipherSuites */
129	186	DECR_LEN(size, 2);
130	183	len = _gnutls_read_uint16(p);
131	183	p += 2;
132	183	DECR_LEN(size, len);
133	155	p += len;
134
135		/* legacy_compression_methods */
136	155	DECR_LEN(size, 1);
137	154	len = p[0];
138	154	p++;
139	154	DECR_LEN(size, len);
140	139	p += len;
141
142	139	if (size == 0)
143	11	return gnutls_assert_val(
144	139	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
145
146	128	return _gnutls_extv_parse(ctx, cb, p, size);
147	1.21k	} else if (flags & GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO) {
148	607	size_t size = data->size;
149	607	size_t len;
150	607	uint8_t *p = data->data;
151
152	607	DECR_LEN(size, HANDSHAKE_SESSION_ID_POS);
153
154	535	if (p[0] != 254)
155	302	return gnutls_assert_val(
156	535	GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
157
158	233	p += HANDSHAKE_SESSION_ID_POS;
159
160		/* skip session id */
161	233	DECR_LEN(size, 1);
162	232	len = p[0];
163	232	p++;
164	232	DECR_LEN(size, len);
165	222	p += len;
166
167		/* skip cookie */
168	222	DECR_LEN(size, 1);
169	221	len = p[0];
170	221	p++;
171	221	DECR_LEN(size, len);
172	207	p += len;
173
174		/* CipherSuites */
175	207	DECR_LEN(size, 2);
176	200	len = _gnutls_read_uint16(p);
177	200	p += 2;
178	200	DECR_LEN(size, len);
179	169	p += len;
180
181		/* legacy_compression_methods */
182	169	DECR_LEN(size, 1);
183	168	len = p[0];
184	168	p++;
185	168	DECR_LEN(size, len);
186	150	p += len;
187
188	150	if (size == 0)
189	9	return gnutls_assert_val(
190	150	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
191
192	141	return _gnutls_extv_parse(ctx, cb, p, size);
193	150	}
194
195	607	if (flags != 0)
196	0	return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
197
198	607	return _gnutls_extv_parse(ctx, cb, data->data, data->size);
199	607	}
200
201		/* Returns:
202		* * On success the number of bytes appended (always positive), or zero if not sent
203		* * On failure, a negative error code.
204		*/
205		int _gnutls_extv_append(gnutls_buffer_st buf, uint16_t tls_id, void ctx,
206		int (cb)(void ctx, gnutls_buffer_st *buf))
207	828k	{
208	828k	int size_pos, appended, ret;
209	828k	size_t size_prev;
210
211	828k	ret = _gnutls_buffer_append_prefix(buf, 16, tls_id);
212	828k	if (ret < 0)
213	0	return gnutls_assert_val(ret);
214
215	828k	size_pos = buf->length;
216	828k	ret = _gnutls_buffer_append_prefix(buf, 16, 0);
217	828k	if (ret < 0)
218	0	return gnutls_assert_val(ret);
219
220	828k	size_prev = buf->length;
221	828k	ret = cb(ctx, buf);
222	828k	if (ret < 0 && ret != GNUTLS_E_INT_RET_0) {
223	64	return gnutls_assert_val(ret);
224	64	}
225
226		/* returning GNUTLS_E_INT_RET_0 means to send an empty
227		* extension of this type.
228		*/
229	828k	appended = buf->length - size_prev;
230
231	828k	if (appended > 0 \|\| ret == GNUTLS_E_INT_RET_0) {
232	347k	if (ret == GNUTLS_E_INT_RET_0)
233	82.2k	appended = 0;
234
235		/* write the real size */
236	347k	_gnutls_write_uint16(appended, &buf->data[size_pos]);
237	481k	} else if (appended == 0) {
238	481k	buf->length -= 4; /* reset type and size */
239	481k	return 0;
240	481k	}
241
242	347k	return appended + 4;
243	828k	}