/src/gnutls/lib/x509/prov-seed.c

Source (jump to first uncovered line)
/*
 * Copyright (C) 2017 Red Hat, Inc.
 *
 * Author: Nikos Mavrogiannopoulos
 *
 * This file is part of GnuTLS.
 *
 * The GnuTLS is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
 *
 */

#include "gnutls_int.h"
#include <datum.h>
#include <global.h>
#include "errors.h"
#include <common.h>
#include <x509.h>
#include <x509_int.h>
#include <mpi.h>
#include "prov-seed.h"

/* This function encodes a seed value and a hash algorithm OID to the format
 * described in RFC8479. The output is the DER encoded form.
 */
int _x509_encode_provable_seed(gnutls_x509_privkey_t pkey, gnutls_datum_t * der)
{

  asn1_node c2;
  int ret, result;
  const char *oid;

  oid = gnutls_digest_get_oid(pkey->params.palgo);
  if (oid == NULL)
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

  if ((result =
       asn1_create_element(_gnutls_get_gnutls_asn(),
         "GNUTLS.ProvableSeed", &c2)) != ASN1_SUCCESS) {
    gnutls_assert();
    return _gnutls_asn2err(result);
  }

  result =
      asn1_write_value(c2, "seed", pkey->params.seed,
           pkey->params.seed_size);
  if (result != ASN1_SUCCESS) {
    gnutls_assert();
    ret = _gnutls_asn2err(result);
    goto cleanup;
  }

  result = asn1_write_value(c2, "algorithm", oid, 1);
  if (result != ASN1_SUCCESS) {
    gnutls_assert();
    ret = _gnutls_asn2err(result);
    goto cleanup;
  }

  ret = _gnutls_x509_der_encode(c2, "", der, 0);
  if (ret < 0) {
    gnutls_assert();
    goto cleanup;
  }

  ret = 0;

 cleanup:
  asn1_delete_structure2(&c2, ASN1_DELETE_FLAG_ZEROIZE);
  return ret;
}

/* This function decodes a DER encoded form of seed and a hash algorithm, as in
 * RFC8479.
 */
int _x509_decode_provable_seed(gnutls_x509_privkey_t pkey,
             const gnutls_datum_t * der)
{

  asn1_node c2;
  int ret, result;
  char oid[MAX_OID_SIZE];
  int oid_size;
  gnutls_datum_t seed = { NULL, 0 };

  if ((result =
       asn1_create_element(_gnutls_get_gnutls_asn(),
         "GNUTLS.ProvableSeed", &c2)) != ASN1_SUCCESS) {
    gnutls_assert();
    return _gnutls_asn2err(result);
  }

  result = _asn1_strict_der_decode(&c2, der->data, der->size, NULL);
  if (result != ASN1_SUCCESS) {
    gnutls_assert();
    ret = _gnutls_asn2err(result);
    goto cleanup;
  }

  ret = _gnutls_x509_read_value(c2, "seed", &seed);
  if (ret < 0) {
    gnutls_assert();
    goto cleanup;
  }

  if (seed.size <= sizeof(pkey->params.seed)) {
    memcpy(pkey->params.seed, seed.data, seed.size);
    pkey->params.seed_size = seed.size;
  } else {
    ret = 0;  /* ignore struct */
    _gnutls_debug_log
        ("%s: ignoring ProvableSeed due to very long params\n",
         __func__);
    goto cleanup;
  }

  oid_size = sizeof(oid);
  result = asn1_read_value(c2, "algorithm", oid, &oid_size);
  if (result != ASN1_SUCCESS) {
    gnutls_assert();
    ret = _gnutls_asn2err(result);
    goto cleanup;
  }

  pkey->params.palgo = gnutls_oid_to_digest(oid);
  pkey->params.pkflags |= GNUTLS_PK_FLAG_PROVABLE;

  ret = 0;

 cleanup:
  gnutls_free(seed.data);
  asn1_delete_structure2(&c2, ASN1_DELETE_FLAG_ZEROIZE);
  return ret;
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (C) 2017 Red Hat, Inc.
3		*
4		* Author: Nikos Mavrogiannopoulos
5		*
6		* This file is part of GnuTLS.
7		*
8		* The GnuTLS is free software; you can redistribute it and/or
9		* modify it under the terms of the GNU Lesser General Public License
10		* as published by the Free Software Foundation; either version 2.1 of
11		* the License, or (at your option) any later version.
12		*
13		* This library is distributed in the hope that it will be useful, but
14		* WITHOUT ANY WARRANTY; without even the implied warranty of
15		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16		* Lesser General Public License for more details.
17		*
18		* You should have received a copy of the GNU Lesser General Public License
19		* along with this program. If not, see <https://www.gnu.org/licenses/>
20		*
21		*/
22
23		#include "gnutls_int.h"
24		#include <datum.h>
25		#include <global.h>
26		#include "errors.h"
27		#include <common.h>
28		#include <x509.h>
29		#include <x509_int.h>
30		#include <mpi.h>
31		#include "prov-seed.h"
32
33		/* This function encodes a seed value and a hash algorithm OID to the format
34		* described in RFC8479. The output is the DER encoded form.
35		*/
36		int _x509_encode_provable_seed(gnutls_x509_privkey_t pkey, gnutls_datum_t * der)
37	0	{
38
39	0	asn1_node c2;
40	0	int ret, result;
41	0	const char *oid;
42
43	0	oid = gnutls_digest_get_oid(pkey->params.palgo);
44	0	if (oid == NULL)
45	0	return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
46
47	0	if ((result =
48	0	asn1_create_element(_gnutls_get_gnutls_asn(),
49	0	"GNUTLS.ProvableSeed", &c2)) != ASN1_SUCCESS) {
50	0	gnutls_assert();
51	0	return _gnutls_asn2err(result);
52	0	}
53
54	0	result =
55	0	asn1_write_value(c2, "seed", pkey->params.seed,
56	0	pkey->params.seed_size);
57	0	if (result != ASN1_SUCCESS) {
58	0	gnutls_assert();
59	0	ret = _gnutls_asn2err(result);
60	0	goto cleanup;
61	0	}
62
63	0	result = asn1_write_value(c2, "algorithm", oid, 1);
64	0	if (result != ASN1_SUCCESS) {
65	0	gnutls_assert();
66	0	ret = _gnutls_asn2err(result);
67	0	goto cleanup;
68	0	}
69
70	0	ret = _gnutls_x509_der_encode(c2, "", der, 0);
71	0	if (ret < 0) {
72	0	gnutls_assert();
73	0	goto cleanup;
74	0	}
75
76	0	ret = 0;
77
78	0	cleanup:
79	0	asn1_delete_structure2(&c2, ASN1_DELETE_FLAG_ZEROIZE);
80	0	return ret;
81	0	}
82
83		/* This function decodes a DER encoded form of seed and a hash algorithm, as in
84		* RFC8479.
85		*/
86		int _x509_decode_provable_seed(gnutls_x509_privkey_t pkey,
87		const gnutls_datum_t * der)
88	0	{
89
90	0	asn1_node c2;
91	0	int ret, result;
92	0	char oid[MAX_OID_SIZE];
93	0	int oid_size;
94	0	gnutls_datum_t seed = { NULL, 0 };
95
96	0	if ((result =
97	0	asn1_create_element(_gnutls_get_gnutls_asn(),
98	0	"GNUTLS.ProvableSeed", &c2)) != ASN1_SUCCESS) {
99	0	gnutls_assert();
100	0	return _gnutls_asn2err(result);
101	0	}
102
103	0	result = _asn1_strict_der_decode(&c2, der->data, der->size, NULL);
104	0	if (result != ASN1_SUCCESS) {
105	0	gnutls_assert();
106	0	ret = _gnutls_asn2err(result);
107	0	goto cleanup;
108	0	}
109
110	0	ret = _gnutls_x509_read_value(c2, "seed", &seed);
111	0	if (ret < 0) {
112	0	gnutls_assert();
113	0	goto cleanup;
114	0	}
115
116	0	if (seed.size <= sizeof(pkey->params.seed)) {
117	0	memcpy(pkey->params.seed, seed.data, seed.size);
118	0	pkey->params.seed_size = seed.size;
119	0	} else {
120	0	ret = 0; /* ignore struct */
121	0	_gnutls_debug_log
122	0	("%s: ignoring ProvableSeed due to very long params\n",
123	0	__func__);
124	0	goto cleanup;
125	0	}
126
127	0	oid_size = sizeof(oid);
128	0	result = asn1_read_value(c2, "algorithm", oid, &oid_size);
129	0	if (result != ASN1_SUCCESS) {
130	0	gnutls_assert();
131	0	ret = _gnutls_asn2err(result);
132	0	goto cleanup;
133	0	}
134
135	0	pkey->params.palgo = gnutls_oid_to_digest(oid);
136	0	pkey->params.pkflags \|= GNUTLS_PK_FLAG_PROVABLE;
137
138	0	ret = 0;
139
140	0	cleanup:
141	0	gnutls_free(seed.data);
142	0	asn1_delete_structure2(&c2, ASN1_DELETE_FLAG_ZEROIZE);
143	0	return ret;
144	0	}

Coverage Report

Created: 2023-03-26 07:33