/src/gnutls/lib/ext/alpn.c

Source (jump to first uncovered line)
/*
 * Copyright (C) 2013 Nikos Mavrogiannopoulos
 * Copyright (C) 2017 Red Hat, Inc.
 * 
 * This file is part of GnuTLS.
 *
 * The GnuTLS is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
 *
 */

#include "gnutls_int.h"
#include "auth.h"
#include "errors.h"
#include "num.h"
#include "ext/alpn.h"

static int _gnutls_alpn_recv_params(gnutls_session_t session,
            const uint8_t *data, size_t data_size);
static int _gnutls_alpn_send_params(gnutls_session_t session,
            gnutls_buffer_st *extdata);

static void _gnutls_alpn_deinit_data(gnutls_ext_priv_data_t priv);

const hello_ext_entry_st ext_mod_alpn = {
  .name = "ALPN",
  .tls_id = 16,
  .gid = GNUTLS_EXTENSION_ALPN,
  /* this extension must be parsed even on resumption */
  .client_parse_point = GNUTLS_EXT_MANDATORY,
  .server_parse_point = GNUTLS_EXT_MANDATORY,
  .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS |
        GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_EE |
        GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
  .recv_func = _gnutls_alpn_recv_params,
  .send_func = _gnutls_alpn_send_params,
  .deinit_func = _gnutls_alpn_deinit_data,
  .cannot_be_overriden = 1
};

static int _gnutls_alpn_recv_params(gnutls_session_t session,
            const uint8_t *data, size_t data_size)
{
  unsigned int i;
  int ret;
  const uint8_t *p = data;
  unsigned len1, len;
  alpn_ext_st *priv;
  gnutls_ext_priv_data_t epriv;
  int selected_protocol_index;

  ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_ALPN,
           &epriv);
  if (ret < 0)
    return 0;

  priv = epriv;

  DECR_LENGTH_RET(data_size, 2, GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
  len = _gnutls_read_uint16(p);
  p += 2;

  if (len == 0 || len > (size_t)data_size)
    return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

  if (session->security_parameters.entity == GNUTLS_SERVER) {
    selected_protocol_index = MAX_ALPN_PROTOCOLS + 1;

    while (data_size > 0) {
      DECR_LENGTH_RET(data_size, 1,
          GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
      len1 = *p;
      p += 1;
      DECR_LENGTH_RET(data_size, len1,
          GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

      if (len1 == 0)
        return gnutls_assert_val(
          GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

      for (i = 0; i < priv->size; i++) {
        if (priv->protocol_size[i] == len1 &&
            memcmp(p, priv->protocols[i], len1) == 0) {
          if (priv->flags &
              GNUTLS_ALPN_SERVER_PRECEDENCE) {
            if (selected_protocol_index >
                (int)i) {
              selected_protocol_index =
                i;
              priv->selected_protocol =
                priv->protocols
                  [i];
              priv->selected_protocol_size =
                priv->protocol_size
                  [i];
              break;
            }
          } else {
            priv->selected_protocol =
              priv->protocols[i];
            priv->selected_protocol_size =
              priv->protocol_size[i];
            return 0;
          }
        }
      }
      p += len1;
    }
  } else {
    DECR_LENGTH_RET(data_size, 1,
        GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
    len1 = *p;
    p += 1;
    DECR_LENGTH_RET(data_size, len1,
        GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

    for (i = 0; i < priv->size; i++) {
      if (priv->protocol_size[i] == len1 &&
          memcmp(p, priv->protocols[i], len1) == 0) {
        priv->selected_protocol = priv->protocols[i];
        priv->selected_protocol_size =
          priv->protocol_size[i];
        break;
      }
    }
    /*p += len1; */
  }

  if (priv->selected_protocol == NULL && (priv->flags & GNUTLS_ALPN_MAND))
    return gnutls_assert_val(GNUTLS_E_NO_APPLICATION_PROTOCOL);

  return 0;
}

static int _gnutls_alpn_send_params(gnutls_session_t session,
            gnutls_buffer_st *extdata)
{
  unsigned i;
  int total_size = 0, ret;
  alpn_ext_st *priv;
  gnutls_ext_priv_data_t epriv;

  ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_ALPN,
           &epriv);
  if (ret < 0)
    return 0;

  priv = epriv;

  if (priv->size == 0)
    return 0;

  if (session->security_parameters.entity == GNUTLS_SERVER) {
    if (priv->selected_protocol_size == 0)
      return 0;

    ret = _gnutls_buffer_append_prefix(
      extdata, 16, priv->selected_protocol_size + 1);
    if (ret < 0)
      return gnutls_assert_val(ret);

    total_size += 2;

    ret = _gnutls_buffer_append_data_prefix(
      extdata, 8, priv->selected_protocol,
      priv->selected_protocol_size);
    if (ret < 0)
      return gnutls_assert_val(ret);

    total_size += 1 + priv->selected_protocol_size;
  } else {
    int t = 0;
    for (i = 0; i < priv->size; i++)
      t += priv->protocol_size[i] + 1;

    ret = _gnutls_buffer_append_prefix(extdata, 16, t);
    if (ret < 0)
      return gnutls_assert_val(ret);

    total_size += 2;

    for (i = 0; i < priv->size; i++) {
      ret = _gnutls_buffer_append_data_prefix(
        extdata, 8, priv->protocols[i],
        priv->protocol_size[i]);
      if (ret < 0)
        return gnutls_assert_val(ret);

      total_size += 1 + priv->protocol_size[i];
    }
  }

  return total_size;
}

/**
 * gnutls_alpn_get_selected_protocol:
 * @session: is a #gnutls_session_t type.
 * @protocol: will hold the protocol name
 *
 * This function allows you to get the negotiated protocol name. The
 * returned protocol should be treated as opaque, constant value and
 * only valid during the session life.
 *
 * The selected protocol is the first supported by the list sent
 * by the client.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
 *   otherwise a negative error code is returned.
 *
 * Since 3.2.0
 **/
int gnutls_alpn_get_selected_protocol(gnutls_session_t session,
              gnutls_datum_t *protocol)
{
  alpn_ext_st *priv;
  int ret;
  gnutls_ext_priv_data_t epriv;

  ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_ALPN,
           &epriv);
  if (ret < 0) {
    gnutls_assert();
    return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
  }

  priv = epriv;

  if (priv->selected_protocol_size == 0)
    return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);

  protocol->data = priv->selected_protocol;
  protocol->size = priv->selected_protocol_size;

  return 0;
}

/**
 * gnutls_alpn_set_protocols:
 * @session: is a #gnutls_session_t type.
 * @protocols: is the protocol names to add.
 * @protocols_size: the number of protocols to add.
 * @flags: zero or a sequence of %gnutls_alpn_flags_t
 *
 * This function is to be used by both clients and servers, to declare
 * the supported ALPN protocols, which are used during negotiation with peer.
 *
 * See %gnutls_alpn_flags_t description for the documentation of available
 * flags.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
 *   otherwise a negative error code is returned.
 *
 * Since 3.2.0
 **/
int gnutls_alpn_set_protocols(gnutls_session_t session,
            const gnutls_datum_t *protocols,
            unsigned protocols_size, unsigned int flags)
{
  int ret;
  alpn_ext_st *priv;
  gnutls_ext_priv_data_t epriv;
  unsigned i;

  ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_ALPN,
           &epriv);
  if (ret < 0) {
    priv = gnutls_calloc(1, sizeof(*priv));
    if (priv == NULL) {
      gnutls_assert();
      return GNUTLS_E_MEMORY_ERROR;
    }
    epriv = priv;
    _gnutls_hello_ext_set_priv(session, GNUTLS_EXTENSION_ALPN,
             epriv);
  } else
    priv = epriv;

  if (protocols_size > MAX_ALPN_PROTOCOLS)
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

  for (i = 0; i < protocols_size; i++) {
    if (protocols[i].size >= MAX_ALPN_PROTOCOL_NAME)
      return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

    memcpy(priv->protocols[i], protocols[i].data,
           protocols[i].size);
    priv->protocol_size[i] = protocols[i].size;
    priv->size++;
  }
  priv->flags = flags;

  return 0;
}

static void _gnutls_alpn_deinit_data(gnutls_ext_priv_data_t priv)
{
  gnutls_free(priv);
}

Coverage Report

Created: 2025-03-06 06:58

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (C) 2013 Nikos Mavrogiannopoulos
3		* Copyright (C) 2017 Red Hat, Inc.
4		*
5		* This file is part of GnuTLS.
6		*
7		* The GnuTLS is free software; you can redistribute it and/or
8		* modify it under the terms of the GNU Lesser General Public License
9		* as published by the Free Software Foundation; either version 2.1 of
10		* the License, or (at your option) any later version.
11		*
12		* This library is distributed in the hope that it will be useful, but
13		* WITHOUT ANY WARRANTY; without even the implied warranty of
14		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15		* Lesser General Public License for more details.
16		*
17		* You should have received a copy of the GNU Lesser General Public License
18		* along with this program. If not, see <https://www.gnu.org/licenses/>
19		*
20		*/
21
22		#include "gnutls_int.h"
23		#include "auth.h"
24		#include "errors.h"
25		#include "num.h"
26		#include "ext/alpn.h"
27
28		static int _gnutls_alpn_recv_params(gnutls_session_t session,
29		const uint8_t *data, size_t data_size);
30		static int _gnutls_alpn_send_params(gnutls_session_t session,
31		gnutls_buffer_st *extdata);
32
33		static void _gnutls_alpn_deinit_data(gnutls_ext_priv_data_t priv);
34
35		const hello_ext_entry_st ext_mod_alpn = {
36		.name = "ALPN",
37		.tls_id = 16,
38		.gid = GNUTLS_EXTENSION_ALPN,
39		/* this extension must be parsed even on resumption */
40		.client_parse_point = GNUTLS_EXT_MANDATORY,
41		.server_parse_point = GNUTLS_EXT_MANDATORY,
42		.validity = GNUTLS_EXT_FLAG_TLS \| GNUTLS_EXT_FLAG_DTLS \|
43		GNUTLS_EXT_FLAG_CLIENT_HELLO \| GNUTLS_EXT_FLAG_EE \|
44		GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
45		.recv_func = _gnutls_alpn_recv_params,
46		.send_func = _gnutls_alpn_send_params,
47		.deinit_func = _gnutls_alpn_deinit_data,
48		.cannot_be_overriden = 1
49		};
50
51		static int _gnutls_alpn_recv_params(gnutls_session_t session,
52		const uint8_t *data, size_t data_size)
53	0	{
54	0	unsigned int i;
55	0	int ret;
56	0	const uint8_t *p = data;
57	0	unsigned len1, len;
58	0	alpn_ext_st *priv;
59	0	gnutls_ext_priv_data_t epriv;
60	0	int selected_protocol_index;
61
62	0	ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_ALPN,
63	0	&epriv);
64	0	if (ret < 0)
65	0	return 0;
66
67	0	priv = epriv;
68
69	0	DECR_LENGTH_RET(data_size, 2, GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
70	0	len = _gnutls_read_uint16(p);
71	0	p += 2;
72
73	0	if (len == 0 \|\| len > (size_t)data_size)
74	0	return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
75
76	0	if (session->security_parameters.entity == GNUTLS_SERVER) {
77	0	selected_protocol_index = MAX_ALPN_PROTOCOLS + 1;
78
79	0	while (data_size > 0) {
80	0	DECR_LENGTH_RET(data_size, 1,
81	0	GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
82	0	len1 = *p;
83	0	p += 1;
84	0	DECR_LENGTH_RET(data_size, len1,
85	0	GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
86
87	0	if (len1 == 0)
88	0	return gnutls_assert_val(
89	0	GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
90
91	0	for (i = 0; i < priv->size; i++) {
92	0	if (priv->protocol_size[i] == len1 &&
93	0	memcmp(p, priv->protocols[i], len1) == 0) {
94	0	if (priv->flags &
95	0	GNUTLS_ALPN_SERVER_PRECEDENCE) {
96	0	if (selected_protocol_index >
97	0	(int)i) {
98	0	selected_protocol_index =
99	0	i;
100	0	priv->selected_protocol =
101	0	priv->protocols
102	0	[i];
103	0	priv->selected_protocol_size =
104	0	priv->protocol_size
105	0	[i];
106	0	break;
107	0	}
108	0	} else {
109	0	priv->selected_protocol =
110	0	priv->protocols[i];
111	0	priv->selected_protocol_size =
112	0	priv->protocol_size[i];
113	0	return 0;
114	0	}
115	0	}
116	0	}
117	0	p += len1;
118	0	}
119	0	} else {
120	0	DECR_LENGTH_RET(data_size, 1,
121	0	GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
122	0	len1 = *p;
123	0	p += 1;
124	0	DECR_LENGTH_RET(data_size, len1,
125	0	GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
126
127	0	for (i = 0; i < priv->size; i++) {
128	0	if (priv->protocol_size[i] == len1 &&
129	0	memcmp(p, priv->protocols[i], len1) == 0) {
130	0	priv->selected_protocol = priv->protocols[i];
131	0	priv->selected_protocol_size =
132	0	priv->protocol_size[i];
133	0	break;
134	0	}
135	0	}
136		/p += len1; /
137	0	}
138
139	0	if (priv->selected_protocol == NULL && (priv->flags & GNUTLS_ALPN_MAND))
140	0	return gnutls_assert_val(GNUTLS_E_NO_APPLICATION_PROTOCOL);
141
142	0	return 0;
143	0	}
144
145		static int _gnutls_alpn_send_params(gnutls_session_t session,
146		gnutls_buffer_st *extdata)
147	0	{
148	0	unsigned i;
149	0	int total_size = 0, ret;
150	0	alpn_ext_st *priv;
151	0	gnutls_ext_priv_data_t epriv;
152
153	0	ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_ALPN,
154	0	&epriv);
155	0	if (ret < 0)
156	0	return 0;
157
158	0	priv = epriv;
159
160	0	if (priv->size == 0)
161	0	return 0;
162
163	0	if (session->security_parameters.entity == GNUTLS_SERVER) {
164	0	if (priv->selected_protocol_size == 0)
165	0	return 0;
166
167	0	ret = _gnutls_buffer_append_prefix(
168	0	extdata, 16, priv->selected_protocol_size + 1);
169	0	if (ret < 0)
170	0	return gnutls_assert_val(ret);
171
172	0	total_size += 2;
173
174	0	ret = _gnutls_buffer_append_data_prefix(
175	0	extdata, 8, priv->selected_protocol,
176	0	priv->selected_protocol_size);
177	0	if (ret < 0)
178	0	return gnutls_assert_val(ret);
179
180	0	total_size += 1 + priv->selected_protocol_size;
181	0	} else {
182	0	int t = 0;
183	0	for (i = 0; i < priv->size; i++)
184	0	t += priv->protocol_size[i] + 1;
185
186	0	ret = _gnutls_buffer_append_prefix(extdata, 16, t);
187	0	if (ret < 0)
188	0	return gnutls_assert_val(ret);
189
190	0	total_size += 2;
191
192	0	for (i = 0; i < priv->size; i++) {
193	0	ret = _gnutls_buffer_append_data_prefix(
194	0	extdata, 8, priv->protocols[i],
195	0	priv->protocol_size[i]);
196	0	if (ret < 0)
197	0	return gnutls_assert_val(ret);
198
199	0	total_size += 1 + priv->protocol_size[i];
200	0	}
201	0	}
202
203	0	return total_size;
204	0	}
205
206		/**
207		* gnutls_alpn_get_selected_protocol:
208		* @session: is a #gnutls_session_t type.
209		* @protocol: will hold the protocol name
210		*
211		* This function allows you to get the negotiated protocol name. The
212		* returned protocol should be treated as opaque, constant value and
213		* only valid during the session life.
214		*
215		* The selected protocol is the first supported by the list sent
216		* by the client.
217		*
218		* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
219		* otherwise a negative error code is returned.
220		*
221		* Since 3.2.0
222		**/
223		int gnutls_alpn_get_selected_protocol(gnutls_session_t session,
224		gnutls_datum_t *protocol)
225	0	{
226	0	alpn_ext_st *priv;
227	0	int ret;
228	0	gnutls_ext_priv_data_t epriv;
229
230	0	ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_ALPN,
231	0	&epriv);
232	0	if (ret < 0) {
233	0	gnutls_assert();
234	0	return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
235	0	}
236
237	0	priv = epriv;
238
239	0	if (priv->selected_protocol_size == 0)
240	0	return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
241
242	0	protocol->data = priv->selected_protocol;
243	0	protocol->size = priv->selected_protocol_size;
244
245	0	return 0;
246	0	}
247
248		/**
249		* gnutls_alpn_set_protocols:
250		* @session: is a #gnutls_session_t type.
251		* @protocols: is the protocol names to add.
252		* @protocols_size: the number of protocols to add.
253		* @flags: zero or a sequence of %gnutls_alpn_flags_t
254		*
255		* This function is to be used by both clients and servers, to declare
256		* the supported ALPN protocols, which are used during negotiation with peer.
257		*
258		* See %gnutls_alpn_flags_t description for the documentation of available
259		* flags.
260		*
261		* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
262		* otherwise a negative error code is returned.
263		*
264		* Since 3.2.0
265		**/
266		int gnutls_alpn_set_protocols(gnutls_session_t session,
267		const gnutls_datum_t *protocols,
268		unsigned protocols_size, unsigned int flags)
269	0	{
270	0	int ret;
271	0	alpn_ext_st *priv;
272	0	gnutls_ext_priv_data_t epriv;
273	0	unsigned i;
274
275	0	ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_ALPN,
276	0	&epriv);
277	0	if (ret < 0) {
278	0	priv = gnutls_calloc(1, sizeof(*priv));
279	0	if (priv == NULL) {
280	0	gnutls_assert();
281	0	return GNUTLS_E_MEMORY_ERROR;
282	0	}
283	0	epriv = priv;
284	0	_gnutls_hello_ext_set_priv(session, GNUTLS_EXTENSION_ALPN,
285	0	epriv);
286	0	} else
287	0	priv = epriv;
288
289	0	if (protocols_size > MAX_ALPN_PROTOCOLS)
290	0	return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
291
292	0	for (i = 0; i < protocols_size; i++) {
293	0	if (protocols[i].size >= MAX_ALPN_PROTOCOL_NAME)
294	0	return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
295
296	0	memcpy(priv->protocols[i], protocols[i].data,
297	0	protocols[i].size);
298	0	priv->protocol_size[i] = protocols[i].size;
299	0	priv->size++;
300	0	}
301	0	priv->flags = flags;
302
303	0	return 0;
304	0	}
305
306		static void _gnutls_alpn_deinit_data(gnutls_ext_priv_data_t priv)
307	0	{
308	0	gnutls_free(priv);
309	0	}