/src/gnutls/lib/extv.c

Source (jump to first uncovered line)
/*
 * Copyright (C) 2017-2018 Red Hat, Inc.
 *
 * Author: Nikos Mavrogiannopoulos
 *
 * This file is part of GnuTLS.
 *
 * The GnuTLS is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
 *
 */

#include "gnutls_int.h"
#include "hello_ext.h"
#include "errors.h"
#include "extv.h"

/* Iterates through all extensions found, and calls the cb()
 * function with their data */
int _gnutls_extv_parse(void *ctx, gnutls_ext_raw_process_func cb,
           const uint8_t *data, int data_size)
{
  int next, ret;
  int pos = 0;
  uint16_t tls_id;
  const uint8_t *sdata;
  uint16_t size;

  if (data_size == 0)
    return 0;

  DECR_LENGTH_RET(data_size, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
  next = _gnutls_read_uint16(data);
  pos += 2;

  DECR_LENGTH_RET(data_size, next, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);

  if (next == 0 &&
      data_size ==
        0) /* field is present, but has zero length? Ignore it. */
    return 0;
  else if (data_size > 0) /* forbid unaccounted data */
    return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);

  do {
    DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
    tls_id = _gnutls_read_uint16(&data[pos]);
    pos += 2;

    DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
    size = _gnutls_read_uint16(&data[pos]);
    pos += 2;

    DECR_LENGTH_RET(next, size,
        GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
    sdata = &data[pos];
    pos += size;

    ret = cb(ctx, tls_id, sdata, size);
    if (ret < 0)
      return gnutls_assert_val(ret);
  } while (next > 2);

  /* forbid leftovers */
  if (next > 0)
    return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);

  return 0;
}

#define HANDSHAKE_SESSION_ID_POS (34)
/**
 * gnutls_ext_raw_parse:
 * @ctx: a pointer to pass to callback function
 * @cb: callback function to process each extension found
 * @data: TLS extension data
 * @flags: should be zero or %GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO or %GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO
 *
 * This function iterates through the TLS extensions as passed in
 * @data, passing the individual extension data to callback. The
 * @data must conform to Extension extensions<0..2^16-1> format.
 *
 * If flags is %GNUTLS_EXT_RAW_TLS_FLAG_CLIENT_HELLO then this function
 * will parse the extension data from the position, as if the packet in
 * @data is a client hello (without record or handshake headers) -
 * as provided by gnutls_handshake_set_hook_function().
 *
 * The return value of the callback will be propagated.
 *
 * Returns: %GNUTLS_E_SUCCESS on success, or an error code. On unknown
 *   flags it returns %GNUTLS_E_INVALID_REQUEST.
 *
 * Since: 3.6.3
 **/
int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb,
       const gnutls_datum_t *data, unsigned int flags)
{
  if (flags & GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO) {
    size_t size = data->size;
    size_t len;
    uint8_t *p = data->data;

    DECR_LEN(size, HANDSHAKE_SESSION_ID_POS);

    if (p[0] != 0x03)
      return gnutls_assert_val(
        GNUTLS_E_UNSUPPORTED_VERSION_PACKET);

    p += HANDSHAKE_SESSION_ID_POS;

    /* skip session id */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    /* CipherSuites */
    DECR_LEN(size, 2);
    len = _gnutls_read_uint16(p);
    p += 2;
    DECR_LEN(size, len);
    p += len;

    /* legacy_compression_methods */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    if (size == 0)
      return gnutls_assert_val(
        GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);

    return _gnutls_extv_parse(ctx, cb, p, size);
  } else if (flags & GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO) {
    size_t size = data->size;
    size_t len;
    uint8_t *p = data->data;

    DECR_LEN(size, HANDSHAKE_SESSION_ID_POS);

    if (p[0] != 254)
      return gnutls_assert_val(
        GNUTLS_E_UNSUPPORTED_VERSION_PACKET);

    p += HANDSHAKE_SESSION_ID_POS;

    /* skip session id */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    /* skip cookie */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    /* CipherSuites */
    DECR_LEN(size, 2);
    len = _gnutls_read_uint16(p);
    p += 2;
    DECR_LEN(size, len);
    p += len;

    /* legacy_compression_methods */
    DECR_LEN(size, 1);
    len = p[0];
    p++;
    DECR_LEN(size, len);
    p += len;

    if (size == 0)
      return gnutls_assert_val(
        GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);

    return _gnutls_extv_parse(ctx, cb, p, size);
  }

  if (flags != 0)
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

  return _gnutls_extv_parse(ctx, cb, data->data, data->size);
}

/* Returns:
 *  * On success the number of bytes appended (always positive), or zero if not sent
 *  * On failure, a negative error code.
 */
int _gnutls_extv_append(gnutls_buffer_st *buf, uint16_t tls_id, void *ctx,
      int (*cb)(void *ctx, gnutls_buffer_st *buf))
{
  int size_pos, appended, ret;
  size_t size_prev;

  ret = _gnutls_buffer_append_prefix(buf, 16, tls_id);
  if (ret < 0)
    return gnutls_assert_val(ret);

  size_pos = buf->length;
  ret = _gnutls_buffer_append_prefix(buf, 16, 0);
  if (ret < 0)
    return gnutls_assert_val(ret);

  size_prev = buf->length;
  ret = cb(ctx, buf);
  if (ret < 0 && ret != GNUTLS_E_INT_RET_0) {
    return gnutls_assert_val(ret);
  }

  /* returning GNUTLS_E_INT_RET_0 means to send an empty
   * extension of this type.
   */
  appended = buf->length - size_prev;

  if (appended > 0 || ret == GNUTLS_E_INT_RET_0) {
    if (ret == GNUTLS_E_INT_RET_0)
      appended = 0;

    /* write the real size */
    _gnutls_write_uint16(appended, &buf->data[size_pos]);
  } else if (appended == 0) {
    buf->length -= 4; /* reset type and size */
    return 0;
  }

  return appended + 4;
}

Coverage Report

Created: 2025-03-18 06:55

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (C) 2017-2018 Red Hat, Inc.
3		*
4		* Author: Nikos Mavrogiannopoulos
5		*
6		* This file is part of GnuTLS.
7		*
8		* The GnuTLS is free software; you can redistribute it and/or
9		* modify it under the terms of the GNU Lesser General Public License
10		* as published by the Free Software Foundation; either version 2.1 of
11		* the License, or (at your option) any later version.
12		*
13		* This library is distributed in the hope that it will be useful, but
14		* WITHOUT ANY WARRANTY; without even the implied warranty of
15		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16		* Lesser General Public License for more details.
17		*
18		* You should have received a copy of the GNU Lesser General Public License
19		* along with this program. If not, see <https://www.gnu.org/licenses/>
20		*
21		*/
22
23		#include "gnutls_int.h"
24		#include "hello_ext.h"
25		#include "errors.h"
26		#include "extv.h"
27
28		/* Iterates through all extensions found, and calls the cb()
29		* function with their data */
30		int _gnutls_extv_parse(void *ctx, gnutls_ext_raw_process_func cb,
31		const uint8_t *data, int data_size)
32	0	{
33	0	int next, ret;
34	0	int pos = 0;
35	0	uint16_t tls_id;
36	0	const uint8_t *sdata;
37	0	uint16_t size;
38
39	0	if (data_size == 0)
40	0	return 0;
41
42	0	DECR_LENGTH_RET(data_size, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
43	0	next = _gnutls_read_uint16(data);
44	0	pos += 2;
45
46	0	DECR_LENGTH_RET(data_size, next, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
47
48	0	if (next == 0 &&
49	0	data_size ==
50	0	0) /* field is present, but has zero length? Ignore it. */
51	0	return 0;
52	0	else if (data_size > 0) /* forbid unaccounted data */
53	0	return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
54
55	0	do {
56	0	DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
57	0	tls_id = _gnutls_read_uint16(&data[pos]);
58	0	pos += 2;
59
60	0	DECR_LENGTH_RET(next, 2, GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
61	0	size = _gnutls_read_uint16(&data[pos]);
62	0	pos += 2;
63
64	0	DECR_LENGTH_RET(next, size,
65	0	GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
66	0	sdata = &data[pos];
67	0	pos += size;
68
69	0	ret = cb(ctx, tls_id, sdata, size);
70	0	if (ret < 0)
71	0	return gnutls_assert_val(ret);
72	0	} while (next > 2);
73
74		/* forbid leftovers */
75	0	if (next > 0)
76	0	return gnutls_assert_val(GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH);
77
78	0	return 0;
79	0	}
80
81	0	#define HANDSHAKE_SESSION_ID_POS (34)
82		/**
83		* gnutls_ext_raw_parse:
84		* @ctx: a pointer to pass to callback function
85		* @cb: callback function to process each extension found
86		* @data: TLS extension data
87		* @flags: should be zero or %GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO or %GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO
88		*
89		* This function iterates through the TLS extensions as passed in
90		* @data, passing the individual extension data to callback. The
91		* @data must conform to Extension extensions<0..2^16-1> format.
92		*
93		* If flags is %GNUTLS_EXT_RAW_TLS_FLAG_CLIENT_HELLO then this function
94		* will parse the extension data from the position, as if the packet in
95		* @data is a client hello (without record or handshake headers) -
96		* as provided by gnutls_handshake_set_hook_function().
97		*
98		* The return value of the callback will be propagated.
99		*
100		* Returns: %GNUTLS_E_SUCCESS on success, or an error code. On unknown
101		* flags it returns %GNUTLS_E_INVALID_REQUEST.
102		*
103		* Since: 3.6.3
104		**/
105		int gnutls_ext_raw_parse(void *ctx, gnutls_ext_raw_process_func cb,
106		const gnutls_datum_t *data, unsigned int flags)
107	0	{
108	0	if (flags & GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO) {
109	0	size_t size = data->size;
110	0	size_t len;
111	0	uint8_t *p = data->data;
112
113	0	DECR_LEN(size, HANDSHAKE_SESSION_ID_POS);
114
115	0	if (p[0] != 0x03)
116	0	return gnutls_assert_val(
117	0	GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
118
119	0	p += HANDSHAKE_SESSION_ID_POS;
120
121		/* skip session id */
122	0	DECR_LEN(size, 1);
123	0	len = p[0];
124	0	p++;
125	0	DECR_LEN(size, len);
126	0	p += len;
127
128		/* CipherSuites */
129	0	DECR_LEN(size, 2);
130	0	len = _gnutls_read_uint16(p);
131	0	p += 2;
132	0	DECR_LEN(size, len);
133	0	p += len;
134
135		/* legacy_compression_methods */
136	0	DECR_LEN(size, 1);
137	0	len = p[0];
138	0	p++;
139	0	DECR_LEN(size, len);
140	0	p += len;
141
142	0	if (size == 0)
143	0	return gnutls_assert_val(
144	0	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
145
146	0	return _gnutls_extv_parse(ctx, cb, p, size);
147	0	} else if (flags & GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO) {
148	0	size_t size = data->size;
149	0	size_t len;
150	0	uint8_t *p = data->data;
151
152	0	DECR_LEN(size, HANDSHAKE_SESSION_ID_POS);
153
154	0	if (p[0] != 254)
155	0	return gnutls_assert_val(
156	0	GNUTLS_E_UNSUPPORTED_VERSION_PACKET);
157
158	0	p += HANDSHAKE_SESSION_ID_POS;
159
160		/* skip session id */
161	0	DECR_LEN(size, 1);
162	0	len = p[0];
163	0	p++;
164	0	DECR_LEN(size, len);
165	0	p += len;
166
167		/* skip cookie */
168	0	DECR_LEN(size, 1);
169	0	len = p[0];
170	0	p++;
171	0	DECR_LEN(size, len);
172	0	p += len;
173
174		/* CipherSuites */
175	0	DECR_LEN(size, 2);
176	0	len = _gnutls_read_uint16(p);
177	0	p += 2;
178	0	DECR_LEN(size, len);
179	0	p += len;
180
181		/* legacy_compression_methods */
182	0	DECR_LEN(size, 1);
183	0	len = p[0];
184	0	p++;
185	0	DECR_LEN(size, len);
186	0	p += len;
187
188	0	if (size == 0)
189	0	return gnutls_assert_val(
190	0	GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
191
192	0	return _gnutls_extv_parse(ctx, cb, p, size);
193	0	}
194
195	0	if (flags != 0)
196	0	return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
197
198	0	return _gnutls_extv_parse(ctx, cb, data->data, data->size);
199	0	}
200
201		/* Returns:
202		* * On success the number of bytes appended (always positive), or zero if not sent
203		* * On failure, a negative error code.
204		*/
205		int _gnutls_extv_append(gnutls_buffer_st buf, uint16_t tls_id, void ctx,
206		int (cb)(void ctx, gnutls_buffer_st *buf))
207	0	{
208	0	int size_pos, appended, ret;
209	0	size_t size_prev;
210
211	0	ret = _gnutls_buffer_append_prefix(buf, 16, tls_id);
212	0	if (ret < 0)
213	0	return gnutls_assert_val(ret);
214
215	0	size_pos = buf->length;
216	0	ret = _gnutls_buffer_append_prefix(buf, 16, 0);
217	0	if (ret < 0)
218	0	return gnutls_assert_val(ret);
219
220	0	size_prev = buf->length;
221	0	ret = cb(ctx, buf);
222	0	if (ret < 0 && ret != GNUTLS_E_INT_RET_0) {
223	0	return gnutls_assert_val(ret);
224	0	}
225
226		/* returning GNUTLS_E_INT_RET_0 means to send an empty
227		* extension of this type.
228		*/
229	0	appended = buf->length - size_prev;
230
231	0	if (appended > 0 \|\| ret == GNUTLS_E_INT_RET_0) {
232	0	if (ret == GNUTLS_E_INT_RET_0)
233	0	appended = 0;
234
235		/* write the real size */
236	0	_gnutls_write_uint16(appended, &buf->data[size_pos]);
237	0	} else if (appended == 0) {
238	0	buf->length -= 4; /* reset type and size */
239	0	return 0;
240	0	}
241
242	0	return appended + 4;
243	0	}