rpms / gnutls

Clone
Source Code
GIT

Blame SOURCES/gnutls-3.7.7-aes-cbc-padding-support.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c9-beta
  2.   SOURCES
  3.   gnutls-3.7.7-aes-cbc-padding-support.patch
Blob History Raw
a74aed 
diff --color -ruNp a/doc/Makefile.am b/doc/Makefile.am
a74aed 
--- a/doc/Makefile.am	2022-11-15 14:14:10.632725399 +0100
a74aed 
+++ b/doc/Makefile.am	2022-11-15 14:14:40.252300863 +0100
a74aed 
@@ -575,6 +575,7 @@ ENUMS += enums/gnutls_certificate_verifi
a74aed 
 ENUMS += enums/gnutls_certificate_verify_flags
a74aed 
 ENUMS += enums/gnutls_channel_binding_t
a74aed 
 ENUMS += enums/gnutls_cipher_algorithm_t
a74aed 
+ENUMS += enums/gnutls_cipher_flags_t
a74aed 
 ENUMS += enums/gnutls_close_request_t
a74aed 
 ENUMS += enums/gnutls_compression_method_t
a74aed 
 ENUMS += enums/gnutls_credentials_type_t
a74aed 
@@ -882,12 +883,16 @@ FUNCS += functions/gnutls_cipher_decrypt
a74aed 
 FUNCS += functions/gnutls_cipher_decrypt.short
a74aed 
 FUNCS += functions/gnutls_cipher_decrypt2
a74aed 
 FUNCS += functions/gnutls_cipher_decrypt2.short
a74aed 
+FUNCS += functions/gnutls_cipher_decrypt3
a74aed 
+FUNCS += functions/gnutls_cipher_decrypt3.short
a74aed 
 FUNCS += functions/gnutls_cipher_deinit
a74aed 
 FUNCS += functions/gnutls_cipher_deinit.short
a74aed 
 FUNCS += functions/gnutls_cipher_encrypt
a74aed 
 FUNCS += functions/gnutls_cipher_encrypt.short
a74aed 
 FUNCS += functions/gnutls_cipher_encrypt2
a74aed 
 FUNCS += functions/gnutls_cipher_encrypt2.short
a74aed 
+FUNCS += functions/gnutls_cipher_encrypt3
a74aed 
+FUNCS += functions/gnutls_cipher_encrypt3.short
a74aed 
 FUNCS += functions/gnutls_cipher_get
a74aed 
 FUNCS += functions/gnutls_cipher_get.short
a74aed 
 FUNCS += functions/gnutls_cipher_get_block_size
a74aed 
diff --color -ruNp a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
a74aed 
--- a/doc/manpages/Makefile.am	2022-11-15 14:14:10.634725438 +0100
a74aed 
+++ b/doc/manpages/Makefile.am	2022-11-15 14:14:40.254300902 +0100
a74aed 
@@ -273,9 +273,11 @@ APIMANS += gnutls_check_version.3
a74aed 
 APIMANS += gnutls_cipher_add_auth.3
a74aed 
 APIMANS += gnutls_cipher_decrypt.3
a74aed 
 APIMANS += gnutls_cipher_decrypt2.3
a74aed 
+APIMANS += gnutls_cipher_decrypt3.3
a74aed 
 APIMANS += gnutls_cipher_deinit.3
a74aed 
 APIMANS += gnutls_cipher_encrypt.3
a74aed 
 APIMANS += gnutls_cipher_encrypt2.3
a74aed 
+APIMANS += gnutls_cipher_encrypt3.3
a74aed 
 APIMANS += gnutls_cipher_get.3
a74aed 
 APIMANS += gnutls_cipher_get_block_size.3
a74aed 
 APIMANS += gnutls_cipher_get_id.3
a74aed 
diff --color -ruNp a/lib/crypto-api.c b/lib/crypto-api.c
a74aed 
--- a/lib/crypto-api.c	2022-11-15 14:14:11.036733248 +0100
a74aed 
+++ b/lib/crypto-api.c	2022-11-15 14:14:40.255300921 +0100
a74aed 
@@ -413,6 +413,166 @@ gnutls_cipher_decrypt2(gnutls_cipher_hd_
a74aed 
 }
a74aed
a74aed 
 /**
a74aed 
+ * gnutls_cipher_encrypt3:
a74aed 
+ * @handle: is a #gnutls_cipher_hd_t type
a74aed 
+ * @ptext: the data to encrypt
a74aed 
+ * @ptext_len: the length of data to encrypt
a74aed 
+ * @ctext: the encrypted data
a74aed 
+ * @ctext_len: the length of encrypted data (initially must hold the maximum available size)
a74aed 
+ * @flags: flags for padding
a74aed 
+ *
a74aed 
+ * This function will encrypt the given data using the algorithm
a74aed 
+ * specified by the context. For block ciphers, @ptext_len is
a74aed 
+ * typically a multiple of the block size. If not, the caller can
a74aed 
+ * instruct the function to pad the last block according to @flags.
a74aed 
+ * Currently, the only available padding scheme is
a74aed 
+ * %GNUTLS_CIPHER_PADDING_PKCS7.
a74aed 
+ *
a74aed 
+ * If @ctext is not %NULL, it must hold enough space to store
a74aed 
+ * resulting cipher text. To check the required size, this function
a74aed 
+ * can be called with @ctext set to %NULL. Then @ctext_len will be
a74aed 
+ * updated without performing actual encryption.
a74aed 
+ *
a74aed 
+ * Returns: Zero or a negative error code on error.
a74aed 
+ *
a74aed 
+ * Since: 3.7.7
a74aed 
+ **/
a74aed 
+int
a74aed 
+gnutls_cipher_encrypt3(gnutls_cipher_hd_t handle,
a74aed 
+		       const void *ptext, size_t ptext_len,
a74aed 
+		       void *ctext, size_t *ctext_len,
a74aed 
+		       unsigned flags)
a74aed 
+{
a74aed 
+	api_cipher_hd_st *h = handle;
a74aed 
+	const cipher_entry_st *e = h->ctx_enc.e;
a74aed 
+	int block_size = _gnutls_cipher_get_block_size(e);
a74aed 
+	int ret = 0;
a74aed 
+
a74aed 
+	if (unlikely(ctext_len == NULL)) {
a74aed 
+		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
a74aed 
+	}
a74aed 
+
a74aed 
+	if (_gnutls_cipher_type(e) == CIPHER_BLOCK &&
a74aed 
+	    (flags & GNUTLS_CIPHER_PADDING_PKCS7)) {
a74aed 
+		size_t n, r;
a74aed 
+		uint8_t last_block[MAX_CIPHER_BLOCK_SIZE];
a74aed 
+		const uint8_t *p = ptext;
a74aed 
+		uint8_t *c = ctext;
a74aed 
+
a74aed 
+		if (!INT_ADD_OK(ptext_len, block_size, &n)) {
a74aed 
+			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
a74aed 
+		}
a74aed 
+
a74aed 
+		n = (n / block_size) * block_size;
a74aed 
+
a74aed 
+		if (!ctext) {
a74aed 
+			*ctext_len = n;
a74aed 
+			return 0;
a74aed 
+		}
a74aed 
+
a74aed 
+		if (*ctext_len < n) {
a74aed 
+			return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
a74aed 
+		}
a74aed 
+
a74aed 
+		/* Encrypt up to the last complete block */
a74aed 
+		r = ptext_len % block_size;
a74aed 
+
a74aed 
+		ret = _gnutls_cipher_encrypt2(&h->ctx_enc,
a74aed 
+					      ptext, ptext_len - r,
a74aed 
+					      ctext, ptext_len - r);
a74aed 
+		if (ret < 0) {
a74aed 
+			goto error;
a74aed 
+		}
a74aed 
+
a74aed 
+		/* Encrypt the last block with padding */
a74aed 
+		gnutls_memset(last_block, block_size - r, sizeof(last_block));
a74aed 
+		if (r > 0) {
a74aed 
+			memcpy(last_block, &p[ptext_len - r], r);
a74aed 
+		}
a74aed 
+		ret = _gnutls_cipher_encrypt2(&h->ctx_enc,
a74aed 
+					      last_block, block_size,
a74aed 
+					      &c[ptext_len - r], block_size);
a74aed 
+		if (ret < 0) {
a74aed 
+			goto error;
a74aed 
+		}
a74aed 
+		*ctext_len = n;
a74aed 
+	} else {
a74aed 
+		if (!ctext) {
a74aed 
+			*ctext_len = ptext_len;
a74aed 
+			return 0;
a74aed 
+		}
a74aed 
+
a74aed 
+		ret = _gnutls_cipher_encrypt2(&h->ctx_enc, ptext, ptext_len,
a74aed 
+					      ctext, *ctext_len);
a74aed 
+		if (ret < 0) {
a74aed 
+			goto error;
a74aed 
+		}
a74aed 
+		*ctext_len = ptext_len;
a74aed 
+	}
a74aed 
+
a74aed 
+ error:
a74aed 
+	if (ret < 0) {
a74aed 
+		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
a74aed 
+	} else {
a74aed 
+		_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_APPROVED);
a74aed 
+	}
a74aed 
+	return ret;
a74aed 
+}
a74aed 
+
a74aed 
+/**
a74aed 
+ * gnutls_cipher_decrypt3:
a74aed 
+ * @handle: is a #gnutls_cipher_hd_t type
a74aed 
+ * @ctext: the data to decrypt
a74aed 
+ * @ctext_len: the length of data to decrypt
a74aed 
+ * @ptext: the decrypted data
a74aed 
+ * @ptext_len: the available length for decrypted data
a74aed 
+ * @flags: flags for padding
a74aed 
+ *
a74aed 
+ * This function will decrypt the given data using the algorithm
a74aed 
+ * specified by the context. If @flags is specified, padding for the
a74aed 
+ * decrypted data will be removed accordingly and @ptext_len will be
a74aed 
+ * updated.
a74aed 
+ *
a74aed 
+ * Returns: Zero or a negative error code on error.
a74aed 
+ *
a74aed 
+ * Since: 3.7.7
a74aed 
+ **/
a74aed 
+int
a74aed 
+gnutls_cipher_decrypt3(gnutls_cipher_hd_t handle,
a74aed 
+		       const void *ctext, size_t ctext_len,
a74aed 
+		       void *ptext, size_t *ptext_len,
a74aed 
+		       unsigned flags)
a74aed 
+{
a74aed 
+	api_cipher_hd_st *h = handle;
a74aed 
+	int ret;
a74aed 
+
a74aed 
+	ret = gnutls_cipher_decrypt2(handle,
a74aed 
+				     ctext, ctext_len,
a74aed 
+				     ptext, *ptext_len);
a74aed 
+	if (ret < 0) {
a74aed 
+		return ret;
a74aed 
+	}
a74aed 
+
a74aed 
+	if (_gnutls_cipher_type(h->ctx_enc.e) == CIPHER_BLOCK &&
a74aed 
+	    (flags & GNUTLS_CIPHER_PADDING_PKCS7)) {
a74aed 
+		uint8_t *p = ptext;
a74aed 
+		uint8_t padding = p[*ptext_len - 1];
a74aed 
+		if (!padding || padding > _gnutls_cipher_get_block_size(h->ctx_enc.e)) {
a74aed 
+			return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
a74aed 
+		}
a74aed 
+		/* Check that the prior bytes are all PADDING */
a74aed 
+		for (size_t i = *ptext_len - padding; i < *ptext_len; i++) {
a74aed 
+			if (padding != p[*ptext_len - 1]) {
a74aed 
+				return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
a74aed 
+			}
a74aed 
+		}
a74aed 
+		*ptext_len -= padding;
a74aed 
+	}
a74aed 
+
a74aed 
+	return 0;
a74aed 
+}
a74aed 
+
a74aed 
+/**
a74aed 
  * gnutls_cipher_deinit:
a74aed 
  * @handle: is a #gnutls_cipher_hd_t type
a74aed 
  *
a74aed 
diff --color -ruNp a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
a74aed 
--- a/lib/includes/gnutls/crypto.h	2022-05-10 13:57:43.000000000 +0200
a74aed 
+++ b/lib/includes/gnutls/crypto.h	2022-11-15 14:14:40.256300941 +0100
a74aed 
@@ -49,6 +49,28 @@ int gnutls_cipher_encrypt2(gnutls_cipher
a74aed 
 			   const void *text, size_t textlen,
a74aed 
 			   void *ciphertext, size_t ciphertextlen);
a74aed
a74aed 
+/**
a74aed 
+ * gnutls_cipher_flags_t:
a74aed 
+ * @GNUTLS_CIPHER_PADDING_PKCS7: Flag to indicate PKCS#7 padding
a74aed 
+ *
a74aed 
+ * Enumeration of flags to control block cipher padding, used by
a74aed 
+ * gnutls_cipher_encrypt3() and gnutls_cipher_decrypt3().
a74aed 
+ *
a74aed 
+ * Since: 3.7.7
a74aed 
+ */
a74aed 
+typedef enum gnutls_cipher_flags_t {
a74aed 
+	GNUTLS_CIPHER_PADDING_PKCS7 = 1
a74aed 
+} gnutls_cipher_flags_t;
a74aed 
+
a74aed 
+int gnutls_cipher_encrypt3(gnutls_cipher_hd_t handle,
a74aed 
+			   const void *ptext, size_t ptext_len,
a74aed 
+			   void *ctext, size_t *ctext_len,
a74aed 
+			   unsigned flags);
a74aed 
+int gnutls_cipher_decrypt3(gnutls_cipher_hd_t handle,
a74aed 
+			   const void *ctext, size_t ctext_len,
a74aed 
+			   void *ptext, size_t *ptext_len,
a74aed 
+			   unsigned flags);
a74aed 
+
a74aed 
 void gnutls_cipher_set_iv(gnutls_cipher_hd_t handle, void *iv,
a74aed 
 			  size_t ivlen);
a74aed
a74aed 
diff --color -ruNp a/lib/libgnutls.map b/lib/libgnutls.map
a74aed 
--- a/lib/libgnutls.map	2022-11-15 14:14:11.142735308 +0100
a74aed 
+++ b/lib/libgnutls.map	2022-11-15 14:14:40.256300941 +0100
a74aed 
@@ -1403,6 +1403,8 @@ GNUTLS_3_7_7
a74aed 
 {
a74aed 
  global:
a74aed 
 	gnutls_fips140_run_self_tests;
a74aed 
+	gnutls_cipher_encrypt3;
a74aed 
+	gnutls_cipher_decrypt3;
a74aed 
  local:
a74aed 
 	*;
a74aed 
 } GNUTLS_3_7_5;
a74aed 
diff --color -ruNp a/tests/cipher-padding.c b/tests/cipher-padding.c
a74aed 
--- a/tests/cipher-padding.c	1970-01-01 01:00:00.000000000 +0100
a74aed 
+++ b/tests/cipher-padding.c	2022-11-15 14:14:40.258300980 +0100
a74aed 
@@ -0,0 +1,160 @@
a74aed 
+/*
a74aed 
+ * Copyright (C) 2022 Red Hat, Inc.
a74aed 
+ *
a74aed 
+ * Author: Daiki Ueno
a74aed 
+ *
a74aed 
+ * This file is part of GnuTLS.
a74aed 
+ *
a74aed 
+ * The GnuTLS is free software; you can redistribute it and/or
a74aed 
+ * modify it under the terms of the GNU Lesser General Public License
a74aed 
+ * as published by the Free Software Foundation; either version 2.1 of
a74aed 
+ * the License, or (at your option) any later version.
a74aed 
+ *
a74aed 
+ * This library is distributed in the hope that it will be useful, but
a74aed 
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
a74aed 
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
a74aed 
+ * Lesser General Public License for more details.
a74aed 
+ *
a74aed 
+ * You should have received a copy of the GNU Lesser General Public License
a74aed 
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>
a74aed 
+ *
a74aed 
+ */
a74aed 
+
a74aed 
+#include <config.h>
a74aed 
+
a74aed 
+#include <gnutls/crypto.h>
a74aed 
+#include <limits.h>
a74aed 
+#include <stdint.h>
a74aed 
+#include <stdio.h>
a74aed 
+#include "utils.h"
a74aed 
+
a74aed 
+static void tls_log_func(int level, const char *str)
a74aed 
+{
a74aed 
+	fprintf(stderr, "<%d>| %s", level, str);
a74aed 
+}
a74aed 
+
a74aed 
+#define CLAMP(x, b) (((x) + (b)) / (b)) * (b)
a74aed 
+
a74aed 
+static void
a74aed 
+start(gnutls_cipher_algorithm_t algo, size_t plaintext_size, unsigned int flags)
a74aed 
+{
a74aed 
+	int ret;
a74aed 
+	gnutls_cipher_hd_t ch;
a74aed 
+	uint8_t key16[64];
a74aed 
+	uint8_t iv16[32];
a74aed 
+	uint8_t plaintext[128];
a74aed 
+	uint8_t ciphertext[128];
a74aed 
+	size_t block_size;
a74aed 
+	size_t size;
a74aed 
+	gnutls_datum_t key, iv;
a74aed 
+
a74aed 
+	success("%s %zu %u\n",
a74aed 
+		gnutls_cipher_get_name(algo), plaintext_size, flags);
a74aed 
+
a74aed 
+	block_size = gnutls_cipher_get_block_size(algo);
a74aed 
+
a74aed 
+	key.data = key16;
a74aed 
+	key.size = gnutls_cipher_get_key_size(algo);
a74aed 
+	assert(key.size <= sizeof(key16));
a74aed 
+
a74aed 
+	iv.data = iv16;
a74aed 
+	iv.size = gnutls_cipher_get_iv_size(algo);
a74aed 
+	assert(iv.size <= sizeof(iv16));
a74aed 
+
a74aed 
+	memset(iv.data, 0xff, iv.size);
a74aed 
+	memset(key.data, 0xfe, key.size);
a74aed 
+	memset(plaintext, 0xfa, sizeof(plaintext));
a74aed 
+
a74aed 
+	ret = gnutls_cipher_init(&ch, algo, &key, &iv;;
a74aed 
+	if (ret < 0) {
a74aed 
+		fail("gnutls_cipher_init failed\n");
a74aed 
+	}
a74aed 
+
a74aed 
+	/* Check overflow if PKCS#7 is requested */
a74aed 
+	if (flags & GNUTLS_CIPHER_PADDING_PKCS7) {
a74aed 
+		ret = gnutls_cipher_encrypt3(ch,
a74aed 
+					     plaintext, SIZE_MAX,
a74aed 
+					     NULL, &size,
a74aed 
+					     flags);
a74aed 
+		if (ret != GNUTLS_E_INVALID_REQUEST) {
a74aed 
+			fail("gnutls_cipher_encrypt3 succeeded\n");
a74aed 
+		}
a74aed 
+	}
a74aed 
+
a74aed 
+	/* Get the ciphertext size */
a74aed 
+	ret = gnutls_cipher_encrypt3(ch,
a74aed 
+				     plaintext, plaintext_size,
a74aed 
+				     NULL, &size,
a74aed 
+				     flags);
a74aed 
+	if (ret < 0) {
a74aed 
+		fail("gnutls_cipher_encrypt3 failed\n");
a74aed 
+	}
a74aed 
+
a74aed 
+	if (flags & GNUTLS_CIPHER_PADDING_PKCS7) {
a74aed 
+		if (size <= plaintext_size) {
a74aed 
+			fail("no padding appended\n");
a74aed 
+		}
a74aed 
+		if (size != CLAMP(plaintext_size, block_size)) {
a74aed 
+			fail("size does not match: %zu (expected %zu)\n",
a74aed 
+			     size, CLAMP(plaintext_size, block_size));
a74aed 
+		}
a74aed 
+	} else {
a74aed 
+		if (size != plaintext_size) {
a74aed 
+			fail("size does not match: %zu (expected %zu)\n",
a74aed 
+			     size, plaintext_size);
a74aed 
+		}
a74aed 
+	}
a74aed 
+
a74aed 
+	/* Encrypt with padding */
a74aed 
+	ret = gnutls_cipher_encrypt3(ch,
a74aed 
+				     plaintext, plaintext_size,
a74aed 
+				     ciphertext, &size,
a74aed 
+				     flags);
a74aed 
+	if (ret < 0) {
a74aed 
+		fail("gnutls_cipher_encrypt3 failed\n");
a74aed 
+	}
a74aed 
+
a74aed 
+	/* Decrypt with padding */
a74aed 
+	ret = gnutls_cipher_decrypt3(ch,
a74aed 
+				     ciphertext, size,
a74aed 
+				     ciphertext, &size,
a74aed 
+				     flags);
a74aed 
+	if (ret < 0) {
a74aed 
+		fail("gnutls_cipher_encrypt3 failed\n");
a74aed 
+	}
a74aed 
+
a74aed 
+	if (size != plaintext_size) {
a74aed 
+		fail("size does not match: %zu (expected %zu)\n",
a74aed 
+		     size, plaintext_size);
a74aed 
+	}
a74aed 
+
a74aed 
+	if (memcmp(ciphertext, plaintext, size) != 0) {
a74aed 
+		fail("plaintext does not match\n");
a74aed 
+	}
a74aed 
+
a74aed 
+	gnutls_cipher_deinit(ch);
a74aed 
+}
a74aed 
+
a74aed 
+void doit(void) {
a74aed 
+	int ret;
a74aed 
+
a74aed 
+	gnutls_global_set_log_function(tls_log_func);
a74aed 
+	if (debug) {
a74aed 
+		gnutls_global_set_log_level(4711);
a74aed 
+	}
a74aed 
+
a74aed 
+	ret = global_init();
a74aed 
+	if (ret < 0) {
a74aed 
+		fail("Cannot initialize library\n");
a74aed 
+	}
a74aed 
+
a74aed 
+	start(GNUTLS_CIPHER_AES_128_CBC, 0, GNUTLS_CIPHER_PADDING_PKCS7);
a74aed 
+	start(GNUTLS_CIPHER_AES_128_CBC, 11, GNUTLS_CIPHER_PADDING_PKCS7);
a74aed 
+	start(GNUTLS_CIPHER_AES_128_CBC, 77, GNUTLS_CIPHER_PADDING_PKCS7);
a74aed 
+	start(GNUTLS_CIPHER_AES_128_CBC, 80, GNUTLS_CIPHER_PADDING_PKCS7);
a74aed 
+
a74aed 
+	start(GNUTLS_CIPHER_AES_128_CBC, 0, 0);
a74aed 
+	start(GNUTLS_CIPHER_AES_128_CBC, 80, 0);
a74aed 
+
a74aed 
+	gnutls_global_deinit();
a74aed 
+}
a74aed 
diff --color -ruNp a/tests/Makefile.am b/tests/Makefile.am
a74aed 
--- a/tests/Makefile.am	2022-11-15 14:14:11.144735347 +0100
a74aed 
+++ b/tests/Makefile.am	2022-11-15 14:14:40.257300960 +0100
a74aed 
@@ -233,7 +233,7 @@ ctests += mini-record-2 simple gnutls_hm
a74aed 
 	 tls13-without-timeout-func buffer status-request-revoked \
a74aed 
 	 set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \
a74aed 
 	 x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name \
a74aed 
-	 x509-upnconstraint xts-key-check pkcs7-verify-double-free \
a74aed 
+	 x509-upnconstraint cipher-padding xts-key-check pkcs7-verify-double-free \
a74aed 
 	 fips-rsa-sizes tls12-rehandshake-ticket
a74aed
a74aed 
 ctests += tls-channel-binding

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation