diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-14 10:35:58 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-02 08:26:32 +0200 |
commit | 05a70e1283a1755456f5bb6941b9b0c908a725f1 (patch) | |
tree | 1b24efd594517756f3fc593aa3276ef9683b7845 | |
parent | f9b6cfd536fc97a9fdf94e61649bffb682e78de1 (diff) | |
download | gnutls-05a70e1283a1755456f5bb6941b9b0c908a725f1.tar.gz |
security_parameters: ease access to group information by keeping pointer to it
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/algorithms.h | 9 | ||||
-rw-r--r-- | lib/algorithms/ciphersuites.c | 2 | ||||
-rw-r--r-- | lib/algorithms/kx.c | 4 | ||||
-rw-r--r-- | lib/auth/anon_ecdh.c | 4 | ||||
-rw-r--r-- | lib/auth/dhe_psk.c | 4 | ||||
-rw-r--r-- | lib/auth/ecdhe.c | 42 | ||||
-rw-r--r-- | lib/auth/ecdhe.h | 4 | ||||
-rw-r--r-- | lib/dh.c | 2 | ||||
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/session.c | 4 | ||||
-rw-r--r-- | lib/session_pack.c | 16 | ||||
-rw-r--r-- | lib/state.c | 4 | ||||
-rw-r--r-- | lib/state.h | 8 |
13 files changed, 54 insertions, 51 deletions
diff --git a/lib/algorithms.h b/lib/algorithms.h index ceb333ec2d..97404ec8c1 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -351,15 +351,6 @@ const gnutls_ecc_curve_entry_st const gnutls_group_entry_st *_gnutls_tls_id_to_group(unsigned num); const gnutls_group_entry_st * _gnutls_id_to_group(unsigned id); -inline static const gnutls_ecc_curve_entry_st - *_gnutls_group_get_curve_params(gnutls_group_t group) -{ - const gnutls_group_entry_st *e = _gnutls_id_to_group(group); - if (e) - return _gnutls_ecc_curve_get_params(e->curve); - return NULL; -} - gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve(gnutls_pk_algorithm_t pk, int bits); #define MAX_ECC_CURVE_SIZE 66 diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index ac7328a309..7de2d2bbaf 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -1404,7 +1404,7 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_NO_CIPHER_SUITES); } - group = _gnutls_id_to_group(_gnutls_session_group_get(session)); + group = get_group(session); if (session->internals.priorities->server_precedence == 0) { for (i = 0; i < peer_clist->size; i++) { diff --git a/lib/algorithms/kx.c b/lib/algorithms/kx.c index 9e004c5eb2..51f3f077a1 100644 --- a/lib/algorithms/kx.c +++ b/lib/algorithms/kx.c @@ -24,7 +24,7 @@ #include <algorithms.h> #include "errors.h" #include <x509/common.h> - +#include "state.h" extern mod_auth_st rsa_auth_struct; extern mod_auth_st dhe_rsa_auth_struct; @@ -254,7 +254,7 @@ bool _gnutls_kx_allows_false_start(gnutls_session_t session) if (ret != 0) { const gnutls_group_entry_st *e; - e = _gnutls_id_to_group(session->security_parameters.group); + e = get_group(session); #if defined(ENABLE_DHE) || defined(ENABLE_ANON) if (needs_dh != 0) { diff --git a/lib/auth/anon_ecdh.c b/lib/auth/anon_ecdh.c index 368fda1573..2872427eea 100644 --- a/lib/auth/anon_ecdh.c +++ b/lib/auth/anon_ecdh.c @@ -82,7 +82,7 @@ gen_anon_ecdh_server_kx(gnutls_session_t session, gnutls_buffer_st * data) ret = _gnutls_ecdh_common_print_server_kx(session, data, - _gnutls_session_group_get + get_group (session)); if (ret < 0) { gnutls_assert(); @@ -107,7 +107,7 @@ proc_anon_ecdh_client_kx(gnutls_session_t session, uint8_t * data, return _gnutls_proc_ecdh_common_client_kx(session, data, _data_size, - _gnutls_session_group_get + get_group (session), NULL); } diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c index 2edec8d91b..501451aff0 100644 --- a/lib/auth/dhe_psk.c +++ b/lib/auth/dhe_psk.c @@ -259,7 +259,7 @@ gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data) return gnutls_assert_val(ret); ret = _gnutls_ecdh_common_print_server_kx(session, data, - _gnutls_session_group_get + get_group (session)); if (ret < 0) gnutls_assert(); @@ -395,7 +395,7 @@ proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data, return gnutls_assert_val(ret); ret = _gnutls_proc_ecdh_common_client_kx(session, data, data_size, - _gnutls_session_group_get + get_group (session), &psk_key); _gnutls_free_key_datum(&psk_key); diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c index 6a54b00555..ae8c9f11fa 100644 --- a/lib/auth/ecdhe.c +++ b/lib/auth/ecdhe.c @@ -137,16 +137,19 @@ static int calc_ecdh_key(gnutls_session_t session, int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size, - gnutls_group_t group, + const struct gnutls_group_entry_st *group, gnutls_datum_t * psk_key) { ssize_t data_size = _data_size; int ret, i = 0; unsigned point_size; - const gnutls_ecc_curve_entry_st *ecurve = - _gnutls_group_get_curve_params((gnutls_ecc_curve_t)group); + const gnutls_ecc_curve_entry_st *ecurve; + + if (group == NULL) + return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); - if (group == 0 || ecurve == NULL) + ecurve = _gnutls_ecc_curve_get_params(group->curve); + if (ecurve == NULL) return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); DECR_LEN(data_size, 1); @@ -213,7 +216,7 @@ proc_ecdhe_client_kx(gnutls_session_t session, return _gnutls_proc_ecdh_common_client_kx(session, data, _data_size, - _gnutls_session_group_get + get_group (session), NULL); } @@ -231,11 +234,14 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, { int ret; gnutls_datum_t out; - gnutls_group_t group = _gnutls_session_group_get(session); - const gnutls_ecc_curve_entry_st *ecurve = - _gnutls_group_get_curve_params((gnutls_ecc_curve_t)group); + const gnutls_group_entry_st *group = get_group(session); + const gnutls_ecc_curve_entry_st *ecurve; int pk; + if (group == NULL) + return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); + + ecurve = _gnutls_ecc_curve_get_params(group->curve); if (ecurve == NULL) return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); @@ -243,7 +249,7 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, /* generate temporal key */ ret = - _gnutls_pk_generate_keys(pk, (gnutls_ecc_curve_t)group, + _gnutls_pk_generate_keys(pk, ecurve->id, &session->key.ecdh_params, 1); if (ret < 0) return gnutls_assert_val(ret); @@ -396,15 +402,13 @@ _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, * be inserted */ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, gnutls_buffer_st * data, - gnutls_group_t group) + const gnutls_group_entry_st *group) { uint8_t p; int ret; gnutls_datum_t out; - const gnutls_group_entry_st *e; - e = _gnutls_id_to_group(group); - if (e == NULL || e->curve == 0) + if (group == NULL || group->curve == 0) return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); /* just in case we are resuming a session */ @@ -421,21 +425,21 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, ret = _gnutls_buffer_append_prefix(data, 16, - e->tls_id); + group->tls_id); if (ret < 0) return gnutls_assert_val(ret); /* generate temporal key */ ret = - _gnutls_pk_generate_keys(e->pk, group, + _gnutls_pk_generate_keys(group->pk, group->curve, &session->key.ecdh_params, 1); if (ret < 0) return gnutls_assert_val(ret); - if (e->pk == GNUTLS_PK_EC) { + if (group->pk == GNUTLS_PK_EC) { ret = - _gnutls_ecc_ansi_x962_export(e->curve, + _gnutls_ecc_ansi_x962_export(group->curve, session->key.ecdh_params. params[ECC_X] /* x */ , session->key.ecdh_params. @@ -451,7 +455,7 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); - } else if (e->pk == GNUTLS_PK_ECDH_X25519) { + } else if (group->pk == GNUTLS_PK_ECDH_X25519) { ret = _gnutls_buffer_append_data_prefix(data, 8, session->key.ecdh_params.raw_pub.data, @@ -488,7 +492,7 @@ gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) ret = _gnutls_ecdh_common_print_server_kx(session, data, - _gnutls_session_group_get + get_group (session)); if (ret < 0) { gnutls_assert(); diff --git a/lib/auth/ecdhe.h b/lib/auth/ecdhe.h index 2917ea830b..4991bc3317 100644 --- a/lib/auth/ecdhe.h +++ b/lib/auth/ecdhe.h @@ -38,12 +38,12 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size, - gnutls_group_t group, + const struct gnutls_group_entry_st *group, gnutls_datum_t * psk_key); int _gnutls_ecdh_common_print_server_kx(gnutls_session_t, gnutls_buffer_st * data, - gnutls_group_t group); + const struct gnutls_group_entry_st *group); int _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, uint8_t * data, size_t _data_size); @@ -79,7 +79,7 @@ _gnutls_figure_dh_params(gnutls_session_t session, gnutls_dh_params_t dh_params, /* if client advertised RFC7919 */ if (session->internals.have_ffdhe) { for (i=0;i<session->internals.priorities->groups.size;i++) { - if (session->internals.priorities->groups.entry[i]->id == session->security_parameters.group) { + if (session->internals.priorities->groups.entry[i] == get_group(session)) { ret = _gnutls_mpi_init_scan_nz(&p, session->internals.priorities->groups.entry[i]->prime->data, session->internals.priorities->groups.entry[i]->prime->size); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 1fb8d94c73..2f3a2fbec2 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -591,7 +591,7 @@ typedef struct { /* holds the negotiated certificate type */ gnutls_certificate_type_t cert_type; - gnutls_group_t group; /* holds the EC curve / DH group */ + const gnutls_group_entry_st *grp; /* holds the EC curve / DH group */ /* Holds the signature algorithm used in this session - If any */ gnutls_sign_algorithm_t server_sign_algo; diff --git a/lib/session.c b/lib/session.c index b429cd0dd0..edbf548be5 100644 --- a/lib/session.c +++ b/lib/session.c @@ -281,12 +281,14 @@ char *gnutls_session_get_desc(gnutls_session_t session) unsigned mac_id; unsigned sign_algo; char *desc; + const struct gnutls_group_entry_st *group = get_group(session); if (session->internals.initial_negotiation_completed == 0) return NULL; kx = session->security_parameters.cs->kx_algorithm; - group_name = gnutls_group_get_name(_gnutls_session_group_get(session)); + if (group) + group_name = group->name; #if defined(ENABLE_DHE) || defined(ENABLE_ANON) if (group_name == NULL && _gnutls_kx_is_dhe(kx)) { dh_bits = gnutls_dh_get_prime_bits(session); diff --git a/lib/session_pack.c b/lib/session_pack.c index 5e0ef0e589..3bcff851d3 100644 --- a/lib/session_pack.c +++ b/lib/session_pack.c @@ -766,7 +766,12 @@ pack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) BUFFER_APPEND_NUM(ps, session->security_parameters. max_record_recv_size); - BUFFER_APPEND_NUM(ps, session->security_parameters.group); + + if (session->security_parameters.grp) { + BUFFER_APPEND_NUM(ps, session->security_parameters.grp->id); + } else { + BUFFER_APPEND_NUM(ps, 0); + } BUFFER_APPEND_NUM(ps, session->security_parameters.server_sign_algo); @@ -851,9 +856,10 @@ unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) session->internals.resumed_security_parameters. max_record_recv_size); - BUFFER_POP_NUM(ps, - session->internals.resumed_security_parameters. - group); + BUFFER_POP_NUM(ps, ret); + session->internals.resumed_security_parameters.grp = _gnutls_id_to_group(ret); + /* it can be null */ + BUFFER_POP_NUM(ps, session->internals.resumed_security_parameters. server_sign_algo); @@ -967,7 +973,7 @@ gnutls_session_set_premaster(gnutls_session_t session, unsigned int entity, session->internals.resumed_security_parameters.timestamp = gnutls_time(0); - session->internals.resumed_security_parameters.group = 0; + session->internals.resumed_security_parameters.grp = 0; session->internals.premaster_set = 1; diff --git a/lib/state.c b/lib/state.c index 99241ec471..d68ab15354 100644 --- a/lib/state.c +++ b/lib/state.c @@ -949,7 +949,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session) { const gnutls_group_entry_st *e; - e = _gnutls_id_to_group(_gnutls_session_group_get(session)); + e = get_group(session); if (e == NULL || e->curve == 0) return 0; return e->curve; @@ -971,7 +971,7 @@ gnutls_group_t gnutls_group_get(gnutls_session_t session) { const gnutls_group_entry_st *e; - e = _gnutls_id_to_group(_gnutls_session_group_get(session)); + e = get_group(session); if (e == NULL) return 0; return e->id; diff --git a/lib/state.h b/lib/state.h index 5fec7f64bb..253af0e17c 100644 --- a/lib/state.h +++ b/lib/state.h @@ -25,10 +25,10 @@ #include "gnutls_int.h" -inline static gnutls_ecc_curve_t -_gnutls_session_group_get(gnutls_session_t session) +inline static const gnutls_group_entry_st * +get_group(gnutls_session_t session) { - return session->security_parameters.group; + return session->security_parameters.grp; } int _gnutls_session_is_ecc(gnutls_session_t session); @@ -39,7 +39,7 @@ _gnutls_session_group_set(gnutls_session_t session, { _gnutls_handshake_log("HSK[%p]: Selected group %s (%d)\n", session, e->name, e->id); - session->security_parameters.group = e->id; + session->security_parameters.grp = e; } |