From: Daiki Ueno Date: Tue, 11 Feb 2025 22:23:59 +0000 (+0900) Subject: pk: sprinkle SPKI over encryption functions X-Git-Tag: 3.8.11~24^2~3 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=f7a417cdad2e6df482f793ab745f01d39b788dda;p=thirdparty%2Fgnutls.git pk: sprinkle SPKI over encryption functions Similarly to signing, the encrypt/decrypt/decrypt2 functions defined in gnutls_crypto_pk_st now take SPKI as an additional parameter, so the encryption/decryption behavior can be overridden. Signed-off-by: Daiki Ueno --- diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index b5ecc092f8..4d181327ba 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -280,7 +280,7 @@ int _gnutls_gen_rsa_client_kx(gnutls_session_t session, gnutls_buffer_st *data) } ret = _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &session->key.key, - ¶ms); + ¶ms, ¶ms.spki); gnutls_pk_params_release(¶ms); diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c index 399fb4da14..9f97569c5b 100644 --- a/lib/auth/rsa_psk.c +++ b/lib/auth/rsa_psk.c @@ -178,7 +178,7 @@ static int _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, /* Encrypt premaster secret */ if ((ret = _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &premaster_secret, - ¶ms)) < 0) { + ¶ms, ¶ms.spki)) < 0) { gnutls_assert(); return ret; } diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h index 74e29a7cb9..24cbb60f77 100644 --- a/lib/crypto-backend.h +++ b/lib/crypto-backend.h @@ -386,13 +386,16 @@ typedef struct gnutls_crypto_pk { * parameters, depending on the operation */ int (*encrypt)(gnutls_pk_algorithm_t, gnutls_datum_t *ciphertext, const gnutls_datum_t *plaintext, - const gnutls_pk_params_st *pub); + const gnutls_pk_params_st *pub, + const gnutls_x509_spki_st *encrypt); int (*decrypt)(gnutls_pk_algorithm_t, gnutls_datum_t *plaintext, const gnutls_datum_t *ciphertext, - const gnutls_pk_params_st *priv); + const gnutls_pk_params_st *priv, + const gnutls_x509_spki_st *encrypt); int (*decrypt2)(gnutls_pk_algorithm_t, const gnutls_datum_t *ciphertext, unsigned char *plaintext, size_t paintext_size, - const gnutls_pk_params_st *priv); + const gnutls_pk_params_st *priv, + const gnutls_x509_spki_st *encrypt); int (*sign)(gnutls_pk_algorithm_t, gnutls_datum_t *signature, const gnutls_datum_t *data, const gnutls_pk_params_st *priv, const gnutls_x509_spki_st *sign); diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index b252ac5b25..e2eb6f43f5 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -1018,7 +1018,8 @@ static inline int _rsa_oaep_encrypt(gnutls_digest_algorithm_t dig, static int _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo, gnutls_datum_t *ciphertext, const gnutls_datum_t *plaintext, - const gnutls_pk_params_st *pk_params) + const gnutls_pk_params_st *pk_params, + const gnutls_x509_spki_st *encrypt_params) { int ret; bool not_approved = false; @@ -1094,10 +1095,10 @@ static int _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo, goto cleanup; } - ret = _rsa_oaep_encrypt(pk_params->spki.rsa_oaep_dig, &pub, + ret = _rsa_oaep_encrypt(encrypt_params->rsa_oaep_dig, &pub, NULL, random_func, - pk_params->spki.rsa_oaep_label.size, - pk_params->spki.rsa_oaep_label.data, + encrypt_params->rsa_oaep_label.size, + encrypt_params->rsa_oaep_label.data, plaintext->size, plaintext->data, buf); if (ret == 0 || HAVE_LIB_ERROR()) { ret = gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED); @@ -1192,7 +1193,8 @@ static inline int _rsa_oaep_decrypt(gnutls_digest_algorithm_t dig, static int _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo, gnutls_datum_t *plaintext, const gnutls_datum_t *ciphertext, - const gnutls_pk_params_st *pk_params) + const gnutls_pk_params_st *pk_params, + const gnutls_x509_spki_st *encrypt_params) { int ret; bool not_approved = false; @@ -1200,7 +1202,7 @@ static int _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo, FAIL_IF_LIB_ERROR; - if (algo == GNUTLS_PK_RSA && pk_params->spki.pk == GNUTLS_PK_RSA_OAEP) { + if (algo == GNUTLS_PK_RSA && encrypt_params->pk == GNUTLS_PK_RSA_OAEP) { algo = GNUTLS_PK_RSA_OAEP; } @@ -1285,10 +1287,10 @@ static int _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo, random_func = rnd_nonce_func_fallback; else random_func = rnd_nonce_func; - ret = _rsa_oaep_decrypt(pk_params->spki.rsa_oaep_dig, &pub, + ret = _rsa_oaep_decrypt(encrypt_params->rsa_oaep_dig, &pub, &priv, NULL, random_func, - pk_params->spki.rsa_oaep_label.size, - pk_params->spki.rsa_oaep_label.data, + encrypt_params->rsa_oaep_label.size, + encrypt_params->rsa_oaep_label.data, &length, buf, ciphertext->data); if (ret == 0 || HAVE_LIB_ERROR()) { @@ -1354,7 +1356,8 @@ static int _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo, const gnutls_datum_t *ciphertext, unsigned char *plaintext, size_t plaintext_size, - const gnutls_pk_params_st *pk_params) + const gnutls_pk_params_st *pk_params, + const gnutls_x509_spki_st *encrypt_params) { struct rsa_private_key priv; struct rsa_public_key pub; @@ -1370,7 +1373,7 @@ static int _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo, goto fail; } - if (pk_params->spki.pk == GNUTLS_PK_RSA_OAEP) { + if (encrypt_params->pk == GNUTLS_PK_RSA_OAEP) { algo = GNUTLS_PK_RSA_OAEP; } @@ -1407,10 +1410,10 @@ static int _wrap_nettle_pk_decrypt2(gnutls_pk_algorithm_t algo, ciphertext->data); break; case GNUTLS_PK_RSA_OAEP: - ret = _rsa_oaep_decrypt(pk_params->spki.rsa_oaep_dig, &pub, + ret = _rsa_oaep_decrypt(encrypt_params->rsa_oaep_dig, &pub, &priv, NULL, random_func, - pk_params->spki.rsa_oaep_label.size, - pk_params->spki.rsa_oaep_label.data, + encrypt_params->rsa_oaep_label.size, + encrypt_params->rsa_oaep_label.data, &plaintext_size, plaintext, ciphertext->data); break; @@ -3254,6 +3257,11 @@ static int pct_test(gnutls_pk_algorithm_t algo, ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR); goto cleanup; } + } else if (algo == GNUTLS_PK_RSA_OAEP) { + if (spki.rsa_oaep_dig == GNUTLS_DIG_UNKNOWN) + spki.rsa_oaep_dig = GNUTLS_DIG_SHA256; + ddata.data = (void *)const_data; + ddata.size = sizeof(const_data); } else { ddata.data = (void *)const_data; ddata.size = sizeof(const_data); @@ -3279,7 +3287,7 @@ static int pct_test(gnutls_pk_algorithm_t algo, } } - ret = _gnutls_pk_encrypt(algo, &sig, &ddata, params); + ret = _gnutls_pk_encrypt(algo, &sig, &ddata, params, &spki); if (ret < 0) { ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR); } @@ -3288,7 +3296,7 @@ static int pct_test(gnutls_pk_algorithm_t algo, ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR); } if (ret == 0 && - _gnutls_pk_decrypt(algo, &tmp, &sig, params) < 0) { + _gnutls_pk_decrypt(algo, &tmp, &sig, params, &spki) < 0) { ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR); } if (ret == 0 && diff --git a/lib/pk.h b/lib/pk.h index 6969b534de..246d6e0299 100644 --- a/lib/pk.h +++ b/lib/pk.h @@ -27,13 +27,18 @@ extern int crypto_pk_prio; -#define _gnutls_pk_encrypt(algo, ciphertext, plaintext, params) \ - _gnutls_pk_backend()->encrypt(algo, ciphertext, plaintext, params) -#define _gnutls_pk_decrypt(algo, ciphertext, plaintext, params) \ - _gnutls_pk_backend()->decrypt(algo, ciphertext, plaintext, params) -#define _gnutls_pk_decrypt2(algo, ciphertext, plaintext, size, params) \ +#define _gnutls_pk_encrypt(algo, ciphertext, plaintext, params, \ + encrypt_params) \ + _gnutls_pk_backend()->encrypt(algo, ciphertext, plaintext, params, \ + encrypt_params) +#define _gnutls_pk_decrypt(algo, ciphertext, plaintext, params, \ + encrypt_params) \ + _gnutls_pk_backend()->decrypt(algo, ciphertext, plaintext, params, \ + encrypt_params) +#define _gnutls_pk_decrypt2(algo, ciphertext, plaintext, size, params, \ + encrypt_params) \ _gnutls_pk_backend()->decrypt2(algo, ciphertext, plaintext, size, \ - params) + params, encrypt_params) #define _gnutls_pk_sign(algo, sig, data, params, sign_params) \ _gnutls_pk_backend()->sign(algo, sig, data, params, sign_params) #define _gnutls_pk_verify(algo, data, sig, params, sign_params) \ diff --git a/lib/pkcs11/p11_pk.c b/lib/pkcs11/p11_pk.c index 34a9cd24bc..8227998a2f 100644 --- a/lib/pkcs11/p11_pk.c +++ b/lib/pkcs11/p11_pk.c @@ -228,9 +228,9 @@ cleanup: } static bool init_rsa_oaep_param(CK_RSA_PKCS_OAEP_PARAMS *param, - const gnutls_pk_params_st *pk_params) + const gnutls_x509_spki_st *encrypt_params) { - switch (pk_params->spki.rsa_oaep_dig) { + switch (encrypt_params->rsa_oaep_dig) { case GNUTLS_DIG_SHA256: param->hashAlg = CKM_SHA256; param->mgf = CKG_MGF1_SHA256; @@ -247,8 +247,8 @@ static bool init_rsa_oaep_param(CK_RSA_PKCS_OAEP_PARAMS *param, return false; } param->source = CKZ_DATA_SPECIFIED; - param->pSourceData = pk_params->spki.rsa_oaep_label.data; - param->ulSourceDataLen = pk_params->spki.rsa_oaep_label.size; + param->pSourceData = encrypt_params->rsa_oaep_label.data; + param->ulSourceDataLen = encrypt_params->rsa_oaep_label.size; return true; } @@ -706,7 +706,8 @@ static int derive_ecdh_secret(CK_SESSION_HANDLE session, static int _wrap_p11_pk_encrypt(gnutls_pk_algorithm_t algo, gnutls_datum_t *ciphertext, const gnutls_datum_t *plaintext, - const gnutls_pk_params_st *pk_params) + const gnutls_pk_params_st *pk_params, + const gnutls_x509_spki_st *encrypt_params) { int ret = 0; CK_RV rv; @@ -742,7 +743,7 @@ static int _wrap_p11_pk_encrypt(gnutls_pk_algorithm_t algo, mech.pParameter = ¶m_rsa_oaep; mech.ulParameterLen = sizeof(param_rsa_oaep); - if (!init_rsa_oaep_param(¶m_rsa_oaep, pk_params)) { + if (!init_rsa_oaep_param(¶m_rsa_oaep, encrypt_params)) { ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); goto cleanup; } @@ -798,7 +799,8 @@ cleanup: static int _wrap_p11_pk_decrypt(gnutls_pk_algorithm_t algo, gnutls_datum_t *plaintext, const gnutls_datum_t *ciphertext, - const gnutls_pk_params_st *pk_params) + const gnutls_pk_params_st *pk_params, + const gnutls_x509_spki_st *encrypt_params) { int ret = 0; CK_RV rv; @@ -834,7 +836,7 @@ static int _wrap_p11_pk_decrypt(gnutls_pk_algorithm_t algo, mech.pParameter = ¶m_rsa_oaep; mech.ulParameterLen = sizeof(param_rsa_oaep); - if (!init_rsa_oaep_param(¶m_rsa_oaep, pk_params)) { + if (!init_rsa_oaep_param(¶m_rsa_oaep, encrypt_params)) { ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); goto cleanup; } @@ -890,7 +892,8 @@ static int _wrap_p11_pk_decrypt2(gnutls_pk_algorithm_t algo, const gnutls_datum_t *ciphertext, unsigned char *plaintext, size_t plaintext_size, - const gnutls_pk_params_st *pk_params) + const gnutls_pk_params_st *pk_params, + const gnutls_x509_spki_st *encrypt_params) { int ret = 0; uint32_t is_err; @@ -928,7 +931,7 @@ static int _wrap_p11_pk_decrypt2(gnutls_pk_algorithm_t algo, mech.pParameter = ¶m_rsa_oaep; mech.ulParameterLen = sizeof(param_rsa_oaep); - if (!init_rsa_oaep_param(¶m_rsa_oaep, pk_params)) { + if (!init_rsa_oaep_param(¶m_rsa_oaep, encrypt_params)) { ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); goto cleanup; } diff --git a/lib/privkey.c b/lib/privkey.c index 1757cbafdb..9f21528bc7 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -1590,7 +1590,8 @@ int gnutls_privkey_decrypt_data(gnutls_privkey_t key, unsigned int flags, switch (key->type) { case GNUTLS_PRIVKEY_X509: return _gnutls_pk_decrypt(key->pk_algorithm, plaintext, - ciphertext, &key->key.x509->params); + ciphertext, &key->key.x509->params, + &key->key.x509->params.spki); #ifdef ENABLE_PKCS11 case GNUTLS_PRIVKEY_PKCS11: return _gnutls_pkcs11_privkey_decrypt_data( @@ -1657,7 +1658,8 @@ int gnutls_privkey_decrypt_data2(gnutls_privkey_t key, unsigned int flags, case GNUTLS_PRIVKEY_X509: return _gnutls_pk_decrypt2(key->pk_algorithm, ciphertext, plaintext, plaintext_size, - &key->key.x509->params); + &key->key.x509->params, + &key->key.x509->params.spki); #ifdef ENABLE_PKCS11 case GNUTLS_PRIVKEY_PKCS11: return _gnutls_pkcs11_privkey_decrypt_data2(key->key.pkcs11, diff --git a/lib/pubkey.c b/lib/pubkey.c index 02a08b8163..73dd9e16b0 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -2336,7 +2336,7 @@ int gnutls_pubkey_encrypt_data(gnutls_pubkey_t key, unsigned int flags, } return _gnutls_pk_encrypt(key->params.algo, ciphertext, plaintext, - &key->params); + &key->params, &key->params.spki); } static int pubkey_supports_sig(gnutls_pubkey_t pubkey,