fdo-mirrors/libfprint
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/libfprint/libfprint.git synced 2026-05-14 09:58:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

validity: Fix compiler warnings in TLS code

Browse source 
- Migrate from deprecated HMAC_* API to EVP_MAC (OpenSSL 3.x):
  tls_hmac_sign(), validity_tls_prf(), handle_priv_block()
- Remove unused ec_privkey_from_coords() function
- Remove unused x_le/y_le variables in handle_priv_block()
- Fix const discard in OSSL_PARAM_utf8_string() call
- Restore crt_hardcoded[] with G_GNUC_UNUSED (needed in Iter 6)
This commit is contained in:
Leonardo Francisco 2026-04-05 16:14:34 -04:00 committed by lewohart
parent 95fccfdac8
commit 3af922d69b
1 changed files with 61 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

130
libfprint/drivers/validity/validity_tls.c
View file

@ -28,7 +28,6 @@
#include <openssl/evp.h>
#include <openssl/ec.h>
#include <openssl/hmac.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/core_names.h>
@ -68,8 +67,10 @@ static const guint8 fw_pubkey_y[32] = {
0x6e, 0x0d, 0xc5, 0xbe, 0xb6, 0xf8, 0x38, 0xa8
};
/* Hardcoded CA certificate */
static const guint8 crt_hardcoded[] = {
/* Hardcoded CA certificate — used during device pairing (init_flash) and
* TLS flash persistence (make_tls_flash, block ID 5). Not needed for the
* normal TLS handshake; kept here for Iteration 6. */
static const guint8 crt_hardcoded[] G_GNUC_UNUSED = {
0x17, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@ -106,6 +107,8 @@ static const guint8 crt_hardcoded[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
/* ================================================================
* TLS PRF (P_SHA256) Standard TLS 1.2 PRF with HMAC-SHA256
* ================================================================ */
@ -122,28 +125,45 @@ validity_tls_prf (const guint8 *secret,
guint8 a[32]; /* A(i) */
guint8 p_hash[32]; /* P_hash iteration output */
gsize pos = 0;
unsigned int hmac_len;
size_t hmac_len;
EVP_MAC *mac = EVP_MAC_fetch (NULL, "HMAC", NULL);
OSSL_PARAM prf_params[] = {
OSSL_PARAM_construct_utf8_string ("digest", (char *) "SHA256", 0),
OSSL_PARAM_construct_end (),
};
/* A(1) = HMAC(secret, seed) */
HMAC (EVP_sha256 (), secret, secret_len, seed, seed_len, a, &hmac_len);
EVP_MAC_CTX *ctx = EVP_MAC_CTX_new (mac);
EVP_MAC_init (ctx, secret, secret_len, prf_params);
EVP_MAC_update (ctx, seed, seed_len);
EVP_MAC_final (ctx, a, &hmac_len, sizeof (a));
EVP_MAC_CTX_free (ctx);
for (guint i = 0; i < n; i++)
{
/* P_hash = HMAC(secret, A(i) || seed) */
g_autofree guint8 *concat = g_malloc (32 + seed_len);
memcpy (concat, a, 32);
memcpy (concat + 32, seed, seed_len);
HMAC (EVP_sha256 (), secret, secret_len, concat, 32 + seed_len,
p_hash, &hmac_len);
ctx = EVP_MAC_CTX_new (mac);
EVP_MAC_init (ctx, secret, secret_len, prf_params);
EVP_MAC_update (ctx, a, 32);
EVP_MAC_update (ctx, seed, seed_len);
EVP_MAC_final (ctx, p_hash, &hmac_len, sizeof (p_hash));
EVP_MAC_CTX_free (ctx);
gsize to_copy = MIN (32, output_len - pos);
memcpy (output + pos, p_hash, to_copy);
pos += to_copy;
/* A(i+1) = HMAC(secret, A(i)) */
HMAC (EVP_sha256 (), secret, secret_len, a, 32, a, &hmac_len);
ctx = EVP_MAC_CTX_new (mac);
EVP_MAC_init (ctx, secret, secret_len, prf_params);
EVP_MAC_update (ctx, a, 32);
EVP_MAC_final (ctx, a, &hmac_len, sizeof (a));
EVP_MAC_CTX_free (ctx);
}
EVP_MAC_free (mac);
OPENSSL_cleanse (a, sizeof (a));
OPENSSL_cleanse (p_hash, sizeof (p_hash));
}
@ -294,7 +314,7 @@ tls_hmac_sign (const guint8 *key, guint8 content_type,
guint8 *mac_out)
{
guint8 hdr[5];
unsigned int mac_len;
size_t mac_len;
hdr[0] = content_type;
hdr[1] = TLS_VERSION_MAJOR;
@ -302,13 +322,19 @@ tls_hmac_sign (const guint8 *key, guint8 content_type,
hdr[3] = (guint8) ((data_len >> 8) & 0xff);
hdr[4] = (guint8) (data_len & 0xff);
/* HMAC(key, hdr || data) */
HMAC_CTX *ctx = HMAC_CTX_new ();
HMAC_Init_ex (ctx, key, TLS_AES_KEY_SIZE, EVP_sha256 (), NULL);
HMAC_Update (ctx, hdr, sizeof (hdr));
HMAC_Update (ctx, data, data_len);
HMAC_Final (ctx, mac_out, &mac_len);
HMAC_CTX_free (ctx);
/* HMAC(key, hdr || data) using EVP_MAC API (OpenSSL 3.0+) */
EVP_MAC *mac = EVP_MAC_fetch (NULL, "HMAC", NULL);
EVP_MAC_CTX *ctx = EVP_MAC_CTX_new (mac);
OSSL_PARAM hmac_params[] = {
OSSL_PARAM_construct_utf8_string ("digest", (char *) "SHA256", 0),
OSSL_PARAM_construct_end (),
};
EVP_MAC_init (ctx, key, TLS_AES_KEY_SIZE, hmac_params);
EVP_MAC_update (ctx, hdr, sizeof (hdr));
EVP_MAC_update (ctx, data, data_len);
EVP_MAC_final (ctx, mac_out, &mac_len, TLS_HMAC_SIZE);
EVP_MAC_CTX_free (ctx);
EVP_MAC_free (mac);
}
static gboolean
@ -604,49 +630,6 @@ ec_pubkey_from_coords (const guint8 *x_le, const guint8 *y_le)
return pkey;
}
/* Helper: create EC private key from raw d,x,y coordinates (little-endian) */
static EVP_PKEY *
ec_privkey_from_coords (const guint8 *d_le, const guint8 *x_le,
const guint8 *y_le)
{
guint8 d_be[TLS_EC_COORD_SIZE];
guint8 x_be[TLS_EC_COORD_SIZE];
guint8 y_be[TLS_EC_COORD_SIZE];
for (gsize i = 0; i < TLS_EC_COORD_SIZE; i++)
{
d_be[i] = d_le[TLS_EC_COORD_SIZE - 1 - i];
x_be[i] = x_le[TLS_EC_COORD_SIZE - 1 - i];
y_be[i] = y_le[TLS_EC_COORD_SIZE - 1 - i];
}
/* Build uncompressed point: 0x04 || x || y */
guint8 pubpoint[1 + 2 * TLS_EC_COORD_SIZE];
pubpoint[0] = 0x04;
memcpy (pubpoint + 1, x_be, TLS_EC_COORD_SIZE);
memcpy (pubpoint + 1 + TLS_EC_COORD_SIZE, y_be, TLS_EC_COORD_SIZE);
EVP_PKEY *pkey = NULL;
OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new ();
OSSL_PARAM_BLD_push_utf8_string (bld, OSSL_PKEY_PARAM_GROUP_NAME,
"prime256v1", 0);
OSSL_PARAM_BLD_push_octet_string (bld, OSSL_PKEY_PARAM_PUB_KEY,
pubpoint, sizeof (pubpoint));
OSSL_PARAM_BLD_push_BN (bld, OSSL_PKEY_PARAM_PRIV_KEY,
BN_bin2bn (d_be, TLS_EC_COORD_SIZE, NULL));
OSSL_PARAM *params = OSSL_PARAM_BLD_to_param (bld);
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name (NULL, "EC", NULL);
EVP_PKEY_fromdata_init (ctx);
EVP_PKEY_fromdata (ctx, &pkey, EVP_PKEY_KEYPAIR, params);
EVP_PKEY_CTX_free (ctx);
OSSL_PARAM_free (params);
OSSL_PARAM_BLD_free (bld);
return pkey;
}
/* Handle private key block (ID 4) — decrypt with PSK */
static gboolean
handle_priv_block (ValidityTlsState *tls,
@ -683,10 +666,21 @@ handle_priv_block (ValidityTlsState *tls,
/* Verify HMAC with psk_validation_key */
guint8 computed_mac[TLS_HMAC_SIZE];
unsigned int mac_len;
HMAC (EVP_sha256 (),
tls->psk_validation_key, TLS_AES_KEY_SIZE,
ct, ct_len, computed_mac, &mac_len);
size_t hmac_out_len;
{
EVP_MAC *hmac_mac = EVP_MAC_fetch (NULL, "HMAC", NULL);
EVP_MAC_CTX *hmac_ctx = EVP_MAC_CTX_new (hmac_mac);
OSSL_PARAM hmac_params[] = {
OSSL_PARAM_construct_utf8_string ("digest", (char *) "SHA256", 0),
OSSL_PARAM_construct_end (),
};
EVP_MAC_init (hmac_ctx, tls->psk_validation_key, TLS_AES_KEY_SIZE,
hmac_params);
EVP_MAC_update (hmac_ctx, ct, ct_len);
EVP_MAC_final (hmac_ctx, computed_mac, &hmac_out_len, TLS_HMAC_SIZE);
EVP_MAC_CTX_free (hmac_ctx);
EVP_MAC_free (hmac_mac);
}
if (CRYPTO_memcmp (computed_mac, stored_mac, TLS_HMAC_SIZE) != 0)
{
@ -742,8 +736,6 @@ handle_priv_block (ValidityTlsState *tls,
return FALSE;
}
const guint8 *x_le = decrypted;
const guint8 *y_le = decrypted + TLS_EC_COORD_SIZE;
const guint8 *d_le = decrypted + 2 * TLS_EC_COORD_SIZE;
/* Use derive_private_key approach (ignoring x,y which may be zeros) */
@ -1245,7 +1237,7 @@ validity_tls_build_client_finish (ValidityTlsState *tls, gsize *out_len)
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name (NULL, "EC", NULL);
EVP_PKEY_keygen_init (pctx);
OSSL_PARAM gen_params[] = {
OSSL_PARAM_utf8_string (OSSL_PKEY_PARAM_GROUP_NAME, "prime256v1", 0),
OSSL_PARAM_utf8_string (OSSL_PKEY_PARAM_GROUP_NAME, (char *) "prime256v1", 0),
OSSL_PARAM_END,
};
EVP_PKEY_CTX_set_params (pctx, gen_params);