diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-15 13:54:25 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-11-14 15:00:32 +0100 |
commit | 0bbdca1f3ede4dfee22229b34bbc4c2c0ebbef64 (patch) | |
tree | 8dfad530347cda64268eaf0adfcf05fd75545543 | |
parent | 9e6a5d9396a4e31a464ddaab3bdcba636e61c4f1 (diff) | |
download | gnutls-0bbdca1f3ede4dfee22229b34bbc4c2c0ebbef64.tar.gz |
handshake: parse new session ticket message
That does not include extension handling.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/Makefile.am | 1 | ||||
-rw-r--r-- | lib/handshake-tls13.c | 41 | ||||
-rw-r--r-- | lib/handshake.h | 3 | ||||
-rw-r--r-- | lib/record.c | 17 | ||||
-rw-r--r-- | lib/tls13/session_ticket.c | 83 | ||||
-rw-r--r-- | lib/tls13/session_ticket.h | 23 |
6 files changed, 168 insertions, 0 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index 0c5d987194..808e1bd350 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -92,6 +92,7 @@ COBJECTS += tls13/encrypted_extensions.c tls13/encrypted_extensions.h \ tls13/certificate_verify.c tls13/certificate_verify.h \ tls13-sig.c tls13-sig.h \ tls13/finished.c tls13/finished.h \ + tls13/session_ticket.c tls13/session_ticket.h \ tls13/certificate.c tls13/certificate.h if ENABLE_PKCS11 diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c index 456442e3e9..4cce3d631d 100644 --- a/lib/handshake-tls13.c +++ b/lib/handshake-tls13.c @@ -52,6 +52,7 @@ #include "tls13/certificate_verify.h" #include "tls13/certificate.h" #include "tls13/finished.h" +#include "tls13/session_ticket.h" static int generate_hs_traffic_keys(gnutls_session_t session); static int generate_ap_traffic_keys(gnutls_session_t session); @@ -256,3 +257,43 @@ int _gnutls13_handshake_server(gnutls_session_t session) return 0; } +int +_gnutls13_recv_async_handshake(gnutls_session_t session, gnutls_buffer_st *buf) +{ + uint8_t type; + int ret; + size_t handshake_header_size = HANDSHAKE_HEADER_SIZE(session); + size_t length; + + if (buf->length < handshake_header_size) { + gnutls_assert(); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } + + if (session->security_parameters.entity == GNUTLS_CLIENT) { + ret = _gnutls_buffer_pop_prefix8(buf, &type, 0); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = _gnutls_buffer_pop_prefix24(buf, &length, 1); + if (ret < 0) + return gnutls_assert_val(ret); + + switch(type) { + case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: + ret = _gnutls13_recv_session_ticket(session, buf); + if (ret < 0) + return gnutls_assert_val(ret); + break; + default: + gnutls_assert(); + return GNUTLS_E_UNEXPECTED_PACKET; + } + + } else { + gnutls_assert(); + return GNUTLS_E_UNEXPECTED_PACKET; + } + + return 0; +} diff --git a/lib/handshake.h b/lib/handshake.h index 90d82b8e9c..0e63ee39b4 100644 --- a/lib/handshake.h +++ b/lib/handshake.h @@ -123,4 +123,7 @@ int _gnutls_send_finished(gnutls_session_t session, int again); int _gnutls13_handshake_client(gnutls_session_t session); int _gnutls13_handshake_server(gnutls_session_t session); +int +_gnutls13_recv_async_handshake(gnutls_session_t session, gnutls_buffer_st *buf); + #endif diff --git a/lib/record.c b/lib/record.c index 5be4ba3094..44585078f9 100644 --- a/lib/record.c +++ b/lib/record.c @@ -756,6 +756,7 @@ record_add_to_buffers(gnutls_session_t session, { int ret; + const version_entry_st *ver = get_version(session); if ((recv->type == type) && (type == GNUTLS_APPLICATION_DATA || @@ -912,6 +913,22 @@ record_add_to_buffers(gnutls_session_t session, } } + /* retrieve async handshake messages */ + if (ver->tls13_sem) { + gnutls_buffer_st buf; + + _gnutls_ro_buffer_from_datum(&buf, &bufel->msg); + ret = _gnutls13_recv_async_handshake(session, + &buf); + if (ret < 0) { + gnutls_assert(); + } else { + ret = GNUTLS_E_AGAIN; + } + + goto cleanup; + } + /* This is legal if HELLO_REQUEST is received - and we are a client. * If we are a server, a client may initiate a renegotiation at any time. */ diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c new file mode 100644 index 0000000000..3dbec9260f --- /dev/null +++ b/lib/tls13/session_ticket.c @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +#include "gnutls_int.h" +#include "errors.h" +#include "extv.h" +#include "handshake.h" +#include "tls13/session_ticket.h" +#include "auth/cert.h" + +static int parse_nst_extension(void *ctx, uint16_t tls_id, const uint8_t *data, int data_size); + +int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *buf) +{ + int ret; + size_t val; + gnutls_datum_t nonce; + gnutls_datum_t ticket; + + _gnutls_handshake_log("HSK[%p]: parsing session ticket message\n", session); + + /* ticket_lifetime */ + ret = _gnutls_buffer_pop_prefix32(buf, &val, 0); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + /* ticket_age_add */ + ret = _gnutls_buffer_pop_prefix32(buf, &val, 0); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_buffer_pop_datum_prefix8(buf, &nonce); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_buffer_pop_datum_prefix16(buf, &ticket); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_extv_parse(NULL, parse_nst_extension, buf->data, buf->length); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = 0; +cleanup: + + return ret; +} + +static int parse_nst_extension(void *ctx, uint16_t tls_id, const uint8_t *data, int data_size) +{ + /* ignore all extensions */ + return 0; +} diff --git a/lib/tls13/session_ticket.h b/lib/tls13/session_ticket.h new file mode 100644 index 0000000000..1c31589a26 --- /dev/null +++ b/lib/tls13/session_ticket.h @@ -0,0 +1,23 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *buf); |