handshake: added parsing of encrypted extensions

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

4 files changed, 94 insertions, 14 deletions

diff --git a/lib/Makefile.am b/lib/Makefile.am
index c75177774d..35633138ea 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -87,6 +87,7 @@ else
 COBJECTS += system/keys-dummy.c
 endif
 
+COBJECTS += tls13/encrypted_extensions.c tls13/encrypted_extensions.h
 
 if ENABLE_PKCS11
 COBJECTS += pkcs11.c pkcs11x.c pkcs11_privkey.c pkcs11_write.c pkcs11_secret.c \
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c
index 4307b5dc29..5950c06d96 100644
--- a/lib/handshake-tls13.c
+++ b/lib/handshake-tls13.c
@@ -47,6 +47,9 @@
 #include <random.h>
 #include <dtls.h>
 #include "secrets.h"
+#include "tls13/encrypted_extensions.h"
+
+static int generate_hs_traffic_keys(gnutls_session_t session);
 
 /*
  * _gnutls13_handshake_client
@@ -58,49 +61,55 @@ int _gnutls13_handshake_client(gnutls_session_t session)
 
 	switch (STATE) {
 	case STATE100:
-		abort();
+		ret =
+		    generate_hs_traffic_keys(session);
 		STATE = STATE100;
-		IMED_RET("recv encrypted extensions", ret, 0);
+		IMED_RET("generate session keys", ret, 0);
 		/* fall through */
 	case STATE101:
-		abort();
+		ret = _gnutls13_recv_encrypted_extensions(session);
 		STATE = STATE101;
-		IMED_RET("recv certificate request", ret, 0);
+		IMED_RET("recv encrypted extensions", ret, 0);
 		/* fall through */
 	case STATE102:
 		abort();
 		STATE = STATE102;
-		IMED_RET("recv certificate", ret, 0);
+		IMED_RET("recv certificate request", ret, 0);
 		/* fall through */
 	case STATE103:
 		abort();
 		STATE = STATE103;
-		IMED_RET("recv server certificate verify", ret, 0);
+		IMED_RET("recv certificate", ret, 0);
 		/* fall through */
 	case STATE104:
+		abort();
+		STATE = STATE104;
+		IMED_RET("recv server certificate verify", ret, 0);
+		/* fall through */
+	case STATE105:
 		ret = _gnutls_run_verify_callback(session, GNUTLS_CLIENT);
-		STATE = STATE102;
+		STATE = STATE105;
 		if (ret < 0)
 			return gnutls_assert_val(ret);
 		FALLTHROUGH;
-	case STATE105:
-		abort();
-		STATE = STATE105;
-		IMED_RET("recv finished", ret, 0);
-		/* fall through */
 	case STATE106:
 		abort();
 		STATE = STATE106;
-		IMED_RET("send certificate", ret, 0);
+		IMED_RET("recv finished", ret, 0);
 		/* fall through */
 	case STATE107:
 		abort();
 		STATE = STATE107;
-		IMED_RET("send certificate verify", ret, 0);
+		IMED_RET("send certificate", ret, 0);
 		/* fall through */
 	case STATE108:
 		abort();
 		STATE = STATE108;
+		IMED_RET("send certificate verify", ret, 0);
+		/* fall through */
+	case STATE109:
+		abort();
+		STATE = STATE109;
 		IMED_RET("send finished", ret, 0);
 
 		STATE = STATE0;
diff --git a/lib/tls13/encrypted_extensions.c b/lib/tls13/encrypted_extensions.c
new file mode 100644
index 0000000000..05673f8e85
--- /dev/null
+++ b/lib/tls13/encrypted_extensions.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2017 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#include "gnutls_int.h"
+#include "errors.h"
+#include "hello_ext.h"
+#include "handshake.h"
+#include "tls13/encrypted_extensions.h"
+
+int _gnutls13_recv_encrypted_extensions(gnutls_session_t session)
+{
+	int ret;
+	gnutls_buffer_st buf;
+
+	ret = _gnutls_recv_handshake(session, GNUTLS_HANDSHAKE_ENCRYPTED_EXTENSIONS, 0, &buf);
+	if (ret < 0)
+		return gnutls_assert_val(ret);
+
+	_gnutls_handshake_log("HSK[%p]: parsing encrypted extensions\n", session);
+	ret = _gnutls_parse_hello_extensions(session, GNUTLS_EXT_FLAG_EE, GNUTLS_EXT_ANY,
+					     buf.data, buf.length);
+	_gnutls_buffer_clear(&buf);
+
+	if (ret < 0)
+		return gnutls_assert_val(ret);
+
+	return 0;
+}
diff --git a/lib/tls13/encrypted_extensions.h b/lib/tls13/encrypted_extensions.h
new file mode 100644
index 0000000000..3add0611a0
--- /dev/null
+++ b/lib/tls13/encrypted_extensions.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright (C) 2017 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+int _gnutls13_recv_encrypted_extensions(gnutls_session_t session);