summaryrefslogtreecommitdiff
path: root/lib/ext_session_ticket.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ext_session_ticket.c')
-rw-r--r--lib/ext_session_ticket.c194
1 files changed, 109 insertions, 85 deletions
diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c
index 2e1abfb26c..29f63af198 100644
--- a/lib/ext_session_ticket.c
+++ b/lib/ext_session_ticket.c
@@ -46,24 +46,25 @@
#define MAC_SIZE 32
static int session_ticket_recv_params (gnutls_session_t session,
- const opaque * data,
- size_t data_size);
+ const opaque * data, size_t data_size);
static int session_ticket_send_params (gnutls_session_t session,
- opaque * data, size_t data_size);
-static int session_ticket_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv);
-static int session_ticket_pack(extension_priv_data_t _priv, gnutls_buffer_st* ps);
-static void session_ticket_deinit_data(extension_priv_data_t priv);
+ opaque * data, size_t data_size);
+static int session_ticket_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int session_ticket_pack (extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+static void session_ticket_deinit_data (extension_priv_data_t priv);
extension_entry_st ext_mod_session_ticket = {
- .name = "SESSION TICKET",
- .type = GNUTLS_EXTENSION_SESSION_TICKET,
- .parse_type = GNUTLS_EXT_TLS,
-
- .recv_func = session_ticket_recv_params,
- .send_func = session_ticket_send_params,
- .pack_func = session_ticket_pack,
- .unpack_func = session_ticket_unpack,
- .deinit_func = session_ticket_deinit_data,
+ .name = "SESSION TICKET",
+ .type = GNUTLS_EXTENSION_SESSION_TICKET,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = session_ticket_recv_params,
+ .send_func = session_ticket_send_params,
+ .pack_func = session_ticket_pack,
+ .unpack_func = session_ticket_unpack,
+ .deinit_func = session_ticket_deinit_data,
};
struct gnutls_session_ticket_key_st
@@ -73,15 +74,16 @@ struct gnutls_session_ticket_key_st
opaque mac_secret[SESSION_TICKET_MAC_SECRET_SIZE];
};
-typedef struct {
- int session_ticket_enable;
- int session_ticket_renew;
- opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
+typedef struct
+{
+ int session_ticket_enable;
+ int session_ticket_renew;
+ opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
- opaque* session_ticket;
- int session_ticket_len;
+ opaque *session_ticket;
+ int session_ticket_len;
- struct gnutls_session_ticket_key_st key;
+ struct gnutls_session_ticket_key_st key;
} session_ticket_ext_st;
struct ticket
@@ -120,7 +122,8 @@ digest_ticket (const gnutls_datum_t * key, struct ticket *ticket,
}
static int
-decrypt_ticket (gnutls_session_t session, session_ticket_ext_st* priv, struct ticket *ticket)
+decrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv,
+ struct ticket *ticket)
{
cipher_hd_st cipher_hd;
gnutls_datum_t key, IV, mac_secret, state;
@@ -189,7 +192,8 @@ decrypt_ticket (gnutls_session_t session, session_ticket_ext_st* priv, struct ti
}
static int
-encrypt_ticket (gnutls_session_t session, session_ticket_ext_st* priv, struct ticket *ticket)
+encrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv,
+ struct ticket *ticket)
{
cipher_hd_st cipher_hd;
gnutls_datum_t key, IV, mac_secret, state, encrypted_state;
@@ -263,14 +267,16 @@ encrypt_ticket (gnutls_session_t session, session_ticket_ext_st* priv, struct ti
static int
session_ticket_recv_params (gnutls_session_t session,
- const opaque * data, size_t _data_size)
+ const opaque * data, size_t _data_size)
{
ssize_t data_size = _data_size;
- session_ticket_ext_st* priv=NULL;
+ session_ticket_ext_st *priv = NULL;
extension_priv_data_t epriv;
int ret;
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
if (ret < 0)
{
return 0;
@@ -338,7 +344,7 @@ session_ticket_recv_params (gnutls_session_t session,
return 0;
}
}
- else /* Client */
+ else /* Client */
{
if (data_size == 0)
{
@@ -355,14 +361,16 @@ session_ticket_recv_params (gnutls_session_t session,
*/
static int
session_ticket_send_params (gnutls_session_t session,
- opaque * data, size_t _data_size)
+ opaque * data, size_t _data_size)
{
ssize_t data_size = _data_size;
- session_ticket_ext_st* priv=NULL;
+ session_ticket_ext_st *priv = NULL;
extension_priv_data_t epriv;
int ret;
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
if (ret >= 0)
priv = epriv.ptr;
@@ -378,13 +386,16 @@ session_ticket_send_params (gnutls_session_t session,
}
else
{
- ret = _gnutls_ext_get_resumed_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv);
+ ret =
+ _gnutls_ext_get_resumed_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
if (ret >= 0)
priv = epriv.ptr;
/* no previous data. Just advertize it */
if (ret < 0)
- return GNUTLS_E_INT_RET_0;
+ return GNUTLS_E_INT_RET_0;
/* previous data had session tickets disabled. Don't advertize. Ignore. */
if (!priv->session_ticket_enable)
@@ -392,7 +403,8 @@ session_ticket_send_params (gnutls_session_t session,
if (priv->session_ticket_len > 0)
{
- DECR_LENGTH_RET (data_size, priv->session_ticket_len, GNUTLS_E_SHORT_MEMORY_BUFFER);
+ DECR_LENGTH_RET (data_size, priv->session_ticket_len,
+ GNUTLS_E_SHORT_MEMORY_BUFFER);
memcpy (data, priv->session_ticket, priv->session_ticket_len);
return priv->session_ticket_len;
@@ -402,51 +414,54 @@ session_ticket_send_params (gnutls_session_t session,
}
-static void session_ticket_deinit_data(extension_priv_data_t epriv)
+static void
+session_ticket_deinit_data (extension_priv_data_t epriv)
{
-session_ticket_ext_st* priv = epriv.ptr;
+ session_ticket_ext_st *priv = epriv.ptr;
- gnutls_free(priv->session_ticket);
- gnutls_free(priv);
+ gnutls_free (priv->session_ticket);
+ gnutls_free (priv);
}
-static int session_ticket_pack(extension_priv_data_t epriv, gnutls_buffer_st* ps)
+static int
+session_ticket_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
{
-session_ticket_ext_st* priv = epriv.ptr;
-int ret;
+ session_ticket_ext_st *priv = epriv.ptr;
+ int ret;
- BUFFER_APPEND_PFX(ps, priv->session_ticket, priv->session_ticket_len);
- BUFFER_APPEND_NUM(ps, priv->session_ticket_enable);
+ BUFFER_APPEND_PFX (ps, priv->session_ticket, priv->session_ticket_len);
+ BUFFER_APPEND_NUM (ps, priv->session_ticket_enable);
return 0;
}
-static int session_ticket_unpack(gnutls_buffer_st* ps, extension_priv_data_t* _priv)
+static int
+session_ticket_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv)
{
-session_ticket_ext_st* priv=NULL;
-int ret;
-extension_priv_data_t epriv;
-gnutls_datum ticket;
+ session_ticket_ext_st *priv = NULL;
+ int ret;
+ extension_priv_data_t epriv;
+ gnutls_datum ticket;
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
-
- BUFFER_POP_DATUM(ps, &ticket);
+
+ BUFFER_POP_DATUM (ps, &ticket);
priv->session_ticket = ticket.data;
priv->session_ticket_len = ticket.size;
- BUFFER_POP_NUM(ps, priv->session_ticket_enable);
+ BUFFER_POP_NUM (ps, priv->session_ticket_enable);
epriv.ptr = priv;
*_priv = epriv;
-
+
return 0;
error:
- gnutls_free(priv);
+ gnutls_free (priv);
return ret;
}
@@ -504,7 +519,7 @@ gnutls_session_ticket_key_generate (gnutls_datum_t * key)
int
gnutls_session_ticket_enable_client (gnutls_session_t session)
{
- session_ticket_ext_st* priv=NULL;
+ session_ticket_ext_st *priv = NULL;
extension_priv_data_t epriv;
if (!session)
@@ -513,18 +528,18 @@ gnutls_session_ticket_enable_client (gnutls_session_t session)
return GNUTLS_E_INVALID_REQUEST;
}
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
{
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
}
priv->session_ticket_enable = 1;
epriv.ptr = priv;
- _gnutls_ext_set_session_data(session,
- GNUTLS_EXTENSION_SESSION_TICKET, epriv);
-
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET, epriv);
+
return 0;
}
@@ -547,7 +562,7 @@ gnutls_session_ticket_enable_server (gnutls_session_t session,
const gnutls_datum_t * key)
{
int ret;
- session_ticket_ext_st* priv=NULL;
+ session_ticket_ext_st *priv = NULL;
extension_priv_data_t epriv;
if (!session || !key
@@ -557,27 +572,26 @@ gnutls_session_ticket_enable_server (gnutls_session_t session,
return GNUTLS_E_INVALID_REQUEST;
}
- priv = gnutls_calloc(1, sizeof(*priv));
+ priv = gnutls_calloc (1, sizeof (*priv));
if (priv == NULL)
{
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
}
epriv.ptr = priv;
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM,
- priv->session_ticket_IV, IV_SIZE);
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, priv->session_ticket_IV, IV_SIZE);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- memcpy(&priv->key, key->data, key->size);
+ memcpy (&priv->key, key->data, key->size);
priv->session_ticket_enable = 1;
- _gnutls_ext_set_session_data(session,
- GNUTLS_EXTENSION_SESSION_TICKET, epriv);
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET, epriv);
return 0;
}
@@ -591,17 +605,20 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again)
int ret;
struct ticket ticket;
uint16_t ticket_len;
- session_ticket_ext_st* priv=NULL;
+ session_ticket_ext_st *priv = NULL;
extension_priv_data_t epriv;
uint16_t epoch_saved = session->security_parameters.epoch_write;
if (again == 0)
{
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
if (ret < 0)
- return 0;
+ return 0;
priv = epriv.ptr;
-
+
if (!priv->session_ticket_renew)
return 0;
@@ -609,14 +626,17 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again)
_gnutls_write_connection_state_init() does this job, but it also
triggers encryption, while NewSessionTicket should not be
encrypted in the record layer. */
- ret = _gnutls_epoch_set_keys (session, session->security_parameters.epoch_next);
+ ret =
+ _gnutls_epoch_set_keys (session,
+ session->security_parameters.epoch_next);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- session->security_parameters.epoch_write = session->security_parameters.epoch_next;
+ session->security_parameters.epoch_write =
+ session->security_parameters.epoch_next;
ret = encrypt_ticket (session, priv, &ticket);
session->security_parameters.epoch_write = epoch_saved;
@@ -629,7 +649,8 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again)
ticket_len = KEY_NAME_SIZE + IV_SIZE + 2 + ticket.encrypted_state_len
+ MAC_SIZE;
- bufel = _gnutls_handshake_alloc (4 + 2 + ticket_len, 4+2+ticket_len);
+ bufel =
+ _gnutls_handshake_alloc (4 + 2 + ticket_len, 4 + 2 + ticket_len);
if (!bufel)
{
gnutls_assert ();
@@ -637,10 +658,10 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again)
return GNUTLS_E_MEMORY_ERROR;
}
- data = _mbuffer_get_udata_ptr(bufel);
+ data = _mbuffer_get_udata_ptr (bufel);
p = data;
- _gnutls_write_uint32 ( session->internals.expire_time, p);
+ _gnutls_write_uint32 (session->internals.expire_time, p);
p += 4;
_gnutls_write_uint16 (ticket_len, p);
@@ -678,14 +699,16 @@ _gnutls_recv_new_session_ticket (gnutls_session_t session)
uint32_t lifetime_hint;
uint16_t ticket_len;
int ret;
- session_ticket_ext_st* priv=NULL;
+ session_ticket_ext_st *priv = NULL;
extension_priv_data_t epriv;
- ret = _gnutls_ext_get_session_data( session, GNUTLS_EXTENSION_SESSION_TICKET, &epriv);
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
if (ret < 0)
{
- gnutls_assert();
- return 0;
+ gnutls_assert ();
+ return 0;
}
priv = epriv.ptr;
@@ -724,7 +747,8 @@ _gnutls_recv_new_session_ticket (gnutls_session_t session)
/* Discard the current session ID. (RFC5077 3.4) */
ret = _gnutls_generate_session_id (session->security_parameters.session_id,
- &session->security_parameters.session_id_size);
+ &session->
+ security_parameters.session_id_size);
if (ret < 0)
{
gnutls_assert ();
View Lorry Controller Status