From 4b5678716f506d46da8dabdd343b268a5b9dd9b4 Mon Sep 17 00:00:00 2001
From: Ander Juaristi <a@juaristi.eus>
Date: Mon, 16 Apr 2018 17:13:47 +0200
Subject: TLS 1.3: Introduced TLS 1.3 session resumption

This introduces session resumption under TLS 1.3. For that,
it enables the psk_ke_modes extension when we enable session
tickets. It enables sending session tickets in addition to
PSK usernames. The detection of resumption vs pure PSK is done by
comparing the indexes sent with the index received by the server.

TLS 1.3 session tickets are always sent to the peer unless the
GNUTLS_NO_TICKETS is specified.

Resolves #290

Signed-off-by: Ander Juaristi <a@juaristi.eus>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 lib/tls13/session_ticket.h | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

(limited to 'lib/tls13/session_ticket.h')

diff --git a/lib/tls13/session_ticket.h b/lib/tls13/session_ticket.h
index 1c31589a26..073c28f1f2 100644
--- a/lib/tls13/session_ticket.h
+++ b/lib/tls13/session_ticket.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2017 Red Hat, Inc.
  *
- * Author: Nikos Mavrogiannopoulos
+ * Author: Nikos Mavrogiannopoulos, Ander Juaristi
  *
  * This file is part of GnuTLS.
  *
@@ -19,5 +19,33 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>
  *
  */
+#ifndef SESSION_TICKET_H
+#define SESSION_TICKET_H
 
 int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *buf);
+int _gnutls13_send_session_ticket(gnutls_session_t session, unsigned again);
+
+int _gnutls13_unpack_session_ticket(gnutls_session_t session,
+				    gnutls_datum_t *data,
+				    tls13_ticket_t *ticket_data);
+
+inline static
+void tls13_ticket_deinit(tls13_ticket_t *ticket)
+{
+	if (ticket) {
+		zeroize_temp_key(&ticket->resumption_master_secret,
+				 sizeof(ticket->resumption_master_secret));
+
+		_gnutls_free_datum(&ticket->ticket);
+		memset(ticket, 0, sizeof(tls13_ticket_t));
+	}
+}
+
+inline static
+void _gnutls13_session_ticket_unset(gnutls_session_t session)
+{
+	if (session->internals.tls13_ticket.ticket.data != NULL)
+		tls13_ticket_deinit(&session->internals.tls13_ticket);
+}
+
+#endif
-- 
cgit v1.2.1