diff options
| author | Ander Juaristi <a@juaristi.eus> | 2018-02-21 20:11:24 +0100 |
|---|---|---|
| committer | Ander Juaristi <a@juaristi.eus> | 2018-02-21 20:11:24 +0100 |
| commit | 99c543532b28068e90657b6043be9f1d1d03c695 (patch) | |
| tree | 0ac0dffdd630b751ec7e1cb466894c5fb3d92c62 | |
| parent | f7941bd5d8ca4dec093fc55dd4d47bfb4e196dae (diff) | |
| download | gnutls-tmp-draft-ietf-tls-tls13-21-ajuaristi-session-resumption.tar.gz | |
TLS 1.3 - session resumption - Fix RMS storagetmp-draft-ietf-tls-tls13-21-ajuaristi-session-resumption
Signed-off-by: Ander Juaristi <a@juaristi.eus>
| -rw-r--r-- | lib/session_pack.c | 7 | ||||
| -rw-r--r-- | lib/tls13/session_ticket.c | 28 | ||||
| -rw-r--r-- | lib/tls13/session_ticket.h | 1 |
3 files changed, 28 insertions, 8 deletions
diff --git a/lib/session_pack.c b/lib/session_pack.c index 6bb65b4ba0..aedd44f273 100644 --- a/lib/session_pack.c +++ b/lib/session_pack.c @@ -336,16 +336,15 @@ tls13_pack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps) BUFFER_APPEND_PFX4(ps, ticket.ticket_nonce.data, ticket.ticket_nonce.size); - length += (4 + ticket.ticket_nonce.size); BUFFER_APPEND_PFX4(ps, ticket.ticket.data, ticket.ticket.size); length += (4 + ticket.ticket.size); BUFFER_APPEND_PFX4(ps, - session->key.proto.tls13.ap_rms, - session->key.proto.tls13.temp_secret_size); - length += (4 + session->key.proto.tls13.temp_secret_size); + ticket.rms.data, + ticket.rms.size); + length += (4 + ticket.rms.size); /* Overwrite the length field */ _gnutls_write_uint32(length, ps->data + length_pos); diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c index cd97f4bf7d..94990ea4cf 100644 --- a/lib/tls13/session_ticket.c +++ b/lib/tls13/session_ticket.c @@ -310,7 +310,7 @@ static int generate_session_ticket(gnutls_session_t session, struct tls13_nst_st struct ticket_st encrypted_ticket; /* This is the resumption master secret */ const uint8_t *rms = session->key.proto.tls13.ap_rms; - unsigned rms_len = MAX_HASH_SIZE; + unsigned rms_len = session->key.proto.tls13.temp_secret_size; gnutls_mac_algorithm_t kdf_id; struct tls13_ticket_data tdata; @@ -624,6 +624,7 @@ void _gnutls13_session_ticket_destroy(struct tls13_nst_st *ticket) if (ticket) { _gnutls_free_datum(&ticket->ticket); _gnutls_free_datum(&ticket->ticket_nonce); + _gnutls_free_datum(&ticket->rms); memset(ticket, 0, sizeof(struct tls13_nst_st)); } } @@ -710,10 +711,21 @@ int _gnutls13_session_ticket_get(gnutls_session_t session, struct tls13_nst_st * return gnutls_assert_val(ret); } - ret = session->internals.tls13_ticket_len; + if ((ret = _gnutls_set_datum(&dst->rms, + session->key.proto.tls13.ap_rms_original.data, + session->key.proto.tls13.ap_rms_original.size)) < 0) { + gnutls_assert(); + goto error; + } + + ret = session->internals.tls13_ticket_len + dst->rms.size; } return ret; + +error: + _gnutls13_session_ticket_destroy(dst); + return ret; } /* @@ -732,11 +744,19 @@ int _gnutls13_session_ticket_peek(gnutls_session_t session, struct tls13_nst_st if (!src) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - if (dst) + if (dst) { memcpy(dst, src, sizeof(struct tls13_nst_st)); + memcpy(&dst->rms, &session->key.proto.tls13.ap_rms_original, sizeof(gnutls_datum_t)); + } - ret = session->internals.tls13_ticket_len; + ret = session->internals.tls13_ticket_len + session->key.proto.tls13.ap_rms_original.size; } return ret; } + +int _gnutls13_session_ticket_unset(gnutls_session_t session) +{ + /* TODO implement this */ + return 0; +} diff --git a/lib/tls13/session_ticket.h b/lib/tls13/session_ticket.h index 7c3a66de83..93e6a7bd58 100644 --- a/lib/tls13/session_ticket.h +++ b/lib/tls13/session_ticket.h @@ -28,6 +28,7 @@ struct tls13_nst_st { uint32_t ticket_age_add; gnutls_datum_t ticket_nonce; gnutls_datum_t ticket; + gnutls_datum_t rms; }; struct tls13_ticket_data { |