diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-09-11 09:43:44 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-09-11 09:43:44 +0200 |
commit | bb679935f30c3f74589d79393e32e8be49bd8850 (patch) | |
tree | 76c1a79dbecccc3ef392fa47f931e97f98bf2a8e | |
parent | 2dcf48d00b6c22dd7fbe9117f1142cb38f47561d (diff) | |
download | gnutls-tmp-tls1.3-support.tar.gz |
handshake: more on parsing hsk messagetmp-tls1.3-support
-rw-r--r-- | lib/handshake-tls13.c | 91 | ||||
-rw-r--r-- | lib/kx-tls13.c | 59 |
2 files changed, 92 insertions, 58 deletions
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c index 5b11390387..9ccc86b8f3 100644 --- a/lib/handshake-tls13.c +++ b/lib/handshake-tls13.c @@ -64,82 +64,57 @@ int _gnutls_tls13_handshake_client(gnutls_session_t session) switch (STATE) { case STATE100: - /* RECV CERTIFICATE */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_server_certificate(session); + ret = + generate_hs_traffic_keys(session); STATE = STATE100; - IMED_RET("recv server certificate", ret, 1); + IMED_RET("generate session keys", ret, 0); /* fall through */ case STATE101: -#ifdef ENABLE_OCSP - /* RECV CERTIFICATE STATUS */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = - _gnutls_recv_server_certificate_status - (session); + /* RECV encrypted extensions */ + ret = _gnutls13_recv_encrypted_extensions(session); STATE = STATE101; - IMED_RET("recv server certificate", ret, 1); -#endif + IMED_RET("recv server encrypted extensions", ret, 0); /* fall through */ case STATE102: - ret = _gnutls_run_verify_callback(session, GNUTLS_CLIENT); + ret = + _gnutls13_recv_server_certificate_request(session); STATE = STATE102; - if (ret < 0) - return gnutls_assert_val(ret); - - FALLTHROUGH; + IMED_RET("recv server certificate request", ret, 0); + /* fall through */ case STATE103: - /* receive the server certificate request - if any - */ - ret = _gnutls_recv_server_crt_request(session); + /* RECV CERTIFICATE */ + ret = _gnutls13_recv_server_certificate(session); STATE = STATE103; - IMED_RET("recv server certificate request message", ret, - 1); + IMED_RET("recv server certificate", ret, 0); /* fall through */ case STATE104: - /* receive the server hello done */ ret = - _gnutls_recv_handshake(session, - GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, - 0, NULL); + _gnutls13_recv_server_certificate_verify(session); STATE = STATE104; - IMED_RET("recv server hello done", ret, 1); + IMED_RET("recv server certificate verify", ret, 0); /* fall through */ case STATE105: - /* send our certificate - if any and if requested - */ - ret = - _gnutls_send_client_certificate(session, - AGAIN - (STATE105)); + ret = _gnutls_run_verify_callback(session, GNUTLS_CLIENT); STATE = STATE105; - IMED_RET("send client certificate", ret, 0); - /* fall through */ - case STATE106: - /* send client certificate verify */ - ret = - _gnutls_send_client_certificate_verify(session, - AGAIN - (STATE106)); - STATE = STATE106; - IMED_RET("send client certificate verify", ret, 1); - /* fall through */ -#if 0 - case STATE107: - ret = send_handshake_final(session, TRUE); - STATE = STATE107; - IMED_RET("send handshake final 2", ret, 1); + if (ret < 0) + return gnutls_assert_val(ret); + + FALLTHROUGH; + case STATE109: + ret = _gnutls_recv_finished(session); + STATE = STATE109; + IMED_RET("recv finished", ret, 0); /* fall through */ - case STATE108: - STATE = STATE108; + case STATE110: + STATE = STATE110; + + ret = _gnutls_send_finished(session); + IMED_RET("send finished", ret, 0); - ret = recv_handshake_final(session, TRUE); - IMED_RET("recv handshake final", ret, 1); -#endif STATE = STATE0; - /* fall through */ - default: break; + default: + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); } /* explicitly reset any false start flags */ @@ -209,7 +184,7 @@ int _gnutls_tls13_handshake_server(gnutls_session_t session) case STATE103: ret = _gnutls_recv_client_certificate(session); STATE = STATE103; - IMED_RET("recv client certificate", ret, 1); + IMED_RET("recv client certificate", ret, 0); /* fall through */ case STATE104: ret = _gnutls_run_verify_callback(session, GNUTLS_SERVER); @@ -223,7 +198,7 @@ int _gnutls_tls13_handshake_server(gnutls_session_t session) _gnutls_recv_client_certificate_verify_message (session); STATE = STATE105; - IMED_RET("recv client certificate verify", ret, 1); + IMED_RET("recv client certificate verify", ret, 0); /* fall through */ STATE = STATE0; diff --git a/lib/kx-tls13.c b/lib/kx-tls13.c new file mode 100644 index 0000000000..059f70b579 --- /dev/null +++ b/lib/kx-tls13.c @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +/* This file contains functions which are wrappers for the key exchange + * part of TLS. They are called by the handshake functions (gnutls_handshake) + */ + +#include "gnutls_int.h" +#include "handshake.h" +#include "errors.h" +#include "extensions.h" +#include <state.h> +#include <datum.h> +#include <mbuffers.h> + +int _gnutls13_recv_encrypted_extensions(gnutls_session_t session) +{ + gnutls_buffer_st buf; + int ret = 0; + + ret = + _gnutls_recv_handshake(session, + GNUTLS_HANDSHAKE_ENCRYPTED_EXTENSIONS, + 0, &buf); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = _gnutls_parse_extensions(session, GNUTLS_EXT_ENCRYPTED, buf.data, buf.length); + _gnutls_buffer_clear(&buf); + + if (ret < 0) { + gnutls_assert(); + return ret; + } + + return ret; +} + |