diff options
author | Simon Josefsson <simon@josefsson.org> | 2005-11-07 23:27:56 +0000 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2005-11-07 23:27:56 +0000 |
commit | a5891d75997c9529b9fc5c273df8bd0df4093cd0 (patch) | |
tree | fd6eec448a88c5eb891cc145921c5793662da604 /lib/gnutls_constate.c | |
parent | af21484a8daf15da48f7d00c4fe632708a757a64 (diff) | |
download | gnutls-a5891d75997c9529b9fc5c273df8bd0df4093cd0.tar.gz |
Use GNU coding style.
Diffstat (limited to 'lib/gnutls_constate.c')
-rw-r--r-- | lib/gnutls_constate.c | 1341 |
1 files changed, 716 insertions, 625 deletions
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index 2f56869b95..3ac7b3ef2e 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -36,16 +36,16 @@ #include <gnutls_state.h> static const char keyexp[] = "key expansion"; -static const int keyexp_length = sizeof(keyexp) - 1; +static const int keyexp_length = sizeof (keyexp) - 1; static const char ivblock[] = "IV block"; -static const int ivblock_length = sizeof(ivblock) - 1; +static const int ivblock_length = sizeof (ivblock) - 1; static const char cliwrite[] = "client write key"; -static const int cliwrite_length = sizeof(cliwrite) - 1; +static const int cliwrite_length = sizeof (cliwrite) - 1; static const char servwrite[] = "server write key"; -static const int servwrite_length = sizeof(servwrite) - 1; +static const int servwrite_length = sizeof (servwrite) - 1; #define EXPORT_FINAL_KEY_SIZE 16 @@ -54,341 +54,379 @@ static const int servwrite_length = sizeof(servwrite) - 1; * This function creates the keys and stores them into pending session. * (session->cipher_specs) */ -int _gnutls_set_keys(gnutls_session_t session, int hash_size, int IV_size, - int key_size, int export_flag) +int +_gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size, + int key_size, int export_flag) { /* FIXME: This function is too long */ - opaque *key_block; - opaque rnd[2 * TLS_RANDOM_SIZE]; - opaque rrnd[2 * TLS_RANDOM_SIZE]; - int pos, ret; - int block_size; - char buf[65]; - - if (session->cipher_specs.generated_keys != 0) { - /* keys have already been generated. - * reset generated_keys and exit normally. - */ - session->cipher_specs.generated_keys = 0; - return 0; - } - - block_size = 2 * hash_size + 2 * key_size; - if (export_flag == 0) - block_size += 2 * IV_size; - - key_block = gnutls_secure_malloc(block_size); - if (key_block == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - memcpy(rnd, session->security_parameters.server_random, - TLS_RANDOM_SIZE); - memcpy(&rnd[TLS_RANDOM_SIZE], - session->security_parameters.client_random, TLS_RANDOM_SIZE); - - memcpy(rrnd, session->security_parameters.client_random, - TLS_RANDOM_SIZE); - memcpy(&rrnd[TLS_RANDOM_SIZE], - session->security_parameters.server_random, TLS_RANDOM_SIZE); - - if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */ - ret = - _gnutls_ssl3_generate_random(session-> - security_parameters. - master_secret, - TLS_MASTER_SIZE, rnd, - 2 * TLS_RANDOM_SIZE, - block_size, key_block); - } else { /* TLS 1.0 */ - ret = - _gnutls_PRF(session->security_parameters.master_secret, - TLS_MASTER_SIZE, keyexp, keyexp_length, - rnd, 2 * TLS_RANDOM_SIZE, block_size, - key_block); - } - - if (ret < 0) { - gnutls_assert(); - gnutls_free(key_block); - return ret; - } - - _gnutls_hard_log("INT: KEY BLOCK[%d]: %s\n", block_size, - _gnutls_bin2hex(key_block, block_size, buf, - sizeof(buf))); - - pos = 0; - if (hash_size > 0) { - if (_gnutls_sset_datum - (&session->cipher_specs.client_write_mac_secret, - &key_block[pos], hash_size) < 0) { - gnutls_free(key_block); - return GNUTLS_E_MEMORY_ERROR; - } - pos += hash_size; + opaque *key_block; + opaque rnd[2 * TLS_RANDOM_SIZE]; + opaque rrnd[2 * TLS_RANDOM_SIZE]; + int pos, ret; + int block_size; + char buf[65]; + + if (session->cipher_specs.generated_keys != 0) + { + /* keys have already been generated. + * reset generated_keys and exit normally. + */ + session->cipher_specs.generated_keys = 0; + return 0; + } - if (_gnutls_sset_datum - (&session->cipher_specs.server_write_mac_secret, - &key_block[pos], hash_size) < 0) { - gnutls_free(key_block); - return GNUTLS_E_MEMORY_ERROR; - } - pos += hash_size; + block_size = 2 * hash_size + 2 * key_size; + if (export_flag == 0) + block_size += 2 * IV_size; + + key_block = gnutls_secure_malloc (block_size); + if (key_block == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - if (key_size > 0) { - opaque *client_write_key, *server_write_key; - int client_write_key_size, server_write_key_size; - int free_keys = 0; + memcpy (rnd, session->security_parameters.server_random, TLS_RANDOM_SIZE); + memcpy (&rnd[TLS_RANDOM_SIZE], + session->security_parameters.client_random, TLS_RANDOM_SIZE); + + memcpy (rrnd, session->security_parameters.client_random, TLS_RANDOM_SIZE); + memcpy (&rrnd[TLS_RANDOM_SIZE], + session->security_parameters.server_random, TLS_RANDOM_SIZE); + + if (session->security_parameters.version == GNUTLS_SSL3) + { /* SSL 3 */ + ret = + _gnutls_ssl3_generate_random (session-> + security_parameters. + master_secret, + TLS_MASTER_SIZE, rnd, + 2 * TLS_RANDOM_SIZE, + block_size, key_block); + } + else + { /* TLS 1.0 */ + ret = + _gnutls_PRF (session->security_parameters.master_secret, + TLS_MASTER_SIZE, keyexp, keyexp_length, + rnd, 2 * TLS_RANDOM_SIZE, block_size, key_block); + } - if (export_flag == 0) { - client_write_key = &key_block[pos]; - client_write_key_size = key_size; + if (ret < 0) + { + gnutls_assert (); + gnutls_free (key_block); + return ret; + } - pos += key_size; + _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size, + _gnutls_bin2hex (key_block, block_size, buf, + sizeof (buf))); + + pos = 0; + if (hash_size > 0) + { + if (_gnutls_sset_datum + (&session->cipher_specs.client_write_mac_secret, + &key_block[pos], hash_size) < 0) + { + gnutls_free (key_block); + return GNUTLS_E_MEMORY_ERROR; + } + pos += hash_size; + + if (_gnutls_sset_datum + (&session->cipher_specs.server_write_mac_secret, + &key_block[pos], hash_size) < 0) + { + gnutls_free (key_block); + return GNUTLS_E_MEMORY_ERROR; + } + pos += hash_size; + } + + if (key_size > 0) + { + opaque *client_write_key, *server_write_key; + int client_write_key_size, server_write_key_size; + int free_keys = 0; - server_write_key = &key_block[pos]; - server_write_key_size = key_size; + if (export_flag == 0) + { + client_write_key = &key_block[pos]; + client_write_key_size = key_size; - pos += key_size; + pos += key_size; - } else { /* export */ - free_keys = 1; + server_write_key = &key_block[pos]; + server_write_key_size = key_size; - client_write_key = gnutls_secure_malloc(EXPORT_FINAL_KEY_SIZE); - if (client_write_key == NULL) { - gnutls_assert(); - gnutls_free(key_block); - return GNUTLS_E_MEMORY_ERROR; + pos += key_size; + + } + else + { /* export */ + free_keys = 1; + + client_write_key = gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE); + if (client_write_key == NULL) + { + gnutls_assert (); + gnutls_free (key_block); + return GNUTLS_E_MEMORY_ERROR; } - server_write_key = gnutls_secure_malloc(EXPORT_FINAL_KEY_SIZE); - if (server_write_key == NULL) { - gnutls_assert(); - gnutls_free(key_block); - gnutls_free(client_write_key); - return GNUTLS_E_MEMORY_ERROR; + server_write_key = gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE); + if (server_write_key == NULL) + { + gnutls_assert (); + gnutls_free (key_block); + gnutls_free (client_write_key); + return GNUTLS_E_MEMORY_ERROR; } - /* generate the final keys */ - - if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */ - ret = - _gnutls_ssl3_hash_md5(&key_block[pos], - key_size, rrnd, - 2 * TLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, - client_write_key); - - } else { /* TLS 1.0 */ - ret = - _gnutls_PRF(&key_block[pos], key_size, - cliwrite, cliwrite_length, - rrnd, - 2 * TLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, client_write_key); + /* generate the final keys */ + + if (session->security_parameters.version == GNUTLS_SSL3) + { /* SSL 3 */ + ret = + _gnutls_ssl3_hash_md5 (&key_block[pos], + key_size, rrnd, + 2 * TLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, + client_write_key); + + } + else + { /* TLS 1.0 */ + ret = + _gnutls_PRF (&key_block[pos], key_size, + cliwrite, cliwrite_length, + rrnd, + 2 * TLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, client_write_key); } - if (ret < 0) { - gnutls_assert(); - gnutls_free(key_block); - gnutls_free(server_write_key); - gnutls_free(client_write_key); - return ret; + if (ret < 0) + { + gnutls_assert (); + gnutls_free (key_block); + gnutls_free (server_write_key); + gnutls_free (client_write_key); + return ret; } - client_write_key_size = EXPORT_FINAL_KEY_SIZE; - pos += key_size; - - if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */ - ret = - _gnutls_ssl3_hash_md5(&key_block[pos], key_size, - rnd, 2 * TLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, - server_write_key); - } else { /* TLS 1.0 */ - ret = - _gnutls_PRF(&key_block[pos], key_size, - servwrite, servwrite_length, - rrnd, 2 * TLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, server_write_key); + client_write_key_size = EXPORT_FINAL_KEY_SIZE; + pos += key_size; + + if (session->security_parameters.version == GNUTLS_SSL3) + { /* SSL 3 */ + ret = + _gnutls_ssl3_hash_md5 (&key_block[pos], key_size, + rnd, 2 * TLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, + server_write_key); + } + else + { /* TLS 1.0 */ + ret = + _gnutls_PRF (&key_block[pos], key_size, + servwrite, servwrite_length, + rrnd, 2 * TLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, server_write_key); } - if (ret < 0) { - gnutls_assert(); - gnutls_free(key_block); - gnutls_free(server_write_key); - gnutls_free(client_write_key); - return ret; + if (ret < 0) + { + gnutls_assert (); + gnutls_free (key_block); + gnutls_free (server_write_key); + gnutls_free (client_write_key); + return ret; } - server_write_key_size = EXPORT_FINAL_KEY_SIZE; - pos += key_size; + server_write_key_size = EXPORT_FINAL_KEY_SIZE; + pos += key_size; } - if (_gnutls_sset_datum - (&session->cipher_specs.client_write_key, - client_write_key, client_write_key_size) < 0) { - gnutls_free(key_block); - gnutls_free(server_write_key); - gnutls_free(client_write_key); - return GNUTLS_E_MEMORY_ERROR; + if (_gnutls_sset_datum + (&session->cipher_specs.client_write_key, + client_write_key, client_write_key_size) < 0) + { + gnutls_free (key_block); + gnutls_free (server_write_key); + gnutls_free (client_write_key); + return GNUTLS_E_MEMORY_ERROR; } - _gnutls_hard_log("INT: CLIENT WRITE KEY [%d]: %s\n", - client_write_key_size, - _gnutls_bin2hex(client_write_key, + _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n", + client_write_key_size, + _gnutls_bin2hex (client_write_key, client_write_key_size, buf, - sizeof(buf))); - - if (_gnutls_sset_datum - (&session->cipher_specs.server_write_key, - server_write_key, server_write_key_size) < 0) { - gnutls_free(key_block); - gnutls_free(server_write_key); - gnutls_free(client_write_key); - return GNUTLS_E_MEMORY_ERROR; + sizeof (buf))); + + if (_gnutls_sset_datum + (&session->cipher_specs.server_write_key, + server_write_key, server_write_key_size) < 0) + { + gnutls_free (key_block); + gnutls_free (server_write_key); + gnutls_free (client_write_key); + return GNUTLS_E_MEMORY_ERROR; } - _gnutls_hard_log("INT: SERVER WRITE KEY [%d]: %s\n", - server_write_key_size, - _gnutls_bin2hex(server_write_key, + _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n", + server_write_key_size, + _gnutls_bin2hex (server_write_key, server_write_key_size, buf, - sizeof(buf))); + sizeof (buf))); - if (free_keys != 0) { - gnutls_free(server_write_key); - gnutls_free(client_write_key); + if (free_keys != 0) + { + gnutls_free (server_write_key); + gnutls_free (client_write_key); } } - /* IV generation in export and non export ciphers. - */ - if (IV_size > 0 && export_flag == 0) { - if (_gnutls_sset_datum - (&session->cipher_specs.client_write_IV, &key_block[pos], - IV_size) < 0) { - gnutls_free(key_block); - return GNUTLS_E_MEMORY_ERROR; + /* IV generation in export and non export ciphers. + */ + if (IV_size > 0 && export_flag == 0) + { + if (_gnutls_sset_datum + (&session->cipher_specs.client_write_IV, &key_block[pos], + IV_size) < 0) + { + gnutls_free (key_block); + return GNUTLS_E_MEMORY_ERROR; } - pos += IV_size; - - if (_gnutls_sset_datum - (&session->cipher_specs.server_write_IV, &key_block[pos], - IV_size) < 0) { - gnutls_free(key_block); - return GNUTLS_E_MEMORY_ERROR; + pos += IV_size; + + if (_gnutls_sset_datum + (&session->cipher_specs.server_write_IV, &key_block[pos], + IV_size) < 0) + { + gnutls_free (key_block); + return GNUTLS_E_MEMORY_ERROR; } - pos += IV_size; - - } else if (IV_size > 0 && export_flag != 0) { - opaque *iv_block = gnutls_alloca(IV_size * 2); - if (iv_block == NULL) { - gnutls_assert(); - gnutls_free(key_block); - return GNUTLS_E_MEMORY_ERROR; + pos += IV_size; + + } + else if (IV_size > 0 && export_flag != 0) + { + opaque *iv_block = gnutls_alloca (IV_size * 2); + if (iv_block == NULL) + { + gnutls_assert (); + gnutls_free (key_block); + return GNUTLS_E_MEMORY_ERROR; } - if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */ - ret = - _gnutls_ssl3_hash_md5("", 0, - rrnd, TLS_RANDOM_SIZE * 2, - IV_size, iv_block); - - if (ret < 0) { - gnutls_assert(); - gnutls_free(key_block); - gnutls_afree(iv_block); - return ret; + if (session->security_parameters.version == GNUTLS_SSL3) + { /* SSL 3 */ + ret = + _gnutls_ssl3_hash_md5 ("", 0, + rrnd, TLS_RANDOM_SIZE * 2, + IV_size, iv_block); + + if (ret < 0) + { + gnutls_assert (); + gnutls_free (key_block); + gnutls_afree (iv_block); + return ret; } - ret = - _gnutls_ssl3_hash_md5("", 0, rnd, - TLS_RANDOM_SIZE * 2, - IV_size, &iv_block[IV_size]); + ret = + _gnutls_ssl3_hash_md5 ("", 0, rnd, + TLS_RANDOM_SIZE * 2, + IV_size, &iv_block[IV_size]); - } else { /* TLS 1.0 */ - ret = - _gnutls_PRF("", 0, - ivblock, ivblock_length, rrnd, - 2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block); + } + else + { /* TLS 1.0 */ + ret = + _gnutls_PRF ("", 0, + ivblock, ivblock_length, rrnd, + 2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block); } - if (ret < 0) { - gnutls_assert(); - gnutls_afree(iv_block); - gnutls_free(key_block); - return ret; + if (ret < 0) + { + gnutls_assert (); + gnutls_afree (iv_block); + gnutls_free (key_block); + return ret; } - if (_gnutls_sset_datum - (&session->cipher_specs.client_write_IV, iv_block, - IV_size) < 0) { - gnutls_afree(iv_block); - gnutls_free(key_block); - return GNUTLS_E_MEMORY_ERROR; + if (_gnutls_sset_datum + (&session->cipher_specs.client_write_IV, iv_block, IV_size) < 0) + { + gnutls_afree (iv_block); + gnutls_free (key_block); + return GNUTLS_E_MEMORY_ERROR; } - if (_gnutls_sset_datum - (&session->cipher_specs.server_write_IV, - &iv_block[IV_size], IV_size) < 0) { - gnutls_afree(iv_block); - gnutls_free(key_block); - return GNUTLS_E_MEMORY_ERROR; + if (_gnutls_sset_datum + (&session->cipher_specs.server_write_IV, + &iv_block[IV_size], IV_size) < 0) + { + gnutls_afree (iv_block); + gnutls_free (key_block); + return GNUTLS_E_MEMORY_ERROR; } - gnutls_afree(iv_block); + gnutls_afree (iv_block); } - gnutls_free(key_block); + gnutls_free (key_block); - session->cipher_specs.generated_keys = 1; + session->cipher_specs.generated_keys = 1; - return 0; + return 0; } -int _gnutls_set_read_keys(gnutls_session_t session) +int +_gnutls_set_read_keys (gnutls_session_t session) { - int hash_size; - int IV_size; - int key_size, export_flag; - gnutls_cipher_algorithm_t algo; - gnutls_mac_algorithm_t mac_algo; - - mac_algo = session->security_parameters.read_mac_algorithm; - algo = session->security_parameters.read_bulk_cipher_algorithm; - - hash_size = _gnutls_hash_get_algo_len(mac_algo); - IV_size = _gnutls_cipher_get_iv_size(algo); - key_size = gnutls_cipher_get_key_size(algo); - export_flag = _gnutls_cipher_get_export_flag(algo); - - return _gnutls_set_keys(session, hash_size, IV_size, key_size, - export_flag); + int hash_size; + int IV_size; + int key_size, export_flag; + gnutls_cipher_algorithm_t algo; + gnutls_mac_algorithm_t mac_algo; + + mac_algo = session->security_parameters.read_mac_algorithm; + algo = session->security_parameters.read_bulk_cipher_algorithm; + + hash_size = _gnutls_hash_get_algo_len (mac_algo); + IV_size = _gnutls_cipher_get_iv_size (algo); + key_size = gnutls_cipher_get_key_size (algo); + export_flag = _gnutls_cipher_get_export_flag (algo); + + return _gnutls_set_keys (session, hash_size, IV_size, key_size, + export_flag); } -int _gnutls_set_write_keys(gnutls_session_t session) +int +_gnutls_set_write_keys (gnutls_session_t session) { - int hash_size; - int IV_size; - int key_size, export_flag; - gnutls_cipher_algorithm_t algo; - gnutls_mac_algorithm_t mac_algo; - - mac_algo = session->security_parameters.write_mac_algorithm; - algo = session->security_parameters.write_bulk_cipher_algorithm; - - hash_size = _gnutls_hash_get_algo_len(mac_algo); - IV_size = _gnutls_cipher_get_iv_size(algo); - key_size = gnutls_cipher_get_key_size(algo); - export_flag = _gnutls_cipher_get_export_flag(algo); - - return _gnutls_set_keys(session, hash_size, IV_size, key_size, - export_flag); + int hash_size; + int IV_size; + int key_size, export_flag; + gnutls_cipher_algorithm_t algo; + gnutls_mac_algorithm_t mac_algo; + + mac_algo = session->security_parameters.write_mac_algorithm; + algo = session->security_parameters.write_bulk_cipher_algorithm; + + hash_size = _gnutls_hash_get_algo_len (mac_algo); + IV_size = _gnutls_cipher_get_iv_size (algo); + key_size = gnutls_cipher_get_key_size (algo); + export_flag = _gnutls_cipher_get_export_flag (algo); + + return _gnutls_set_keys (session, hash_size, IV_size, key_size, + export_flag); } #define CPY_COMMON dst->entity = src->entity; \ @@ -406,28 +444,26 @@ int _gnutls_set_write_keys(gnutls_session_t session) dst->version = src->version; \ memcpy( &dst->extensions, &src->extensions, sizeof(tls_ext_st)); -static void _gnutls_cpy_read_security_parameters(security_parameters_st * - dst, - security_parameters_st * - src) +static void +_gnutls_cpy_read_security_parameters (security_parameters_st * + dst, security_parameters_st * src) { - CPY_COMMON; + CPY_COMMON; - dst->read_bulk_cipher_algorithm = src->read_bulk_cipher_algorithm; - dst->read_mac_algorithm = src->read_mac_algorithm; - dst->read_compression_algorithm = src->read_compression_algorithm; + dst->read_bulk_cipher_algorithm = src->read_bulk_cipher_algorithm; + dst->read_mac_algorithm = src->read_mac_algorithm; + dst->read_compression_algorithm = src->read_compression_algorithm; } -static void _gnutls_cpy_write_security_parameters(security_parameters_st * - dst, - security_parameters_st * - src) +static void +_gnutls_cpy_write_security_parameters (security_parameters_st * + dst, security_parameters_st * src) { - CPY_COMMON; + CPY_COMMON; - dst->write_bulk_cipher_algorithm = src->write_bulk_cipher_algorithm; - dst->write_mac_algorithm = src->write_mac_algorithm; - dst->write_compression_algorithm = src->write_compression_algorithm; + dst->write_bulk_cipher_algorithm = src->write_bulk_cipher_algorithm; + dst->write_mac_algorithm = src->write_mac_algorithm; + dst->write_compression_algorithm = src->write_compression_algorithm; } /* Sets the current connection session to conform with the @@ -436,197 +472,210 @@ static void _gnutls_cpy_write_security_parameters(security_parameters_st * * secrets and random numbers to have been negotiated) * This is to be called after sending the Change Cipher Spec packet. */ -int _gnutls_connection_state_init(gnutls_session_t session) +int +_gnutls_connection_state_init (gnutls_session_t session) { - int ret; + int ret; /* Setup the master secret */ - if ((ret = _gnutls_generate_master(session, 0), 0) < 0) { - gnutls_assert(); - return ret; + if ((ret = _gnutls_generate_master (session, 0), 0) < 0) + { + gnutls_assert (); + return ret; } - return 0; + return 0; } /* Initializes the read connection session * (read encrypted data) */ -int _gnutls_read_connection_state_init(gnutls_session_t session) +int +_gnutls_read_connection_state_init (gnutls_session_t session) { - int mac_size; - int rc; + int mac_size; + int rc; - _gnutls_uint64zero(session->connection_state.read_sequence_number); + _gnutls_uint64zero (session->connection_state.read_sequence_number); /* Update internals from CipherSuite selected. * If we are resuming just copy the connection session */ - if (session->internals.resumed == RESUME_FALSE) { - rc = _gnutls_set_read_cipher(session, - _gnutls_cipher_suite_get_cipher_algo - (&session->security_parameters. - current_cipher_suite)); - if (rc < 0) - return rc; - rc = _gnutls_set_read_mac(session, - _gnutls_cipher_suite_get_mac_algo - (&session->security_parameters. - current_cipher_suite)); - if (rc < 0) - return rc; + if (session->internals.resumed == RESUME_FALSE) + { + rc = _gnutls_set_read_cipher (session, + _gnutls_cipher_suite_get_cipher_algo + (&session->security_parameters. + current_cipher_suite)); + if (rc < 0) + return rc; + rc = _gnutls_set_read_mac (session, + _gnutls_cipher_suite_get_mac_algo + (&session->security_parameters. + current_cipher_suite)); + if (rc < 0) + return rc; - rc = _gnutls_set_kx(session, - _gnutls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite)); - if (rc < 0) - return rc; + rc = _gnutls_set_kx (session, + _gnutls_cipher_suite_get_kx_algo + (&session->security_parameters. + current_cipher_suite)); + if (rc < 0) + return rc; - rc = _gnutls_set_read_compression(session, - session->internals. - compression_method); - if (rc < 0) - return rc; - } else { /* RESUME_TRUE */ - _gnutls_cpy_read_security_parameters(&session-> - security_parameters, - &session-> - internals. - resumed_security_parameters); + rc = _gnutls_set_read_compression (session, + session->internals. + compression_method); + if (rc < 0) + return rc; + } + else + { /* RESUME_TRUE */ + _gnutls_cpy_read_security_parameters (&session-> + security_parameters, + &session-> + internals. + resumed_security_parameters); } - rc = _gnutls_set_read_keys(session); - if (rc < 0) - return rc; + rc = _gnutls_set_read_keys (session); + if (rc < 0) + return rc; - _gnutls_handshake_log("HSK[%x]: Cipher Suite: %s\n", - session, _gnutls_cipher_suite_get_name(&session-> + _gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", + session, _gnutls_cipher_suite_get_name (&session-> security_parameters. current_cipher_suite)); - if (_gnutls_compression_is_ok - (session->security_parameters.read_compression_algorithm) != 0) { - gnutls_assert(); - return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; + if (_gnutls_compression_is_ok + (session->security_parameters.read_compression_algorithm) != 0) + { + gnutls_assert (); + return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; } - if (_gnutls_mac_is_ok - (session->security_parameters.read_mac_algorithm) != 0) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + if (_gnutls_mac_is_ok + (session->security_parameters.read_mac_algorithm) != 0) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - /* Free all the previous keys/ sessions etc. - */ - if (session->connection_state.read_mac_secret.data != NULL) - _gnutls_free_datum(&session->connection_state.read_mac_secret); + /* Free all the previous keys/ sessions etc. + */ + if (session->connection_state.read_mac_secret.data != NULL) + _gnutls_free_datum (&session->connection_state.read_mac_secret); - if (session->connection_state.read_cipher_state != NULL) - _gnutls_cipher_deinit(session->connection_state.read_cipher_state); + if (session->connection_state.read_cipher_state != NULL) + _gnutls_cipher_deinit (session->connection_state.read_cipher_state); - if (session->connection_state.read_compression_state != NULL) - _gnutls_comp_deinit(session->connection_state. - read_compression_state, 1); + if (session->connection_state.read_compression_state != NULL) + _gnutls_comp_deinit (session->connection_state.read_compression_state, 1); - mac_size = - _gnutls_hash_get_algo_len(session->security_parameters. - read_mac_algorithm); + mac_size = + _gnutls_hash_get_algo_len (session->security_parameters. + read_mac_algorithm); - _gnutls_handshake_log - ("HSK[%x]: Initializing internal [read] cipher sessions\n", - session); + _gnutls_handshake_log + ("HSK[%x]: Initializing internal [read] cipher sessions\n", session); - switch (session->security_parameters.entity) { + switch (session->security_parameters.entity) + { case GNUTLS_SERVER: - /* initialize cipher session - */ - session->connection_state.read_cipher_state = - _gnutls_cipher_init(session->security_parameters. - read_bulk_cipher_algorithm, - &session->cipher_specs. - client_write_key, - &session->cipher_specs.client_write_IV); - if (session->connection_state.read_cipher_state == - GNUTLS_CIPHER_FAILED - && session->security_parameters. - read_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + /* initialize cipher session + */ + session->connection_state.read_cipher_state = + _gnutls_cipher_init (session->security_parameters. + read_bulk_cipher_algorithm, + &session->cipher_specs. + client_write_key, + &session->cipher_specs.client_write_IV); + if (session->connection_state.read_cipher_state == + GNUTLS_CIPHER_FAILED + && session->security_parameters. + read_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - /* copy mac secrets from cipherspecs, to connection - * session. - */ - if (mac_size > 0) { - if (_gnutls_sset_datum(&session->connection_state. - read_mac_secret, - session->cipher_specs. - client_write_mac_secret.data, - session->cipher_specs. - client_write_mac_secret.size) < 0) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + /* copy mac secrets from cipherspecs, to connection + * session. + */ + if (mac_size > 0) + { + if (_gnutls_sset_datum (&session->connection_state. + read_mac_secret, + session->cipher_specs. + client_write_mac_secret.data, + session->cipher_specs. + client_write_mac_secret.size) < 0) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } } - break; + break; case GNUTLS_CLIENT: - session->connection_state.read_cipher_state = - _gnutls_cipher_init(session->security_parameters. - read_bulk_cipher_algorithm, - &session->cipher_specs. - server_write_key, - &session->cipher_specs.server_write_IV); - - if (session->connection_state.read_cipher_state == - GNUTLS_CIPHER_FAILED - && session->security_parameters. - read_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + session->connection_state.read_cipher_state = + _gnutls_cipher_init (session->security_parameters. + read_bulk_cipher_algorithm, + &session->cipher_specs. + server_write_key, + &session->cipher_specs.server_write_IV); + + if (session->connection_state.read_cipher_state == + GNUTLS_CIPHER_FAILED + && session->security_parameters. + read_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - /* copy mac secret to connection session - */ - if (mac_size > 0) { - if (_gnutls_sset_datum(&session->connection_state. - read_mac_secret, - session->cipher_specs. - server_write_mac_secret.data, - session->cipher_specs. - server_write_mac_secret.size) < 0) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + /* copy mac secret to connection session + */ + if (mac_size > 0) + { + if (_gnutls_sset_datum (&session->connection_state. + read_mac_secret, + session->cipher_specs. + server_write_mac_secret.data, + session->cipher_specs. + server_write_mac_secret.size) < 0) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } } - break; + break; default: /* this check is useless */ - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - session->connection_state.read_compression_state = - _gnutls_comp_init(session->security_parameters. - read_compression_algorithm, 1); + session->connection_state.read_compression_state = + _gnutls_comp_init (session->security_parameters. + read_compression_algorithm, 1); - if (session->connection_state.read_compression_state == - GNUTLS_COMP_FAILED) { - gnutls_assert(); - return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; + if (session->connection_state.read_compression_state == GNUTLS_COMP_FAILED) + { + gnutls_assert (); + return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; } - return 0; + return 0; } @@ -634,317 +683,359 @@ int _gnutls_read_connection_state_init(gnutls_session_t session) /* Initializes the write connection session * (write encrypted data) */ -int _gnutls_write_connection_state_init(gnutls_session_t session) +int +_gnutls_write_connection_state_init (gnutls_session_t session) { - int mac_size; - int rc; + int mac_size; + int rc; - _gnutls_uint64zero(session->connection_state.write_sequence_number); + _gnutls_uint64zero (session->connection_state.write_sequence_number); /* Update internals from CipherSuite selected. * If we are resuming just copy the connection session */ - if (session->internals.resumed == RESUME_FALSE) { - rc = _gnutls_set_write_cipher(session, - _gnutls_cipher_suite_get_cipher_algo - (&session->security_parameters. - current_cipher_suite)); - if (rc < 0) - return rc; - rc = _gnutls_set_write_mac(session, - _gnutls_cipher_suite_get_mac_algo - (&session->security_parameters. - current_cipher_suite)); - if (rc < 0) - return rc; - - rc = _gnutls_set_kx(session, - _gnutls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite)); - if (rc < 0) - return rc; - - rc = _gnutls_set_write_compression(session, - session->internals. - compression_method); - if (rc < 0) - return rc; - } else { /* RESUME_TRUE */ - _gnutls_cpy_write_security_parameters(&session-> - security_parameters, - &session-> - internals. - resumed_security_parameters); - } - - rc = _gnutls_set_write_keys(session); - if (rc < 0) + if (session->internals.resumed == RESUME_FALSE) + { + rc = _gnutls_set_write_cipher (session, + _gnutls_cipher_suite_get_cipher_algo + (&session->security_parameters. + current_cipher_suite)); + if (rc < 0) + return rc; + rc = _gnutls_set_write_mac (session, + _gnutls_cipher_suite_get_mac_algo + (&session->security_parameters. + current_cipher_suite)); + if (rc < 0) return rc; - _gnutls_handshake_log("HSK[%x]: Cipher Suite: %s\n", session, - _gnutls_cipher_suite_get_name(&session-> + rc = _gnutls_set_kx (session, + _gnutls_cipher_suite_get_kx_algo + (&session->security_parameters. + current_cipher_suite)); + if (rc < 0) + return rc; + + rc = _gnutls_set_write_compression (session, + session->internals. + compression_method); + if (rc < 0) + return rc; + } + else + { /* RESUME_TRUE */ + _gnutls_cpy_write_security_parameters (&session-> + security_parameters, + &session-> + internals. + resumed_security_parameters); + } + + rc = _gnutls_set_write_keys (session); + if (rc < 0) + return rc; + + _gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", session, + _gnutls_cipher_suite_get_name (&session-> security_parameters. current_cipher_suite)); - if (_gnutls_compression_is_ok - (session->security_parameters.write_compression_algorithm) != 0) { - gnutls_assert(); - return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; + if (_gnutls_compression_is_ok + (session->security_parameters.write_compression_algorithm) != 0) + { + gnutls_assert (); + return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; } - if (_gnutls_mac_is_ok - (session->security_parameters.write_mac_algorithm) != 0) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + if (_gnutls_mac_is_ok + (session->security_parameters.write_mac_algorithm) != 0) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - /* Free all the previous keys/ sessions etc. - */ - if (session->connection_state.write_mac_secret.data != NULL) - _gnutls_free_datum(&session->connection_state.write_mac_secret); + /* Free all the previous keys/ sessions etc. + */ + if (session->connection_state.write_mac_secret.data != NULL) + _gnutls_free_datum (&session->connection_state.write_mac_secret); - if (session->connection_state.write_cipher_state != NULL) - _gnutls_cipher_deinit(session->connection_state. - write_cipher_state); + if (session->connection_state.write_cipher_state != NULL) + _gnutls_cipher_deinit (session->connection_state.write_cipher_state); - if (session->connection_state.write_compression_state != NULL) - _gnutls_comp_deinit(session->connection_state. - write_compression_state, 0); + if (session->connection_state.write_compression_state != NULL) + _gnutls_comp_deinit (session->connection_state. + write_compression_state, 0); - mac_size = - _gnutls_hash_get_algo_len(session->security_parameters. - write_mac_algorithm); + mac_size = + _gnutls_hash_get_algo_len (session->security_parameters. + write_mac_algorithm); - _gnutls_handshake_log - ("HSK[%x]: Initializing internal [write] cipher sessions\n", - session); + _gnutls_handshake_log + ("HSK[%x]: Initializing internal [write] cipher sessions\n", session); - switch (session->security_parameters.entity) { + switch (session->security_parameters.entity) + { case GNUTLS_SERVER: - /* initialize cipher session - */ - session->connection_state.write_cipher_state = - _gnutls_cipher_init(session->security_parameters. - write_bulk_cipher_algorithm, - &session->cipher_specs. - server_write_key, - &session->cipher_specs.server_write_IV); - - if (session->connection_state.write_cipher_state == - GNUTLS_CIPHER_FAILED - && session->security_parameters. - write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + /* initialize cipher session + */ + session->connection_state.write_cipher_state = + _gnutls_cipher_init (session->security_parameters. + write_bulk_cipher_algorithm, + &session->cipher_specs. + server_write_key, + &session->cipher_specs.server_write_IV); + + if (session->connection_state.write_cipher_state == + GNUTLS_CIPHER_FAILED + && session->security_parameters. + write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - /* copy mac secrets from cipherspecs, to connection - * session. - */ - if (mac_size > 0) { - if (_gnutls_sset_datum(&session->connection_state. - write_mac_secret, - session->cipher_specs. - server_write_mac_secret.data, - session->cipher_specs. - server_write_mac_secret.size) < 0) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + /* copy mac secrets from cipherspecs, to connection + * session. + */ + if (mac_size > 0) + { + if (_gnutls_sset_datum (&session->connection_state. + write_mac_secret, + session->cipher_specs. + server_write_mac_secret.data, + session->cipher_specs. + server_write_mac_secret.size) < 0) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } } - break; + break; case GNUTLS_CLIENT: - session->connection_state.write_cipher_state = - _gnutls_cipher_init(session->security_parameters. - write_bulk_cipher_algorithm, - &session->cipher_specs. - client_write_key, - &session->cipher_specs.client_write_IV); - - if (session->connection_state.write_cipher_state == - GNUTLS_CIPHER_FAILED - && session->security_parameters. - write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + session->connection_state.write_cipher_state = + _gnutls_cipher_init (session->security_parameters. + write_bulk_cipher_algorithm, + &session->cipher_specs. + client_write_key, + &session->cipher_specs.client_write_IV); + + if (session->connection_state.write_cipher_state == + GNUTLS_CIPHER_FAILED + && session->security_parameters. + write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - /* copy mac secret to connection session - */ - if (mac_size > 0) { - if (_gnutls_sset_datum(&session->connection_state. - write_mac_secret, - session->cipher_specs. - client_write_mac_secret.data, - session->cipher_specs. - client_write_mac_secret.size) < 0) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + /* copy mac secret to connection session + */ + if (mac_size > 0) + { + if (_gnutls_sset_datum (&session->connection_state. + write_mac_secret, + session->cipher_specs. + client_write_mac_secret.data, + session->cipher_specs. + client_write_mac_secret.size) < 0) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } } - break; + break; default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - session->connection_state.write_compression_state = - _gnutls_comp_init(session->security_parameters. - write_compression_algorithm, 0); + session->connection_state.write_compression_state = + _gnutls_comp_init (session->security_parameters. + write_compression_algorithm, 0); - if (session->connection_state.write_compression_state == - GNUTLS_COMP_FAILED) { - gnutls_assert(); - return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; + if (session->connection_state.write_compression_state == GNUTLS_COMP_FAILED) + { + gnutls_assert (); + return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; } - return 0; + return 0; } /* Sets the specified cipher into the pending session */ -int _gnutls_set_read_cipher(gnutls_session_t session, - gnutls_cipher_algorithm_t algo) +int +_gnutls_set_read_cipher (gnutls_session_t session, + gnutls_cipher_algorithm_t algo) { - if (_gnutls_cipher_is_ok(algo) == 0) { - if (_gnutls_cipher_priority(session, algo) < 0) { - gnutls_assert(); - return GNUTLS_E_UNWANTED_ALGORITHM; + if (_gnutls_cipher_is_ok (algo) == 0) + { + if (_gnutls_cipher_priority (session, algo) < 0) + { + gnutls_assert (); + return GNUTLS_E_UNWANTED_ALGORITHM; } - session->security_parameters.read_bulk_cipher_algorithm = algo; + session->security_parameters.read_bulk_cipher_algorithm = algo; - } else { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + } + else + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - return 0; + return 0; } -int _gnutls_set_write_cipher(gnutls_session_t session, - gnutls_cipher_algorithm_t algo) +int +_gnutls_set_write_cipher (gnutls_session_t session, + gnutls_cipher_algorithm_t algo) { - if (_gnutls_cipher_is_ok(algo) == 0) { - if (_gnutls_cipher_priority(session, algo) < 0) { - gnutls_assert(); - return GNUTLS_E_UNWANTED_ALGORITHM; + if (_gnutls_cipher_is_ok (algo) == 0) + { + if (_gnutls_cipher_priority (session, algo) < 0) + { + gnutls_assert (); + return GNUTLS_E_UNWANTED_ALGORITHM; } - session->security_parameters.write_bulk_cipher_algorithm = algo; + session->security_parameters.write_bulk_cipher_algorithm = algo; - } else { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + } + else + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - return 0; + return 0; } /* Sets the specified algorithm into pending compression session */ -int _gnutls_set_read_compression(gnutls_session_t session, - gnutls_compression_method_t algo) +int +_gnutls_set_read_compression (gnutls_session_t session, + gnutls_compression_method_t algo) { - if (_gnutls_compression_is_ok(algo) == 0) { - session->security_parameters.read_compression_algorithm = algo; - } else { - gnutls_assert(); - return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; + if (_gnutls_compression_is_ok (algo) == 0) + { + session->security_parameters.read_compression_algorithm = algo; + } + else + { + gnutls_assert (); + return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; } - return 0; + return 0; } -int _gnutls_set_write_compression(gnutls_session_t session, - gnutls_compression_method_t algo) +int +_gnutls_set_write_compression (gnutls_session_t session, + gnutls_compression_method_t algo) { - if (_gnutls_compression_is_ok(algo) == 0) { - session->security_parameters.write_compression_algorithm = algo; - } else { - gnutls_assert(); - return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; + if (_gnutls_compression_is_ok (algo) == 0) + { + session->security_parameters.write_compression_algorithm = algo; } - return 0; + else + { + gnutls_assert (); + return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; + } + return 0; } /* Sets the specified kx algorithm into pending session */ -int _gnutls_set_kx(gnutls_session_t session, gnutls_kx_algorithm_t algo) +int +_gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo) { - if (_gnutls_kx_is_ok(algo) == 0) { - session->security_parameters.kx_algorithm = algo; - } else { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + if (_gnutls_kx_is_ok (algo) == 0) + { + session->security_parameters.kx_algorithm = algo; + } + else + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - if (_gnutls_kx_priority(session, algo) < 0) { - gnutls_assert(); - /* we shouldn't get here */ - return GNUTLS_E_UNWANTED_ALGORITHM; + if (_gnutls_kx_priority (session, algo) < 0) + { + gnutls_assert (); + /* we shouldn't get here */ + return GNUTLS_E_UNWANTED_ALGORITHM; } - return 0; + return 0; } /* Sets the specified mac algorithm into pending session */ -int _gnutls_set_read_mac(gnutls_session_t session, - gnutls_mac_algorithm_t algo) +int +_gnutls_set_read_mac (gnutls_session_t session, gnutls_mac_algorithm_t algo) { - if (_gnutls_mac_is_ok(algo) == 0) { - session->security_parameters.read_mac_algorithm = algo; - } else { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + if (_gnutls_mac_is_ok (algo) == 0) + { + session->security_parameters.read_mac_algorithm = algo; } - if (_gnutls_mac_priority(session, algo) < 0) { - gnutls_assert(); - return GNUTLS_E_UNWANTED_ALGORITHM; + else + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + if (_gnutls_mac_priority (session, algo) < 0) + { + gnutls_assert (); + return GNUTLS_E_UNWANTED_ALGORITHM; } - return 0; + return 0; } -int _gnutls_set_write_mac(gnutls_session_t session, - gnutls_mac_algorithm_t algo) +int +_gnutls_set_write_mac (gnutls_session_t session, gnutls_mac_algorithm_t algo) { - if (_gnutls_mac_is_ok(algo) == 0) { - session->security_parameters.write_mac_algorithm = algo; - } else { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + if (_gnutls_mac_is_ok (algo) == 0) + { + session->security_parameters.write_mac_algorithm = algo; + } + else + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - if (_gnutls_mac_priority(session, algo) < 0) { - gnutls_assert(); - return GNUTLS_E_UNWANTED_ALGORITHM; + if (_gnutls_mac_priority (session, algo) < 0) + { + gnutls_assert (); + return GNUTLS_E_UNWANTED_ALGORITHM; } - return 0; + return 0; } |