diff options
Diffstat (limited to 'lib/session_pack.c')
-rw-r--r-- | lib/session_pack.c | 241 |
1 files changed, 114 insertions, 127 deletions
diff --git a/lib/session_pack.c b/lib/session_pack.c index 14d3677f9e..47ede0af4c 100644 --- a/lib/session_pack.c +++ b/lib/session_pack.c @@ -27,10 +27,10 @@ #include "gnutls_int.h" #ifdef ENABLE_SRP -#include <auth/srp_kx.h> +# include <auth/srp_kx.h> #endif #ifdef ENABLE_PSK -#include <auth/psk.h> +# include <auth/psk.h> #endif #include <auth/anon.h> #include <auth/cert.h> @@ -77,7 +77,6 @@ static int tls13_unpack_security_parameters(gnutls_session_t session, static int tls13_pack_security_parameters(gnutls_session_t session, gnutls_buffer_st * packed_session); - /* Since auth_info structures contain malloced data, this function * is required in order to pack these structures in a vector in * order to store them to the DB. @@ -87,8 +86,7 @@ static int tls13_pack_security_parameters(gnutls_session_t session, * The data will be in a platform independent format. */ int -_gnutls_session_pack(gnutls_session_t session, - gnutls_datum_t * packed_session) +_gnutls_session_pack(gnutls_session_t session, gnutls_datum_t * packed_session) { int ret; gnutls_buffer_st sb; @@ -101,7 +99,6 @@ _gnutls_session_pack(gnutls_session_t session, _gnutls_buffer_init(&sb); - id = gnutls_auth_get_type(session); BUFFER_APPEND_NUM(&sb, PACKED_SESSION_MAGIC); @@ -159,7 +156,6 @@ _gnutls_session_pack(gnutls_session_t session, goto fail; } - if (session->security_parameters.pversion->tls13_sem) { ret = tls13_pack_security_parameters(session, &sb); if (ret < 0) { @@ -179,12 +175,11 @@ _gnutls_session_pack(gnutls_session_t session, return _gnutls_buffer_to_datum(&sb, packed_session, 0); - fail: + fail: _gnutls_buffer_clear(&sb); return ret; } - /* Load session data from a buffer. */ int @@ -226,7 +221,7 @@ _gnutls_session_unpack(gnutls_session_t session, session->internals.resumed_security_parameters. timestamp); BUFFER_POP_NUM(&sb, expire_time); - (void) expire_time; + (void)expire_time; BUFFER_POP(&sb, &id, 1); switch (id) { @@ -299,7 +294,7 @@ _gnutls_session_unpack(gnutls_session_t session, ret = 0; - error: + error: _gnutls_buffer_clear(&sb); return ret; @@ -325,7 +320,7 @@ _gnutls_session_unpack(gnutls_session_t session, * its nonsense to store all that info. */ static int -tls13_pack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps) +tls13_pack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) { int ret = 0; uint32_t length = 0; @@ -340,13 +335,10 @@ tls13_pack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps) length += 4; BUFFER_APPEND_NUM(ps, ticket->age_add); length += 4; - BUFFER_APPEND_PFX1(ps, - ticket->nonce, - ticket->nonce_size); + BUFFER_APPEND_PFX1(ps, ticket->nonce, ticket->nonce_size); length += (1 + ticket->nonce_size); BUFFER_APPEND_PFX4(ps, - ticket->ticket.data, - ticket->ticket.size); + ticket->ticket.data, ticket->ticket.size); length += (4 + ticket->ticket.size); BUFFER_APPEND_PFX1(ps, ticket->resumption_master_secret, @@ -367,7 +359,8 @@ tls13_pack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps) } static int -tls13_unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps) +tls13_unpack_security_parameters(gnutls_session_t session, + gnutls_buffer_st * ps) { uint32_t ttl_len; tls13_ticket_st *ticket = &session->internals.tls13_ticket; @@ -382,9 +375,9 @@ tls13_unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps) ret = _gnutls_buffer_pop_datum_prefix8(ps, &t); if (ret < 0 || t.size > sizeof(ticket->nonce)) { - ret = GNUTLS_E_PARSING_ERROR; - gnutls_assert(); - goto error; + ret = GNUTLS_E_PARSING_ERROR; + gnutls_assert(); + goto error; } ticket->nonce_size = t.size; memcpy(ticket->nonce, t.data, t.size); @@ -392,18 +385,22 @@ tls13_unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps) BUFFER_POP_DATUM(ps, &ticket->ticket); ret = _gnutls_buffer_pop_datum_prefix8(ps, &t); - if (ret < 0 || t.size > sizeof(ticket->resumption_master_secret)) { - ret = GNUTLS_E_PARSING_ERROR; - gnutls_assert(); - goto error; + if (ret < 0 + || t.size > sizeof(ticket->resumption_master_secret)) { + ret = GNUTLS_E_PARSING_ERROR; + gnutls_assert(); + goto error; } memcpy(ticket->resumption_master_secret, t.data, t.size); - if (unlikely(session->internals.resumed_security_parameters.prf == NULL || - session->internals.resumed_security_parameters.prf->output_size != t.size)) + if (unlikely + (session->internals.resumed_security_parameters.prf == NULL + || session->internals.resumed_security_parameters. + prf->output_size != t.size)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - ticket->prf = session->internals.resumed_security_parameters.prf; + ticket->prf = + session->internals.resumed_security_parameters.prf; BUFFER_POP_TS(ps, ticket->arrival_time); BUFFER_POP_NUM(ps, @@ -411,7 +408,7 @@ tls13_unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st *ps) max_early_data_size); } -error: + error: return ret; } @@ -442,7 +439,8 @@ pack_certificate_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) { unsigned int i; int cur_size, ret; - cert_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); + cert_auth_info_t info = + _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); int size_offset; size_offset = ps->length; @@ -463,36 +461,29 @@ pack_certificate_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) for (i = 0; i < info->ncerts; i++) { BUFFER_APPEND_PFX4(ps, - info->raw_certificate_list[i]. - data, - info->raw_certificate_list[i]. - size); + info->raw_certificate_list[i].data, + info->raw_certificate_list[i].size); } BUFFER_APPEND_NUM(ps, info->nocsp); for (i = 0; i < info->nocsp; i++) { BUFFER_APPEND_PFX4(ps, - info->raw_ocsp_list[i]. - data, - info->raw_ocsp_list[i]. - size); + info->raw_ocsp_list[i].data, + info->raw_ocsp_list[i].size); } } /* write the real size */ - _gnutls_write_uint32(ps->length - cur_size, - ps->data + size_offset); + _gnutls_write_uint32(ps->length - cur_size, ps->data + size_offset); return 0; } - /* Upack certificate info. */ static int -unpack_certificate_auth_info(gnutls_session_t session, - gnutls_buffer_st * ps) +unpack_certificate_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) { int ret; unsigned int i = 0, j = 0; @@ -510,7 +501,7 @@ unpack_certificate_auth_info(gnutls_session_t session, */ ret = _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, - sizeof(cert_auth_info_st), 1); + sizeof(cert_auth_info_st), 1); if (ret < 0) { gnutls_assert(); return ret; @@ -563,7 +554,7 @@ unpack_certificate_auth_info(gnutls_session_t session, return 0; - error: + error: if (info) { _gnutls_free_datum(&info->dh.prime); _gnutls_free_datum(&info->dh.generator); @@ -592,10 +583,10 @@ unpack_certificate_auth_info(gnutls_session_t session, * 4 bytes the size of the SRP username (x) * x bytes the SRP username */ -static int -pack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) +static int pack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) { - srp_server_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_SRP); + srp_server_auth_info_t info = + _gnutls_get_auth_info(session, GNUTLS_CRD_SRP); int len, ret; int size_offset; size_t cur_size; @@ -604,7 +595,7 @@ pack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) if (info) { if (info->username) { username = info->username; - len = strlen(info->username) + 1; /* include the terminating null */ + len = strlen(info->username) + 1; /* include the terminating null */ } else { username = "\0"; len = 1; @@ -619,15 +610,12 @@ pack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) BUFFER_APPEND_PFX4(ps, username, len); /* write the real size */ - _gnutls_write_uint32(ps->length - cur_size, - ps->data + size_offset); + _gnutls_write_uint32(ps->length - cur_size, ps->data + size_offset); return 0; } - -static int -unpack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) +static int unpack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) { size_t username_size; int ret; @@ -658,12 +646,11 @@ unpack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) ret = 0; - error: + error: return ret; } #endif - #ifdef ENABLE_ANON /* Packs the ANON session authentication data. */ @@ -679,8 +666,7 @@ unpack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) * 4 bytes the size of the public key * x bytes the public key */ -static int -pack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) +static int pack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) { int cur_size, ret; anon_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON); @@ -701,13 +687,11 @@ pack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) } /* write the real size */ - _gnutls_write_uint32(ps->length - cur_size, - ps->data + size_offset); + _gnutls_write_uint32(ps->length - cur_size, ps->data + size_offset); return 0; } - static int unpack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) { @@ -724,7 +708,7 @@ unpack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) */ ret = _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, - sizeof(anon_auth_info_st), 1); + sizeof(anon_auth_info_st), 1); if (ret < 0) { gnutls_assert(); return ret; @@ -742,7 +726,7 @@ unpack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) return 0; - error: + error: if (info) { _gnutls_free_datum(&info->dh.prime); _gnutls_free_datum(&info->dh.generator); @@ -771,8 +755,7 @@ unpack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) * 4 bytes the size of the public key * x bytes the public key */ -static int -pack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) +static int pack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) { psk_auth_info_t info; int username_len; @@ -785,7 +768,7 @@ pack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); username_len = info->username_len; - hint_len = info->hint_len + 1; /* include the terminating null */ + hint_len = info->hint_len + 1; /* include the terminating null */ size_offset = ps->length; BUFFER_APPEND_NUM(ps, 0); @@ -802,13 +785,11 @@ pack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) info->dh.public_key.size); /* write the real size */ - _gnutls_write_uint32(ps->length - cur_size, - ps->data + size_offset); + _gnutls_write_uint32(ps->length - cur_size, ps->data + size_offset); return 0; } -static int -unpack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) +static int unpack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) { size_t username_size, hint_size; int ret; @@ -817,7 +798,7 @@ unpack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) ret = _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, - sizeof(psk_auth_info_st), 1); + sizeof(psk_auth_info_st), 1); if (ret < 0) { gnutls_assert(); return ret; @@ -863,7 +844,7 @@ unpack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) ret = 0; - error: + error: _gnutls_free_datum(&info->dh.prime); _gnutls_free_datum(&info->dh.generator); _gnutls_free_datum(&info->dh.public_key); @@ -872,7 +853,6 @@ unpack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) } #endif - /* Packs the security parameters. */ static int @@ -905,13 +885,10 @@ pack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) BUFFER_APPEND_NUM(ps, session->security_parameters.entity); BUFFER_APPEND_NUM(ps, session->security_parameters.prf->id); - BUFFER_APPEND_NUM(ps, - session->security_parameters.client_auth_type); - BUFFER_APPEND_NUM(ps, - session->security_parameters.server_auth_type); + BUFFER_APPEND_NUM(ps, session->security_parameters.client_auth_type); + BUFFER_APPEND_NUM(ps, session->security_parameters.server_auth_type); - BUFFER_APPEND(ps, &session->security_parameters.session_id_size, - 1); + BUFFER_APPEND(ps, &session->security_parameters.session_id_size, 1); BUFFER_APPEND(ps, session->security_parameters.session_id, session->security_parameters.session_id_size); @@ -925,16 +902,20 @@ pack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) /* if we are under TLS 1.3 do not pack keys or params negotiated using an extension * they are not necessary */ if (!session->security_parameters.pversion->tls13_sem) { - BUFFER_APPEND_PFX1(ps, session->security_parameters.master_secret, - GNUTLS_MASTER_SIZE); - BUFFER_APPEND_PFX1(ps, session->security_parameters.client_random, - GNUTLS_RANDOM_SIZE); - BUFFER_APPEND_PFX1(ps, session->security_parameters.server_random, - GNUTLS_RANDOM_SIZE); + BUFFER_APPEND_PFX1(ps, + session->security_parameters.master_secret, + GNUTLS_MASTER_SIZE); + BUFFER_APPEND_PFX1(ps, + session->security_parameters.client_random, + GNUTLS_RANDOM_SIZE); + BUFFER_APPEND_PFX1(ps, + session->security_parameters.server_random, + GNUTLS_RANDOM_SIZE); /* reset max_record_recv_size if it was negotiated * using the record_size_limit extension */ - if (session->internals.hsk_flags & HSK_RECORD_SIZE_LIMIT_NEGOTIATED) { + if (session-> + internals.hsk_flags & HSK_RECORD_SIZE_LIMIT_NEGOTIATED) { BUFFER_APPEND_NUM(ps, session->security_parameters. max_user_record_send_size); @@ -951,24 +932,25 @@ pack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) } if (session->security_parameters.grp) { - BUFFER_APPEND_NUM(ps, session->security_parameters.grp->id); + BUFFER_APPEND_NUM(ps, + session->security_parameters.grp->id); } else { BUFFER_APPEND_NUM(ps, 0); } BUFFER_APPEND_NUM(ps, - session->security_parameters.server_sign_algo); - BUFFER_APPEND_NUM(ps, - session->security_parameters.client_sign_algo); + session-> + security_parameters.server_sign_algo); BUFFER_APPEND_NUM(ps, - session->security_parameters.ext_master_secret); + session-> + security_parameters.client_sign_algo); BUFFER_APPEND_NUM(ps, - session->security_parameters.etm); + session-> + security_parameters.ext_master_secret); + BUFFER_APPEND_NUM(ps, session->security_parameters.etm); } - - _gnutls_write_uint32(ps->length - cur_size, - ps->data + size_offset); + _gnutls_write_uint32(ps->length - cur_size, ps->data + size_offset); return 0; } @@ -988,19 +970,17 @@ unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) if (pack_size == 0) return GNUTLS_E_INVALID_REQUEST; - timestamp = - session->internals.resumed_security_parameters.timestamp; + timestamp = session->internals.resumed_security_parameters.timestamp; memset(&session->internals.resumed_security_parameters, 0, sizeof(session->internals.resumed_security_parameters)); - session->internals.resumed_security_parameters.timestamp = - timestamp; + session->internals.resumed_security_parameters.timestamp = timestamp; BUFFER_POP_NUM(ps, - session->internals.resumed_security_parameters. - entity); + session->internals.resumed_security_parameters.entity); BUFFER_POP_NUM(ps, version); - session->internals.resumed_security_parameters.prf = mac_to_entry(version); + session->internals.resumed_security_parameters.prf = + mac_to_entry(version); if (session->internals.resumed_security_parameters.prf == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); @@ -1016,16 +996,14 @@ unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) session_id_size, 1); BUFFER_POP(ps, - session->internals.resumed_security_parameters. - session_id, + session->internals.resumed_security_parameters.session_id, session->internals.resumed_security_parameters. session_id_size); BUFFER_POP_NUM(ps, version); session->internals.resumed_security_parameters.pversion = version_to_entry(version); - if (session->internals.resumed_security_parameters.pversion == - NULL) + if (session->internals.resumed_security_parameters.pversion == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); BUFFER_POP_NUM(ps, @@ -1036,7 +1014,8 @@ unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) server_ctype); BUFFER_POP(ps, cs, 2); - session->internals.resumed_security_parameters.cs = ciphersuite_to_entry(cs); + session->internals.resumed_security_parameters.cs = + ciphersuite_to_entry(cs); if (session->internals.resumed_security_parameters.cs == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); @@ -1049,7 +1028,9 @@ unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) goto error; } if (t.size == GNUTLS_MASTER_SIZE) - memcpy(session->internals.resumed_security_parameters.master_secret, t.data, t.size); + memcpy(session->internals. + resumed_security_parameters.master_secret, + t.data, t.size); /* client random */ ret = _gnutls_buffer_pop_datum_prefix8(ps, &t); @@ -1059,7 +1040,9 @@ unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) goto error; } if (t.size == GNUTLS_RANDOM_SIZE) - memcpy(session->internals.resumed_security_parameters.client_random, t.data, t.size); + memcpy(session->internals. + resumed_security_parameters.client_random, + t.data, t.size); /* server random */ ret = _gnutls_buffer_pop_datum_prefix8(ps, &t); @@ -1069,8 +1052,9 @@ unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) goto error; } if (t.size == GNUTLS_RANDOM_SIZE) - memcpy(session->internals.resumed_security_parameters.server_random, t.data, t.size); - + memcpy(session->internals. + resumed_security_parameters.server_random, + t.data, t.size); BUFFER_POP_NUM(ps, session->internals.resumed_security_parameters. @@ -1080,7 +1064,8 @@ unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) max_record_recv_size); BUFFER_POP_NUM(ps, ret); - session->internals.resumed_security_parameters.grp = _gnutls_id_to_group(ret); + session->internals.resumed_security_parameters.grp = + _gnutls_id_to_group(ret); /* it can be null */ BUFFER_POP_NUM(ps, @@ -1106,7 +1091,7 @@ unpack_security_parameters(gnutls_session_t session, gnutls_buffer_st * ps) ret = 0; - error: + error: return ret; } @@ -1148,37 +1133,40 @@ gnutls_session_set_premaster(gnutls_session_t session, unsigned int entity, session->internals.resumed_security_parameters.entity = entity; - ret = - _gnutls_cipher_suite_get_id(kx, cipher, mac, cs); + ret = _gnutls_cipher_suite_get_id(kx, cipher, mac, cs); if (ret < 0) return gnutls_assert_val(ret); - session->internals.resumed_security_parameters.cs = ciphersuite_to_entry(cs); + session->internals.resumed_security_parameters.cs = + ciphersuite_to_entry(cs); if (session->internals.resumed_security_parameters.cs == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); session->internals.resumed_security_parameters.client_ctype = - DEFAULT_CERT_TYPE; + DEFAULT_CERT_TYPE; session->internals.resumed_security_parameters.server_ctype = - DEFAULT_CERT_TYPE; + DEFAULT_CERT_TYPE; session->internals.resumed_security_parameters.pversion = version_to_entry(version); - if (session->internals.resumed_security_parameters.pversion == - NULL) + if (session->internals.resumed_security_parameters.pversion == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if (session->internals.resumed_security_parameters.pversion->selectable_prf) - session->internals.resumed_security_parameters.prf = mac_to_entry(session->internals.resumed_security_parameters.cs->prf); + if (session->internals.resumed_security_parameters. + pversion->selectable_prf) + session->internals.resumed_security_parameters.prf = + mac_to_entry(session->internals. + resumed_security_parameters.cs->prf); else - session->internals.resumed_security_parameters.prf = mac_to_entry(GNUTLS_MAC_MD5_SHA1); + session->internals.resumed_security_parameters.prf = + mac_to_entry(GNUTLS_MAC_MD5_SHA1); if (session->internals.resumed_security_parameters.prf == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (master->size != GNUTLS_MASTER_SIZE) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - memcpy(session->internals.resumed_security_parameters. - master_secret, master->data, master->size); + memcpy(session->internals.resumed_security_parameters.master_secret, + master->data, master->size); if (session_id->size > GNUTLS_MAX_SESSION_ID) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); @@ -1188,8 +1176,7 @@ gnutls_session_set_premaster(gnutls_session_t session, unsigned int entity, memcpy(session->internals.resumed_security_parameters.session_id, session_id->data, session_id->size); - session->internals.resumed_security_parameters. - max_record_send_size = + session->internals.resumed_security_parameters.max_record_send_size = session->internals.resumed_security_parameters. max_record_recv_size = DEFAULT_MAX_RECORD_SIZE; |