From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 15 Sep 2017 11:54:25 +0000 (+0200)
Subject: handshake: parse new session ticket message
X-Git-Tag: gnutls_3_6_3~382
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3e796a094e68e12bc05d4959dfb6abe46293d47a;p=thirdparty%2Fgnutls.git

handshake: parse new session ticket message

That does not include extension handling.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---

diff --git a/lib/Makefile.am b/lib/Makefile.am
index 54bb8690f0..fe5c9236af 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -92,6 +92,7 @@ COBJECTS += tls13/encrypted_extensions.c tls13/encrypted_extensions.h \
 	tls13/certificate_verify.c tls13/certificate_verify.h \
 	tls13-sig.c tls13-sig.h \
 	tls13/finished.c tls13/finished.h \
+	tls13/session_ticket.c tls13/session_ticket.h \
 	tls13/certificate.c tls13/certificate.h
 
 if ENABLE_PKCS11
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c
index 456442e3e9..4cce3d631d 100644
--- a/lib/handshake-tls13.c
+++ b/lib/handshake-tls13.c
@@ -52,6 +52,7 @@
 #include "tls13/certificate_verify.h"
 #include "tls13/certificate.h"
 #include "tls13/finished.h"
+#include "tls13/session_ticket.h"
 
 static int generate_hs_traffic_keys(gnutls_session_t session);
 static int generate_ap_traffic_keys(gnutls_session_t session);
@@ -256,3 +257,43 @@ int _gnutls13_handshake_server(gnutls_session_t session)
 	return 0;
 }
 
+int
+_gnutls13_recv_async_handshake(gnutls_session_t session, gnutls_buffer_st *buf)
+{
+	uint8_t type;
+	int ret;
+	size_t handshake_header_size = HANDSHAKE_HEADER_SIZE(session);
+	size_t length;
+
+	if (buf->length < handshake_header_size) {
+		gnutls_assert();
+		return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+	}
+
+	if (session->security_parameters.entity == GNUTLS_CLIENT) {
+		ret = _gnutls_buffer_pop_prefix8(buf, &type, 0);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+
+		ret = _gnutls_buffer_pop_prefix24(buf, &length, 1);
+		if (ret < 0)
+			return gnutls_assert_val(ret);
+
+		switch(type) {
+			case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
+				ret = _gnutls13_recv_session_ticket(session, buf);
+				if (ret < 0)
+					return gnutls_assert_val(ret);
+				break;
+			default:
+				gnutls_assert();
+				return GNUTLS_E_UNEXPECTED_PACKET;
+		}
+
+	} else {
+		gnutls_assert();
+		return GNUTLS_E_UNEXPECTED_PACKET;
+	}
+
+	return 0;
+}
diff --git a/lib/handshake.h b/lib/handshake.h
index 90d82b8e9c..0e63ee39b4 100644
--- a/lib/handshake.h
+++ b/lib/handshake.h
@@ -123,4 +123,7 @@ int _gnutls_send_finished(gnutls_session_t session, int again);
 int _gnutls13_handshake_client(gnutls_session_t session);
 int _gnutls13_handshake_server(gnutls_session_t session);
 
+int
+_gnutls13_recv_async_handshake(gnutls_session_t session, gnutls_buffer_st *buf);
+
 #endif
diff --git a/lib/record.c b/lib/record.c
index 5be4ba3094..44585078f9 100644
--- a/lib/record.c
+++ b/lib/record.c
@@ -756,6 +756,7 @@ record_add_to_buffers(gnutls_session_t session,
 {
 
 	int ret;
+	const version_entry_st *ver = get_version(session);
 
 	if ((recv->type == type)
 	    && (type == GNUTLS_APPLICATION_DATA ||
@@ -912,6 +913,22 @@ record_add_to_buffers(gnutls_session_t session,
 				}
 			}
 
+			/* retrieve async handshake messages */
+			if (ver->tls13_sem) {
+				gnutls_buffer_st buf;
+
+				_gnutls_ro_buffer_from_datum(&buf, &bufel->msg);
+				ret = _gnutls13_recv_async_handshake(session,
+								     &buf);
+				if (ret < 0) {
+					gnutls_assert();
+				} else {
+					ret = GNUTLS_E_AGAIN;
+				}
+
+				goto cleanup;
+			}
+
 			/* This is legal if HELLO_REQUEST is received - and we are a client.
 			 * If we are a server, a client may initiate a renegotiation at any time.
 			 */
diff --git a/lib/tls13/session_ticket.c b/lib/tls13/session_ticket.c
new file mode 100644
index 0000000000..3dbec9260f
--- /dev/null
+++ b/lib/tls13/session_ticket.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2017 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#include "gnutls_int.h"
+#include "errors.h"
+#include "extv.h"
+#include "handshake.h"
+#include "tls13/session_ticket.h"
+#include "auth/cert.h"
+
+static int parse_nst_extension(void *ctx, uint16_t tls_id, const uint8_t *data, int data_size);
+
+int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *buf)
+{
+	int ret;
+	size_t val;
+	gnutls_datum_t nonce;
+	gnutls_datum_t ticket;
+
+	_gnutls_handshake_log("HSK[%p]: parsing session ticket message\n", session);
+
+	/* ticket_lifetime */
+	ret = _gnutls_buffer_pop_prefix32(buf, &val, 0);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	/* ticket_age_add */
+	ret = _gnutls_buffer_pop_prefix32(buf, &val, 0);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = _gnutls_buffer_pop_datum_prefix8(buf, &nonce);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = _gnutls_buffer_pop_datum_prefix16(buf, &ticket);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = _gnutls_extv_parse(NULL, parse_nst_extension, buf->data, buf->length);
+	if (ret < 0) {
+		gnutls_assert();
+		goto cleanup;
+	}
+
+	ret = 0;
+cleanup:
+
+	return ret;
+}
+
+static int parse_nst_extension(void *ctx, uint16_t tls_id, const uint8_t *data, int data_size)
+{
+	/* ignore all extensions */
+	return 0;
+}
diff --git a/lib/tls13/session_ticket.h b/lib/tls13/session_ticket.h
new file mode 100644
index 0000000000..1c31589a26
--- /dev/null
+++ b/lib/tls13/session_ticket.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright (C) 2017 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *buf);