From: Jonathan Bastien-Filiatrault Date: Tue, 28 Jul 2009 16:03:17 +0000 (-0400) Subject: dtls: Add hanshake fragment headers when sending handshake. X-Git-Tag: gnutls_2_99_0~251 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9eaa74e2698a4659851de05fcd0f5bcbc5075d96;p=thirdparty%2Fgnutls.git dtls: Add hanshake fragment headers when sending handshake. Signed-off-by: Nikos Mavrogiannopoulos --- diff --git a/lib/debug.c b/lib/debug.c index ec4988af5e..c9b367d035 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -81,6 +81,9 @@ _gnutls_handshake2str (gnutls_handshake_description_t handshake) case GNUTLS_HANDSHAKE_SERVER_HELLO: return "SERVER HELLO"; break; + case GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: + return "HELLO VERIFY REQUEST"; + break; case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: return "CERTIFICATE"; break; diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 75751edae5..e1f1a5560d 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1169,7 +1169,7 @@ _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel, { int ret; uint8_t *data; - uint32_t datasize; + uint32_t datasize, i_datasize; int pos = 0; if (bufel == NULL) @@ -1184,13 +1184,32 @@ _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel, /* first run */ data = _mbuffer_get_uhead_ptr (bufel); - datasize = - _mbuffer_get_udata_size (bufel) + _mbuffer_get_uhead_size (bufel); + i_datasize = _mbuffer_get_udata_size(bufel); + datasize = i_datasize + _mbuffer_get_uhead_size (bufel); data[pos++] = (uint8_t) type; _gnutls_write_uint24 (_mbuffer_get_udata_size (bufel), &data[pos]); pos += 3; + /* Add DTLS handshake fragment headers. The message will be + * fragmented later by the fragmentation sub-layer. All fields must + * be set properly for HMAC. The HMAC requires we pretend that the + * message was sent in a single fragment. */ + if (_gnutls_is_dtls(session)) + { + /* FIXME: dummy sequence number */ + _gnutls_write_uint16 (0, &data[pos]); + pos += 2; + + /* Fragment offset */ + _gnutls_write_uint24 (0, &data[pos]); + pos += 3; + + /* Fragment length */ + _gnutls_write_uint24 (i_datasize, &data[pos]); + pos += 3; + } + _gnutls_handshake_log ("HSK[%p]: %s was sent [%ld bytes]\n", session, _gnutls_handshake2str (type), (long) datasize); @@ -2033,6 +2052,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) int rehandshake = 0; uint8_t session_id_len = session->internals.resumed_security_parameters.session_id_size; + uint8_t cookie_len; _gnutls_buffer_init(&extdata); @@ -2043,8 +2063,16 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) if (again == 0) { + if(_gnutls_is_dtls(session)) + { + cookie_len = session->internals.dtls.cookie_len + 1; + } + else + { + cookie_len = 0; + } - datalen = 2 + (session_id_len + 1) + GNUTLS_RANDOM_SIZE; + datalen = 2 + (session_id_len + 1) + GNUTLS_RANDOM_SIZE + cookie_len; /* 2 for version, (4 for unix time + 28 for random bytes==GNUTLS_RANDOM_SIZE) */ @@ -2123,6 +2151,14 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) pos += session_id_len; } + /* Copy the DTLS cookie + */ + if (_gnutls_is_dtls(session)) + { + data[pos++] = session->internals.dtls.cookie_len; + memcpy(&data[pos], &session->internals.dtls.cookie, session->internals.dtls.cookie_len); + pos += session->internals.dtls.cookie_len; + } /* Copy the ciphersuites. * diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 882baf3576..581acf3edd 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -404,6 +404,7 @@ extern "C" GNUTLS_HANDSHAKE_HELLO_REQUEST = 0, GNUTLS_HANDSHAKE_CLIENT_HELLO = 1, GNUTLS_HANDSHAKE_SERVER_HELLO = 2, + GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST = 3, GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4, GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11, GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,