That does not include extension handling.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
tls13/certificate_verify.c tls13/certificate_verify.h \
tls13-sig.c tls13-sig.h \
tls13/finished.c tls13/finished.h \
+ tls13/session_ticket.c tls13/session_ticket.h \
tls13/certificate.c tls13/certificate.h
if ENABLE_PKCS11
#include "tls13/certificate_verify.h"
#include "tls13/certificate.h"
#include "tls13/finished.h"
+#include "tls13/session_ticket.h"
static int generate_hs_traffic_keys(gnutls_session_t session);
static int generate_ap_traffic_keys(gnutls_session_t session);
return 0;
}
+int
+_gnutls13_recv_async_handshake(gnutls_session_t session, gnutls_buffer_st *buf)
+{
+ uint8_t type;
+ int ret;
+ size_t handshake_header_size = HANDSHAKE_HEADER_SIZE(session);
+ size_t length;
+
+ if (buf->length < handshake_header_size) {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
+ ret = _gnutls_buffer_pop_prefix8(buf, &type, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_buffer_pop_prefix24(buf, &length, 1);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ switch(type) {
+ case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
+ ret = _gnutls13_recv_session_ticket(session, buf);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ break;
+ default:
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+
+ return 0;
+}
int _gnutls13_handshake_client(gnutls_session_t session);
int _gnutls13_handshake_server(gnutls_session_t session);
+int
+_gnutls13_recv_async_handshake(gnutls_session_t session, gnutls_buffer_st *buf);
+
#endif
{
int ret;
+ const version_entry_st *ver = get_version(session);
if ((recv->type == type)
&& (type == GNUTLS_APPLICATION_DATA ||
}
}
+ /* retrieve async handshake messages */
+ if (ver->tls13_sem) {
+ gnutls_buffer_st buf;
+
+ _gnutls_ro_buffer_from_datum(&buf, &bufel->msg);
+ ret = _gnutls13_recv_async_handshake(session,
+ &buf);
+ if (ret < 0) {
+ gnutls_assert();
+ } else {
+ ret = GNUTLS_E_AGAIN;
+ }
+
+ goto cleanup;
+ }
+
/* This is legal if HELLO_REQUEST is received - and we are a client.
* If we are a server, a client may initiate a renegotiation at any time.
*/
--- /dev/null
+/*
+ * Copyright (C) 2017 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#include "gnutls_int.h"
+#include "errors.h"
+#include "extv.h"
+#include "handshake.h"
+#include "tls13/session_ticket.h"
+#include "auth/cert.h"
+
+static int parse_nst_extension(void *ctx, uint16_t tls_id, const uint8_t *data, int data_size);
+
+int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *buf)
+{
+ int ret;
+ size_t val;
+ gnutls_datum_t nonce;
+ gnutls_datum_t ticket;
+
+ _gnutls_handshake_log("HSK[%p]: parsing session ticket message\n", session);
+
+ /* ticket_lifetime */
+ ret = _gnutls_buffer_pop_prefix32(buf, &val, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* ticket_age_add */
+ ret = _gnutls_buffer_pop_prefix32(buf, &val, 0);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_buffer_pop_datum_prefix8(buf, &nonce);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_buffer_pop_datum_prefix16(buf, &ticket);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _gnutls_extv_parse(NULL, parse_nst_extension, buf->data, buf->length);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+cleanup:
+
+ return ret;
+}
+
+static int parse_nst_extension(void *ctx, uint16_t tls_id, const uint8_t *data, int data_size)
+{
+ /* ignore all extensions */
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2017 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+int _gnutls13_recv_session_ticket(gnutls_session_t session, gnutls_buffer_st *buf);
projects / thirdparty / gnutls.git / commitdiff
