KTLS: send update key request

Set hanshake send function after interface initialization
TODO: handel setting function differently

Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>

diff --git a/lib/record.c b/lib/record.c
index fd24acaf1a30e74d94d3599c5a72b61136e89010..aad128e1f2c7f6e55a41aa4da6b771284882a951 100644 (file)
--- a/lib/record.c
+++ b/lib/record.c
@@ -2065,11 +2065,17 @@ gnutls_record_send2(gnutls_session_t session, const void *data,
                        session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_3;
                        FALLTHROUGH;
                case RECORD_SEND_KEY_UPDATE_3:
-                       ret = _gnutls_send_int(session, GNUTLS_APPLICATION_DATA,
-                                               -1, EPOCH_WRITE_CURRENT,
-                                               session->internals.record_key_update_buffer.data,
-                                               session->internals.record_key_update_buffer.length,
-                                               MBUFFER_FLUSH);
+                       if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND)) {
+                               return _gnutls_ktls_send(session,
+                                                        session->internals.record_key_update_buffer.data,
+                                                        session->internals.record_key_update_buffer.length);
+                       } else {
+                               ret = _gnutls_send_int(session, GNUTLS_APPLICATION_DATA,
+                                                       -1, EPOCH_WRITE_CURRENT,
+                                                       session->internals.record_key_update_buffer.data,
+                                                       session->internals.record_key_update_buffer.length,
+                                                       MBUFFER_FLUSH);
+                       }
                        _gnutls_buffer_clear(&session->internals.record_key_update_buffer);
                        session->internals.rsend_state = RECORD_SEND_NORMAL;
                        if (ret < 0)
@@ -2494,8 +2500,11 @@ gnutls_handshake_write(gnutls_session_t session,
                return gnutls_assert_val(0);
 
        /* When using this, the outgoing handshake messages should
-        * also be handled manually */
-       if (!session->internals.h_read_func)
+        * also be handled manually unless KTLS is enabled exclusively
+        * in GNUTLS_KTLS_RECV mode in which case the outgoing messages
+        * are handled by GnuTLS.
+        */
+       if (!session->internals.h_read_func && !IS_KTLS_ENABLED(session, GNUTLS_KTLS_RECV))
                return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
        if (session->internals.initial_negotiation_completed) {

diff --git a/lib/system/ktls.c b/lib/system/ktls.c
index 70b9b9b3ac3d797ee136471ce41039b5e1240481..5da0a8069cfb0a313ee8600ef1d8faaed253cf32 100644 (file)
--- a/lib/system/ktls.c
+++ b/lib/system/ktls.c
@@ -269,6 +269,9 @@ int _gnutls_ktls_set_keys(gnutls_session_t session, gnutls_transport_ktls_enable
                        default:
                                assert(0);
                }
+               // set callback for sending handshake messages
+               gnutls_handshake_set_read_function(session,
+                                                  _gnutls_ktls_send_handshake_msg);
        }
 
        return in;
@@ -355,6 +358,15 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session,
        return data_size;
 }
 
+int _gnutls_ktls_send_handshake_msg(gnutls_session_t session,
+                                   gnutls_record_encryption_level_t level,
+                                   gnutls_handshake_description_t htype,
+                                   const void *data, size_t data_size)
+{
+       return _gnutls_ktls_send_control_msg(session, GNUTLS_HANDSHAKE,
+                                            data, data_size);
+}
+
 int _gnutls_ktls_recv_control_msg(gnutls_session_t session,
                        unsigned char *record_type, void *data, size_t data_size)
 {
@@ -481,6 +493,15 @@ int _gnutls_ktls_send_control_msg(gnutls_session_t session,
        return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
 }
 
+int _gnutls_ktls_send_handshake_msg(gnutls_session_t session,
+                                   gnutls_record_encryption_level_t level,
+                                   gnutls_handshake_description_t htype,
+                                   const void *data, size_t data_size)
+{
+       (void)level;
+       return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
+}
+
 int _gnutls_ktls_recv_int(gnutls_session_t session, content_type_t type,
                void *data, size_t data_size) {
        return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);

diff --git a/lib/system/ktls.h b/lib/system/ktls.h
index c8059092d065f819fc95f4861292917b87d829a8..8d61a49dfb25b3797e2f48d1282bfc5abf137ff8 100644 (file)
--- a/lib/system/ktls.h
+++ b/lib/system/ktls.h
@@ -10,6 +10,11 @@ int _gnutls_ktls_set_keys(gnutls_session_t session, gnutls_transport_ktls_enable
 ssize_t _gnutls_ktls_send_file(gnutls_session_t session, int fd,
                off_t *offset, size_t count);
 
+int _gnutls_ktls_send_handshake_msg(gnutls_session_t session,
+                                   gnutls_record_encryption_level_t level,
+                                   gnutls_handshake_description_t htype,
+                                   const void *data, size_t data_size);
+
 int _gnutls_ktls_send_control_msg(gnutls_session_t session, unsigned char record_type,
                const void *data, size_t data_size);
 #define _gnutls_ktls_send(x, y, z) _gnutls_ktls_send_control_msg(x, GNUTLS_APPLICATION_DATA, y, z);