search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
moved ca-certs.
[gnutls.git] / lib / gnutls_session_pack.c
blob3e89b981e86d5cbc193a0cf08af9956c4945bb27
1 /*
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 /* Contains functions that are supposed to pack and unpack session data,
24 * before and after they are sent to the database backend.
25 */
26
27 #include <gnutls_int.h>
28 #ifdef ENABLE_SRP
29 #include <auth/srp.h>
30 #endif
31 #ifdef ENABLE_PSK
32 #include <auth/psk.h>
33 #endif
34 #include <auth/anon.h>
35 #include <auth/cert.h>
36 #include <gnutls_errors.h>
37 #include <gnutls_auth.h>
38 #include <gnutls_session_pack.h>
39 #include <gnutls_datum.h>
40 #include <gnutls_num.h>
41 #include <gnutls_extensions.h>
42 #include <gnutls_constate.h>
43
44 static int pack_certificate_auth_info (gnutls_session_t,
45 gnutls_buffer_st * packed_session);
46 static int unpack_certificate_auth_info (gnutls_session_t,
47 gnutls_buffer_st * packed_session);
48
49 static int unpack_srp_auth_info (gnutls_session_t session,
50 gnutls_buffer_st * packed_session);
51 static int pack_srp_auth_info (gnutls_session_t session,
52 gnutls_buffer_st * packed_session);
53
54 static int unpack_psk_auth_info (gnutls_session_t session,
55 gnutls_buffer_st * packed_session);
56 static int pack_psk_auth_info (gnutls_session_t session,
57 gnutls_buffer_st * packed_session);
58
59 static int unpack_anon_auth_info (gnutls_session_t session,
60 gnutls_buffer_st * packed_session);
61 static int pack_anon_auth_info (gnutls_session_t session,
62 gnutls_buffer_st * packed_session);
63
64 static int unpack_security_parameters (gnutls_session_t session,
65 gnutls_buffer_st * packed_session);
66 static int pack_security_parameters (gnutls_session_t session,
67 gnutls_buffer_st * packed_session);
68
69
70 /* Since auth_info structures contain malloced data, this function
71 * is required in order to pack these structures in a vector in
72 * order to store them to the DB.
73 *
74 * packed_session will contain the session data.
75 *
76 * The data will be in a platform independent format.
77 */
78 int
79 _gnutls_session_pack (gnutls_session_t session,
80 gnutls_datum_t * packed_session)
81 {
82 int ret;
83 gnutls_buffer_st sb;
84 uint8_t id;
85
86 if (packed_session == NULL)
87 {
88 gnutls_assert ();
89 return GNUTLS_E_INTERNAL_ERROR;
90 }
91
92 _gnutls_buffer_init (&sb);
93
94 id = gnutls_auth_get_type (session);
95 BUFFER_APPEND (&sb, &id, 1);
96
97 switch (id)
98 {
99 #ifdef ENABLE_SRP
100 case GNUTLS_CRD_SRP:
101 ret = pack_srp_auth_info (session, &sb);
102 if (ret < 0)
103 {
104 gnutls_assert ();
105 return ret;
106 }
107 break;
108 #endif
109 #ifdef ENABLE_PSK
110 case GNUTLS_CRD_PSK:
111 ret = pack_psk_auth_info (session, &sb);
112 if (ret < 0)
113 {
114 gnutls_assert ();
115 return ret;
116 }
117 break;
118 #endif
119 #ifdef ENABLE_ANON
120 case GNUTLS_CRD_ANON:
121 ret = pack_anon_auth_info (session, &sb);
122 if (ret < 0)
123 {
124 gnutls_assert ();
125 return ret;
126 }
127 break;
128 #endif
129 case GNUTLS_CRD_CERTIFICATE:
130 ret = pack_certificate_auth_info (session, &sb);
131 if (ret < 0)
132 {
133 gnutls_assert ();
134 return ret;
135 }
136 break;
137 default:
138 return GNUTLS_E_INTERNAL_ERROR;
139
140 }
141
142 /* Auth_info structures copied. Now copy security_parameters_st.
143 * packed_session must have allocated space for the security parameters.
144 */
145 ret = pack_security_parameters (session, &sb);
146 if (ret < 0)
147 {
148 gnutls_assert ();
149 _gnutls_buffer_clear (&sb);
150 return ret;
151 }
152
153 ret = _gnutls_ext_pack (session, &sb);
154 if (ret < 0)
155 {
156 gnutls_assert ();
157 _gnutls_buffer_clear (&sb);
158 return ret;
159 }
160
161 ret = _gnutls_buffer_to_datum (&sb, packed_session);
162
163 return ret;
164 }
165
166
167 /* Load session data from a buffer.
168 */
169 int
170 _gnutls_session_unpack (gnutls_session_t session,
171 const gnutls_datum_t * packed_session)
172 {
173 int ret;
174 gnutls_buffer_st sb;
175 uint8_t id;
176
177 _gnutls_buffer_init (&sb);
178
179 if (packed_session == NULL || packed_session->size == 0)
180 {
181 gnutls_assert ();
182 return GNUTLS_E_INTERNAL_ERROR;
183 }
184
185 ret =
186 _gnutls_buffer_append_data (&sb, packed_session->data,
187 packed_session->size);
188 if (ret < 0)
189 {
190 gnutls_assert ();
191 return ret;
192 }
193
194 if (_gnutls_get_auth_info (session) != NULL)
195 {
196 _gnutls_free_auth_info (session);
197 }
198
199 BUFFER_POP (&sb, &id, 1);
200
201 switch (id)
202 {
203 #ifdef ENABLE_SRP
204 case GNUTLS_CRD_SRP:
205 ret = unpack_srp_auth_info (session, &sb);
206 if (ret < 0)
207 {
208 gnutls_assert ();
209 goto error;
210 }
211 break;
212 #endif
213 #ifdef ENABLE_PSK
214 case GNUTLS_CRD_PSK:
215 ret = unpack_psk_auth_info (session, &sb);
216 if (ret < 0)
217 {
218 gnutls_assert ();
219 goto error;
220 }
221 break;
222 #endif
223 #ifdef ENABLE_ANON
224 case GNUTLS_CRD_ANON:
225 ret = unpack_anon_auth_info (session, &sb);
226 if (ret < 0)
227 {
228 gnutls_assert ();
229 return ret;
230 }
231 break;
232 #endif
233 case GNUTLS_CRD_CERTIFICATE:
234 ret = unpack_certificate_auth_info (session, &sb);
235 if (ret < 0)
236 {
237 gnutls_assert ();
238 goto error;
239 }
240 break;
241 default:
242 gnutls_assert ();
243 ret = GNUTLS_E_INTERNAL_ERROR;
244 goto error;
245
246 }
247
248 /* Auth_info structures copied. Now copy security_parameters_st.
249 * packed_session must have allocated space for the security parameters.
250 */
251 ret = unpack_security_parameters (session, &sb);
252 if (ret < 0)
253 {
254 gnutls_assert ();
255 goto error;
256 }
257
258 ret = _gnutls_ext_unpack (session, &sb);
259 if (ret < 0)
260 {
261 gnutls_assert ();
262 goto error;
263 }
264
265 ret = 0;
266
267 error:
268 _gnutls_buffer_clear (&sb);
269
270 return ret;
271 }
272
273
274
275 /* Format:
276 * 1 byte the credentials type
277 * 4 bytes the size of the whole structure
278 * DH stuff
279 * 2 bytes the size of secret key in bits
280 * 4 bytes the size of the prime
281 * x bytes the prime
282 * 4 bytes the size of the generator
283 * x bytes the generator
284 * 4 bytes the size of the public key
285 * x bytes the public key
286 * RSA stuff
287 * 4 bytes the size of the modulus
288 * x bytes the modulus
289 * 4 bytes the size of the exponent
290 * x bytes the exponent
291 * CERTIFICATES
292 * 4 bytes the length of the certificate list
293 * 4 bytes the size of first certificate
294 * x bytes the certificate
295 * and so on...
296 */
297 static int
298 pack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
299 {
300 unsigned int i;
301 int cur_size, ret;
302 cert_auth_info_t info = _gnutls_get_auth_info (session);
303 int size_offset;
304
305 size_offset = ps->length;
306 BUFFER_APPEND_NUM (ps, 0);
307 cur_size = ps->length;
308
309 if (info)
310 {
311
312 BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
313 BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
314 BUFFER_APPEND_PFX (ps, info->dh.generator.data,
315 info->dh.generator.size);
316 BUFFER_APPEND_PFX (ps, info->dh.public_key.data,
317 info->dh.public_key.size);
318 BUFFER_APPEND_PFX (ps, info->rsa_export.modulus.data,
319 info->rsa_export.modulus.size);
320 BUFFER_APPEND_PFX (ps, info->rsa_export.exponent.data,
321 info->rsa_export.exponent.size);
322
323 BUFFER_APPEND_NUM (ps, info->ncerts);
324
325 for (i = 0; i < info->ncerts; i++)
326 BUFFER_APPEND_PFX (ps, info->raw_certificate_list[i].data,
327 info->raw_certificate_list[i].size);
328 }
329
330 /* write the real size */
331 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
332
333 return 0;
334 }
335
336
337 /* Upack certificate info.
338 */
339 static int
340 unpack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
341 {
342 int ret;
343 unsigned int i = 0, j = 0;
344 size_t pack_size;
345 cert_auth_info_t info = NULL;
346
347 BUFFER_POP_NUM (ps, pack_size);
348
349 if (pack_size == 0)
350 return 0; /* nothing to be done */
351
352 /* client and server have the same auth_info here
353 */
354 ret =
355 _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
356 sizeof (cert_auth_info_st), 1);
357 if (ret < 0)
358 {
359 gnutls_assert ();
360 return ret;
361 }
362
363 info = _gnutls_get_auth_info (session);
364 if (info == NULL)
365 {
366 gnutls_assert ();
367 return GNUTLS_E_INTERNAL_ERROR;
368 }
369
370 BUFFER_POP_NUM (ps, info->dh.secret_bits);
371
372 BUFFER_POP_DATUM (ps, &info->dh.prime);
373 BUFFER_POP_DATUM (ps, &info->dh.generator);
374 BUFFER_POP_DATUM (ps, &info->dh.public_key);
375 BUFFER_POP_DATUM (ps, &info->rsa_export.modulus);
376 BUFFER_POP_DATUM (ps, &info->rsa_export.exponent);
377
378 BUFFER_POP_NUM (ps, info->ncerts);
379
380 if (info->ncerts > 0)
381 {
382 info->raw_certificate_list =
383 gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t));
384 if (info->raw_certificate_list == NULL)
385 {
386 gnutls_assert ();
387 ret = GNUTLS_E_MEMORY_ERROR;
388 goto error;
389 }
390 }
391
392 for (i = 0; i < info->ncerts; i++)
393 {
394 BUFFER_POP_DATUM (ps, &info->raw_certificate_list[i]);
395 }
396
397 return 0;
398
399 error:
400 if (info)
401 {
402 _gnutls_free_datum (&info->dh.prime);
403 _gnutls_free_datum (&info->dh.generator);
404 _gnutls_free_datum (&info->dh.public_key);
405
406 _gnutls_free_datum (&info->rsa_export.modulus);
407 _gnutls_free_datum (&info->rsa_export.exponent);
408
409 for (j = 0; j < i; j++)
410 _gnutls_free_datum (&info->raw_certificate_list[j]);
411
412 gnutls_free (info->raw_certificate_list);
413 }
414
415 return ret;
416
417 }
418
419 #ifdef ENABLE_SRP
420 /* Packs the SRP session authentication data.
421 */
422
423 /* Format:
424 * 1 byte the credentials type
425 * 4 bytes the size of the SRP username (x)
426 * x bytes the SRP username
427 */
428 static int
429 pack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
430 {
431 srp_server_auth_info_t info = _gnutls_get_auth_info (session);
432 int len, ret;
433 int size_offset;
434 size_t cur_size;
435
436 if (info && info->username)
437 len = strlen (info->username) + 1; /* include the terminating null */
438 else
439 len = 0;
440
441 size_offset = ps->length;
442 BUFFER_APPEND_NUM (ps, 0);
443 cur_size = ps->length;
444
445 BUFFER_APPEND_PFX (ps, info->username, len);
446
447 /* write the real size */
448 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
449
450 return 0;
451 }
452
453
454 static int
455 unpack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
456 {
457 size_t username_size;
458 int ret;
459 srp_server_auth_info_t info;
460
461 BUFFER_POP_NUM (ps, username_size);
462 if (username_size > sizeof (info->username))
463 {
464 gnutls_assert ();
465 return GNUTLS_E_INTERNAL_ERROR;
466 }
467
468
469 ret =
470 _gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
471 sizeof (srp_server_auth_info_st), 1);
472 if (ret < 0)
473 {
474 gnutls_assert ();
475 return ret;
476 }
477
478 info = _gnutls_get_auth_info (session);
479 if (info == NULL)
480 {
481 gnutls_assert ();
482 return GNUTLS_E_INTERNAL_ERROR;
483 }
484
485 BUFFER_POP (ps, info->username, username_size);
486
487 ret = 0;
488
489 error:
490 return ret;
491 }
492 #endif
493
494
495 #ifdef ENABLE_ANON
496 /* Packs the ANON session authentication data.
497 */
498
499 /* Format:
500 * 1 byte the credentials type
501 * 4 bytes the size of the whole structure
502 * 2 bytes the size of secret key in bits
503 * 4 bytes the size of the prime
504 * x bytes the prime
505 * 4 bytes the size of the generator
506 * x bytes the generator
507 * 4 bytes the size of the public key
508 * x bytes the public key
509 */
510 static int
511 pack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
512 {
513 int cur_size, ret;
514 anon_auth_info_t info = _gnutls_get_auth_info (session);
515 int size_offset;
516
517 size_offset = ps->length;
518 BUFFER_APPEND_NUM (ps, 0);
519 cur_size = ps->length;
520
521 if (info)
522 {
523 BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
524 BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
525 BUFFER_APPEND_PFX (ps, info->dh.generator.data,
526 info->dh.generator.size);
527 BUFFER_APPEND_PFX (ps, info->dh.public_key.data,
528 info->dh.public_key.size);
529 }
530
531 /* write the real size */
532 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
533
534 return 0;
535 }
536
537
538 static int
539 unpack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
540 {
541 int ret;
542 size_t pack_size;
543 anon_auth_info_t info = NULL;
544
545 BUFFER_POP_NUM (ps, pack_size);
546
547 if (pack_size == 0)
548 return 0; /* nothing to be done */
549
550 /* client and server have the same auth_info here
551 */
552 ret =
553 _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
554 sizeof (anon_auth_info_st), 1);
555 if (ret < 0)
556 {
557 gnutls_assert ();
558 return ret;
559 }
560
561 info = _gnutls_get_auth_info (session);
562 if (info == NULL)
563 {
564 gnutls_assert ();
565 return GNUTLS_E_INTERNAL_ERROR;
566 }
567
568 BUFFER_POP_NUM (ps, info->dh.secret_bits);
569
570 BUFFER_POP_DATUM (ps, &info->dh.prime);
571 BUFFER_POP_DATUM (ps, &info->dh.generator);
572 BUFFER_POP_DATUM (ps, &info->dh.public_key);
573
574 return 0;
575
576 error:
577 if (info)
578 {
579 _gnutls_free_datum (&info->dh.prime);
580 _gnutls_free_datum (&info->dh.generator);
581 _gnutls_free_datum (&info->dh.public_key);
582 }
583
584 return ret;
585 }
586 #endif /* ANON */
587
588 #ifdef ENABLE_PSK
589 /* Packs the PSK session authentication data.
590 */
591
592 /* Format:
593 * 1 byte the credentials type
594 * 4 bytes the size of the whole structure
595 *
596 * 4 bytes the size of the PSK username (x)
597 * x bytes the PSK username
598 * 2 bytes the size of secret key in bits
599 * 4 bytes the size of the prime
600 * x bytes the prime
601 * 4 bytes the size of the generator
602 * x bytes the generator
603 * 4 bytes the size of the public key
604 * x bytes the public key
605 */
606 static int
607 pack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
608 {
609 psk_auth_info_t info;
610 int username_len;
611 int hint_len, ret;
612 int size_offset;
613 size_t cur_size;
614
615 info = _gnutls_get_auth_info (session);
616
617 if (info && info->username)
618 username_len = strlen (info->username) + 1; /* include the terminating null */
619 else
620 username_len = 0;
621
622 if (info && info->hint)
623 hint_len = strlen (info->hint) + 1; /* include the terminating null */
624 else
625 hint_len = 0;
626
627 size_offset = ps->length;
628 BUFFER_APPEND_NUM (ps, 0);
629 cur_size = ps->length;
630
631 BUFFER_APPEND_PFX (ps, info->username, username_len);
632 BUFFER_APPEND_PFX (ps, info->hint, hint_len);
633
634 BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
635 BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
636 BUFFER_APPEND_PFX (ps, info->dh.generator.data, info->dh.generator.size);
637 BUFFER_APPEND_PFX (ps, info->dh.public_key.data, info->dh.public_key.size);
638
639 /* write the real size */
640 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
641
642 return 0;
643 }
644
645 static int
646 unpack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
647 {
648 size_t username_size, hint_size;
649 int ret;
650 psk_auth_info_t info;
651
652 ret =
653 _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
654 sizeof (psk_auth_info_st), 1);
655 if (ret < 0)
656 {
657 gnutls_assert ();
658 return ret;
659 }
660
661 info = _gnutls_get_auth_info (session);
662 if (info == NULL)
663 {
664 gnutls_assert ();
665 return GNUTLS_E_INTERNAL_ERROR;
666 }
667
668 BUFFER_POP_NUM (ps, username_size);
669 if (username_size > sizeof (info->username))
670 {
671 gnutls_assert ();
672 return GNUTLS_E_INTERNAL_ERROR;
673 }
674
675 BUFFER_POP (ps, info->username, username_size);
676
677 BUFFER_POP_NUM (ps, hint_size);
678 if (hint_size > sizeof (info->hint))
679 {
680 gnutls_assert ();
681 return GNUTLS_E_INTERNAL_ERROR;
682 }
683 BUFFER_POP (ps, info->hint, hint_size);
684
685 BUFFER_POP_NUM (ps, info->dh.secret_bits);
686
687 BUFFER_POP_DATUM (ps, &info->dh.prime);
688 BUFFER_POP_DATUM (ps, &info->dh.generator);
689 BUFFER_POP_DATUM (ps, &info->dh.public_key);
690
691 ret = 0;
692
693 error:
694 _gnutls_free_datum (&info->dh.prime);
695 _gnutls_free_datum (&info->dh.generator);
696 _gnutls_free_datum (&info->dh.public_key);
697
698 return ret;
699 }
700 #endif
701
702
703 /* Packs the security parameters.
704 */
705
706 /* Format:
707 * 4 bytes the total security data size
708 * 1 byte the entity type (client/server)
709 * 1 byte the key exchange algorithm used
710 * 1 byte the read cipher algorithm
711 * 1 byte the read mac algorithm
712 * 1 byte the read compression algorithm
713 *
714 * 1 byte the write cipher algorithm
715 * 1 byte the write mac algorithm
716 * 1 byte the write compression algorithm
717 *
718 * 1 byte the certificate type
719 * 1 byte the protocol version
720 *
721 * 2 bytes the cipher suite
722 *
723 * 48 bytes the master secret
724 *
725 * 32 bytes the client random
726 * 32 bytes the server random
727 *
728 * 1 byte the session ID size
729 * x bytes the session ID (32 bytes max)
730 *
731 * 4 bytes a timestamp
732 * 4 bytes the ECC curve
733 * -------------------
734 * MAX: 169 bytes
735 *
736 */
737 static int
738 pack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
739 {
740
741 int ret;
742 int size_offset;
743 size_t cur_size;
744 record_parameters_st *params;
745
746 if (session->security_parameters.epoch_read
747 != session->security_parameters.epoch_write)
748 {
749 gnutls_assert ();
750 return GNUTLS_E_INVALID_REQUEST;
751 }
752
753 ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &params);
754 if (ret < 0)
755 {
756 gnutls_assert ();
757 return ret;
758 }
759
760 /* move after the auth info stuff.
761 */
762 size_offset = ps->length;
763 BUFFER_APPEND_NUM (ps, 0);
764 cur_size = ps->length;
765
766
767 BUFFER_APPEND_NUM (ps, session->security_parameters.entity);
768 BUFFER_APPEND_NUM (ps, session->security_parameters.kx_algorithm);
769 BUFFER_APPEND (ps,
770 session->security_parameters.cipher_suite, 2);
771 BUFFER_APPEND_NUM (ps, session->security_parameters.compression_method);
772 BUFFER_APPEND_NUM (ps, session->security_parameters.cert_type);
773 BUFFER_APPEND_NUM (ps, session->security_parameters.version);
774
775 BUFFER_APPEND (ps, session->security_parameters.master_secret,
776 GNUTLS_MASTER_SIZE);
777 BUFFER_APPEND (ps, session->security_parameters.client_random,
778 GNUTLS_RANDOM_SIZE);
779 BUFFER_APPEND (ps, session->security_parameters.server_random,
780 GNUTLS_RANDOM_SIZE);
781
782 BUFFER_APPEND_NUM (ps, session->security_parameters.session_id_size);
783 BUFFER_APPEND (ps, session->security_parameters.session_id,
784 session->security_parameters.session_id_size);
785
786 BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_send_size);
787 BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_recv_size);
788 BUFFER_APPEND_NUM (ps, session->security_parameters.timestamp);
789 BUFFER_APPEND_NUM (ps, session->security_parameters.ecc_curve);
790
791 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
792
793 return 0;
794 }
795
796 static int
797 unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
798 {
799 size_t pack_size;
800 int ret;
801 time_t timestamp = gnutls_time (0);
802
803 BUFFER_POP_NUM (ps, pack_size);
804
805 if (pack_size == 0)
806 return GNUTLS_E_INVALID_REQUEST;
807
808 memset (&session->internals.resumed_security_parameters, 0,
809 sizeof (session->internals.resumed_security_parameters));
810
811 BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.entity);
812 BUFFER_POP_NUM (ps,
813 session->internals.resumed_security_parameters.kx_algorithm);
814 BUFFER_POP (ps,
815 session->internals.
816 resumed_security_parameters.cipher_suite, 2);
817 BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.compression_method);
818 BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.cert_type);
819 BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.version);
820
821 BUFFER_POP (ps,
822 session->internals.resumed_security_parameters.master_secret,
823 GNUTLS_MASTER_SIZE);
824
825 BUFFER_POP (ps,
826 session->internals.resumed_security_parameters.client_random,
827 GNUTLS_RANDOM_SIZE);
828 BUFFER_POP (ps,
829 session->internals.resumed_security_parameters.server_random,
830 GNUTLS_RANDOM_SIZE);
831 BUFFER_POP_NUM (ps,
832 session->internals.
833 resumed_security_parameters.session_id_size);
834
835 BUFFER_POP (ps, session->internals.resumed_security_parameters.session_id,
836 session->internals.resumed_security_parameters.session_id_size);
837
838 BUFFER_POP_NUM (ps,
839 session->internals.
840 resumed_security_parameters.max_record_send_size);
841 BUFFER_POP_NUM (ps,
842 session->internals.
843 resumed_security_parameters.max_record_recv_size);
844 BUFFER_POP_NUM (ps,
845 session->internals.resumed_security_parameters.timestamp);
846
847 BUFFER_POP_NUM (ps,
848 session->internals.resumed_security_parameters.ecc_curve);
849
850 if (timestamp - session->internals.resumed_security_parameters.timestamp >
851 session->internals.expire_time
852 || session->internals.resumed_security_parameters.timestamp > timestamp)
853 {
854 gnutls_assert ();
855 return GNUTLS_E_EXPIRED;
856 }
857
858 ret = 0;
859
860 error:
861 return ret;
862 }
Implementation of the SSL/TLS protocol