search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use libtasn1 v2.4.
[gnutls.git] / lib / gnutls_constate.c
blob3658949042d9c5dd0f4ce6571b02d80dbf1a961d
1 /*
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2010 Free
3 * Software Foundation, Inc.
4 *
5 * Author: Nikos Mavrogiannopoulos
6 *
7 * This file is part of GNUTLS.
8 *
9 * The GNUTLS library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
22 * USA
23 *
24 */
25
26 /* Functions that are supposed to run after the handshake procedure is
27 * finished. These functions activate the established security parameters.
28 */
29
30 #include <gnutls_int.h>
31 #include <gnutls_constate.h>
32 #include <gnutls_errors.h>
33 #include <gnutls_kx.h>
34 #include <gnutls_algorithms.h>
35 #include <gnutls_num.h>
36 #include <gnutls_datum.h>
37 #include <gnutls_state.h>
38
39 static const char keyexp[] = "key expansion";
40 static const int keyexp_length = sizeof (keyexp) - 1;
41
42 static const char ivblock[] = "IV block";
43 static const int ivblock_length = sizeof (ivblock) - 1;
44
45 static const char cliwrite[] = "client write key";
46 static const int cliwrite_length = sizeof (cliwrite) - 1;
47
48 static const char servwrite[] = "server write key";
49 static const int servwrite_length = sizeof (servwrite) - 1;
50
51 #define EXPORT_FINAL_KEY_SIZE 16
52
53 /* This function is to be called after handshake, when master_secret,
54 * client_random and server_random have been initialized.
55 * This function creates the keys and stores them into pending session.
56 * (session->cipher_specs)
57 */
58 static int
59 _gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
60 int key_size, int export_flag)
61 {
62 /* FIXME: This function is too long
63 */
64 opaque rnd[2 * GNUTLS_RANDOM_SIZE];
65 opaque rrnd[2 * GNUTLS_RANDOM_SIZE];
66 int pos, ret;
67 int block_size;
68 char buf[65];
69 /* avoid using malloc */
70 opaque key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE +
71 2 * MAX_CIPHER_BLOCK_SIZE];
72
73 if (session->cipher_specs.generated_keys != 0)
74 {
75 /* keys have already been generated.
76 * reset generated_keys and exit normally.
77 */
78 session->cipher_specs.generated_keys = 0;
79 return 0;
80 }
81
82 block_size = 2 * hash_size + 2 * key_size;
83 if (export_flag == 0)
84 block_size += 2 * IV_size;
85
86 memcpy (rnd, session->security_parameters.server_random,
87 GNUTLS_RANDOM_SIZE);
88 memcpy (&rnd[GNUTLS_RANDOM_SIZE],
89 session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
90
91 memcpy (rrnd, session->security_parameters.client_random,
92 GNUTLS_RANDOM_SIZE);
93 memcpy (&rrnd[GNUTLS_RANDOM_SIZE],
94 session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
95
96 if (session->security_parameters.version == GNUTLS_SSL3)
97 { /* SSL 3 */
98 ret =
99 _gnutls_ssl3_generate_random
100 (session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd,
101 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
102 }
103 else
104 { /* TLS 1.0 */
105 ret =
106 _gnutls_PRF (session, session->security_parameters.master_secret,
107 GNUTLS_MASTER_SIZE, keyexp, keyexp_length,
108 rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
109 }
110
111 if (ret < 0)
112 {
113 gnutls_assert ();
114 return ret;
115 }
116
117 _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size,
118 _gnutls_bin2hex (key_block, block_size, buf,
119 sizeof (buf)));
120
121 _gnutls_free_datum (&session->cipher_specs.server_write_mac_secret);
122 _gnutls_free_datum (&session->cipher_specs.client_write_mac_secret);
123 _gnutls_free_datum (&session->cipher_specs.server_write_IV);
124 _gnutls_free_datum (&session->cipher_specs.client_write_IV);
125 _gnutls_free_datum (&session->cipher_specs.server_write_key);
126 _gnutls_free_datum (&session->cipher_specs.client_write_key);
127
128 pos = 0;
129 if (hash_size > 0)
130 {
131
132 if (_gnutls_sset_datum
133 (&session->cipher_specs.client_write_mac_secret,
134 &key_block[pos], hash_size) < 0)
135 {
136 gnutls_assert ();
137 return GNUTLS_E_MEMORY_ERROR;
138 }
139 pos += hash_size;
140
141 if (_gnutls_sset_datum
142 (&session->cipher_specs.server_write_mac_secret,
143 &key_block[pos], hash_size) < 0)
144 {
145 gnutls_assert ();
146 return GNUTLS_E_MEMORY_ERROR;
147 }
148 pos += hash_size;
149 }
150
151 if (key_size > 0)
152 {
153 opaque key1[EXPORT_FINAL_KEY_SIZE];
154 opaque key2[EXPORT_FINAL_KEY_SIZE];
155 opaque *client_write_key, *server_write_key;
156 int client_write_key_size, server_write_key_size;
157
158 if (export_flag == 0)
159 {
160 client_write_key = &key_block[pos];
161 client_write_key_size = key_size;
162
163 pos += key_size;
164
165 server_write_key = &key_block[pos];
166 server_write_key_size = key_size;
167
168 pos += key_size;
169
170 }
171 else
172 { /* export */
173 client_write_key = key1;
174 server_write_key = key2;
175
176 /* generate the final keys */
177
178 if (session->security_parameters.version == GNUTLS_SSL3)
179 { /* SSL 3 */
180 ret =
181 _gnutls_ssl3_hash_md5 (&key_block[pos],
182 key_size, rrnd,
183 2 * GNUTLS_RANDOM_SIZE,
184 EXPORT_FINAL_KEY_SIZE,
185 client_write_key);
186
187 }
188 else
189 { /* TLS 1.0 */
190 ret =
191 _gnutls_PRF (session, &key_block[pos], key_size,
192 cliwrite, cliwrite_length,
193 rrnd,
194 2 * GNUTLS_RANDOM_SIZE,
195 EXPORT_FINAL_KEY_SIZE, client_write_key);
196 }
197
198 if (ret < 0)
199 {
200 gnutls_assert ();
201 return ret;
202 }
203
204 client_write_key_size = EXPORT_FINAL_KEY_SIZE;
205 pos += key_size;
206
207 if (session->security_parameters.version == GNUTLS_SSL3)
208 { /* SSL 3 */
209 ret =
210 _gnutls_ssl3_hash_md5 (&key_block[pos], key_size,
211 rnd, 2 * GNUTLS_RANDOM_SIZE,
212 EXPORT_FINAL_KEY_SIZE,
213 server_write_key);
214 }
215 else
216 { /* TLS 1.0 */
217 ret =
218 _gnutls_PRF (session, &key_block[pos], key_size,
219 servwrite, servwrite_length,
220 rrnd, 2 * GNUTLS_RANDOM_SIZE,
221 EXPORT_FINAL_KEY_SIZE, server_write_key);
222 }
223
224 if (ret < 0)
225 {
226 gnutls_assert ();
227 return ret;
228 }
229
230 server_write_key_size = EXPORT_FINAL_KEY_SIZE;
231 pos += key_size;
232 }
233
234 if (_gnutls_sset_datum
235 (&session->cipher_specs.client_write_key,
236 client_write_key, client_write_key_size) < 0)
237 {
238 gnutls_assert ();
239 return GNUTLS_E_MEMORY_ERROR;
240 }
241 _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
242 client_write_key_size,
243 _gnutls_bin2hex (client_write_key,
244 client_write_key_size, buf,
245 sizeof (buf)));
246
247 if (_gnutls_sset_datum
248 (&session->cipher_specs.server_write_key,
249 server_write_key, server_write_key_size) < 0)
250 {
251 gnutls_assert ();
252 return GNUTLS_E_MEMORY_ERROR;
253 }
254
255 _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n",
256 server_write_key_size,
257 _gnutls_bin2hex (server_write_key,
258 server_write_key_size, buf,
259 sizeof (buf)));
260
261 }
262
263
264 /* IV generation in export and non export ciphers.
265 */
266 if (IV_size > 0 && export_flag == 0)
267 {
268 if (_gnutls_sset_datum
269 (&session->cipher_specs.client_write_IV, &key_block[pos],
270 IV_size) < 0)
271 {
272 gnutls_assert ();
273 return GNUTLS_E_MEMORY_ERROR;
274 }
275 pos += IV_size;
276
277 if (_gnutls_sset_datum
278 (&session->cipher_specs.server_write_IV, &key_block[pos],
279 IV_size) < 0)
280 {
281 gnutls_assert ();
282 return GNUTLS_E_MEMORY_ERROR;
283 }
284 pos += IV_size;
285
286 }
287 else if (IV_size > 0 && export_flag != 0)
288 {
289 opaque iv_block[MAX_CIPHER_BLOCK_SIZE * 2];
290
291 if (session->security_parameters.version == GNUTLS_SSL3)
292 { /* SSL 3 */
293 ret = _gnutls_ssl3_hash_md5 ("", 0,
294 rrnd, GNUTLS_RANDOM_SIZE * 2,
295 IV_size, iv_block);
296
297 if (ret < 0)
298 {
299 gnutls_assert ();
300 return ret;
301 }
302
303 ret = _gnutls_ssl3_hash_md5 ("", 0, rnd,
304 GNUTLS_RANDOM_SIZE * 2,
305 IV_size, &iv_block[IV_size]);
306
307 }
308 else
309 { /* TLS 1.0 */
310 ret = _gnutls_PRF (session, "", 0,
311 ivblock, ivblock_length, rrnd,
312 2 * GNUTLS_RANDOM_SIZE, IV_size * 2, iv_block);
313 }
314
315 if (ret < 0)
316 {
317 gnutls_assert ();
318 return ret;
319 }
320
321 if (_gnutls_sset_datum
322 (&session->cipher_specs.client_write_IV, iv_block, IV_size) < 0)
323 {
324 gnutls_assert ();
325 return GNUTLS_E_MEMORY_ERROR;
326 }
327
328 if (_gnutls_sset_datum
329 (&session->cipher_specs.server_write_IV,
330 &iv_block[IV_size], IV_size) < 0)
331 {
332 gnutls_assert ();
333 return GNUTLS_E_MEMORY_ERROR;
334 }
335 }
336
337 session->cipher_specs.generated_keys = 1;
338
339 return 0;
340 }
341
342 static int
343 _gnutls_set_read_keys (gnutls_session_t session)
344 {
345 int hash_size;
346 int IV_size;
347 int key_size, export_flag;
348 gnutls_cipher_algorithm_t algo;
349 gnutls_mac_algorithm_t mac_algo;
350
351 mac_algo = session->security_parameters.read_mac_algorithm;
352 algo = session->security_parameters.read_bulk_cipher_algorithm;
353
354 hash_size = _gnutls_hash_get_algo_len (mac_algo);
355 IV_size = _gnutls_cipher_get_iv_size (algo);
356 key_size = gnutls_cipher_get_key_size (algo);
357 export_flag = _gnutls_cipher_get_export_flag (algo);
358
359 return _gnutls_set_keys (session, hash_size, IV_size, key_size,
360 export_flag);
361 }
362
363 static int
364 _gnutls_set_write_keys (gnutls_session_t session)
365 {
366 int hash_size;
367 int IV_size;
368 int key_size, export_flag;
369 gnutls_cipher_algorithm_t algo;
370 gnutls_mac_algorithm_t mac_algo;
371
372 mac_algo = session->security_parameters.write_mac_algorithm;
373 algo = session->security_parameters.write_bulk_cipher_algorithm;
374
375 hash_size = _gnutls_hash_get_algo_len (mac_algo);
376 IV_size = _gnutls_cipher_get_iv_size (algo);
377 key_size = gnutls_cipher_get_key_size (algo);
378 export_flag = _gnutls_cipher_get_export_flag (algo);
379
380 return _gnutls_set_keys (session, hash_size, IV_size, key_size,
381 export_flag);
382 }
383
384 #define CPY_EXTENSIONS \
385 gnutls_free(dst->extensions.session_ticket); \
386 gnutls_free(dst->extensions.oprfi_client); \
387 gnutls_free(dst->extensions.oprfi_server); \
388 memcpy(&dst->extensions.server_names, &src->extensions, sizeof(src->extensions)); \
389 memset(&src->extensions, 0, sizeof(src->extensions)) /* avoid duplicate free's */
390
391 #define CPY_COMMON dst->entity = src->entity; \
392 dst->kx_algorithm = src->kx_algorithm; \
393 memcpy( &dst->current_cipher_suite, &src->current_cipher_suite, sizeof(cipher_suite_st)); \
394 memcpy( dst->master_secret, src->master_secret, GNUTLS_MASTER_SIZE); \
395 memcpy( dst->client_random, src->client_random, GNUTLS_RANDOM_SIZE); \
396 memcpy( dst->server_random, src->server_random, GNUTLS_RANDOM_SIZE); \
397 memcpy( dst->session_id, src->session_id, TLS_MAX_SESSION_ID_SIZE); \
398 dst->session_id_size = src->session_id_size; \
399 dst->cert_type = src->cert_type; \
400 dst->timestamp = src->timestamp; \
401 dst->max_record_recv_size = src->max_record_recv_size; \
402 dst->max_record_send_size = src->max_record_send_size; \
403 dst->version = src->version; \
404 memcpy( &dst->inner_secret, &src->inner_secret, GNUTLS_MASTER_SIZE)
405
406 static void
407 _gnutls_cpy_read_security_parameters (security_parameters_st *
408 dst, security_parameters_st * src)
409 {
410 CPY_COMMON;
411
412 dst->read_bulk_cipher_algorithm = src->read_bulk_cipher_algorithm;
413 dst->read_mac_algorithm = src->read_mac_algorithm;
414 dst->read_compression_algorithm = src->read_compression_algorithm;
415 }
416
417 static void
418 _gnutls_cpy_write_security_parameters (security_parameters_st *
419 dst, security_parameters_st * src)
420 {
421 CPY_COMMON;
422 CPY_EXTENSIONS; /* only do once */
423
424 dst->write_bulk_cipher_algorithm = src->write_bulk_cipher_algorithm;
425 dst->write_mac_algorithm = src->write_mac_algorithm;
426 dst->write_compression_algorithm = src->write_compression_algorithm;
427 }
428
429 /* Sets the current connection session to conform with the
430 * Security parameters(pending session), and initializes encryption.
431 * Actually it initializes and starts encryption ( so it needs
432 * secrets and random numbers to have been negotiated)
433 * This is to be called after sending the Change Cipher Spec packet.
434 */
435 int
436 _gnutls_connection_state_init (gnutls_session_t session)
437 {
438 int ret;
439
440 /* Setup the master secret
441 */
442 if ((ret = _gnutls_generate_master (session, 0)) < 0)
443 {
444 gnutls_assert ();
445 return ret;
446 }
447
448
449 return 0;
450 }
451
452
453 /* Initializes the read connection session
454 * (read encrypted data)
455 */
456 int
457 _gnutls_read_connection_state_init (gnutls_session_t session)
458 {
459 int mac_size;
460 int rc;
461
462 _gnutls_uint64zero (session->connection_state.read_sequence_number);
463
464 /* Update internals from CipherSuite selected.
465 * If we are resuming just copy the connection session
466 */
467 if (session->internals.resumed == RESUME_FALSE)
468 {
469 rc = _gnutls_set_read_cipher (session,
470 _gnutls_cipher_suite_get_cipher_algo
471 (&session->security_parameters.
472 current_cipher_suite));
473 if (rc < 0)
474 return rc;
475 rc = _gnutls_set_read_mac (session,
476 _gnutls_cipher_suite_get_mac_algo
477 (&session->security_parameters.
478 current_cipher_suite));
479 if (rc < 0)
480 return rc;
481
482 rc = _gnutls_set_kx (session,
483 _gnutls_cipher_suite_get_kx_algo
484 (&session->security_parameters.
485 current_cipher_suite));
486 if (rc < 0)
487 return rc;
488
489 rc = _gnutls_set_read_compression (session,
490 session->internals.
491 compression_method);
492 if (rc < 0)
493 return rc;
494 }
495 else
496 { /* RESUME_TRUE */
497 _gnutls_cpy_read_security_parameters (&session->security_parameters,
498 &session->internals.
499 resumed_security_parameters);
500 }
501
502
503 rc = _gnutls_set_read_keys (session);
504 if (rc < 0)
505 return rc;
506
507 _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n",
508 session,
509 _gnutls_cipher_suite_get_name
510 (&session->security_parameters.
511 current_cipher_suite));
512
513 if (_gnutls_compression_is_ok
514 (session->security_parameters.read_compression_algorithm) != 0)
515 {
516 gnutls_assert ();
517 return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
518 }
519
520 if (_gnutls_mac_is_ok
521 (session->security_parameters.read_mac_algorithm) != 0)
522 {
523 gnutls_assert ();
524 return GNUTLS_E_INTERNAL_ERROR;
525 }
526
527 /* Free all the previous keys/ sessions etc.
528 */
529 if (session->connection_state.read_mac_secret.data != NULL)
530 _gnutls_free_datum (&session->connection_state.read_mac_secret);
531
532 _gnutls_cipher_deinit (&session->connection_state.read_cipher_state);
533
534 if (session->connection_state.read_compression_state != NULL)
535 _gnutls_comp_deinit (session->connection_state.read_compression_state, 1);
536
537
538 mac_size =
539 _gnutls_hash_get_algo_len (session->security_parameters.
540 read_mac_algorithm);
541
542 _gnutls_handshake_log
543 ("HSK[%p]: Initializing internal [read] cipher sessions\n", session);
544
545 switch (session->security_parameters.entity)
546 {
547 case GNUTLS_SERVER:
548 /* initialize cipher session
549 */
550 rc = _gnutls_cipher_init (&session->connection_state.read_cipher_state,
551 session->
552 security_parameters.read_bulk_cipher_algorithm,
553 &session->cipher_specs.client_write_key,
554 &session->cipher_specs.client_write_IV);
555 if (rc < 0
556 && session->security_parameters.read_bulk_cipher_algorithm !=
557 GNUTLS_CIPHER_NULL)
558 {
559 gnutls_assert ();
560 return rc;
561 }
562
563 /* copy mac secrets from cipherspecs, to connection
564 * session.
565 */
566 if (mac_size > 0)
567 {
568 if (_gnutls_sset_datum (&session->connection_state.read_mac_secret,
569 session->cipher_specs.
570 client_write_mac_secret.data,
571 session->cipher_specs.
572 client_write_mac_secret.size) < 0)
573 {
574 gnutls_assert ();
575 return GNUTLS_E_MEMORY_ERROR;
576 }
577
578 }
579
580 break;
581
582 case GNUTLS_CLIENT:
583 rc = _gnutls_cipher_init (&session->connection_state.read_cipher_state,
584 session->
585 security_parameters.read_bulk_cipher_algorithm,
586 &session->cipher_specs.server_write_key,
587 &session->cipher_specs.server_write_IV);
588
589 if (rc < 0
590 && session->security_parameters.read_bulk_cipher_algorithm !=
591 GNUTLS_CIPHER_NULL)
592 {
593 gnutls_assert ();
594 return GNUTLS_E_INTERNAL_ERROR;
595 }
596
597
598 /* copy mac secret to connection session
599 */
600 if (mac_size > 0)
601 {
602 if (_gnutls_sset_datum (&session->connection_state.read_mac_secret,
603 session->cipher_specs.
604 server_write_mac_secret.data,
605 session->cipher_specs.
606 server_write_mac_secret.size) < 0)
607 {
608 gnutls_assert ();
609 return GNUTLS_E_MEMORY_ERROR;
610 }
611 }
612
613 break;
614
615 default: /* this check is useless */
616 gnutls_assert ();
617 return GNUTLS_E_INTERNAL_ERROR;
618 }
619
620 session->connection_state.read_compression_state =
621 _gnutls_comp_init (session->security_parameters.
622 read_compression_algorithm, 1);
623
624 if (session->connection_state.read_compression_state == GNUTLS_COMP_FAILED)
625 {
626 gnutls_assert ();
627 return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
628 }
629
630 return 0;
631 }
632
633
634
635 /* Initializes the write connection session
636 * (write encrypted data)
637 */
638 int
639 _gnutls_write_connection_state_init (gnutls_session_t session)
640 {
641 int mac_size;
642 int rc;
643
644 _gnutls_uint64zero (session->connection_state.write_sequence_number);
645
646 /* Update internals from CipherSuite selected.
647 * If we are resuming just copy the connection session
648 */
649 if (session->internals.resumed == RESUME_FALSE)
650 {
651 rc = _gnutls_set_write_cipher (session,
652 _gnutls_cipher_suite_get_cipher_algo
653 (&session->security_parameters.
654 current_cipher_suite));
655 if (rc < 0)
656 return rc;
657 rc = _gnutls_set_write_mac (session,
658 _gnutls_cipher_suite_get_mac_algo
659 (&session->security_parameters.
660 current_cipher_suite));
661 if (rc < 0)
662 return rc;
663
664 rc = _gnutls_set_kx (session,
665 _gnutls_cipher_suite_get_kx_algo
666 (&session->security_parameters.
667 current_cipher_suite));
668 if (rc < 0)
669 return rc;
670
671 rc = _gnutls_set_write_compression (session,
672 session->internals.
673 compression_method);
674 if (rc < 0)
675 return rc;
676 }
677 else
678 { /* RESUME_TRUE */
679 _gnutls_cpy_write_security_parameters (&session->security_parameters,
680 &session->internals.
681 resumed_security_parameters);
682 }
683
684 rc = _gnutls_set_write_keys (session);
685 if (rc < 0)
686 return rc;
687
688 _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", session,
689 _gnutls_cipher_suite_get_name
690 (&session->security_parameters.
691 current_cipher_suite));
692
693 if (_gnutls_compression_is_ok
694 (session->security_parameters.write_compression_algorithm) != 0)
695 {
696 gnutls_assert ();
697 return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
698 }
699
700 if (_gnutls_mac_is_ok
701 (session->security_parameters.write_mac_algorithm) != 0)
702 {
703 gnutls_assert ();
704 return GNUTLS_E_INTERNAL_ERROR;
705 }
706
707
708
709 /* Free all the previous keys/ sessions etc.
710 */
711 if (session->connection_state.write_mac_secret.data != NULL)
712 _gnutls_free_datum (&session->connection_state.write_mac_secret);
713
714 _gnutls_cipher_deinit (&session->connection_state.write_cipher_state);
715
716 if (session->connection_state.write_compression_state != NULL)
717 _gnutls_comp_deinit (session->connection_state.write_compression_state,
718 0);
719
720 mac_size =
721 _gnutls_hash_get_algo_len (session->security_parameters.
722 write_mac_algorithm);
723
724 _gnutls_handshake_log
725 ("HSK[%p]: Initializing internal [write] cipher sessions\n", session);
726
727 switch (session->security_parameters.entity)
728 {
729 case GNUTLS_SERVER:
730 /* initialize cipher session
731 */
732 rc = _gnutls_cipher_init (&session->connection_state.write_cipher_state,
733 session->security_parameters.
734 write_bulk_cipher_algorithm,
735 &session->cipher_specs.server_write_key,
736 &session->cipher_specs.server_write_IV);
737
738 if (rc < 0
739 && session->security_parameters.write_bulk_cipher_algorithm !=
740 GNUTLS_CIPHER_NULL)
741 {
742 gnutls_assert ();
743 return GNUTLS_E_INTERNAL_ERROR;
744 }
745
746
747 /* copy mac secrets from cipherspecs, to connection
748 * session.
749 */
750 if (mac_size > 0)
751 {
752 if (_gnutls_sset_datum (&session->connection_state.write_mac_secret,
753 session->cipher_specs.
754 server_write_mac_secret.data,
755 session->cipher_specs.
756 server_write_mac_secret.size) < 0)
757 {
758 gnutls_assert ();
759 return GNUTLS_E_MEMORY_ERROR;
760 }
761
762 }
763
764
765 break;
766
767 case GNUTLS_CLIENT:
768 rc = _gnutls_cipher_init (&session->connection_state.write_cipher_state,
769 session->security_parameters.
770 write_bulk_cipher_algorithm,
771 &session->cipher_specs.client_write_key,
772 &session->cipher_specs.client_write_IV);
773
774 if (rc < 0
775 && session->security_parameters.write_bulk_cipher_algorithm !=
776 GNUTLS_CIPHER_NULL)
777 {
778 gnutls_assert ();
779 return GNUTLS_E_INTERNAL_ERROR;
780 }
781
782 /* copy mac secret to connection session
783 */
784 if (mac_size > 0)
785 {
786 if (_gnutls_sset_datum (&session->connection_state.write_mac_secret,
787 session->cipher_specs.
788 client_write_mac_secret.data,
789 session->cipher_specs.
790 client_write_mac_secret.size) < 0)
791 {
792 gnutls_assert ();
793 return GNUTLS_E_MEMORY_ERROR;
794 }
795 }
796
797 break;
798
799 default:
800 gnutls_assert ();
801 return GNUTLS_E_INTERNAL_ERROR;
802 }
803
804
805 session->connection_state.write_compression_state =
806 _gnutls_comp_init (session->security_parameters.
807 write_compression_algorithm, 0);
808
809 if (session->connection_state.write_compression_state == GNUTLS_COMP_FAILED)
810 {
811 gnutls_assert ();
812 return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
813 }
814
815 return 0;
816 }
817
818 /* Sets the specified cipher into the pending session
819 */
820 int
821 _gnutls_set_read_cipher (gnutls_session_t session,
822 gnutls_cipher_algorithm_t algo)
823 {
824
825 if (_gnutls_cipher_is_ok (algo) == 0)
826 {
827 if (_gnutls_cipher_priority (session, algo) < 0)
828 {
829 gnutls_assert ();
830 return GNUTLS_E_UNWANTED_ALGORITHM;
831 }
832
833 session->security_parameters.read_bulk_cipher_algorithm = algo;
834
835 }
836 else
837 {
838 gnutls_assert ();
839 return GNUTLS_E_INTERNAL_ERROR;
840 }
841
842 return 0;
843
844 }
845
846 int
847 _gnutls_set_write_cipher (gnutls_session_t session,
848 gnutls_cipher_algorithm_t algo)
849 {
850
851 if (_gnutls_cipher_is_ok (algo) == 0)
852 {
853 if (_gnutls_cipher_priority (session, algo) < 0)
854 {
855 gnutls_assert ();
856 return GNUTLS_E_UNWANTED_ALGORITHM;
857 }
858
859 session->security_parameters.write_bulk_cipher_algorithm = algo;
860
861 }
862 else
863 {
864 gnutls_assert ();
865 return GNUTLS_E_INTERNAL_ERROR;
866 }
867
868 return 0;
869
870 }
871
872
873 /* Sets the specified algorithm into pending compression session
874 */
875 int
876 _gnutls_set_read_compression (gnutls_session_t session,
877 gnutls_compression_method_t algo)
878 {
879
880 if (_gnutls_compression_is_ok (algo) == 0)
881 {
882 session->security_parameters.read_compression_algorithm = algo;
883 }
884 else
885 {
886 gnutls_assert ();
887 return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
888 }
889 return 0;
890
891 }
892
893 int
894 _gnutls_set_write_compression (gnutls_session_t session,
895 gnutls_compression_method_t algo)
896 {
897
898 if (_gnutls_compression_is_ok (algo) == 0)
899 {
900 session->security_parameters.write_compression_algorithm = algo;
901 }
902 else
903 {
904 gnutls_assert ();
905 return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
906 }
907 return 0;
908
909 }
910
911 /* Sets the specified kx algorithm into pending session
912 */
913 int
914 _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo)
915 {
916
917 if (_gnutls_kx_is_ok (algo) == 0)
918 {
919 session->security_parameters.kx_algorithm = algo;
920 }
921 else
922 {
923 gnutls_assert ();
924 return GNUTLS_E_INTERNAL_ERROR;
925 }
926 if (_gnutls_kx_priority (session, algo) < 0)
927 {
928 gnutls_assert ();
929 /* we shouldn't get here */
930 return GNUTLS_E_UNWANTED_ALGORITHM;
931 }
932
933 return 0;
934
935 }
936
937 /* Sets the specified mac algorithm into pending session */
938 int
939 _gnutls_set_read_mac (gnutls_session_t session, gnutls_mac_algorithm_t algo)
940 {
941
942 if (_gnutls_mac_is_ok (algo) == 0)
943 {
944 session->security_parameters.read_mac_algorithm = algo;
945 }
946 else
947 {
948 gnutls_assert ();
949 return GNUTLS_E_INTERNAL_ERROR;
950 }
951 if (_gnutls_mac_priority (session, algo) < 0)
952 {
953 gnutls_assert ();
954 return GNUTLS_E_UNWANTED_ALGORITHM;
955 }
956
957
958 return 0;
959
960 }
961
962 int
963 _gnutls_set_write_mac (gnutls_session_t session, gnutls_mac_algorithm_t algo)
964 {
965
966 if (_gnutls_mac_is_ok (algo) == 0)
967 {
968 session->security_parameters.write_mac_algorithm = algo;
969 }
970 else
971 {
972 gnutls_assert ();
973 return GNUTLS_E_INTERNAL_ERROR;
974 }
975 if (_gnutls_mac_priority (session, algo) < 0)
976 {
977 gnutls_assert ();
978 return GNUTLS_E_UNWANTED_ALGORITHM;
979 }
980
981
982 return 0;
983
984 }
Implementation of the SSL/TLS protocol