| blob | 62df8715174d32eef232f3a976fdb9090aafcbf5 |
1 /*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
25 /* Functions that are record layer specific, are included in this file.
26 */
44 #include <gnutls_state.h>
45 #include <gnutls_dh.h>
47 /**
48 * gnutls_protocol_get_version - Returns the version of the currently used protocol
49 * @session: is a #gnutls_session_t structure.
50 *
51 * Get TLS version, a #gnutls_protocol_t value.
52 *
53 * Returns: the version of the currently used protocol.
54 **/
55 gnutls_protocol_t
57 {
59 }
61 void
63 gnutls_protocol_t version)
64 {
66 }
68 /**
69 * gnutls_transport_set_lowat - Used to set the lowat value in order for select to check for pending data.
70 * @session: is a #gnutls_session_t structure.
71 * @num: is the low water value.
72 *
73 * Used to set the lowat value in order for select to check if there
74 * are pending data to socket buffer. Used only if you have changed
75 * the default low water value (default is 1). Normally you will not
76 * need that function. This function is only useful if using
77 * berkeley style sockets. Otherwise it must be called and set lowat
78 * to zero.
79 **/
80 void
82 {
84 }
86 /**
87 * gnutls_record_disable_padding - Used to disabled padding in TLS 1.0 and above
88 * @session: is a #gnutls_session_t structure.
89 *
90 * Used to disabled padding in TLS 1.0 and above. Normally you do
91 * not need to use this function, but there are buggy clients that
92 * complain if a server pads the encrypted data. This of course will
93 * disable protection against statistical attacks on the data.
94 *
95 * Normally only servers that require maximum compatibility with everything
96 * out there, need to call this function.
97 **/
98 void
100 {
102 }
104 /**
105 * gnutls_transport_set_ptr - Used to set first argument of the transport functions
106 * @session: is a #gnutls_session_t structure.
107 * @ptr: is the value.
108 *
109 * Used to set the first argument of the transport function (like
110 * PUSH and PULL). In berkeley style sockets this function will set
111 * the connection handle.
112 **/
113 void
115 gnutls_transport_ptr_t ptr)
116 {
119 }
122 /**
123 * gnutls_transport_set_ptr2 - Used to set first argument of the transport functions
124 * @session: is a #gnutls_session_t structure.
125 * @recv_ptr: is the value for the pull function
126 * @send_ptr: is the value for the push function
127 *
128 * Used to set the first argument of the transport function (like
129 * PUSH and PULL). In berkeley style sockets this function will set
130 * the connection handle. With this function you can use two
131 * different pointers for receiving and sending.
132 **/
133 void
135 gnutls_transport_ptr_t recv_ptr,
136 gnutls_transport_ptr_t send_ptr)
137 {
140 }
142 /**
143 * gnutls_transport_get_ptr - Used to return the first argument of the transport functions
144 * @session: is a #gnutls_session_t structure.
145 *
146 * Used to get the first argument of the transport function (like
147 * PUSH and PULL). This must have been set using
148 * gnutls_transport_set_ptr().
149 *
150 * Returns: first argument of the transport function.
151 **/
152 gnutls_transport_ptr_t
154 {
156 }
158 /**
159 * gnutls_transport_get_ptr2 - Used to return the first argument of the transport functions
160 * @session: is a #gnutls_session_t structure.
161 * @recv_ptr: will hold the value for the pull function
162 * @send_ptr: will hold the value for the push function
163 *
164 * Used to get the arguments of the transport functions (like PUSH
165 * and PULL). These should have been set using
166 * gnutls_transport_set_ptr2().
167 **/
168 void
172 {
176 }
178 /**
179 * gnutls_bye - terminate the current TLS/SSL connection.
180 * @session: is a #gnutls_session_t structure.
181 * @how: is an integer
182 *
183 * Terminates the current TLS/SSL connection. The connection should
184 * have been initiated using gnutls_handshake(). @how should be one
185 * of %GNUTLS_SHUT_RDWR, %GNUTLS_SHUT_WR.
186 *
187 * In case of %GNUTLS_SHUT_RDWR then the TLS connection gets
188 * terminated and further receives and sends will be disallowed. If
189 * the return value is zero you may continue using the connection.
190 * %GNUTLS_SHUT_RDWR actually sends an alert containing a close
191 * request and waits for the peer to reply with the same message.
192 *
193 * In case of %GNUTLS_SHUT_WR then the TLS connection gets terminated
194 * and further sends will be disallowed. In order to reuse the
195 * connection you should wait for an EOF from the peer.
196 * %GNUTLS_SHUT_WR sends an alert containing a close request.
197 *
198 * Note that not all implementations will properly terminate a TLS
199 * connection. Some of them, usually for performance reasons, will
200 * terminate only the underlying transport layer, thus causing a
201 * transmission error to the peer. This error cannot be
202 * distinguished from a malicious party prematurely terminating the
203 * session, thus this behavior is not recommended.
204 *
205 * This function may also return %GNUTLS_E_AGAIN or
206 * %GNUTLS_E_INTERRUPTED; cf. gnutls_record_get_direction().
207 *
208 * Returns: %GNUTLS_E_SUCCESS on success, or an error code, see
209 * function documentation for entire semantics.
210 **/
211 int
213 {
217 {
223 {
226 }
229 ret =
233 {
236 }
241 {
242 do
243 {
246 }
253 {
256 }
257 }
264 }
270 }
274 {
276 }
281 {
283 }
285 /* returns 0 if session is valid
286 */
289 {
294 }
296 /* Copies the record version into the headers. The
297 * version must have 2 bytes at least.
298 */
302 {
303 gnutls_protocol_t lver;
307 {
312 }
313 else
314 {
317 }
318 }
320 /* This function behaves exactly like write(). The only difference is
321 * that it accepts, the gnutls_session_t and the content_type_t of data to
322 * send (if called by the user the Content is specific)
323 * It is intended to transfer data, under the current session.
324 *
325 * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE.
326 * This makes the function much easier to read, and more error resistant
327 * (there were cases were the old function could mess everything up).
328 * --nmav
329 *
330 * This function may accept a NULL pointer for data, and 0 for size, if
331 * and only if the previous send was interrupted for some reason.
332 *
333 */
334 ssize_t
338 {
346 /* Do not allow null pointer if the send buffer is empty.
347 * If the previous send was interrupted then a null pointer is
348 * ok, and means to resume.
349 */
352 {
355 }
359 {
362 }
366 /* Use the default record version, if it is
367 * set.
368 */
372 _gnutls_record_log
375 write_sequence_number),
380 else
383 /* Only encrypt if we don't have data to send
384 * from the previous run. - probably interrupted.
385 */
387 {
391 else
397 }
398 else
399 {
401 /* now proceed to packet encryption
402 */
406 {
409 }
411 cipher_size =
417 {
423 }
428 /* increase sequence number
429 */
432 {
437 }
441 }
444 {
446 {
447 /* If we have sent any data then just return
448 * the error value. Do not invalidate the session.
449 */
452 }
455 {
458 }
463 }
468 session,
470 _gnutls_uint64touint32
475 }
477 /* This function is to be called if the handshake was successfully
478 * completed. This sends a Change Cipher Spec packet to the peer.
479 */
480 ssize_t
482 {
489 else
490 {
492 }
493 }
497 {
499 {
509 }
511 }
514 /* Checks if there are pending data in the record buffers. If there are
515 * then it copies the data.
516 */
517 static int
520 {
525 {
529 {
532 }
534 /* if the buffer just got empty */
536 {
538 {
541 }
542 }
545 }
548 }
551 /* Checks the record headers and returns the length, version and
552 * content type.
553 */
554 static int
557 content_type_t type,
558 gnutls_handshake_description_t htype,
562 {
564 /* Read the first two bytes to determine if this is a
565 * version 2 message
566 */
570 {
572 /* if msb set and expecting handshake message
573 * it should be SSL 2 hello
574 */
580 /* SSL 2.0 headers */
583 */
585 /* in order to assist the handshake protocol.
586 * V2 compatibility is a mess.
587 */
593 }
594 else
595 {
596 /* version 3.x
597 */
602 /* No DECR_LEN, since headers has enough size.
603 */
605 }
608 }
610 /* Here we check if the advertized version is the one we
611 * negotiated in the handshake.
612 */
616 {
618 {
619 /* Reject hello packets with major version higher than 3.
620 */
622 {
624 _gnutls_record_log
628 }
629 }
633 {
634 /* Reject record packets that have a different version than the
635 * one negotiated. Note that this version is not protected by any
636 * mac. I don't really think that this check serves any purpose.
637 */
643 }
646 }
648 /* This function will check if the received record type is
649 * the one we actually expect.
650 */
651 static int
656 {
663 {
665 }
666 else
667 {
669 {
672 _gnutls_record_log
678 /* if close notify is received and
679 * the alert is not fatal
680 */
682 {
683 /* If we have been expecting for an alert do
684 */
687 }
688 else
689 {
691 /* if the alert is FATAL or WARNING
692 * return the apropriate message
693 */
698 {
702 }
705 }
709 /* this packet is now handled in the recv_int()
710 * function
711 */
717 /* even if data is unexpected put it into the buffer */
721 {
724 }
726 /* the got_application data is only returned
727 * if expecting client hello (for rehandshake
728 * reasons). Otherwise it is an unexpected packet
729 */
733 else
734 {
737 }
741 /* This is legal if HELLO_REQUEST is received - and we are a client.
742 * If we are a server, a client may initiate a renegotiation at any time.
743 */
745 {
749 {
752 }
754 }
756 /* If we are already in a handshake then a Hello
757 * Request is illegal. But here we don't really care
758 * since this message will never make it up here.
759 */
761 /* So we accept it */
766 /* even if data is unexpected put it into the buffer */
770 {
773 }
779 _gnutls_record_log
785 }
786 }
790 }
793 /* This function will return the internal (per session) temporary
794 * recv buffer. If the buffer was not initialized before it will
795 * also initialize it.
796 */
799 {
804 else
807 /* We allocate MAX_RECORD_RECV_SIZE length
808 * because we cannot predict the output data by the record
809 * packet length (due to compression).
810 */
814 {
816 /* Initialize the internal buffer.
817 */
822 {
825 }
828 }
834 }
837 #define MAX_EMPTY_PACKETS_SEQUENCE 4
839 /* This function behaves exactly like read(). The only difference is
840 * that it accepts the gnutls_session_t and the content_type_t of data to
841 * receive (if called by the user the Content is Userdata only)
842 * It is intended to receive data, under the current session.
843 *
844 * The gnutls_handshake_description_t was introduced to support SSL V2.0 client hellos.
845 */
846 ssize_t
850 {
851 gnutls_datum_t tmp;
855 content_type_t recv_type;
864 {
866 }
868 begin:
871 {
874 }
877 {
878 /* if we have already read an EOF
879 */
881 }
884 {
887 }
889 /* If we have enough data in the cache do not bother receiving
890 * a new packet. (in order to flush the cache)
891 */
897 /* default headers for TLS 1.0
898 */
904 {
910 {
913 }
917 }
922 {
925 }
927 /* Here we check if the Type of the received packet is
928 * ok.
929 */
931 {
934 }
936 /* Here we check if the advertized version is the one we
937 * negotiated in the handshake.
938 */
940 {
944 }
946 _gnutls_record_log
949 read_sequence_number),
952 session,
955 read_sequence_number),
959 {
960 _gnutls_record_log
968 }
970 /* check if we have that data into buffer.
971 */
976 {
984 }
986 /* ok now we are sure that we can read all the data - so
987 * move on !
988 */
994 {
997 }
999 /* decrypt the data we got.
1000 */
1001 ret =
1003 recv_type);
1005 {
1010 }
1013 /* Check if this is a CHANGE_CIPHER_SPEC
1014 */
1017 {
1019 _gnutls_record_log
1026 }
1030 }
1032 _gnutls_record_log
1035 read_sequence_number),
1038 /* increase sequence number
1039 */
1041 {
1045 }
1047 ret =
1049 decrypted_length);
1051 {
1056 }
1058 /* Get Application data from buffer
1059 */
1063 {
1067 {
1070 }
1072 /* if the buffer just got empty
1073 */
1075 {
1077 {
1080 }
1081 }
1082 }
1083 else
1084 {
1087 /* we didn't get what we wanted to
1088 */
1089 }
1091 /* (originally for) TLS 1.0 CBC protection.
1092 * Actually this code is called if we just received
1093 * an empty packet. An empty TLS packet is usually
1094 * sent to protect some vulnerabilities in the CBC mode.
1095 * In that case we go to the beginning and start reading
1096 * the next packet.
1097 */
1099 {
1100 empty_packet++;
1102 }
1105 }
1108 /**
1109 * gnutls_record_send - sends to the peer the specified data
1110 * @session: is a #gnutls_session_t structure.
1111 * @data: contains the data to send
1112 * @sizeofdata: is the length of the data
1113 *
1114 * This function has the similar semantics with send(). The only
1115 * difference is that it accepts a GnuTLS session, and uses different
1116 * error codes.
1117 *
1118 * Note that if the send buffer is full, send() will block this
1119 * function. See the send() documentation for full information. You
1120 * can replace the default push function by using
1121 * gnutls_transport_set_ptr2() with a call to send() with a
1122 * MSG_DONTWAIT flag if blocking is a problem.
1123 *
1124 * If the EINTR is returned by the internal push function (the
1125 * default is send()} then %GNUTLS_E_INTERRUPTED will be returned. If
1126 * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
1127 * call this function again, with the same parameters; alternatively
1128 * you could provide a %NULL pointer for data, and 0 for
1129 * size. cf. gnutls_record_get_direction().
1130 *
1131 * Returns: the number of bytes sent, or a negative error code. The
1132 * number of bytes sent might be less than @sizeofdata. The maximum
1133 * number of bytes this function can send in a single call depends on
1134 * the negotiated maximum record size.
1135 **/
1136 ssize_t
1139 {
1141 sizeofdata);
1142 }
1144 /**
1145 * gnutls_record_recv - reads data from the TLS record protocol
1146 * @session: is a #gnutls_session_t structure.
1147 * @data: the buffer that the data will be read into
1148 * @sizeofdata: the number of requested bytes
1149 *
1150 * This function has the similar semantics with recv(). The only
1151 * difference is that it accepts a GnuTLS session, and uses different
1152 * error codes.
1153 *
1154 * In the special case that a server requests a renegotiation, the
1155 * client may receive an error code of %GNUTLS_E_REHANDSHAKE. This
1156 * message may be simply ignored, replied with an alert
1157 * %GNUTLS_A_NO_RENEGOTIATION, or replied with a new handshake,
1158 * depending on the client's will.
1159 *
1160 * If %EINTR is returned by the internal push function (the default
1161 * is recv()) then %GNUTLS_E_INTERRUPTED will be returned. If
1162 * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
1163 * call this function again to get the data. See also
1164 * gnutls_record_get_direction().
1165 *
1166 * A server may also receive %GNUTLS_E_REHANDSHAKE when a client has
1167 * initiated a handshake. In that case the server can only initiate a
1168 * handshake or terminate the connection.
1169 *
1170 * Returns: the number of bytes received and zero on EOF. A negative
1171 * error code is returned in case of an error. The number of bytes
1172 * received might be less than @sizeofdata.
1173 **/
1174 ssize_t
1176 {
1178 sizeofdata);
1179 }
1181 /**
1182 * gnutls_record_get_max_size - returns the maximum record size
1183 * @session: is a #gnutls_session_t structure.
1184 *
1185 * Get the record size. The maximum record size is negotiated by the
1186 * client after the first handshake message.
1187 *
1188 * Returns: The maximum record packet size in this connection.
1189 **/
1190 size_t
1192 {
1193 /* Recv will hold the negotiated max record size
1194 * always.
1195 */
1197 }
1200 /**
1201 * gnutls_record_set_max_size - sets the maximum record size
1202 * @session: is a #gnutls_session_t structure.
1203 * @size: is the new size
1204 *
1205 * This function sets the maximum record packet size in this
1206 * connection. This property can only be set to clients. The server
1207 * may choose not to accept the requested size.
1208 *
1209 * Acceptable values are 512(=2^9), 1024(=2^10), 2048(=2^11) and
1210 * 4096(=2^12). The requested record size does get in effect
1211 * immediately only while sending data. The receive part will take
1212 * effect after a successful handshake.
1213 *
1214 * This function uses a TLS extension called 'max record size'. Not
1215 * all TLS implementations use or even understand this extension.
1216 *
1217 * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
1218 * otherwise an error code is returned.
1219 **/
1220 ssize_t
1222 {
1223 ssize_t new_size;
1231 {
1234 }
1241 }