Correctly restore gnutls_record_recv() in DTLS mode if interrupted during the retrasm...
[gnutls.git] / lib / gnutls_session_pack.c
blob258887345311d3deb45d51558dfc5a0b332918c1
1 /*
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* Contains functions that are supposed to pack and unpack session data,
24 * before and after they are sent to the database backend.
27 #include <gnutls_int.h>
28 #ifdef ENABLE_SRP
29 #include <auth/srp.h>
30 #endif
31 #ifdef ENABLE_PSK
32 #include <auth/psk.h>
33 #endif
34 #include <auth/anon.h>
35 #include <auth/cert.h>
36 #include <gnutls_errors.h>
37 #include <gnutls_auth.h>
38 #include <gnutls_session_pack.h>
39 #include <gnutls_datum.h>
40 #include <gnutls_num.h>
41 #include <gnutls_extensions.h>
42 #include <gnutls_constate.h>
43 #include <algorithms.h>
45 static int pack_certificate_auth_info (gnutls_session_t,
46 gnutls_buffer_st * packed_session);
47 static int unpack_certificate_auth_info (gnutls_session_t,
48 gnutls_buffer_st * packed_session);
50 static int unpack_srp_auth_info (gnutls_session_t session,
51 gnutls_buffer_st * packed_session);
52 static int pack_srp_auth_info (gnutls_session_t session,
53 gnutls_buffer_st * packed_session);
55 static int unpack_psk_auth_info (gnutls_session_t session,
56 gnutls_buffer_st * packed_session);
57 static int pack_psk_auth_info (gnutls_session_t session,
58 gnutls_buffer_st * packed_session);
60 static int unpack_anon_auth_info (gnutls_session_t session,
61 gnutls_buffer_st * packed_session);
62 static int pack_anon_auth_info (gnutls_session_t session,
63 gnutls_buffer_st * packed_session);
65 static int unpack_security_parameters (gnutls_session_t session,
66 gnutls_buffer_st * packed_session);
67 static int pack_security_parameters (gnutls_session_t session,
68 gnutls_buffer_st * packed_session);
71 /* Since auth_info structures contain malloced data, this function
72 * is required in order to pack these structures in a vector in
73 * order to store them to the DB.
75 * packed_session will contain the session data.
77 * The data will be in a platform independent format.
79 int
80 _gnutls_session_pack (gnutls_session_t session,
81 gnutls_datum_t * packed_session)
83 int ret;
84 gnutls_buffer_st sb;
85 uint8_t id;
87 if (packed_session == NULL)
89 gnutls_assert ();
90 return GNUTLS_E_INTERNAL_ERROR;
93 _gnutls_buffer_init (&sb);
95 id = gnutls_auth_get_type (session);
96 BUFFER_APPEND (&sb, &id, 1);
98 switch (id)
100 #ifdef ENABLE_SRP
101 case GNUTLS_CRD_SRP:
102 ret = pack_srp_auth_info (session, &sb);
103 if (ret < 0)
105 gnutls_assert ();
106 return ret;
108 break;
109 #endif
110 #ifdef ENABLE_PSK
111 case GNUTLS_CRD_PSK:
112 ret = pack_psk_auth_info (session, &sb);
113 if (ret < 0)
115 gnutls_assert ();
116 return ret;
118 break;
119 #endif
120 #ifdef ENABLE_ANON
121 case GNUTLS_CRD_ANON:
122 ret = pack_anon_auth_info (session, &sb);
123 if (ret < 0)
125 gnutls_assert ();
126 return ret;
128 break;
129 #endif
130 case GNUTLS_CRD_CERTIFICATE:
131 ret = pack_certificate_auth_info (session, &sb);
132 if (ret < 0)
134 gnutls_assert ();
135 return ret;
137 break;
138 default:
139 return GNUTLS_E_INTERNAL_ERROR;
143 /* Auth_info structures copied. Now copy security_parameters_st.
144 * packed_session must have allocated space for the security parameters.
146 ret = pack_security_parameters (session, &sb);
147 if (ret < 0)
149 gnutls_assert ();
150 _gnutls_buffer_clear (&sb);
151 return ret;
154 ret = _gnutls_ext_pack (session, &sb);
155 if (ret < 0)
157 gnutls_assert ();
158 _gnutls_buffer_clear (&sb);
159 return ret;
162 ret = _gnutls_buffer_to_datum (&sb, packed_session);
164 return ret;
168 /* Load session data from a buffer.
171 _gnutls_session_unpack (gnutls_session_t session,
172 const gnutls_datum_t * packed_session)
174 int ret;
175 gnutls_buffer_st sb;
176 uint8_t id;
178 _gnutls_buffer_init (&sb);
180 if (packed_session == NULL || packed_session->size == 0)
182 gnutls_assert ();
183 return GNUTLS_E_INTERNAL_ERROR;
186 ret =
187 _gnutls_buffer_append_data (&sb, packed_session->data,
188 packed_session->size);
189 if (ret < 0)
191 gnutls_assert ();
192 return ret;
195 if (_gnutls_get_auth_info (session) != NULL)
197 _gnutls_free_auth_info (session);
200 BUFFER_POP (&sb, &id, 1);
202 switch (id)
204 #ifdef ENABLE_SRP
205 case GNUTLS_CRD_SRP:
206 ret = unpack_srp_auth_info (session, &sb);
207 if (ret < 0)
209 gnutls_assert ();
210 goto error;
212 break;
213 #endif
214 #ifdef ENABLE_PSK
215 case GNUTLS_CRD_PSK:
216 ret = unpack_psk_auth_info (session, &sb);
217 if (ret < 0)
219 gnutls_assert ();
220 goto error;
222 break;
223 #endif
224 #ifdef ENABLE_ANON
225 case GNUTLS_CRD_ANON:
226 ret = unpack_anon_auth_info (session, &sb);
227 if (ret < 0)
229 gnutls_assert ();
230 return ret;
232 break;
233 #endif
234 case GNUTLS_CRD_CERTIFICATE:
235 ret = unpack_certificate_auth_info (session, &sb);
236 if (ret < 0)
238 gnutls_assert ();
239 goto error;
241 break;
242 default:
243 gnutls_assert ();
244 ret = GNUTLS_E_INTERNAL_ERROR;
245 goto error;
249 /* Auth_info structures copied. Now copy security_parameters_st.
250 * packed_session must have allocated space for the security parameters.
252 ret = unpack_security_parameters (session, &sb);
253 if (ret < 0)
255 gnutls_assert ();
256 goto error;
259 ret = _gnutls_ext_unpack (session, &sb);
260 if (ret < 0)
262 gnutls_assert ();
263 goto error;
266 ret = 0;
268 error:
269 _gnutls_buffer_clear (&sb);
271 return ret;
276 /* Format:
277 * 1 byte the credentials type
278 * 4 bytes the size of the whole structure
279 * DH stuff
280 * 2 bytes the size of secret key in bits
281 * 4 bytes the size of the prime
282 * x bytes the prime
283 * 4 bytes the size of the generator
284 * x bytes the generator
285 * 4 bytes the size of the public key
286 * x bytes the public key
287 * RSA stuff
288 * 4 bytes the size of the modulus
289 * x bytes the modulus
290 * 4 bytes the size of the exponent
291 * x bytes the exponent
292 * CERTIFICATES
293 * 4 bytes the length of the certificate list
294 * 4 bytes the size of first certificate
295 * x bytes the certificate
296 * and so on...
298 static int
299 pack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
301 unsigned int i;
302 int cur_size, ret;
303 cert_auth_info_t info = _gnutls_get_auth_info (session);
304 int size_offset;
306 size_offset = ps->length;
307 BUFFER_APPEND_NUM (ps, 0);
308 cur_size = ps->length;
310 if (info)
313 BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
314 BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
315 BUFFER_APPEND_PFX (ps, info->dh.generator.data,
316 info->dh.generator.size);
317 BUFFER_APPEND_PFX (ps, info->dh.public_key.data,
318 info->dh.public_key.size);
319 BUFFER_APPEND_PFX (ps, info->rsa_export.modulus.data,
320 info->rsa_export.modulus.size);
321 BUFFER_APPEND_PFX (ps, info->rsa_export.exponent.data,
322 info->rsa_export.exponent.size);
324 BUFFER_APPEND_NUM (ps, info->ncerts);
326 for (i = 0; i < info->ncerts; i++)
327 BUFFER_APPEND_PFX (ps, info->raw_certificate_list[i].data,
328 info->raw_certificate_list[i].size);
331 /* write the real size */
332 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
334 return 0;
338 /* Upack certificate info.
340 static int
341 unpack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
343 int ret;
344 unsigned int i = 0, j = 0;
345 size_t pack_size;
346 cert_auth_info_t info = NULL;
348 BUFFER_POP_NUM (ps, pack_size);
350 if (pack_size == 0)
351 return 0; /* nothing to be done */
353 /* client and server have the same auth_info here
355 ret =
356 _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
357 sizeof (cert_auth_info_st), 1);
358 if (ret < 0)
360 gnutls_assert ();
361 return ret;
364 info = _gnutls_get_auth_info (session);
365 if (info == NULL)
367 gnutls_assert ();
368 return GNUTLS_E_INTERNAL_ERROR;
371 BUFFER_POP_NUM (ps, info->dh.secret_bits);
373 BUFFER_POP_DATUM (ps, &info->dh.prime);
374 BUFFER_POP_DATUM (ps, &info->dh.generator);
375 BUFFER_POP_DATUM (ps, &info->dh.public_key);
376 BUFFER_POP_DATUM (ps, &info->rsa_export.modulus);
377 BUFFER_POP_DATUM (ps, &info->rsa_export.exponent);
379 BUFFER_POP_NUM (ps, info->ncerts);
381 if (info->ncerts > 0)
383 info->raw_certificate_list =
384 gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t));
385 if (info->raw_certificate_list == NULL)
387 gnutls_assert ();
388 ret = GNUTLS_E_MEMORY_ERROR;
389 goto error;
393 for (i = 0; i < info->ncerts; i++)
395 BUFFER_POP_DATUM (ps, &info->raw_certificate_list[i]);
398 return 0;
400 error:
401 if (info)
403 _gnutls_free_datum (&info->dh.prime);
404 _gnutls_free_datum (&info->dh.generator);
405 _gnutls_free_datum (&info->dh.public_key);
407 _gnutls_free_datum (&info->rsa_export.modulus);
408 _gnutls_free_datum (&info->rsa_export.exponent);
410 for (j = 0; j < i; j++)
411 _gnutls_free_datum (&info->raw_certificate_list[j]);
413 gnutls_free (info->raw_certificate_list);
416 return ret;
420 #ifdef ENABLE_SRP
421 /* Packs the SRP session authentication data.
424 /* Format:
425 * 1 byte the credentials type
426 * 4 bytes the size of the SRP username (x)
427 * x bytes the SRP username
429 static int
430 pack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
432 srp_server_auth_info_t info = _gnutls_get_auth_info (session);
433 int len, ret;
434 int size_offset;
435 size_t cur_size;
437 if (info && info->username)
438 len = strlen (info->username) + 1; /* include the terminating null */
439 else
440 len = 0;
442 size_offset = ps->length;
443 BUFFER_APPEND_NUM (ps, 0);
444 cur_size = ps->length;
446 BUFFER_APPEND_PFX (ps, info->username, len);
448 /* write the real size */
449 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
451 return 0;
455 static int
456 unpack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
458 size_t username_size;
459 int ret;
460 srp_server_auth_info_t info;
462 BUFFER_POP_NUM (ps, username_size);
463 if (username_size > sizeof (info->username))
465 gnutls_assert ();
466 return GNUTLS_E_INTERNAL_ERROR;
470 ret =
471 _gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
472 sizeof (srp_server_auth_info_st), 1);
473 if (ret < 0)
475 gnutls_assert ();
476 return ret;
479 info = _gnutls_get_auth_info (session);
480 if (info == NULL)
482 gnutls_assert ();
483 return GNUTLS_E_INTERNAL_ERROR;
486 BUFFER_POP (ps, info->username, username_size);
488 ret = 0;
490 error:
491 return ret;
493 #endif
496 #ifdef ENABLE_ANON
497 /* Packs the ANON session authentication data.
500 /* Format:
501 * 1 byte the credentials type
502 * 4 bytes the size of the whole structure
503 * 2 bytes the size of secret key in bits
504 * 4 bytes the size of the prime
505 * x bytes the prime
506 * 4 bytes the size of the generator
507 * x bytes the generator
508 * 4 bytes the size of the public key
509 * x bytes the public key
511 static int
512 pack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
514 int cur_size, ret;
515 anon_auth_info_t info = _gnutls_get_auth_info (session);
516 int size_offset;
518 size_offset = ps->length;
519 BUFFER_APPEND_NUM (ps, 0);
520 cur_size = ps->length;
522 if (info)
524 BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
525 BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
526 BUFFER_APPEND_PFX (ps, info->dh.generator.data,
527 info->dh.generator.size);
528 BUFFER_APPEND_PFX (ps, info->dh.public_key.data,
529 info->dh.public_key.size);
532 /* write the real size */
533 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
535 return 0;
539 static int
540 unpack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
542 int ret;
543 size_t pack_size;
544 anon_auth_info_t info = NULL;
546 BUFFER_POP_NUM (ps, pack_size);
548 if (pack_size == 0)
549 return 0; /* nothing to be done */
551 /* client and server have the same auth_info here
553 ret =
554 _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
555 sizeof (anon_auth_info_st), 1);
556 if (ret < 0)
558 gnutls_assert ();
559 return ret;
562 info = _gnutls_get_auth_info (session);
563 if (info == NULL)
565 gnutls_assert ();
566 return GNUTLS_E_INTERNAL_ERROR;
569 BUFFER_POP_NUM (ps, info->dh.secret_bits);
571 BUFFER_POP_DATUM (ps, &info->dh.prime);
572 BUFFER_POP_DATUM (ps, &info->dh.generator);
573 BUFFER_POP_DATUM (ps, &info->dh.public_key);
575 return 0;
577 error:
578 if (info)
580 _gnutls_free_datum (&info->dh.prime);
581 _gnutls_free_datum (&info->dh.generator);
582 _gnutls_free_datum (&info->dh.public_key);
585 return ret;
587 #endif /* ANON */
589 #ifdef ENABLE_PSK
590 /* Packs the PSK session authentication data.
593 /* Format:
594 * 1 byte the credentials type
595 * 4 bytes the size of the whole structure
597 * 4 bytes the size of the PSK username (x)
598 * x bytes the PSK username
599 * 2 bytes the size of secret key in bits
600 * 4 bytes the size of the prime
601 * x bytes the prime
602 * 4 bytes the size of the generator
603 * x bytes the generator
604 * 4 bytes the size of the public key
605 * x bytes the public key
607 static int
608 pack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
610 psk_auth_info_t info;
611 int username_len;
612 int hint_len, ret;
613 int size_offset;
614 size_t cur_size;
616 info = _gnutls_get_auth_info (session);
618 if (info && info->username)
619 username_len = strlen (info->username) + 1; /* include the terminating null */
620 else
621 username_len = 0;
623 if (info && info->hint)
624 hint_len = strlen (info->hint) + 1; /* include the terminating null */
625 else
626 hint_len = 0;
628 size_offset = ps->length;
629 BUFFER_APPEND_NUM (ps, 0);
630 cur_size = ps->length;
632 BUFFER_APPEND_PFX (ps, info->username, username_len);
633 BUFFER_APPEND_PFX (ps, info->hint, hint_len);
635 BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
636 BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
637 BUFFER_APPEND_PFX (ps, info->dh.generator.data, info->dh.generator.size);
638 BUFFER_APPEND_PFX (ps, info->dh.public_key.data, info->dh.public_key.size);
640 /* write the real size */
641 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
643 return 0;
646 static int
647 unpack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
649 size_t username_size, hint_size;
650 int ret;
651 psk_auth_info_t info;
653 ret =
654 _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
655 sizeof (psk_auth_info_st), 1);
656 if (ret < 0)
658 gnutls_assert ();
659 return ret;
662 info = _gnutls_get_auth_info (session);
663 if (info == NULL)
665 gnutls_assert ();
666 return GNUTLS_E_INTERNAL_ERROR;
669 BUFFER_POP_NUM (ps, username_size);
670 if (username_size > sizeof (info->username))
672 gnutls_assert ();
673 return GNUTLS_E_INTERNAL_ERROR;
676 BUFFER_POP (ps, info->username, username_size);
678 BUFFER_POP_NUM (ps, hint_size);
679 if (hint_size > sizeof (info->hint))
681 gnutls_assert ();
682 return GNUTLS_E_INTERNAL_ERROR;
684 BUFFER_POP (ps, info->hint, hint_size);
686 BUFFER_POP_NUM (ps, info->dh.secret_bits);
688 BUFFER_POP_DATUM (ps, &info->dh.prime);
689 BUFFER_POP_DATUM (ps, &info->dh.generator);
690 BUFFER_POP_DATUM (ps, &info->dh.public_key);
692 ret = 0;
694 error:
695 _gnutls_free_datum (&info->dh.prime);
696 _gnutls_free_datum (&info->dh.generator);
697 _gnutls_free_datum (&info->dh.public_key);
699 return ret;
701 #endif
704 /* Packs the security parameters.
707 /* Format:
708 * 4 bytes the total security data size
709 * 1 byte the entity type (client/server)
710 * 1 byte the key exchange algorithm used
711 * 1 byte the read cipher algorithm
712 * 1 byte the read mac algorithm
713 * 1 byte the read compression algorithm
715 * 1 byte the write cipher algorithm
716 * 1 byte the write mac algorithm
717 * 1 byte the write compression algorithm
719 * 1 byte the certificate type
720 * 1 byte the protocol version
722 * 2 bytes the cipher suite
724 * 48 bytes the master secret
726 * 32 bytes the client random
727 * 32 bytes the server random
729 * 1 byte the session ID size
730 * x bytes the session ID (32 bytes max)
732 * 4 bytes a timestamp
733 * 4 bytes the ECC curve
734 * -------------------
735 * MAX: 169 bytes
738 static int
739 pack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
742 int ret;
743 int size_offset;
744 size_t cur_size;
745 record_parameters_st *params;
747 if (session->security_parameters.epoch_read
748 != session->security_parameters.epoch_write)
750 gnutls_assert ();
751 return GNUTLS_E_INVALID_REQUEST;
754 ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &params);
755 if (ret < 0)
757 gnutls_assert ();
758 return ret;
761 /* move after the auth info stuff.
763 size_offset = ps->length;
764 BUFFER_APPEND_NUM (ps, 0);
765 cur_size = ps->length;
768 BUFFER_APPEND_NUM (ps, session->security_parameters.entity);
769 BUFFER_APPEND_NUM (ps, session->security_parameters.kx_algorithm);
770 BUFFER_APPEND (ps,
771 session->security_parameters.cipher_suite, 2);
772 BUFFER_APPEND_NUM (ps, session->security_parameters.compression_method);
773 BUFFER_APPEND_NUM (ps, session->security_parameters.cert_type);
774 BUFFER_APPEND_NUM (ps, session->security_parameters.version);
776 BUFFER_APPEND (ps, session->security_parameters.master_secret,
777 GNUTLS_MASTER_SIZE);
778 BUFFER_APPEND (ps, session->security_parameters.client_random,
779 GNUTLS_RANDOM_SIZE);
780 BUFFER_APPEND (ps, session->security_parameters.server_random,
781 GNUTLS_RANDOM_SIZE);
783 BUFFER_APPEND_NUM (ps, session->security_parameters.session_id_size);
784 BUFFER_APPEND (ps, session->security_parameters.session_id,
785 session->security_parameters.session_id_size);
787 BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_send_size);
788 BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_recv_size);
789 BUFFER_APPEND_NUM (ps, session->security_parameters.timestamp);
790 BUFFER_APPEND_NUM (ps, session->security_parameters.ecc_curve);
792 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
794 return 0;
797 static int
798 unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
800 size_t pack_size;
801 int ret;
802 time_t timestamp = gnutls_time (0);
804 BUFFER_POP_NUM (ps, pack_size);
806 if (pack_size == 0)
807 return GNUTLS_E_INVALID_REQUEST;
809 memset (&session->internals.resumed_security_parameters, 0,
810 sizeof (session->internals.resumed_security_parameters));
812 BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.entity);
813 BUFFER_POP_NUM (ps,
814 session->internals.resumed_security_parameters.kx_algorithm);
815 BUFFER_POP (ps,
816 session->internals.
817 resumed_security_parameters.cipher_suite, 2);
818 BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.compression_method);
819 BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.cert_type);
820 BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.version);
822 BUFFER_POP (ps,
823 session->internals.resumed_security_parameters.master_secret,
824 GNUTLS_MASTER_SIZE);
826 BUFFER_POP (ps,
827 session->internals.resumed_security_parameters.client_random,
828 GNUTLS_RANDOM_SIZE);
829 BUFFER_POP (ps,
830 session->internals.resumed_security_parameters.server_random,
831 GNUTLS_RANDOM_SIZE);
832 BUFFER_POP_NUM (ps,
833 session->internals.
834 resumed_security_parameters.session_id_size);
836 BUFFER_POP (ps, session->internals.resumed_security_parameters.session_id,
837 session->internals.resumed_security_parameters.session_id_size);
839 BUFFER_POP_NUM (ps,
840 session->internals.
841 resumed_security_parameters.max_record_send_size);
842 BUFFER_POP_NUM (ps,
843 session->internals.
844 resumed_security_parameters.max_record_recv_size);
845 BUFFER_POP_NUM (ps,
846 session->internals.resumed_security_parameters.timestamp);
848 BUFFER_POP_NUM (ps,
849 session->internals.resumed_security_parameters.ecc_curve);
851 if (timestamp - session->internals.resumed_security_parameters.timestamp >
852 session->internals.expire_time
853 || session->internals.resumed_security_parameters.timestamp > timestamp)
855 gnutls_assert ();
856 return GNUTLS_E_EXPIRED;
859 ret = 0;
861 error:
862 return ret;
866 * gnutls_session_set_premaster:
867 * @session: is a #gnutls_session_t structure.
868 * @entity: GNUTLS_SERVER or GNUTLS_CLIENT
869 * @version: the TLS protocol version
870 * @kx: the key exchange method
871 * @cipher: the cipher
872 * @mac: the MAC algorithm
873 * @comp: the compression method
874 * @master: the master key to use
875 * @session_id: the session identifier
877 * This function sets the premaster secret in a session. This is
878 * a function intended for exceptional uses. Do not use this
879 * function unless you are implementing a legacy protocol.
880 * Use gnutls_session_set_data() instead.
882 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
883 * an error code is returned.
886 gnutls_session_set_premaster (gnutls_session_t session, unsigned int entity,
887 gnutls_protocol_t version,
888 gnutls_kx_algorithm_t kx,
889 gnutls_cipher_algorithm_t cipher,
890 gnutls_mac_algorithm_t mac,
891 gnutls_compression_method_t comp,
892 const gnutls_datum_t* master,
893 const gnutls_datum_t * session_id)
895 int ret;
897 memset (&session->internals.resumed_security_parameters, 0,
898 sizeof (session->internals.resumed_security_parameters));
900 session->internals.resumed_security_parameters.entity = entity;
901 session->internals.resumed_security_parameters.kx_algorithm = kx;
903 ret = _gnutls_cipher_suite_get_id(kx, cipher, mac, session->internals.resumed_security_parameters.cipher_suite);
904 if (ret < 0)
905 return gnutls_assert_val(ret);
907 session->internals.resumed_security_parameters.compression_method = comp;
908 session->internals.resumed_security_parameters.cert_type = GNUTLS_CRT_UNKNOWN;
909 session->internals.resumed_security_parameters.version = version;
911 if (master->size != GNUTLS_MASTER_SIZE)
912 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
914 memcpy(session->internals.resumed_security_parameters.master_secret, master->data, master->size);
916 if (session_id->size > GNUTLS_MAX_SESSION_ID)
917 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
919 session->internals.resumed_security_parameters.session_id_size = session_id->size;
920 memcpy(session->internals.resumed_security_parameters.session_id, session_id->data, session_id->size);
922 session->internals.resumed_security_parameters.max_record_send_size =
923 session->internals.resumed_security_parameters.max_record_recv_size = DEFAULT_MAX_RECORD_SIZE;
925 session->internals.resumed_security_parameters.timestamp = time(0);
927 session->internals.resumed_security_parameters.ecc_curve = GNUTLS_ECC_CURVE_INVALID;
929 session->internals.premaster_set = 1;
931 return 0;