search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
updated makefiles
[gnutls.git] / lib / gnutls_constate.c
blobc4aa4bca21bb26572da9cdf070dfe5438da90085
1 /*
2 * Copyright (C) 2001-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 /* Functions that are supposed to run after the handshake procedure is
24 * finished. These functions activate the established security parameters.
25 */
26
27 #include <gnutls_int.h>
28 #include <gnutls_constate.h>
29 #include <gnutls_errors.h>
30 #include <gnutls_kx.h>
31 #include <algorithms.h>
32 #include <gnutls_num.h>
33 #include <gnutls_datum.h>
34 #include <gnutls_state.h>
35 #include <gnutls_extensions.h>
36 #include <gnutls_buffers.h>
37
38 static const char keyexp[] = "key expansion";
39 static const int keyexp_length = sizeof (keyexp) - 1;
40
41 static const char ivblock[] = "IV block";
42 static const int ivblock_length = sizeof (ivblock) - 1;
43
44 static const char cliwrite[] = "client write key";
45 static const int cliwrite_length = sizeof (cliwrite) - 1;
46
47 static const char servwrite[] = "server write key";
48 static const int servwrite_length = sizeof (servwrite) - 1;
49
50 #define EXPORT_FINAL_KEY_SIZE 16
51
52 /* This function is to be called after handshake, when master_secret,
53 * client_random and server_random have been initialized.
54 * This function creates the keys and stores them into pending session.
55 * (session->cipher_specs)
56 */
57 static int
58 _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
59 int hash_size, int IV_size, int key_size, int export_flag)
60 {
61 /* FIXME: This function is too long
62 */
63 uint8_t rnd[2 * GNUTLS_RANDOM_SIZE];
64 uint8_t rrnd[2 * GNUTLS_RANDOM_SIZE];
65 int pos, ret;
66 int block_size;
67 char buf[65];
68 /* avoid using malloc */
69 uint8_t key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE +
70 2 * MAX_CIPHER_BLOCK_SIZE];
71 record_state_st *client_write, *server_write;
72
73 if (session->security_parameters.entity == GNUTLS_CLIENT)
74 {
75 client_write = &params->write;
76 server_write = &params->read;
77 }
78 else
79 {
80 client_write = &params->read;
81 server_write = &params->write;
82 }
83
84 block_size = 2 * hash_size + 2 * key_size;
85 if (export_flag == 0)
86 block_size += 2 * IV_size;
87
88 memcpy (rnd, session->security_parameters.server_random,
89 GNUTLS_RANDOM_SIZE);
90 memcpy (&rnd[GNUTLS_RANDOM_SIZE],
91 session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
92
93 memcpy (rrnd, session->security_parameters.client_random,
94 GNUTLS_RANDOM_SIZE);
95 memcpy (&rrnd[GNUTLS_RANDOM_SIZE],
96 session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
97
98 if (session->security_parameters.version == GNUTLS_SSL3)
99 { /* SSL 3 */
100 ret =
101 _gnutls_ssl3_generate_random
102 (session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd,
103 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
104 }
105 else
106 { /* TLS 1.0 */
107 ret =
108 _gnutls_PRF (session, session->security_parameters.master_secret,
109 GNUTLS_MASTER_SIZE, keyexp, keyexp_length,
110 rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
111 }
112
113 if (ret < 0)
114 return gnutls_assert_val (ret);
115
116 _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size,
117 _gnutls_bin2hex (key_block, block_size, buf,
118 sizeof (buf), NULL));
119
120 pos = 0;
121 if (hash_size > 0)
122 {
123
124 if (_gnutls_set_datum
125 (&client_write->mac_secret, &key_block[pos], hash_size) < 0)
126 return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
127
128 pos += hash_size;
129
130 if (_gnutls_set_datum
131 (&server_write->mac_secret, &key_block[pos], hash_size) < 0)
132 return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
133
134 pos += hash_size;
135 }
136
137 if (key_size > 0)
138 {
139 uint8_t key1[EXPORT_FINAL_KEY_SIZE];
140 uint8_t key2[EXPORT_FINAL_KEY_SIZE];
141 uint8_t *client_write_key, *server_write_key;
142 int client_write_key_size, server_write_key_size;
143
144 if (export_flag == 0)
145 {
146 client_write_key = &key_block[pos];
147 client_write_key_size = key_size;
148
149 pos += key_size;
150
151 server_write_key = &key_block[pos];
152 server_write_key_size = key_size;
153
154 pos += key_size;
155
156 }
157 else
158 { /* export */
159 client_write_key = key1;
160 server_write_key = key2;
161
162 /* generate the final keys */
163
164 if (session->security_parameters.version == GNUTLS_SSL3)
165 { /* SSL 3 */
166 ret =
167 _gnutls_ssl3_hash_md5 (&key_block[pos],
168 key_size, rrnd,
169 2 * GNUTLS_RANDOM_SIZE,
170 EXPORT_FINAL_KEY_SIZE,
171 client_write_key);
172
173 }
174 else
175 { /* TLS 1.0 */
176 ret =
177 _gnutls_PRF (session, &key_block[pos], key_size,
178 cliwrite, cliwrite_length,
179 rrnd,
180 2 * GNUTLS_RANDOM_SIZE,
181 EXPORT_FINAL_KEY_SIZE, client_write_key);
182 }
183
184 if (ret < 0)
185 return gnutls_assert_val (ret);
186
187 client_write_key_size = EXPORT_FINAL_KEY_SIZE;
188 pos += key_size;
189
190 if (session->security_parameters.version == GNUTLS_SSL3)
191 { /* SSL 3 */
192 ret =
193 _gnutls_ssl3_hash_md5 (&key_block[pos], key_size,
194 rnd, 2 * GNUTLS_RANDOM_SIZE,
195 EXPORT_FINAL_KEY_SIZE,
196 server_write_key);
197 }
198 else
199 { /* TLS 1.0 */
200 ret =
201 _gnutls_PRF (session, &key_block[pos], key_size,
202 servwrite, servwrite_length,
203 rrnd, 2 * GNUTLS_RANDOM_SIZE,
204 EXPORT_FINAL_KEY_SIZE, server_write_key);
205 }
206
207 if (ret < 0)
208 return gnutls_assert_val (ret);
209
210 server_write_key_size = EXPORT_FINAL_KEY_SIZE;
211 pos += key_size;
212 }
213
214 if (_gnutls_set_datum
215 (&client_write->key, client_write_key, client_write_key_size) < 0)
216 return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
217
218 _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
219 client_write_key_size,
220 _gnutls_bin2hex (client_write_key,
221 client_write_key_size, buf,
222 sizeof (buf), NULL));
223
224 if (_gnutls_set_datum
225 (&server_write->key, server_write_key, server_write_key_size) < 0)
226 return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
227
228 _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n",
229 server_write_key_size,
230 _gnutls_bin2hex (server_write_key,
231 server_write_key_size, buf,
232 sizeof (buf), NULL));
233
234 }
235
236
237 /* IV generation in export and non export ciphers.
238 */
239 if (IV_size > 0 && export_flag == 0)
240 {
241 if (_gnutls_set_datum
242 (&client_write->IV, &key_block[pos], IV_size) < 0)
243 return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
244
245 pos += IV_size;
246
247 if (_gnutls_set_datum
248 (&server_write->IV, &key_block[pos], IV_size) < 0)
249 return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
250
251 pos += IV_size;
252
253 }
254 else if (IV_size > 0 && export_flag != 0)
255 {
256 uint8_t iv_block[MAX_CIPHER_BLOCK_SIZE * 2];
257
258 if (session->security_parameters.version == GNUTLS_SSL3)
259 { /* SSL 3 */
260 ret = _gnutls_ssl3_hash_md5 ("", 0,
261 rrnd, GNUTLS_RANDOM_SIZE * 2,
262 IV_size, iv_block);
263
264 if (ret < 0)
265 return gnutls_assert_val (ret);
266
267
268 ret = _gnutls_ssl3_hash_md5 ("", 0, rnd,
269 GNUTLS_RANDOM_SIZE * 2,
270 IV_size, &iv_block[IV_size]);
271
272 }
273 else
274 { /* TLS 1.0 */
275 ret = _gnutls_PRF (session, (uint8_t*)"", 0,
276 ivblock, ivblock_length, rrnd,
277 2 * GNUTLS_RANDOM_SIZE, IV_size * 2, iv_block);
278 }
279
280 if (ret < 0)
281 return gnutls_assert_val (ret);
282
283 if (_gnutls_set_datum (&client_write->IV, iv_block, IV_size) < 0)
284 return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
285
286 if (_gnutls_set_datum
287 (&server_write->IV, &iv_block[IV_size], IV_size) < 0)
288 return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
289 }
290
291 return 0;
292 }
293
294 static int
295 _gnutls_init_record_state (record_parameters_st * params, gnutls_protocol_t ver, int read,
296 record_state_st * state)
297 {
298 int ret;
299 gnutls_datum_t * iv = NULL;
300
301 if (!_gnutls_version_has_explicit_iv(ver))
302 {
303 iv = &state->IV;
304 }
305
306 ret = _gnutls_auth_cipher_init (&state->cipher_state,
307 params->cipher_algorithm, &state->key, iv,
308 params->mac_algorithm, &state->mac_secret, (ver==GNUTLS_SSL3)?1:0, 1-read/*1==encrypt*/);
309 if (ret < 0 && params->cipher_algorithm != GNUTLS_CIPHER_NULL)
310 return gnutls_assert_val (ret);
311
312 ret =
313 _gnutls_comp_init (&state->compression_state, params->compression_algorithm, read/*1==decompress*/);
314
315 if (ret < 0)
316 return gnutls_assert_val (ret);
317
318 return 0;
319 }
320
321 int
322 _gnutls_epoch_set_cipher_suite (gnutls_session_t session,
323 int epoch_rel, const uint8_t suite[2])
324 {
325 gnutls_cipher_algorithm_t cipher_algo;
326 gnutls_mac_algorithm_t mac_algo;
327 record_parameters_st *params;
328 int ret;
329
330 ret = _gnutls_epoch_get (session, epoch_rel, &params);
331 if (ret < 0)
332 return gnutls_assert_val (ret);
333
334 if (params->initialized
335 || params->cipher_algorithm != GNUTLS_CIPHER_UNKNOWN
336 || params->mac_algorithm != GNUTLS_MAC_UNKNOWN)
337 return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
338
339 cipher_algo = _gnutls_cipher_suite_get_cipher_algo (suite);
340 mac_algo = _gnutls_cipher_suite_get_mac_algo (suite);
341
342 if (_gnutls_cipher_is_ok (cipher_algo) != 0
343 || _gnutls_mac_is_ok (mac_algo) != 0)
344 return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
345
346 params->cipher_algorithm = cipher_algo;
347 params->mac_algorithm = mac_algo;
348
349 return 0;
350 }
351
352 int
353 _gnutls_epoch_set_compression (gnutls_session_t session,
354 int epoch_rel,
355 gnutls_compression_method_t comp_algo)
356 {
357 record_parameters_st *params;
358 int ret;
359
360 ret = _gnutls_epoch_get (session, epoch_rel, &params);
361 if (ret < 0)
362 return gnutls_assert_val (ret);
363
364 if (params->initialized
365 || params->compression_algorithm != GNUTLS_COMP_UNKNOWN)
366 return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
367
368 if (_gnutls_compression_is_ok (comp_algo) != 0)
369 return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
370
371 params->compression_algorithm = comp_algo;
372
373 return 0;
374 }
375
376 void
377 _gnutls_epoch_set_null_algos (gnutls_session_t session,
378 record_parameters_st * params)
379 {
380 /* This is only called on startup. We are extra paranoid about this
381 because it may cause unencrypted application data to go out on
382 the wire. */
383 if (params->initialized || params->epoch != 0)
384 {
385 gnutls_assert ();
386 return;
387 }
388
389 params->cipher_algorithm = GNUTLS_CIPHER_NULL;
390 params->mac_algorithm = GNUTLS_MAC_NULL;
391 params->compression_algorithm = GNUTLS_COMP_NULL;
392 params->initialized = 1;
393 }
394
395 int
396 _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
397 {
398 int hash_size;
399 int IV_size;
400 int key_size, export_flag;
401 gnutls_cipher_algorithm_t cipher_algo;
402 gnutls_mac_algorithm_t mac_algo;
403 gnutls_compression_method_t comp_algo;
404 record_parameters_st *params;
405 int ret;
406 gnutls_protocol_t ver = gnutls_protocol_get_version (session);
407
408 ret = _gnutls_epoch_get (session, epoch, &params);
409 if (ret < 0)
410 return gnutls_assert_val (ret);
411
412 if (params->initialized)
413 return 0;
414
415 _gnutls_record_log
416 ("REC[%p]: Initializing epoch #%u\n", session, params->epoch);
417
418 cipher_algo = params->cipher_algorithm;
419 mac_algo = params->mac_algorithm;
420 comp_algo = params->compression_algorithm;
421
422 if (_gnutls_cipher_is_ok (cipher_algo) != 0
423 || _gnutls_mac_is_ok (mac_algo) != 0)
424 return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
425
426 if (_gnutls_compression_is_ok (comp_algo) != 0)
427 return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
428
429 IV_size = _gnutls_cipher_get_iv_size (cipher_algo);
430 key_size = gnutls_cipher_get_key_size (cipher_algo);
431 export_flag = _gnutls_cipher_get_export_flag (cipher_algo);
432 hash_size = _gnutls_hmac_get_algo_len (mac_algo);
433
434 ret = _gnutls_set_keys
435 (session, params, hash_size, IV_size, key_size, export_flag);
436 if (ret < 0)
437 return gnutls_assert_val (ret);
438
439 ret = _gnutls_init_record_state (params, ver, 1, &params->read);
440 if (ret < 0)
441 return gnutls_assert_val (ret);
442
443 ret = _gnutls_init_record_state (params, ver, 0, &params->write);
444 if (ret < 0)
445 return gnutls_assert_val (ret);
446
447 params->record_sw_size = 0;
448
449 _gnutls_record_log ("REC[%p]: Epoch #%u ready\n", session, params->epoch);
450
451 params->initialized = 1;
452 return 0;
453 }
454
455
456 #define CPY_COMMON dst->entity = src->entity; \
457 dst->kx_algorithm = src->kx_algorithm; \
458 memcpy( dst->cipher_suite, src->cipher_suite, 2); \
459 memcpy( dst->master_secret, src->master_secret, GNUTLS_MASTER_SIZE); \
460 memcpy( dst->client_random, src->client_random, GNUTLS_RANDOM_SIZE); \
461 memcpy( dst->server_random, src->server_random, GNUTLS_RANDOM_SIZE); \
462 memcpy( dst->session_id, src->session_id, TLS_MAX_SESSION_ID_SIZE); \
463 dst->session_id_size = src->session_id_size; \
464 dst->cert_type = src->cert_type; \
465 dst->compression_method = src->compression_method; \
466 dst->timestamp = src->timestamp; \
467 dst->max_record_recv_size = src->max_record_recv_size; \
468 dst->max_record_send_size = src->max_record_send_size; \
469 dst->version = src->version;
470
471 static void
472 _gnutls_set_resumed_parameters (gnutls_session_t session)
473 {
474 security_parameters_st *src =
475 &session->internals.resumed_security_parameters;
476 security_parameters_st *dst = &session->security_parameters;
477
478 CPY_COMMON;
479 }
480
481 /* Sets the current connection session to conform with the
482 * Security parameters(pending session), and initializes encryption.
483 * Actually it initializes and starts encryption ( so it needs
484 * secrets and random numbers to have been negotiated)
485 * This is to be called after sending the Change Cipher Spec packet.
486 */
487 int
488 _gnutls_connection_state_init (gnutls_session_t session)
489 {
490 int ret;
491
492 /* Setup the master secret
493 */
494 if ((ret = _gnutls_generate_master (session, 0)) < 0)
495 return gnutls_assert_val (ret);
496
497 return 0;
498 }
499
500
501
502 static int
503 _gnutls_check_algos (gnutls_session_t session,
504 const uint8_t suite[2],
505 gnutls_compression_method_t comp_algo)
506 {
507 gnutls_cipher_algorithm_t cipher_algo;
508 gnutls_mac_algorithm_t mac_algo;
509
510 cipher_algo = _gnutls_cipher_suite_get_cipher_algo (suite);
511 mac_algo = _gnutls_cipher_suite_get_mac_algo (suite);
512
513 if (_gnutls_cipher_is_ok (cipher_algo) != 0)
514 return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
515
516 if (_gnutls_cipher_priority (session, cipher_algo) < 0)
517 return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
518
519
520 if (_gnutls_mac_is_ok (mac_algo) != 0)
521 return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
522
523 if (_gnutls_mac_priority (session, mac_algo) < 0)
524 return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
525
526
527 if (_gnutls_compression_is_ok (comp_algo) != 0)
528 return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
529
530 return 0;
531 }
532
533 int _gnutls_epoch_get_compression(gnutls_session_t session, int epoch)
534 {
535 record_parameters_st *params;
536 int ret;
537
538 ret = _gnutls_epoch_get (session, epoch, &params);
539 if (ret < 0)
540 return GNUTLS_COMP_UNKNOWN;
541
542 return params->compression_algorithm;
543 }
544
545 /* Initializes the read connection session
546 * (read encrypted data)
547 */
548 int
549 _gnutls_read_connection_state_init (gnutls_session_t session)
550 {
551 const uint16_t epoch_next = session->security_parameters.epoch_next;
552 int ret;
553
554 /* Update internals from CipherSuite selected.
555 * If we are resuming just copy the connection session
556 */
557 if (session->internals.resumed == RESUME_FALSE)
558 {
559
560 ret = _gnutls_check_algos (session,
561 session->
562 security_parameters.cipher_suite,
563 _gnutls_epoch_get_compression(session, epoch_next));
564 if (ret < 0)
565 return ret;
566
567 ret = _gnutls_set_kx (session,
568 _gnutls_cipher_suite_get_kx_algo
569 (session->
570 security_parameters.cipher_suite));
571 if (ret < 0)
572 return ret;
573 }
574 else if (session->security_parameters.entity == GNUTLS_CLIENT)
575 _gnutls_set_resumed_parameters (session);
576
577 ret = _gnutls_epoch_set_keys (session, epoch_next);
578 if (ret < 0)
579 return ret;
580
581 _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n",
582 session,
583 _gnutls_cipher_suite_get_name
584 (session->
585 security_parameters.cipher_suite));
586
587 session->security_parameters.epoch_read = epoch_next;
588
589 return 0;
590 }
591
592
593
594 /* Initializes the write connection session
595 * (write encrypted data)
596 */
597 int
598 _gnutls_write_connection_state_init (gnutls_session_t session)
599 {
600 const uint16_t epoch_next = session->security_parameters.epoch_next;
601 int ret;
602
603 /* Update internals from CipherSuite selected.
604 * If we are resuming just copy the connection session
605 */
606 if (session->internals.resumed == RESUME_FALSE)
607 {
608 ret = _gnutls_check_algos (session,
609 session->
610 security_parameters.cipher_suite,
611 _gnutls_epoch_get_compression(session, epoch_next));
612 if (ret < 0)
613 return ret;
614
615 ret = _gnutls_set_kx (session,
616 _gnutls_cipher_suite_get_kx_algo
617 (session->
618 security_parameters.cipher_suite));
619 if (ret < 0)
620 return ret;
621 }
622 else if (session->security_parameters.entity == GNUTLS_SERVER)
623 _gnutls_set_resumed_parameters (session);
624
625 ret = _gnutls_epoch_set_keys (session, epoch_next);
626 if (ret < 0)
627 return gnutls_assert_val (ret);
628
629 _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", session,
630 _gnutls_cipher_suite_get_name
631 (session->
632 security_parameters.cipher_suite));
633
634 _gnutls_handshake_log
635 ("HSK[%p]: Initializing internal [write] cipher sessions\n", session);
636
637 session->security_parameters.epoch_write = epoch_next;
638
639 return 0;
640 }
641
642 /* Sets the specified kx algorithm into pending session
643 */
644 int
645 _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo)
646 {
647
648 if (_gnutls_kx_is_ok (algo) == 0)
649 {
650 session->security_parameters.kx_algorithm = algo;
651 }
652 else
653 return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
654
655 if (_gnutls_kx_priority (session, algo) < 0)
656 return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
657
658 return 0;
659 }
660
661 static inline int
662 epoch_resolve (gnutls_session_t session,
663 unsigned int epoch_rel, uint16_t * epoch_out)
664 {
665 switch (epoch_rel)
666 {
667 case EPOCH_READ_CURRENT:
668 *epoch_out = session->security_parameters.epoch_read;
669 return 0;
670
671 case EPOCH_WRITE_CURRENT:
672 *epoch_out = session->security_parameters.epoch_write;
673 return 0;
674
675 case EPOCH_NEXT:
676 *epoch_out = session->security_parameters.epoch_next;
677 return 0;
678
679 default:
680 if (epoch_rel > 0xffffu)
681 return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
682
683 *epoch_out = epoch_rel;
684 return 0;
685 }
686 }
687
688 static inline record_parameters_st **
689 epoch_get_slot (gnutls_session_t session, uint16_t epoch)
690 {
691 uint16_t epoch_index = epoch - session->security_parameters.epoch_min;
692
693 if (epoch_index >= MAX_EPOCH_INDEX)
694 {
695 _gnutls_handshake_log("Epoch %d out of range (idx: %d, max: %d)\n", (int)epoch, (int)epoch_index, MAX_EPOCH_INDEX);
696 gnutls_assert ();
697 return NULL;
698 }
699 /* The slot may still be empty (NULL) */
700 return &session->record_parameters[epoch_index];
701 }
702
703 int
704 _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
705 record_parameters_st ** params_out)
706 {
707 uint16_t epoch;
708 record_parameters_st **params;
709 int ret;
710
711 ret = epoch_resolve (session, epoch_rel, &epoch);
712 if (ret < 0)
713 return gnutls_assert_val (ret);
714
715 params = epoch_get_slot (session, epoch);
716 if (params == NULL || *params == NULL)
717 return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
718
719 *params_out = *params;
720
721 return 0;
722 }
723
724 int
725 _gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch,
726 record_parameters_st ** out)
727 {
728 record_parameters_st **slot;
729
730 _gnutls_record_log ("REC[%p]: Allocating epoch #%u\n", session, epoch);
731
732 slot = epoch_get_slot (session, epoch);
733
734 /* If slot out of range or not empty. */
735 if (slot == NULL)
736 return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
737
738 if (*slot != NULL)
739 return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
740
741 *slot = gnutls_calloc (1, sizeof (record_parameters_st));
742 if (*slot == NULL)
743 return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
744
745 (*slot)->epoch = epoch;
746 (*slot)->cipher_algorithm = GNUTLS_CIPHER_UNKNOWN;
747 (*slot)->mac_algorithm = GNUTLS_MAC_UNKNOWN;
748 (*slot)->compression_algorithm = GNUTLS_COMP_UNKNOWN;
749
750 if (IS_DTLS (session))
751 _gnutls_write_uint16 (epoch, UINT64DATA((*slot)->write.sequence_number));
752
753 if (out != NULL)
754 *out = *slot;
755
756 return 0;
757 }
758
759 static inline int
760 epoch_is_active(gnutls_session_t session, record_parameters_st * params)
761 {
762 const security_parameters_st *sp = &session->security_parameters;
763
764 if (params->epoch == sp->epoch_read)
765 return 1;
766
767 if (params->epoch == sp->epoch_write)
768 return 1;
769
770 if (params->epoch == sp->epoch_next)
771 return 1;
772
773 return 0;
774 }
775
776 static inline int
777 epoch_alive (gnutls_session_t session, record_parameters_st * params)
778 {
779 if (params->usage_cnt > 0)
780 return 1;
781
782 return epoch_is_active(session, params);
783 }
784
785 void
786 _gnutls_epoch_gc (gnutls_session_t session)
787 {
788 int i, j;
789 unsigned int min_index = 0;
790
791 _gnutls_record_log ("REC[%p]: Start of epoch cleanup\n", session);
792
793 /* Free all dead cipher state */
794 for (i = 0; i < MAX_EPOCH_INDEX; i++)
795 {
796 if (session->record_parameters[i] != NULL)
797 {
798 if (!epoch_is_active(session, session->record_parameters[i]) && session->record_parameters[i]->usage_cnt)
799 _gnutls_record_log ("REC[%p]: Note inactive epoch %d has %d users\n", session, session->record_parameters[i]->epoch, session->record_parameters[i]->usage_cnt);
800 if (!epoch_alive (session, session->record_parameters[i]))
801 {
802 _gnutls_epoch_free (session, session->record_parameters[i]);
803 session->record_parameters[i] = NULL;
804 }
805 }
806 }
807
808 /* Look for contiguous NULLs at the start of the array */
809 for (i = 0; i < MAX_EPOCH_INDEX && session->record_parameters[i] == NULL;
810 i++);
811 min_index = i;
812
813 /* Pick up the slack in the epoch window. */
814 for (i = 0, j = min_index; j < MAX_EPOCH_INDEX; i++, j++)
815 session->record_parameters[i] = session->record_parameters[j];
816
817 /* Set the new epoch_min */
818 if (session->record_parameters[0] != NULL)
819 session->security_parameters.epoch_min =
820 session->record_parameters[0]->epoch;
821
822 _gnutls_record_log ("REC[%p]: End of epoch cleanup\n", session);
823 }
824
825 static inline void
826 free_record_state (record_state_st * state, int d)
827 {
828 _gnutls_free_datum (&state->mac_secret);
829 _gnutls_free_datum (&state->IV);
830 _gnutls_free_datum (&state->key);
831
832 _gnutls_auth_cipher_deinit (&state->cipher_state);
833
834 if (state->compression_state.handle != NULL)
835 _gnutls_comp_deinit (&state->compression_state, d);
836 }
837
838 void
839 _gnutls_epoch_free (gnutls_session_t session, record_parameters_st * params)
840 {
841 _gnutls_record_log ("REC[%p]: Epoch #%u freed\n", session, params->epoch);
842
843 free_record_state (&params->read, 1);
844 free_record_state (&params->write, 0);
845
846 gnutls_free (params);
847 }
Implementation of the SSL/TLS protocol