search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixed leaks in key generation and other cleanups. Patch by Tomas Mraz.
[gnutls.git] / lib / gnutls_session_pack.c
bloba305a8b2bd45f9e65387479c3551712ef15417a3
1 /*
2 * Copyright (C) 2000, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
3 * Foundation, Inc.
4 *
5 * Author: Nikos Mavrogiannopoulos
6 *
7 * This file is part of GnuTLS.
8 *
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
22 * USA
23 *
24 */
25
26 /* Contains functions that are supposed to pack and unpack session data,
27 * before and after they are sent to the database backend.
28 */
29
30 #include <gnutls_int.h>
31 #ifdef ENABLE_SRP
32 #include <auth_srp.h>
33 #endif
34 #ifdef ENABLE_PSK
35 #include <auth_psk.h>
36 #endif
37 #include <auth_anon.h>
38 #include <auth_cert.h>
39 #include <gnutls_errors.h>
40 #include <gnutls_auth.h>
41 #include <gnutls_session_pack.h>
42 #include <gnutls_datum.h>
43 #include <gnutls_num.h>
44 #include <gnutls_extensions.h>
45 #include <gnutls_constate.h>
46
47 static int pack_certificate_auth_info (gnutls_session_t,
48 gnutls_buffer_st * packed_session);
49 static int unpack_certificate_auth_info (gnutls_session_t,
50 gnutls_buffer_st * packed_session);
51
52 static int unpack_srp_auth_info (gnutls_session_t session,
53 gnutls_buffer_st * packed_session);
54 static int pack_srp_auth_info (gnutls_session_t session,
55 gnutls_buffer_st * packed_session);
56
57 static int unpack_psk_auth_info (gnutls_session_t session,
58 gnutls_buffer_st * packed_session);
59 static int pack_psk_auth_info (gnutls_session_t session,
60 gnutls_buffer_st * packed_session);
61
62 static int unpack_anon_auth_info (gnutls_session_t session,
63 gnutls_buffer_st * packed_session);
64 static int pack_anon_auth_info (gnutls_session_t session,
65 gnutls_buffer_st * packed_session);
66
67 static int unpack_security_parameters (gnutls_session_t session,
68 gnutls_buffer_st * packed_session);
69 static int pack_security_parameters (gnutls_session_t session,
70 gnutls_buffer_st * packed_session);
71
72
73 /* Since auth_info structures contain malloced data, this function
74 * is required in order to pack these structures in a vector in
75 * order to store them to the DB.
76 *
77 * packed_session will contain the session data.
78 *
79 * The data will be in a platform independent format.
80 */
81 int
82 _gnutls_session_pack (gnutls_session_t session,
83 gnutls_datum_t * packed_session)
84 {
85 int ret;
86 gnutls_buffer_st sb;
87 opaque id;
88
89 if (packed_session == NULL)
90 {
91 gnutls_assert ();
92 return GNUTLS_E_INTERNAL_ERROR;
93 }
94
95 _gnutls_buffer_init (&sb);
96
97 id = gnutls_auth_get_type (session);
98 BUFFER_APPEND (&sb, &id, 1);
99
100 switch (id)
101 {
102 #ifdef ENABLE_SRP
103 case GNUTLS_CRD_SRP:
104 ret = pack_srp_auth_info (session, &sb);
105 if (ret < 0)
106 {
107 gnutls_assert ();
108 return ret;
109 }
110 break;
111 #endif
112 #ifdef ENABLE_PSK
113 case GNUTLS_CRD_PSK:
114 ret = pack_psk_auth_info (session, &sb);
115 if (ret < 0)
116 {
117 gnutls_assert ();
118 return ret;
119 }
120 break;
121 #endif
122 #ifdef ENABLE_ANON
123 case GNUTLS_CRD_ANON:
124 ret = pack_anon_auth_info (session, &sb);
125 if (ret < 0)
126 {
127 gnutls_assert ();
128 return ret;
129 }
130 break;
131 #endif
132 case GNUTLS_CRD_CERTIFICATE:
133 ret = pack_certificate_auth_info (session, &sb);
134 if (ret < 0)
135 {
136 gnutls_assert ();
137 return ret;
138 }
139 break;
140 default:
141 return GNUTLS_E_INTERNAL_ERROR;
142
143 }
144
145 /* Auth_info structures copied. Now copy security_parameters_st.
146 * packed_session must have allocated space for the security parameters.
147 */
148 ret = pack_security_parameters (session, &sb);
149 if (ret < 0)
150 {
151 gnutls_assert ();
152 _gnutls_buffer_clear (&sb);
153 return ret;
154 }
155
156 ret = _gnutls_ext_pack (session, &sb);
157 if (ret < 0)
158 {
159 gnutls_assert ();
160 _gnutls_buffer_clear (&sb);
161 return ret;
162 }
163
164 ret = _gnutls_buffer_to_datum (&sb, packed_session);
165
166 return ret;
167 }
168
169
170 /* Load session data from a buffer.
171 */
172 int
173 _gnutls_session_unpack (gnutls_session_t session,
174 const gnutls_datum_t * packed_session)
175 {
176 int ret;
177 gnutls_buffer_st sb;
178 opaque id;
179
180 _gnutls_buffer_init (&sb);
181
182 if (packed_session == NULL || packed_session->size == 0)
183 {
184 gnutls_assert ();
185 return GNUTLS_E_INTERNAL_ERROR;
186 }
187
188 ret =
189 _gnutls_buffer_append_data (&sb, packed_session->data,
190 packed_session->size);
191 if (ret < 0)
192 {
193 gnutls_assert ();
194 return ret;
195 }
196
197 if (_gnutls_get_auth_info (session) != NULL)
198 {
199 _gnutls_free_auth_info (session);
200 }
201
202 BUFFER_POP (&sb, &id, 1);
203
204 switch (id)
205 {
206 #ifdef ENABLE_SRP
207 case GNUTLS_CRD_SRP:
208 ret = unpack_srp_auth_info (session, &sb);
209 if (ret < 0)
210 {
211 gnutls_assert ();
212 goto error;
213 }
214 break;
215 #endif
216 #ifdef ENABLE_PSK
217 case GNUTLS_CRD_PSK:
218 ret = unpack_psk_auth_info (session, &sb);
219 if (ret < 0)
220 {
221 gnutls_assert ();
222 goto error;
223 }
224 break;
225 #endif
226 #ifdef ENABLE_ANON
227 case GNUTLS_CRD_ANON:
228 ret = unpack_anon_auth_info (session, &sb);
229 if (ret < 0)
230 {
231 gnutls_assert ();
232 return ret;
233 }
234 break;
235 #endif
236 case GNUTLS_CRD_CERTIFICATE:
237 ret = unpack_certificate_auth_info (session, &sb);
238 if (ret < 0)
239 {
240 gnutls_assert ();
241 goto error;
242 }
243 break;
244 default:
245 gnutls_assert ();
246 ret = GNUTLS_E_INTERNAL_ERROR;
247 goto error;
248
249 }
250
251 /* Auth_info structures copied. Now copy security_parameters_st.
252 * packed_session must have allocated space for the security parameters.
253 */
254 ret = unpack_security_parameters (session, &sb);
255 if (ret < 0)
256 {
257 gnutls_assert ();
258 goto error;
259 }
260
261 ret = _gnutls_ext_unpack (session, &sb);
262 if (ret < 0)
263 {
264 gnutls_assert ();
265 goto error;
266 }
267
268 ret = 0;
269
270 error:
271 _gnutls_buffer_clear (&sb);
272
273 return ret;
274 }
275
276
277
278 /* Format:
279 * 1 byte the credentials type
280 * 4 bytes the size of the whole structure
281 * DH stuff
282 * 2 bytes the size of secret key in bits
283 * 4 bytes the size of the prime
284 * x bytes the prime
285 * 4 bytes the size of the generator
286 * x bytes the generator
287 * 4 bytes the size of the public key
288 * x bytes the public key
289 * RSA stuff
290 * 4 bytes the size of the modulus
291 * x bytes the modulus
292 * 4 bytes the size of the exponent
293 * x bytes the exponent
294 * CERTIFICATES
295 * 4 bytes the length of the certificate list
296 * 4 bytes the size of first certificate
297 * x bytes the certificate
298 * and so on...
299 */
300 static int
301 pack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
302 {
303 unsigned int i;
304 int cur_size, ret;
305 cert_auth_info_t info = _gnutls_get_auth_info (session);
306 int size_offset;
307
308 size_offset = ps->length;
309 BUFFER_APPEND_NUM (ps, 0);
310 cur_size = ps->length;
311
312 if (info)
313 {
314
315 BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
316 BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
317 BUFFER_APPEND_PFX (ps, info->dh.generator.data,
318 info->dh.generator.size);
319 BUFFER_APPEND_PFX (ps, info->dh.public_key.data,
320 info->dh.public_key.size);
321 BUFFER_APPEND_PFX (ps, info->rsa_export.modulus.data,
322 info->rsa_export.modulus.size);
323 BUFFER_APPEND_PFX (ps, info->rsa_export.exponent.data,
324 info->rsa_export.exponent.size);
325
326 BUFFER_APPEND_NUM (ps, info->ncerts);
327
328 for (i = 0; i < info->ncerts; i++)
329 BUFFER_APPEND_PFX (ps, info->raw_certificate_list[i].data,
330 info->raw_certificate_list[i].size);
331 }
332
333 /* write the real size */
334 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
335
336 return 0;
337 }
338
339
340 /* Upack certificate info.
341 */
342 static int
343 unpack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
344 {
345 int ret;
346 unsigned int i = 0, j = 0;
347 size_t pack_size;
348 cert_auth_info_t info = NULL;
349
350 BUFFER_POP_NUM (ps, pack_size);
351
352 if (pack_size == 0)
353 return 0; /* nothing to be done */
354
355 /* client and server have the same auth_info here
356 */
357 ret =
358 _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
359 sizeof (cert_auth_info_st), 1);
360 if (ret < 0)
361 {
362 gnutls_assert ();
363 return ret;
364 }
365
366 info = _gnutls_get_auth_info (session);
367 if (info == NULL)
368 {
369 gnutls_assert ();
370 return GNUTLS_E_INTERNAL_ERROR;
371 }
372
373 BUFFER_POP_NUM (ps, info->dh.secret_bits);
374
375 BUFFER_POP_DATUM (ps, &info->dh.prime);
376 BUFFER_POP_DATUM (ps, &info->dh.generator);
377 BUFFER_POP_DATUM (ps, &info->dh.public_key);
378 BUFFER_POP_DATUM (ps, &info->rsa_export.modulus);
379 BUFFER_POP_DATUM (ps, &info->rsa_export.exponent);
380
381 BUFFER_POP_NUM (ps, info->ncerts);
382
383 if (info->ncerts > 0)
384 {
385 info->raw_certificate_list =
386 gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t));
387 if (info->raw_certificate_list == NULL)
388 {
389 gnutls_assert ();
390 ret = GNUTLS_E_MEMORY_ERROR;
391 goto error;
392 }
393 }
394
395 for (i = 0; i < info->ncerts; i++)
396 {
397 BUFFER_POP_DATUM (ps, &info->raw_certificate_list[i]);
398 }
399
400 return 0;
401
402 error:
403 if (info)
404 {
405 _gnutls_free_datum (&info->dh.prime);
406 _gnutls_free_datum (&info->dh.generator);
407 _gnutls_free_datum (&info->dh.public_key);
408
409 _gnutls_free_datum (&info->rsa_export.modulus);
410 _gnutls_free_datum (&info->rsa_export.exponent);
411
412 for (j = 0; j < i; j++)
413 _gnutls_free_datum (&info->raw_certificate_list[j]);
414
415 gnutls_free (info->raw_certificate_list);
416 }
417
418 return ret;
419
420 }
421
422 #ifdef ENABLE_SRP
423 /* Packs the SRP session authentication data.
424 */
425
426 /* Format:
427 * 1 byte the credentials type
428 * 4 bytes the size of the SRP username (x)
429 * x bytes the SRP username
430 */
431 static int
432 pack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
433 {
434 srp_server_auth_info_t info = _gnutls_get_auth_info (session);
435 int len, ret;
436 int size_offset;
437 size_t cur_size;
438
439 if (info && info->username)
440 len = strlen (info->username) + 1; /* include the terminating null */
441 else
442 len = 0;
443
444 size_offset = ps->length;
445 BUFFER_APPEND_NUM (ps, 0);
446 cur_size = ps->length;
447
448 BUFFER_APPEND_PFX (ps, info->username, len);
449
450 /* write the real size */
451 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
452
453 return 0;
454 }
455
456
457 static int
458 unpack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
459 {
460 size_t username_size;
461 int ret;
462 srp_server_auth_info_t info;
463
464 BUFFER_POP_NUM (ps, username_size);
465 if (username_size > sizeof (info->username))
466 {
467 gnutls_assert ();
468 return GNUTLS_E_INTERNAL_ERROR;
469 }
470
471
472 ret =
473 _gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
474 sizeof (srp_server_auth_info_st), 1);
475 if (ret < 0)
476 {
477 gnutls_assert ();
478 return ret;
479 }
480
481 info = _gnutls_get_auth_info (session);
482 if (info == NULL)
483 {
484 gnutls_assert ();
485 return GNUTLS_E_INTERNAL_ERROR;
486 }
487
488 BUFFER_POP (ps, info->username, username_size);
489
490 ret = 0;
491
492 error:
493 return ret;
494 }
495 #endif
496
497
498 #ifdef ENABLE_ANON
499 /* Packs the ANON session authentication data.
500 */
501
502 /* Format:
503 * 1 byte the credentials type
504 * 4 bytes the size of the whole structure
505 * 2 bytes the size of secret key in bits
506 * 4 bytes the size of the prime
507 * x bytes the prime
508 * 4 bytes the size of the generator
509 * x bytes the generator
510 * 4 bytes the size of the public key
511 * x bytes the public key
512 */
513 static int
514 pack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
515 {
516 int cur_size, ret;
517 anon_auth_info_t info = _gnutls_get_auth_info (session);
518 int size_offset;
519
520 size_offset = ps->length;
521 BUFFER_APPEND_NUM (ps, 0);
522 cur_size = ps->length;
523
524 if (info)
525 {
526 BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
527 BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
528 BUFFER_APPEND_PFX (ps, info->dh.generator.data,
529 info->dh.generator.size);
530 BUFFER_APPEND_PFX (ps, info->dh.public_key.data,
531 info->dh.public_key.size);
532 }
533
534 /* write the real size */
535 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
536
537 return 0;
538 }
539
540
541 static int
542 unpack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
543 {
544 int ret;
545 size_t pack_size;
546 anon_auth_info_t info = NULL;
547
548 BUFFER_POP_NUM (ps, pack_size);
549
550 if (pack_size == 0)
551 return 0; /* nothing to be done */
552
553 /* client and server have the same auth_info here
554 */
555 ret =
556 _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
557 sizeof (anon_auth_info_st), 1);
558 if (ret < 0)
559 {
560 gnutls_assert ();
561 return ret;
562 }
563
564 info = _gnutls_get_auth_info (session);
565 if (info == NULL)
566 {
567 gnutls_assert ();
568 return GNUTLS_E_INTERNAL_ERROR;
569 }
570
571 BUFFER_POP_NUM (ps, info->dh.secret_bits);
572
573 BUFFER_POP_DATUM (ps, &info->dh.prime);
574 BUFFER_POP_DATUM (ps, &info->dh.generator);
575 BUFFER_POP_DATUM (ps, &info->dh.public_key);
576
577 return 0;
578
579 error:
580 if (info)
581 {
582 _gnutls_free_datum (&info->dh.prime);
583 _gnutls_free_datum (&info->dh.generator);
584 _gnutls_free_datum (&info->dh.public_key);
585 }
586
587 return ret;
588 }
589 #endif /* ANON */
590
591 #ifdef ENABLE_PSK
592 /* Packs the PSK session authentication data.
593 */
594
595 /* Format:
596 * 1 byte the credentials type
597 * 4 bytes the size of the whole structure
598 *
599 * 4 bytes the size of the PSK username (x)
600 * x bytes the PSK username
601 * 2 bytes the size of secret key in bits
602 * 4 bytes the size of the prime
603 * x bytes the prime
604 * 4 bytes the size of the generator
605 * x bytes the generator
606 * 4 bytes the size of the public key
607 * x bytes the public key
608 */
609 static int
610 pack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
611 {
612 psk_auth_info_t info;
613 int username_len;
614 int hint_len, ret;
615 int size_offset;
616 size_t cur_size;
617
618 info = _gnutls_get_auth_info (session);
619
620 if (info && info->username)
621 username_len = strlen (info->username) + 1; /* include the terminating null */
622 else
623 username_len = 0;
624
625 if (info && info->hint)
626 hint_len = strlen (info->hint) + 1; /* include the terminating null */
627 else
628 hint_len = 0;
629
630 size_offset = ps->length;
631 BUFFER_APPEND_NUM (ps, 0);
632 cur_size = ps->length;
633
634 BUFFER_APPEND_PFX (ps, info->username, username_len);
635 BUFFER_APPEND_PFX (ps, info->hint, hint_len);
636
637 BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
638 BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
639 BUFFER_APPEND_PFX (ps, info->dh.generator.data, info->dh.generator.size);
640 BUFFER_APPEND_PFX (ps, info->dh.public_key.data, info->dh.public_key.size);
641
642 /* write the real size */
643 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
644
645 return 0;
646 }
647
648 static int
649 unpack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
650 {
651 size_t username_size, hint_size;
652 int ret;
653 psk_auth_info_t info;
654
655 ret =
656 _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
657 sizeof (psk_auth_info_st), 1);
658 if (ret < 0)
659 {
660 gnutls_assert ();
661 return ret;
662 }
663
664 info = _gnutls_get_auth_info (session);
665 if (info == NULL)
666 {
667 gnutls_assert ();
668 return GNUTLS_E_INTERNAL_ERROR;
669 }
670
671 BUFFER_POP_NUM (ps, username_size);
672 if (username_size > sizeof (info->username))
673 {
674 gnutls_assert ();
675 return GNUTLS_E_INTERNAL_ERROR;
676 }
677
678 BUFFER_POP (ps, info->username, username_size);
679
680 BUFFER_POP_NUM (ps, hint_size);
681 if (hint_size > sizeof (info->hint))
682 {
683 gnutls_assert ();
684 return GNUTLS_E_INTERNAL_ERROR;
685 }
686 BUFFER_POP (ps, info->hint, hint_size);
687
688 BUFFER_POP_NUM (ps, info->dh.secret_bits);
689
690 BUFFER_POP_DATUM (ps, &info->dh.prime);
691 BUFFER_POP_DATUM (ps, &info->dh.generator);
692 BUFFER_POP_DATUM (ps, &info->dh.public_key);
693
694 ret = 0;
695
696 error:
697 _gnutls_free_datum (&info->dh.prime);
698 _gnutls_free_datum (&info->dh.generator);
699 _gnutls_free_datum (&info->dh.public_key);
700
701 return ret;
702 }
703 #endif
704
705
706 /* Packs the security parameters.
707 */
708
709 /* Format:
710 * 4 bytes the total security data size
711 * 1 byte the entity type (client/server)
712 * 1 byte the key exchange algorithm used
713 * 1 byte the read cipher algorithm
714 * 1 byte the read mac algorithm
715 * 1 byte the read compression algorithm
716 *
717 * 1 byte the write cipher algorithm
718 * 1 byte the write mac algorithm
719 * 1 byte the write compression algorithm
720 *
721 * 1 byte the certificate type
722 * 1 byte the protocol version
723 *
724 * 2 bytes the cipher suite
725 *
726 * 48 bytes the master secret
727 *
728 * 32 bytes the client random
729 * 32 bytes the server random
730 *
731 * 1 byte the session ID size
732 * x bytes the session ID (32 bytes max)
733 *
734 * 4 bytes a timestamp
735 * -------------------
736 * MAX: 165 bytes
737 *
738 */
739 static int
740 pack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
741 {
742
743 int ret;
744 int size_offset;
745 size_t cur_size;
746 record_parameters_st *params;
747
748 if (session->security_parameters.epoch_read
749 != session->security_parameters.epoch_write)
750 {
751 gnutls_assert ();
752 return GNUTLS_E_INVALID_REQUEST;
753 }
754
755 ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &params);
756 if (ret < 0)
757 {
758 gnutls_assert ();
759 return ret;
760 }
761
762 /* move after the auth info stuff.
763 */
764 size_offset = ps->length;
765 BUFFER_APPEND_NUM (ps, 0);
766 cur_size = ps->length;
767
768
769 BUFFER_APPEND_NUM (ps, session->security_parameters.entity);
770 BUFFER_APPEND_NUM (ps, session->security_parameters.kx_algorithm);
771 BUFFER_APPEND (ps,
772 &session->security_parameters.current_cipher_suite.suite[0],
773 1);
774 BUFFER_APPEND (ps,
775 &session->security_parameters.current_cipher_suite.suite[1],
776 1);
777 BUFFER_APPEND_NUM (ps, params->compression_algorithm);
778 BUFFER_APPEND_NUM (ps, session->security_parameters.cert_type);
779 BUFFER_APPEND_NUM (ps, session->security_parameters.version);
780
781 BUFFER_APPEND (ps, session->security_parameters.master_secret,
782 GNUTLS_MASTER_SIZE);
783 BUFFER_APPEND (ps, session->security_parameters.client_random,
784 GNUTLS_RANDOM_SIZE);
785 BUFFER_APPEND (ps, session->security_parameters.server_random,
786 GNUTLS_RANDOM_SIZE);
787
788 BUFFER_APPEND_NUM (ps, session->security_parameters.session_id_size);
789 BUFFER_APPEND (ps, session->security_parameters.session_id,
790 session->security_parameters.session_id_size);
791
792 BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_send_size);
793 BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_recv_size);
794 BUFFER_APPEND_NUM (ps, session->security_parameters.timestamp);
795
796 _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
797
798 return 0;
799 }
800
801 static int
802 unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
803 {
804 size_t pack_size;
805 int ret;
806 time_t timestamp = gnutls_time (0);
807
808 BUFFER_POP_NUM (ps, pack_size);
809
810 if (pack_size == 0)
811 return GNUTLS_E_INVALID_REQUEST;
812
813 memset (&session->internals.resumed_security_parameters, 0,
814 sizeof (session->internals.resumed_security_parameters));
815
816 BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.entity);
817 BUFFER_POP_NUM (ps,
818 session->internals.resumed_security_parameters.kx_algorithm);
819 BUFFER_POP (ps,
820 &session->internals.
821 resumed_security_parameters.current_cipher_suite.suite[0], 1);
822 BUFFER_POP (ps,
823 &session->internals.resumed_security_parameters.
824 current_cipher_suite.suite[1], 1);
825 BUFFER_POP_NUM (ps, session->internals.resumed_compression_method);
826 BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.cert_type);
827 BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.version);
828
829 BUFFER_POP (ps,
830 &session->internals.resumed_security_parameters.master_secret,
831 GNUTLS_MASTER_SIZE);
832
833 BUFFER_POP (ps,
834 &session->internals.resumed_security_parameters.client_random,
835 GNUTLS_RANDOM_SIZE);
836 BUFFER_POP (ps,
837 &session->internals.resumed_security_parameters.server_random,
838 GNUTLS_RANDOM_SIZE);
839 BUFFER_POP_NUM (ps,
840 session->internals.
841 resumed_security_parameters.session_id_size);
842
843 BUFFER_POP (ps, &session->internals.resumed_security_parameters.session_id,
844 session->internals.resumed_security_parameters.session_id_size);
845
846 BUFFER_POP_NUM (ps,
847 session->internals.
848 resumed_security_parameters.max_record_send_size);
849 BUFFER_POP_NUM (ps,
850 session->internals.
851 resumed_security_parameters.max_record_recv_size);
852 BUFFER_POP_NUM (ps,
853 session->internals.resumed_security_parameters.timestamp);
854
855 if (timestamp - session->internals.resumed_security_parameters.timestamp >
856 session->internals.expire_time
857 || session->internals.resumed_security_parameters.timestamp > timestamp)
858 {
859 gnutls_assert ();
860 return GNUTLS_E_EXPIRED;
861 }
862
863 ret = 0;
864
865 error:
866 return ret;
867 }
Implementation of the SSL/TLS protocol