Explicit symmetric cipher state versionning.
This introduces the concept of a "cipher epoch". The epoch number is
the number of successful handshakes and is incremented by one each
time. This concept is native to DTLS and this patch makes the
symmetric cipher state explicit for TLS in preparation for DTLS. This
concept was implicit in plain TLS and ChangeCipherSpec messages
triggered a "pending state copy". Now, we the current epoch number is
simply incremented to the parameters negotiated by the handshake.
The main side effects of this patch is a slightly more abstract
internal API and, in some cases, simpler code. The session blob format
is also changed a bit since this patch avoids storing information that
is now redundant. If this breaks library users' expectations, this
side effect can be negated.
The cipher_specs structure has been removed. The conn_state has become
record_state_st. Only symmetric cipher information is
versioned. Things such as key exchange algorithm and the master secret
are not versioned and their handling is unchanged.
I have tested this patch as much as I could. It introduces no test
suite regressions on my x64 Debian GNU/Linux system.
Do not hesitate to point out shortcomings or suggest changes. Since
this is a big diff, I am expecting this to be an iterative process.
Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
17 files changed: