Parse the NewSessionTicket handshake message

This commit is contained in:
John Safranek 2014-10-01 16:28:01 -07:00
parent 2f5520d14c
commit 9dbc1d2d00
3 changed files with 69 additions and 2 deletions

View File

@ -123,9 +123,11 @@ enum CyaSSL_ErrorCodes {
/* begin negotiation parameter errors */
UNSUPPORTED_SUITE = -390, /* unsupported cipher suite */
MATCH_SUITE_ERROR = -391 /* can't match cipher suite */
MATCH_SUITE_ERROR = -391, /* can't match cipher suite */
/* end negotiation parameter errors only 10 for now */
/* add strings to SetErrorString !!!!! */
SESSION_TICKET_LEN_E = -392 /* Session Ticket too large */
};

View File

@ -681,9 +681,11 @@ enum Misc {
OPAQUE8_LEN = 1, /* 1 byte */
OPAQUE16_LEN = 2, /* 2 bytes */
OPAQUE24_LEN = 3, /* 3 bytes */
OPAQUE32_LEN = 4, /* 4 bytes */
COMP_LEN = 1, /* compression length */
CURVE_LEN = 2, /* ecc named curve length */
SERVER_ID_LEN = 20, /* server session id length */
SESSION_TICKET_LEN = 256, /* Session ticket length */
HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
RECORD_HEADER_SZ = 5, /* type + version + len(2) */
@ -1652,6 +1654,12 @@ struct CYASSL_SESSION {
byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
word16 idLen; /* serverID length */
#endif
#ifdef HAVE_SESSION_TICKET
word32 ticketBornOn; /* create time in seconds */
word32 ticketTimeout; /* timeout in seconds */
byte ticket[SESSION_TICKET_LEN];
word16 ticketLen;
#endif
};

View File

@ -76,6 +76,10 @@ static int BuildMessage(CYASSL* ssl, byte* output, int outSz,
static int DoCertificateRequest(CYASSL* ssl, const byte* input, word32*,
word32);
#endif
#ifdef HAVE_SESSION_TICKET
static int DoSessionTicket(CYASSL* ssl, const byte* input, word32*,
word32);
#endif
#endif
@ -232,7 +236,7 @@ static INLINE void ato16(const byte* c, word16* u16)
}
#ifdef CYASSL_DTLS
#if defined(CYASSL_DTLS) || defined(HAVE_SESSION_TICKET)
/* convert opaque to 32 bit integer */
static INLINE void ato32(const byte* c, word32* u32)
@ -4590,6 +4594,13 @@ static int DoHandShakeMsgType(CYASSL* ssl, byte* input, word32* inOutIdx,
CYASSL_MSG("processing server key exchange");
ret = DoServerKeyExchange(ssl, input, inOutIdx, size);
break;
#ifdef HAVE_SESSION_TICKET
case session_ticket:
CYASSL_MSG("processing session ticket");
ret = DoSessionTicket(ssl, input, inOutIdx, size);
break;
#endif /* HAVE_SESSION_TICKET */
#endif
#ifndef NO_CERTS
@ -7648,6 +7659,9 @@ const char* CyaSSL_ERR_reason_error_string(unsigned long e)
case SECURE_RENEGOTIATION_E:
return "Invalid Renegotiation Error";
case SESSION_TICKET_LEN_E:
return "Session Ticket Too Long Error";
default :
return "unknown error number";
}
@ -10375,6 +10389,49 @@ static void PickHashSigAlgo(CYASSL* ssl,
#endif /* NO_CERTS */
#ifdef HAVE_SESSION_TICKET
int DoSessionTicket(CYASSL* ssl,
const byte* input, word32* inOutIdx, word32 size)
{
word32 begin = *inOutIdx;
word32 lifetime;
word16 length;
if ((*inOutIdx - begin) + OPAQUE32_LEN > size)
return BUFFER_ERROR;
ato32(input + *inOutIdx, &lifetime);
*inOutIdx += OPAQUE32_LEN;
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
return BUFFER_ERROR;
ato16(input + *inOutIdx, &length);
*inOutIdx += OPAQUE16_LEN;
if (length > sizeof(ssl->session.ticket))
return SESSION_TICKET_LEN_E;
if ((*inOutIdx - begin) + length > size)
return BUFFER_ERROR;
if (length > 0) {
XMEMCPY(ssl->session.ticket, input + *inOutIdx, length);
*inOutIdx += length;
ssl->session.ticketLen = length;
ssl->session.ticketTimeout = lifetime;
ssl->session.ticketBornOn = LowResTimer();
}
else {
ssl->session.ticketLen = 0;
ssl->session.ticketTimeout = 0;
ssl->session.ticketBornOn = 0;
}
return BuildFinished(ssl, &ssl->verifyHashes, server);
}
#endif /* HAVE_SESSION_TICKET */
#endif /* NO_CYASSL_CLIENT */