[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-300-g5637bae
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-300-g5637bae |
|
Date: |
Sun, 13 Mar 2011 18:07:28 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5637bae9e09412badbdb54f0e50cabe84e8eb659
The branch, master has been updated
via 5637bae9e09412badbdb54f0e50cabe84e8eb659 (commit)
from 5d1476cc273409164d0c850b907f28a74e26f563 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5637bae9e09412badbdb54f0e50cabe84e8eb659
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Mar 13 19:07:24 2011 +0100
updated cookie negotiation to use only a prestate structure and avoids
setting data to cookie.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_dtls.c | 69 ++++++++++++++++----------------------------
lib/includes/gnutls/dtls.h | 13 ++++----
lib/libgnutls.map | 2 +-
src/udp-serv.c | 10 +++---
4 files changed, 38 insertions(+), 56 deletions(-)
diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c
index 708e262..6ecf414 100644
--- a/lib/gnutls_dtls.c
+++ b/lib/gnutls_dtls.c
@@ -380,11 +380,11 @@ int ret;
return session->internals.dtls.mtu - RECORD_HEADER_SIZE(session);
}
-#define COOKIE_SIZE 19
+#define COOKIE_SIZE 16
#define COOKIE_MAC_SIZE 16
-/* record seq || hsk read seq || hsk write seq || MAC
- * 1 byte 1 byte 1 byte 16 bytes
+/* MAC
+ * 16 bytes
*
* total 19 bytes
*/
@@ -412,10 +412,9 @@ int ret;
*
**/
int gnutls_dtls_cookie_send(gnutls_datum_t* key, void* client_data, size_t
client_data_size,
- gnutls_cookie_st* cookie,
+ gnutls_dtls_prestate_st* prestate,
gnutls_transport_ptr_t ptr, gnutls_push_func push_func)
{
-
opaque hvr[20+DTLS_HANDSHAKE_HEADER_SIZE+COOKIE_SIZE];
int hvr_size = 0, ret;
uint8_t digest[C_HASH_SIZE];
@@ -455,7 +454,8 @@ uint8_t digest[C_HASH_SIZE];
/* epoch + seq */
memset(&hvr[hvr_size], 0, 8);
- hvr_size += 8;
+ hvr_size += 7;
+ hvr[hvr_size++] = prestate->record_seq;
/* length */
_gnutls_write_uint16(DTLS_HANDSHAKE_HEADER_SIZE+COOKIE_SIZE+3,
&hvr[hvr_size]);
@@ -467,8 +467,8 @@ uint8_t digest[C_HASH_SIZE];
hvr_size += 3;
/* handshake seq */
- memset(&hvr[hvr_size], 0, 2);
- hvr_size += 2;
+ hvr[hvr_size++] = 0;
+ hvr[hvr_size++] = prestate->hsk_write_seq;
_gnutls_write_uint24(0, &hvr[hvr_size]);
hvr_size += 3;
@@ -485,19 +485,6 @@ uint8_t digest[C_HASH_SIZE];
if (ret < 0)
return gnutls_assert_val(ret);
- if (cookie && cookie->cookie_size > 3)
- {
- hvr[hvr_size++] = cookie->cookie[0]+1/* record */;
- hvr[hvr_size++] = cookie->cookie[1]+1/* hsk read seq*/;
- hvr[hvr_size++] = cookie->cookie[2]+1/* hsk write seq */;
- }
- else
- {
- hvr[hvr_size++] = 1;
- hvr[hvr_size++] = 1;
- hvr[hvr_size++] = 1;
- }
-
memcpy(&hvr[hvr_size], digest, COOKIE_MAC_SIZE);
hvr_size+= COOKIE_MAC_SIZE;
@@ -520,14 +507,14 @@ uint8_t digest[C_HASH_SIZE];
* This function will verify an incoming message for
* a valid cookie. If a valid cookie is returned then
* it should be associated with the session using
- * gnutls_dtls_cookie_set();
+ * gnutls_dtls_prestate_set();
*
* Returns: zero on success, or a negative error code.
*
**/
int gnutls_dtls_cookie_verify(gnutls_datum_t* key,
void* client_data, size_t client_data_size,
- void* _msg, size_t msg_size, gnutls_cookie_st* out)
+ void* _msg, size_t msg_size, gnutls_dtls_prestate_st* out)
{
gnutls_datum_t cookie;
int sid_size;
@@ -572,32 +559,34 @@ uint8_t digest[C_HASH_SIZE];
if (ret < 0)
return gnutls_assert_val(ret);
- if (memcmp(digest, &cookie.data[3], COOKIE_MAC_SIZE) != 0)
+ if (memcmp(digest, cookie.data, COOKIE_MAC_SIZE) != 0)
return gnutls_assert_val(GNUTLS_E_BAD_COOKIE);
- memcpy(out->cookie, cookie.data, cookie.size);
- out->cookie_size = cookie.size;
-
+ out->record_seq = msg[10]; /* client's record seq */
+ out->hsk_read_seq = msg[DTLS_RECORD_HEADER_SIZE+5];/* client's hsk seq */
+ out->hsk_write_seq = out->hsk_read_seq;/* client's hsk seq */
+
return 0;
}
/**
- * gnutls_dtls_cookie_set:
+ * gnutls_dtls_prestate_set:
* @session: a new session
- * @cookie: contains the client's cookie
+ * @prestate: contains the client's prestate
*
- * This function will associate the received cookie by
- * the client, with the newly established session.
+ * This function will associate the prestate acquired by
+ * the cookie authentication with the client, with the newly
+ * established session.
*
* Returns: zero on success, or a negative error code.
*
**/
-void gnutls_dtls_cookie_set(gnutls_session_t session, gnutls_cookie_st* st)
+void gnutls_dtls_prestate_set(gnutls_session_t session,
gnutls_dtls_prestate_st* st)
{
record_parameters_st *params;
int ret;
- if (st == NULL || st->cookie_size == 0)
+ if (st == NULL)
return;
/* we do not care about read_params, since we accept anything
@@ -607,16 +596,8 @@ void gnutls_dtls_cookie_set(gnutls_session_t session,
gnutls_cookie_st* st)
if (ret < 0)
return;
- if (st->cookie_size < 3)
- return;
-
- params->write.sequence_number.i[7] = st->cookie[0];
-
- session->internals.dtls.hsk_read_seq = st->cookie[1];
- session->internals.dtls.hsk_write_seq = st->cookie[2];
-
-fprintf(stderr, "record send seq: %d\n", (int)st->cookie[0]);
-fprintf(stderr, "hsk read seq: %d\n", (int)st->cookie[1]);
-fprintf(stderr, "hsk write seq: %d\n", (int)st->cookie[2]);
+ params->write.sequence_number.i[7] = st->record_seq;
+ session->internals.dtls.hsk_read_seq = st->hsk_read_seq;
+ session->internals.dtls.hsk_write_seq = st->hsk_write_seq;
}
diff --git a/lib/includes/gnutls/dtls.h b/lib/includes/gnutls/dtls.h
index 9f5dde9..89d0388 100644
--- a/lib/includes/gnutls/dtls.h
+++ b/lib/includes/gnutls/dtls.h
@@ -45,20 +45,21 @@ unsigned int gnutls_dtls_get_mtu (gnutls_session_t session);
void gnutls_dtls_set_mtu (gnutls_session_t session, unsigned int mtu);
typedef struct {
- unsigned char cookie[255];
- size_t cookie_size;
-} gnutls_cookie_st;
+ unsigned int record_seq;
+ unsigned int hsk_read_seq;
+ unsigned int hsk_write_seq;
+} gnutls_dtls_prestate_st;
int gnutls_dtls_cookie_send(gnutls_datum_t* key, void* client_data, size_t
client_data_size,
- gnutls_cookie_st* cookie,
+ gnutls_dtls_prestate_st* state,
gnutls_transport_ptr_t ptr, gnutls_push_func push_func);
int gnutls_dtls_cookie_verify(gnutls_datum_t* key,
void* client_data, size_t client_data_size,
- void* _msg, size_t msg_size, gnutls_cookie_st* cookie);
+ void* _msg, size_t msg_size, gnutls_dtls_prestate_st* state);
-void gnutls_dtls_cookie_set(gnutls_session_t session, gnutls_cookie_st* st);
+void gnutls_dtls_prestate_set(gnutls_session_t session,
gnutls_dtls_prestate_st* st);
#ifdef __cplusplus
}
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index aa76fde..021f8db 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -699,7 +699,7 @@ GNUTLS_3_0_0 {
gnutls_key_generate;
gnutls_dtls_cookie_verify;
gnutls_dtls_cookie_send;
- gnutls_dtls_cookie_set;
+ gnutls_dtls_prestate_set;
} GNUTLS_2_12;
GNUTLS_PRIVATE {
diff --git a/src/udp-serv.c b/src/udp-serv.c
index 9202565..75cd7e9 100644
--- a/src/udp-serv.c
+++ b/src/udp-serv.c
@@ -30,7 +30,7 @@ int udp_server(const char* name, int port, int mtu)
priv_data_st priv;
gnutls_session_t session;
gnutls_datum_t cookie_key;
- gnutls_cookie_st cookie;
+ gnutls_dtls_prestate_st prestate;
unsigned char sequence[8];
ret = gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE);
@@ -58,8 +58,8 @@ int udp_server(const char* name, int port, int mtu)
ret = recvfrom(sock, buffer, sizeof(buffer), MSG_PEEK, (struct
sockaddr*)&cli_addr, &cli_addr_size);
if (ret > 0)
{
- memset(&cookie, 0, sizeof(cookie));
- ret = gnutls_dtls_cookie_verify(&cookie_key, &cli_addr,
sizeof(cli_addr), buffer, ret, &cookie);
+ memset(&prestate, 0, sizeof(prestate));
+ ret = gnutls_dtls_cookie_verify(&cookie_key, &cli_addr,
sizeof(cli_addr), buffer, ret, &prestate);
if (ret < 0) /* cookie not valid */
{
priv_data_st s;
@@ -71,7 +71,7 @@ int udp_server(const char* name, int port, int mtu)
printf("Sending hello verify request to %s\n", human_addr
((struct sockaddr *)
&cli_addr, sizeof(cli_addr), buffer, sizeof(buffer)));
- gnutls_dtls_cookie_send(&cookie_key, &cli_addr,
sizeof(cli_addr), &cookie, (gnutls_transport_ptr_t)&s, push_func);
+ gnutls_dtls_cookie_send(&cookie_key, &cli_addr,
sizeof(cli_addr), &prestate, (gnutls_transport_ptr_t)&s, push_func);
/* discard peeked data*/
recvfrom(sock, buffer, sizeof(buffer), 0, (struct
sockaddr*)&cli_addr, &cli_addr_size);
@@ -87,7 +87,7 @@ int udp_server(const char* name, int port, int mtu)
continue;
session = initialize_session(1);
- gnutls_dtls_cookie_set(session, &cookie);
+ gnutls_dtls_prestate_set(session, &prestate);
if (mtu) gnutls_dtls_set_mtu(session, mtu);
priv.session = session;
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-300-g5637bae,
Nikos Mavrogiannopoulos <=