static int
_gnutls_init_record_state (record_parameters_st * params, gnutls_protocol_t ver, int d,
record_state_st * state)
{
int ret;
gnutls_datum_t * iv = NULL;
if (!_gnutls_version_has_explicit_iv(ver))
{
iv = &state->IV;
}
ret = _gnutls_auth_cipher_init (&state->cipher_state,
params->cipher_algorithm, &state->key, iv,
params->mac_algorithm, &state->mac_secret, (ver==GNUTLS_SSL3)?1:0);
if (ret < 0 && params->cipher_algorithm != GNUTLS_CIPHER_NULL)
return gnutls_assert_val (ret);
state->compression_state =
_gnutls_comp_init (params->compression_algorithm, d);
if (state->compression_state == GNUTLS_COMP_FAILED)
return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
return 0;
}
static int
_gnutls_init_record_state (record_parameters_st * params, gnutls_protocol_t ver, int read,
record_state_st * state)
{
int ret;
gnutls_datum_t * iv = NULL;
if (!_gnutls_version_has_explicit_iv(ver))
{
iv = &state->IV;
}
ret = _gnutls_auth_cipher_init (&state->cipher_state,
params->cipher_algorithm, &state->key, iv,
params->mac_algorithm, &state->mac_secret, (ver==GNUTLS_SSL3)?1:0, 1-read/*1==encrypt*/);
if (ret < 0 && params->cipher_algorithm != GNUTLS_CIPHER_NULL)
return gnutls_assert_val (ret);
ret =
_gnutls_comp_init (&state->compression_state, params->compression_algorithm, read/*1==decompress*/);
if (ret < 0)
return gnutls_assert_val (ret);
return 0;
}
static int
_gnutls_init_record_state(record_parameters_st * params,
const version_entry_st * ver, int read,
record_state_st * state)
{
int ret;
gnutls_datum_t *iv = NULL;
if (!_gnutls_version_has_explicit_iv(ver)) {
if (_gnutls_cipher_type(params->cipher) == CIPHER_BLOCK)
iv = &state->IV;
}
ret = _gnutls_auth_cipher_init(&state->cipher_state,
params->cipher, &state->key, iv,
params->mac, &state->mac_secret,
params->etm,
(ver->id == GNUTLS_SSL3) ? 1 : 0,
1 - read /*1==encrypt */ );
if (ret < 0 && params->cipher->id != GNUTLS_CIPHER_NULL)
return gnutls_assert_val(ret);
ret =
_gnutls_comp_init(&state->compression_state,
params->compression_algorithm,
read /*1==decompress */ );
if (ret < 0)
return gnutls_assert_val(ret);
return 0;
}
/* Initializes the write connection session
* (write encrypted data)
*/
int
_gnutls_write_connection_state_init (gnutls_session_t session)
{
int mac_size;
int rc;
_gnutls_uint64zero (session->connection_state.write_sequence_number);
/* Update internals from CipherSuite selected.
* If we are resuming just copy the connection session
*/
if (session->internals.resumed == RESUME_FALSE)
{
rc = _gnutls_set_write_cipher (session,
_gnutls_cipher_suite_get_cipher_algo
(&session->security_parameters.
current_cipher_suite));
if (rc < 0)
return rc;
rc = _gnutls_set_write_mac (session,
_gnutls_cipher_suite_get_mac_algo
(&session->security_parameters.
current_cipher_suite));
if (rc < 0)
return rc;
rc = _gnutls_set_kx (session,
_gnutls_cipher_suite_get_kx_algo
(&session->security_parameters.
current_cipher_suite));
if (rc < 0)
return rc;
rc = _gnutls_set_write_compression (session,
session->internals.
compression_method);
if (rc < 0)
return rc;
}
else
{ /* RESUME_TRUE */
_gnutls_cpy_write_security_parameters (&session->
security_parameters,
&session->
internals.
resumed_security_parameters);
}
rc = _gnutls_set_write_keys (session);
if (rc < 0)
return rc;
_gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", session,
_gnutls_cipher_suite_get_name (&session->
security_parameters.
current_cipher_suite));
if (_gnutls_compression_is_ok
(session->security_parameters.write_compression_algorithm) != 0)
{
gnutls_assert ();
return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
}
if (_gnutls_mac_is_ok
(session->security_parameters.write_mac_algorithm) != 0)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
/* Free all the previous keys/ sessions etc.
*/
if (session->connection_state.write_mac_secret.data != NULL)
_gnutls_free_datum (&session->connection_state.write_mac_secret);
if (session->connection_state.write_cipher_state != NULL)
_gnutls_cipher_deinit (session->connection_state.write_cipher_state);
if (session->connection_state.write_compression_state != NULL)
_gnutls_comp_deinit (session->connection_state.
write_compression_state, 0);
mac_size =
_gnutls_hash_get_algo_len (session->security_parameters.
write_mac_algorithm);
_gnutls_handshake_log
("HSK[%x]: Initializing internal [write] cipher sessions\n", session);
switch (session->security_parameters.entity)
{
case GNUTLS_SERVER:
/* initialize cipher session
*/
session->connection_state.write_cipher_state =
_gnutls_cipher_init (session->security_parameters.
write_bulk_cipher_algorithm,
&session->cipher_specs.
server_write_key,
&session->cipher_specs.server_write_IV);
if (session->connection_state.write_cipher_state ==
GNUTLS_CIPHER_FAILED
&& session->security_parameters.
write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
/* copy mac secrets from cipherspecs, to connection
* session.
*/
if (mac_size > 0)
{
if (_gnutls_sset_datum (&session->connection_state.
write_mac_secret,
session->cipher_specs.
server_write_mac_secret.data,
session->cipher_specs.
server_write_mac_secret.size) < 0)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
}
break;
case GNUTLS_CLIENT:
session->connection_state.write_cipher_state =
_gnutls_cipher_init (session->security_parameters.
write_bulk_cipher_algorithm,
&session->cipher_specs.
client_write_key,
&session->cipher_specs.client_write_IV);
if (session->connection_state.write_cipher_state ==
GNUTLS_CIPHER_FAILED
&& session->security_parameters.
write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
/* copy mac secret to connection session
*/
if (mac_size > 0)
{
if (_gnutls_sset_datum (&session->connection_state.
write_mac_secret,
session->cipher_specs.
client_write_mac_secret.data,
session->cipher_specs.
client_write_mac_secret.size) < 0)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
}
break;
default:
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
session->connection_state.write_compression_state =
_gnutls_comp_init (session->security_parameters.
write_compression_algorithm, 0);
if (session->connection_state.write_compression_state == GNUTLS_COMP_FAILED)
{
gnutls_assert ();
return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
}
return 0;
}
