static int test_PACKET_get_net_4()
{
unsigned long i;
PACKET pkt;
if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN))
|| !TEST_true(PACKET_get_net_4(&pkt, &i))
|| !TEST_ulong_eq(i, 0x02040608UL)
|| !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8))
|| !TEST_true(PACKET_get_net_4(&pkt, &i))
|| !TEST_ulong_eq(i, 0xf8fafcfeUL)
|| !TEST_false(PACKET_get_net_4(&pkt, &i)))
return 0;
return 1;
}
static int test_PACKET_get_net_4(PACKET *pkt, size_t start)
{
unsigned long i;
if ( !PACKET_goto_bookmark(pkt, start)
|| !PACKET_get_net_4(pkt, &i)
|| i != 0x02040608UL
|| !PACKET_forward(pkt, BUF_LEN - 8)
|| !PACKET_get_net_4(pkt, &i)
|| i != 0xf8fafcfeUL
|| PACKET_get_net_4(pkt, &i)) {
fprintf(stderr, "test_PACKET_get_net_4() failed\n");
return 0;
}
return 1;
}
static int test_PACKET_get_net_4(unsigned char buf[BUF_LEN])
{
unsigned long i;
PACKET pkt;
if ( !PACKET_buf_init(&pkt, buf, BUF_LEN)
|| !PACKET_get_net_4(&pkt, &i)
|| i != 0x02040608UL
|| !PACKET_forward(&pkt, BUF_LEN - 8)
|| !PACKET_get_net_4(&pkt, &i)
|| i != 0xf8fafcfeUL
|| PACKET_get_net_4(&pkt, &i)) {
fprintf(stderr, "test_PACKET_get_net_4() failed\n");
return 0;
}
return 1;
}
static int test_PACKET_get_sub_packet()
{
PACKET pkt, subpkt;
unsigned long i;
if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN))
|| !TEST_true(PACKET_get_sub_packet(&pkt, &subpkt, 4))
|| !TEST_true(PACKET_get_net_4(&subpkt, &i))
|| !TEST_ulong_eq(i, 0x02040608UL)
|| !TEST_size_t_eq(PACKET_remaining(&subpkt), 0)
|| !TEST_true(PACKET_forward(&pkt, BUF_LEN - 8))
|| !TEST_true(PACKET_get_sub_packet(&pkt, &subpkt, 4))
|| !TEST_true(PACKET_get_net_4(&subpkt, &i))
|| !TEST_ulong_eq(i, 0xf8fafcfeUL)
|| !TEST_size_t_eq(PACKET_remaining(&subpkt), 0)
|| !TEST_false(PACKET_get_sub_packet(&pkt, &subpkt, 4)))
return 0;
return 1;
}
static int test_PACKET_get_sub_packet(unsigned char buf[BUF_LEN])
{
PACKET pkt, subpkt;
unsigned long i;
if ( !PACKET_buf_init(&pkt, buf, BUF_LEN)
|| !PACKET_get_sub_packet(&pkt, &subpkt, 4)
|| !PACKET_get_net_4(&subpkt, &i)
|| i != 0x02040608UL
|| PACKET_remaining(&subpkt)
|| !PACKET_forward(&pkt, BUF_LEN - 8)
|| !PACKET_get_sub_packet(&pkt, &subpkt, 4)
|| !PACKET_get_net_4(&subpkt, &i)
|| i != 0xf8fafcfeUL
|| PACKET_remaining(&subpkt)
|| PACKET_get_sub_packet(&pkt, &subpkt, 4)) {
fprintf(stderr, "test_PACKET_get_sub_packet() failed\n");
return 0;
}
return 1;
}
static int test_PACKET_get_sub_packet(PACKET *pkt, size_t start)
{
PACKET subpkt;
unsigned long i;
if ( !PACKET_goto_bookmark(pkt, start)
|| !PACKET_get_sub_packet(pkt, &subpkt, 4)
|| !PACKET_get_net_4(&subpkt, &i)
|| i != 0x02040608UL
|| PACKET_remaining(&subpkt)
|| !PACKET_forward(pkt, BUF_LEN - 8)
|| !PACKET_get_sub_packet(pkt, &subpkt, 4)
|| !PACKET_get_net_4(&subpkt, &i)
|| i != 0xf8fafcfeUL
|| PACKET_remaining(&subpkt)
|| PACKET_get_sub_packet(pkt, &subpkt, 4)) {
fprintf(stderr, "test_PACKET_get_sub_packet() failed\n");
return 0;
}
return 1;
}
int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx, int *al)
{
PACKET identities, binders, binder;
size_t binderoffset, hashsize;
SSL_SESSION *sess = NULL;
unsigned int id, i, ext = 0;
const EVP_MD *md = NULL;
/*
* If we have no PSK kex mode that we recognise then we can't resume so
* ignore this extension
*/
if ((s->ext.psk_kex_mode
& (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0)
return 1;
if (!PACKET_get_length_prefixed_2(pkt, &identities)) {
*al = SSL_AD_DECODE_ERROR;
return 0;
}
for (id = 0; PACKET_remaining(&identities) != 0; id++) {
PACKET identity;
unsigned long ticket_agel;
if (!PACKET_get_length_prefixed_2(&identities, &identity)
|| !PACKET_get_net_4(&identities, &ticket_agel)) {
*al = SSL_AD_DECODE_ERROR;
return 0;
}
if (s->psk_find_session_cb != NULL
&& !s->psk_find_session_cb(s, PACKET_data(&identity),
PACKET_remaining(&identity),
&sess)) {
*al = SSL_AD_INTERNAL_ERROR;
return 0;
}
if (sess != NULL) {
/* We found a PSK */
SSL_SESSION *sesstmp = ssl_session_dup(sess, 0);
if (sesstmp == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
return 0;
}
SSL_SESSION_free(sess);
sess = sesstmp;
/*
* We've just been told to use this session for this context so
* make sure the sid_ctx matches up.
*/
memcpy(sess->sid_ctx, s->sid_ctx, s->sid_ctx_length);
sess->sid_ctx_length = s->sid_ctx_length;
ext = 1;
} else {
uint32_t ticket_age = 0, now, agesec, agems;
int ret = tls_decrypt_ticket(s, PACKET_data(&identity),
PACKET_remaining(&identity), NULL, 0,
&sess);
if (ret == TICKET_FATAL_ERR_MALLOC
|| ret == TICKET_FATAL_ERR_OTHER) {
*al = SSL_AD_INTERNAL_ERROR;
return 0;
}
if (ret == TICKET_NO_DECRYPT)
continue;
ticket_age = (uint32_t)ticket_agel;
now = (uint32_t)time(NULL);
agesec = now - (uint32_t)sess->time;
agems = agesec * (uint32_t)1000;
ticket_age -= sess->ext.tick_age_add;
/*
* For simplicity we do our age calculations in seconds. If the
* client does it in ms then it could appear that their ticket age
* is longer than ours (our ticket age calculation should always be
* slightly longer than the client's due to the network latency).
* Therefore we add 1000ms to our age calculation to adjust for
* rounding errors.
*/
if (sess->timeout >= (long)agesec
&& agems / (uint32_t)1000 == agesec
&& ticket_age <= agems + 1000
&& ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) {
/*
* Ticket age is within tolerance and not expired. We allow it
* for early data
*/
s->ext.early_data_ok = 1;
}
}
md = ssl_md(sess->cipher->algorithm2);
if (md != ssl_md(s->s3->tmp.new_cipher->algorithm2)) {
/* The ciphersuite is not compatible with this session. */
SSL_SESSION_free(sess);
sess = NULL;
continue;
}
break;
}
if (sess == NULL)
return 1;
binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data;
hashsize = EVP_MD_size(md);
if (!PACKET_get_length_prefixed_2(pkt, &binders)) {
*al = SSL_AD_DECODE_ERROR;
goto err;
}
for (i = 0; i <= id; i++) {
if (!PACKET_get_length_prefixed_1(&binders, &binder)) {
*al = SSL_AD_DECODE_ERROR;
goto err;
}
}
if (PACKET_remaining(&binder) != hashsize
|| tls_psk_do_binder(s, md,
(const unsigned char *)s->init_buf->data,
binderoffset, PACKET_data(&binder), NULL,
sess, 0, ext) != 1) {
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
goto err;
}
sess->ext.tick_identity = id;
SSL_SESSION_free(s->session);
s->session = sess;
return 1;
err:
SSL_SESSION_free(sess);
return 0;
}
int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
size_t chainidx, int *al)
{
PACKET identities, binders, binder;
size_t binderoffset, hashsize;
SSL_SESSION *sess = NULL;
unsigned int id, i;
const EVP_MD *md = NULL;
uint32_t ticket_age = 0, now, agesec, agems;
/*
* If we have no PSK kex mode that we recognise then we can't resume so
* ignore this extension
*/
if ((s->ext.psk_kex_mode
& (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0)
return 1;
if (!PACKET_get_length_prefixed_2(pkt, &identities)) {
*al = SSL_AD_DECODE_ERROR;
return 0;
}
for (id = 0; PACKET_remaining(&identities) != 0; id++) {
PACKET identity;
unsigned long ticket_agel;
int ret;
if (!PACKET_get_length_prefixed_2(&identities, &identity)
|| !PACKET_get_net_4(&identities, &ticket_agel)) {
*al = SSL_AD_DECODE_ERROR;
return 0;
}
ticket_age = (uint32_t)ticket_agel;
ret = tls_decrypt_ticket(s, PACKET_data(&identity),
PACKET_remaining(&identity), NULL, 0, &sess);
if (ret == TICKET_FATAL_ERR_MALLOC || ret == TICKET_FATAL_ERR_OTHER) {
*al = SSL_AD_INTERNAL_ERROR;
return 0;
}
if (ret == TICKET_NO_DECRYPT)
continue;
md = ssl_md(sess->cipher->algorithm2);
if (md == NULL) {
/*
* Don't recognise this cipher so we can't use the session.
* Ignore it
*/
SSL_SESSION_free(sess);
sess = NULL;
continue;
}
/*
* TODO(TLS1.3): Somehow we need to handle the case of a ticket renewal.
* Ignored for now
*/
break;
}
if (sess == NULL)
return 1;
binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data;
hashsize = EVP_MD_size(md);
if (!PACKET_get_length_prefixed_2(pkt, &binders)) {
*al = SSL_AD_DECODE_ERROR;
goto err;
}
for (i = 0; i <= id; i++) {
if (!PACKET_get_length_prefixed_1(&binders, &binder)) {
*al = SSL_AD_DECODE_ERROR;
goto err;
}
}
if (PACKET_remaining(&binder) != hashsize
|| tls_psk_do_binder(s, md,
(const unsigned char *)s->init_buf->data,
binderoffset, PACKET_data(&binder), NULL,
sess, 0) != 1) {
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
goto err;
}
sess->ext.tick_identity = id;
now = (uint32_t)time(NULL);
agesec = now - (uint32_t)sess->time;
agems = agesec * (uint32_t)1000;
ticket_age -= sess->ext.tick_age_add;
/*
* For simplicity we do our age calculations in seconds. If the client does
* it in ms then it could appear that their ticket age is longer than ours
* (our ticket age calculation should always be slightly longer than the
* client's due to the network latency). Therefore we add 1000ms to our age
* calculation to adjust for rounding errors.
*/
if (sess->timeout >= (long)agesec
&& agems / (uint32_t)1000 == agesec
&& ticket_age <= agems + 1000
&& ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) {
/*
* Ticket age is within tolerance and not expired. We allow it for early
* data
*/
s->ext.early_data_ok = 1;
}
SSL_SESSION_free(s->session);
s->session = sess;
return 1;
err:
SSL_SESSION_free(sess);
return 0;
}
