示例#1
0
/**
 * gnutls_session_key_update:
 * @session: is a #gnutls_session_t type.
 * @flags: zero of %GNUTLS_KU_PEER
 *
 * This function will update/refresh the session keys when the
 * TLS protocol is 1.3 or better. The peer is notified of the
 * update by sending a message, so this function should be
 * treated similarly to gnutls_record_send() --i.e., it may
 * return %GNUTLS_E_AGAIN or %GNUTLS_E_INTERRUPTED.
 *
 * When this flag %GNUTLS_KU_PEER is specified, this function
 * in addition to updating the local keys, will ask the peer to
 * refresh its keys too.
 *
 * If the negotiated version is not TLS 1.3 or better this
 * function will return %GNUTLS_E_INVALID_REQUEST.
 *
 * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
 *
 * Since: 3.6.3
 **/
int gnutls_session_key_update(gnutls_session_t session, unsigned flags)
{
	int ret;
	const version_entry_st *vers = get_version(session);

	if (!vers->tls13_sem)
		return GNUTLS_E_INVALID_REQUEST;

	ret =
	    _gnutls13_send_key_update(session, AGAIN(STATE150), flags);
	STATE = STATE150;

	if (ret < 0) {
		gnutls_assert();
		return ret;
	}
	STATE = STATE0;

	_gnutls_epoch_gc(session);

	/* it was completely sent, update the keys */
	ret = update_keys(session, STAGE_UPD_OURS);
	if (ret < 0)
		return gnutls_assert_val(ret);

	return 0;
}
示例#2
0
void
_gnutls_handshake_internal_state_clear (gnutls_session_t session)
{
  _gnutls_handshake_internal_state_init (session);

  deinit_internal_params (session);
  
  _gnutls_epoch_gc(session);
}
示例#3
0
void _gnutls_handshake_internal_state_clear(gnutls_session_t session)
{
	_gnutls_handshake_internal_state_init(session);

	deinit_internal_params(session);

	_gnutls_epoch_gc(session);

	session->internals.handshake_endtime = 0;
	session->internals.handshake_in_progress = 0;
}
示例#4
0
void
_dtls_async_timer_delete (gnutls_session_t session)
{
  if (session->internals.dtls.async_term != 0)
    {
      _gnutls_dtls_log ("DTLS[%p]: Deinitializing previous handshake state.\n", session);
      session->internals.dtls.async_term = 0; /* turn off "timer" */

      _dtls_reset_hsk_state(session);
      _gnutls_handshake_io_buffer_clear (session);
      _gnutls_epoch_gc(session);
    }
}
示例#5
0
文件: state.c 项目: GostCrypt/GnuTLS 
void _gnutls_handshake_internal_state_clear(gnutls_session_t session)
{
	_gnutls_handshake_internal_state_init(session);

	deinit_internal_params(session);
	deinit_keys(session);

	_gnutls_epoch_gc(session);

	session->internals.handshake_endtime = 0;
	session->internals.handshake_in_progress = 0;

	session->internals.tfo.connect_addrlen = 0;
	session->internals.tfo.connect_only = 0;
}
示例#6
0
int _gnutls13_recv_key_update(gnutls_session_t session, gnutls_buffer_st *buf)
{
	int ret;
	time_t now = gnutls_time(0);

	if (buf->length != 1)
		return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);

	if (unlikely(now - session->internals.last_key_update < KEY_UPDATES_PER_SEC)) {
		_gnutls_debug_log("reached maximum number of key updates per second (%d)\n",
				  KEY_UPDATES_PER_SEC);
		return gnutls_assert_val(GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS);
	}

	session->internals.last_key_update = now;

	_gnutls_epoch_gc(session);

	_gnutls_handshake_log("HSK[%p]: received TLS 1.3 key update (%u)\n",
			      session, (unsigned)buf->data[0]);

	switch(buf->data[0]) {
	case 0:
		/* peer updated its key, not requested our key update */
		ret = update_keys(session, STAGE_UPD_PEERS);
		if (ret < 0)
			return gnutls_assert_val(ret);

		break;
	case 1:
		if (session->internals.hsk_flags & HSK_KEY_UPDATE_ASKED) {
			/* if we had asked a key update we shouldn't get this
			 * reply */
			return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
		}

		/* peer updated its key, requested our key update */
		ret = update_keys(session, STAGE_UPD_PEERS);
		if (ret < 0)
			return gnutls_assert_val(ret);

		/* we mark that a key update is schedule, and it
		 * will be performed prior to sending the next application
		 * message.
		 */
		if (session->internals.rsend_state == RECORD_SEND_NORMAL)
			session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_1;
		else if (session->internals.rsend_state == RECORD_SEND_CORKED)
			session->internals.rsend_state = RECORD_SEND_CORKED_TO_KU;
		else
			return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);

		break;
	default:
		return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
	}

	session->internals.hsk_flags &= ~(unsigned)(HSK_KEY_UPDATE_ASKED);

	return 0;
}