wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

updated session import/export for seq number

Browse Source
This commit is contained in:
John Safranek
2016-09-29 16:51:55 -07:00
parent 4522fa335e
commit 62d58a7084
2 changed files with 52 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
src/internal.c
View File

@@ -571,22 +571,27 @@ static int ExportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
c32toa(keys->sequence_number_hi, exp + idx); idx += OPAQUE32_LEN; c32toa(keys->sequence_number_hi, exp + idx); idx += OPAQUE32_LEN;
c32toa(keys->sequence_number_lo, exp + idx); idx += OPAQUE32_LEN; c32toa(keys->sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
c16toa(keys->nextEpoch, exp + idx); idx += OPAQUE16_LEN; c16toa(keys->nextEpoch, exp + idx); idx += OPAQUE16_LEN;
c32toa(keys->nextSeq, exp + idx); idx += OPAQUE32_LEN; c16toa(keys->nextSeq_hi, exp + idx); idx += OPAQUE16_LEN;
c16toa(keys->curEpoch, exp + idx); idx += OPAQUE16_LEN; c32toa(keys->nextSeq_lo, exp + idx); idx += OPAQUE32_LEN;
c32toa(keys->curSeq, exp + idx); idx += OPAQUE32_LEN; c16toa(keys->curEpoch, exp + idx); idx += OPAQUE16_LEN;
c32toa(keys->prevSeq, exp + idx); idx += OPAQUE32_LEN; c16toa(keys->curSeq_hi, exp + idx); idx += OPAQUE16_LEN;
c32toa(keys->curSeq_lo, exp + idx); idx += OPAQUE32_LEN;
c16toa(keys->prevSeq_hi, exp + idx); idx += OPAQUE16_LEN;
c32toa(keys->prevSeq_lo, exp + idx); idx += OPAQUE32_LEN;
c16toa(keys->dtls_peer_handshake_number, exp + idx); idx += OPAQUE16_LEN; c16toa(keys->dtls_peer_handshake_number, exp + idx); idx += OPAQUE16_LEN;
c16toa(keys->dtls_expected_peer_handshake_number, exp + idx); c16toa(keys->dtls_expected_peer_handshake_number, exp + idx);
idx += OPAQUE16_LEN; idx += OPAQUE16_LEN;
c32toa(keys->dtls_sequence_number, exp + idx); idx += OPAQUE32_LEN; c16toa(keys->dtls_sequence_number_hi, exp + idx); idx += OPAQUE16_LEN;
c32toa(keys->dtls_prev_sequence_number, exp + idx); idx += OPAQUE32_LEN; c32toa(keys->dtls_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
c16toa(keys->dtls_epoch, exp + idx); idx += OPAQUE16_LEN; c16toa(keys->dtls_prev_sequence_number_hi, exp + idx); idx += OPAQUE16_LEN;
c16toa(keys->dtls_handshake_number, exp + idx); idx += OPAQUE16_LEN; c32toa(keys->dtls_prev_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
c32toa(keys->encryptSz, exp + idx); idx += OPAQUE32_LEN; c16toa(keys->dtls_epoch, exp + idx); idx += OPAQUE16_LEN;
c32toa(keys->padSz, exp + idx); idx += OPAQUE32_LEN; c16toa(keys->dtls_handshake_number, exp + idx); idx += OPAQUE16_LEN;
c32toa(keys->encryptSz, exp + idx); idx += OPAQUE32_LEN;
c32toa(keys->padSz, exp + idx); idx += OPAQUE32_LEN;
exp[idx++] = keys->encryptionOn; exp[idx++] = keys->encryptionOn;
exp[idx++] = keys->decryptedCur; exp[idx++] = keys->decryptedCur;
@@ -697,22 +702,27 @@ static int ImportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
ato32(exp + idx, &keys->sequence_number_hi); idx += OPAQUE32_LEN; ato32(exp + idx, &keys->sequence_number_hi); idx += OPAQUE32_LEN;
ato32(exp + idx, &keys->sequence_number_lo); idx += OPAQUE32_LEN; ato32(exp + idx, &keys->sequence_number_lo); idx += OPAQUE32_LEN;
ato16(exp + idx, &keys->nextEpoch); idx += OPAQUE16_LEN; ato16(exp + idx, &keys->nextEpoch); idx += OPAQUE16_LEN;
ato32(exp + idx, &keys->nextSeq); idx += OPAQUE32_LEN; ato16(exp + idx, &keys->nextSeq_hi); idx += OPAQUE16_LEN;
ato16(exp + idx, &keys->curEpoch); idx += OPAQUE16_LEN; ato32(exp + idx, &keys->nextSeq_lo); idx += OPAQUE32_LEN;
ato32(exp + idx, &keys->curSeq); idx += OPAQUE32_LEN; ato16(exp + idx, &keys->curEpoch); idx += OPAQUE16_LEN;
ato32(exp + idx, &keys->prevSeq); idx += OPAQUE32_LEN; ato16(exp + idx, &keys->curSeq_hi); idx += OPAQUE16_LEN;
ato32(exp + idx, &keys->curSeq_lo); idx += OPAQUE32_LEN;
ato16(exp + idx, &keys->prevSeq_hi); idx += OPAQUE16_LEN;
ato32(exp + idx, &keys->prevSeq_lo); idx += OPAQUE32_LEN;
ato16(exp + idx, &keys->dtls_peer_handshake_number); idx += OPAQUE16_LEN; ato16(exp + idx, &keys->dtls_peer_handshake_number); idx += OPAQUE16_LEN;
ato16(exp + idx, &keys->dtls_expected_peer_handshake_number); ato16(exp + idx, &keys->dtls_expected_peer_handshake_number);
idx += OPAQUE16_LEN; idx += OPAQUE16_LEN;
ato32(exp + idx, &keys->dtls_sequence_number); idx += OPAQUE32_LEN; ato16(exp + idx, &keys->dtls_sequence_number_hi); idx += OPAQUE16_LEN;
ato32(exp + idx, &keys->dtls_prev_sequence_number); idx += OPAQUE32_LEN; ato32(exp + idx, &keys->dtls_sequence_number_lo); idx += OPAQUE32_LEN;
ato16(exp + idx, &keys->dtls_epoch); idx += OPAQUE16_LEN; ato16(exp + idx, &keys->dtls_prev_sequence_number_hi); idx += OPAQUE16_LEN;
ato16(exp + idx, &keys->dtls_handshake_number); idx += OPAQUE16_LEN; ato32(exp + idx, &keys->dtls_prev_sequence_number_lo); idx += OPAQUE32_LEN;
ato32(exp + idx, &keys->encryptSz); idx += OPAQUE32_LEN; ato16(exp + idx, &keys->dtls_epoch); idx += OPAQUE16_LEN;
ato32(exp + idx, &keys->padSz); idx += OPAQUE32_LEN; ato16(exp + idx, &keys->dtls_handshake_number); idx += OPAQUE16_LEN;
ato32(exp + idx, &keys->encryptSz); idx += OPAQUE32_LEN;
ato32(exp + idx, &keys->padSz); idx += OPAQUE32_LEN;
keys->encryptionOn = exp[idx++]; keys->encryptionOn = exp[idx++];
keys->decryptedCur = exp[idx++]; keys->decryptedCur = exp[idx++];
@@ -7776,7 +7786,7 @@ static INLINE int DtlsCheckWindow(WOLFSSL* ssl)
else { else {
return 0; return 0;
} }
/* XXX Handle rollover */
cur_hi = ssl->keys.curSeq_hi; cur_hi = ssl->keys.curSeq_hi;
cur_lo = ssl->keys.curSeq_lo; cur_lo = ssl->keys.curSeq_lo;
@@ -10315,8 +10325,10 @@ int SendCertificate(WOLFSSL* ssl)
return sendSz; return sendSz;
} }
else { else {
if (ssl->options.dtls) #ifdef WOLFSSL_DTLS
DtlsSEQIncrement(ssl, 0); if (ssl->options.dtls)
DtlsSEQIncrement(ssl, 0);
#endif
} }
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
@@ -10342,7 +10354,10 @@ int SendCertificate(WOLFSSL* ssl)
if (ret != WANT_WRITE) { if (ret != WANT_WRITE) {
/* Clean up the fragment offset. */ /* Clean up the fragment offset. */
ssl->fragOffset = 0; ssl->fragOffset = 0;
ssl->keys.dtls_handshake_number++; #ifdef WOLFSSL_DTLS
if (ssl->options.dtls)
ssl->keys.dtls_handshake_number++;
#endif
if (ssl->options.side == WOLFSSL_SERVER_END) if (ssl->options.side == WOLFSSL_SERVER_END)
ssl->options.serverState = SERVER_CERT_COMPLETE; ssl->options.serverState = SERVER_CERT_COMPLETE;
} }

22
wolfssl/internal.h
View File

@@ -1608,25 +1608,25 @@ typedef struct Keys {
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
DtlsSeq window; /* Sliding window for current epoch */ DtlsSeq window; /* Sliding window for current epoch */
word16 nextEpoch; /* Expected epoch in next record */ word16 nextEpoch; /* Expected epoch in next record */
word16 nextSeq_hi; /* Expected sequence in next record */ word16 nextSeq_hi; /* Expected sequence in next record */
word32 nextSeq_lo; word32 nextSeq_lo;
word16 curEpoch; /* Received epoch in current record */ word16 curEpoch; /* Received epoch in current record */
word16 curSeq_hi; /* Received sequence in current record */ word16 curSeq_hi; /* Received sequence in current record */
word32 curSeq_lo; word32 curSeq_lo;
DtlsSeq prevWindow; /* Sliding window for old epoch */ DtlsSeq prevWindow; /* Sliding window for old epoch */
word16 prevSeq_hi; /* Next sequence in allowed old epoch */ word16 prevSeq_hi; /* Next sequence in allowed old epoch */
word32 prevSeq_lo; word32 prevSeq_lo;
word16 dtls_peer_handshake_number; word16 dtls_peer_handshake_number;
word16 dtls_expected_peer_handshake_number; word16 dtls_expected_peer_handshake_number;
word16 dtls_epoch; /* Current epoch */ word16 dtls_epoch; /* Current epoch */
word32 dtls_sequence_number_hi; /* Current epoch */ word16 dtls_sequence_number_hi; /* Current epoch */
word32 dtls_sequence_number_lo; word32 dtls_sequence_number_lo;
word32 dtls_prev_sequence_number_hi; /* Previous epoch */ word16 dtls_prev_sequence_number_hi; /* Previous epoch */
word32 dtls_prev_sequence_number_lo; word32 dtls_prev_sequence_number_lo;
word16 dtls_handshake_number; /* Current tx handshake seq */ word16 dtls_handshake_number; /* Current tx handshake seq */
#endif #endif