updated session import/export for seq number

2025-08-02 04:04:39 +02:00 · 2016-09-29 16:51:55 -07:00
parent 4522fa335e
commit 62d58a7084
2 changed files with 52 additions and 37 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -572,17 +572,22 @@ static int ExportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
    c32toa(keys->sequence_number_lo, exp + idx);      idx += OPAQUE32_LEN;

    c16toa(keys->nextEpoch, exp + idx);  idx += OPAQUE16_LEN;
-    c32toa(keys->nextSeq, exp + idx);   idx += OPAQUE32_LEN;
+    c16toa(keys->nextSeq_hi, exp + idx); idx += OPAQUE16_LEN;
+    c32toa(keys->nextSeq_lo, exp + idx); idx += OPAQUE32_LEN;
    c16toa(keys->curEpoch, exp + idx);   idx += OPAQUE16_LEN;
-    c32toa(keys->curSeq, exp + idx);    idx += OPAQUE32_LEN;
-    c32toa(keys->prevSeq, exp + idx);   idx += OPAQUE32_LEN;
+    c16toa(keys->curSeq_hi, exp + idx);  idx += OPAQUE16_LEN;
+    c32toa(keys->curSeq_lo, exp + idx);  idx += OPAQUE32_LEN;
+    c16toa(keys->prevSeq_hi, exp + idx); idx += OPAQUE16_LEN;
+    c32toa(keys->prevSeq_lo, exp + idx); idx += OPAQUE32_LEN;

    c16toa(keys->dtls_peer_handshake_number, exp + idx); idx += OPAQUE16_LEN;
    c16toa(keys->dtls_expected_peer_handshake_number, exp + idx);
    idx += OPAQUE16_LEN;

-    c32toa(keys->dtls_sequence_number, exp + idx);      idx += OPAQUE32_LEN;
-    c32toa(keys->dtls_prev_sequence_number, exp + idx); idx += OPAQUE32_LEN;
+    c16toa(keys->dtls_sequence_number_hi, exp + idx);      idx += OPAQUE16_LEN;
+    c32toa(keys->dtls_sequence_number_lo, exp + idx);      idx += OPAQUE32_LEN;
+    c16toa(keys->dtls_prev_sequence_number_hi, exp + idx); idx += OPAQUE16_LEN;
+    c32toa(keys->dtls_prev_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
    c16toa(keys->dtls_epoch, exp + idx);                   idx += OPAQUE16_LEN;
    c16toa(keys->dtls_handshake_number, exp + idx);        idx += OPAQUE16_LEN;
    c32toa(keys->encryptSz, exp + idx);                    idx += OPAQUE32_LEN;
@@ -698,17 +703,22 @@ static int ImportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
    ato32(exp + idx, &keys->sequence_number_lo);      idx += OPAQUE32_LEN;

    ato16(exp + idx, &keys->nextEpoch);  idx += OPAQUE16_LEN;
-    ato32(exp + idx, &keys->nextSeq);   idx += OPAQUE32_LEN;
+    ato16(exp + idx, &keys->nextSeq_hi); idx += OPAQUE16_LEN;
+    ato32(exp + idx, &keys->nextSeq_lo); idx += OPAQUE32_LEN;
    ato16(exp + idx, &keys->curEpoch);   idx += OPAQUE16_LEN;
-    ato32(exp + idx, &keys->curSeq);    idx += OPAQUE32_LEN;
-    ato32(exp + idx, &keys->prevSeq);   idx += OPAQUE32_LEN;
+    ato16(exp + idx, &keys->curSeq_hi);  idx += OPAQUE16_LEN;
+    ato32(exp + idx, &keys->curSeq_lo);  idx += OPAQUE32_LEN;
+    ato16(exp + idx, &keys->prevSeq_hi); idx += OPAQUE16_LEN;
+    ato32(exp + idx, &keys->prevSeq_lo); idx += OPAQUE32_LEN;

    ato16(exp + idx, &keys->dtls_peer_handshake_number); idx += OPAQUE16_LEN;
    ato16(exp + idx, &keys->dtls_expected_peer_handshake_number);
    idx += OPAQUE16_LEN;

-    ato32(exp + idx, &keys->dtls_sequence_number);      idx += OPAQUE32_LEN;
-    ato32(exp + idx, &keys->dtls_prev_sequence_number); idx += OPAQUE32_LEN;
+    ato16(exp + idx, &keys->dtls_sequence_number_hi);      idx += OPAQUE16_LEN;
+    ato32(exp + idx, &keys->dtls_sequence_number_lo);      idx += OPAQUE32_LEN;
+    ato16(exp + idx, &keys->dtls_prev_sequence_number_hi); idx += OPAQUE16_LEN;
+    ato32(exp + idx, &keys->dtls_prev_sequence_number_lo); idx += OPAQUE32_LEN;
    ato16(exp + idx, &keys->dtls_epoch);                   idx += OPAQUE16_LEN;
    ato16(exp + idx, &keys->dtls_handshake_number);        idx += OPAQUE16_LEN;
    ato32(exp + idx, &keys->encryptSz);                    idx += OPAQUE32_LEN;
@@ -7776,7 +7786,7 @@ static INLINE int DtlsCheckWindow(WOLFSSL* ssl)
    else {
        return 0;
    }
-/* XXX Handle rollover */
+
    cur_hi = ssl->keys.curSeq_hi;
    cur_lo = ssl->keys.curSeq_lo;

@@ -10315,8 +10325,10 @@ int SendCertificate(WOLFSSL* ssl)
                return sendSz;
        }
        else {
+            #ifdef WOLFSSL_DTLS
                if (ssl->options.dtls)
                    DtlsSEQIncrement(ssl, 0);
+            #endif
        }

        #ifdef WOLFSSL_DTLS
@@ -10342,7 +10354,10 @@ int SendCertificate(WOLFSSL* ssl)
    if (ret != WANT_WRITE) {
        /* Clean up the fragment offset. */
        ssl->fragOffset = 0;
+        #ifdef WOLFSSL_DTLS
+            if (ssl->options.dtls)
                ssl->keys.dtls_handshake_number++;
+        #endif
        if (ssl->options.side == WOLFSSL_SERVER_END)
            ssl->options.serverState = SERVER_CERT_COMPLETE;
    }
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1624,9 +1624,9 @@ typedef struct Keys {
    word16 dtls_expected_peer_handshake_number;

    word16 dtls_epoch;                          /* Current epoch    */
-    word32 dtls_sequence_number_hi;             /* Current epoch */
+    word16 dtls_sequence_number_hi;             /* Current epoch */
    word32 dtls_sequence_number_lo;
-    word32 dtls_prev_sequence_number_hi;        /* Previous epoch */
+    word16 dtls_prev_sequence_number_hi;        /* Previous epoch */
    word32 dtls_prev_sequence_number_lo;
    word16 dtls_handshake_number;               /* Current tx handshake seq */
 #endif