diff options
| author | lloyd <[email protected]> | 2011-12-27 20:21:14 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2011-12-27 20:21:14 +0000 |
| commit | fbe23e197b5c80b162234aa1cf5723037b22bdc2 (patch) | |
| tree | 8c40c158161c420282ac44840ccee73ab62c6554 /src | |
| parent | 8c2ab53dfd502d7019468bf24ad8e223531df8b4 (diff) | |
Force resumed session to use previous ciphersuite, etc
Diffstat (limited to 'src')
| -rw-r--r-- | src/tls/hello.cpp | 26 | ||||
| -rw-r--r-- | src/tls/tls_messages.h | 8 | ||||
| -rw-r--r-- | src/tls/tls_server.cpp | 52 | ||||
| -rw-r--r-- | src/utils/stl_util.h | 13 |
4 files changed, 73 insertions, 26 deletions
diff --git a/src/tls/hello.cpp b/src/tls/hello.cpp index a3a15f26f..28361b30b 100644 --- a/src/tls/hello.cpp +++ b/src/tls/hello.cpp @@ -227,7 +227,10 @@ Server_Hello::Server_Hello(RandomNumberGenerator& rng, const Client_Hello& c_hello, const MemoryRegion<byte>& session_id, Version_Code ver, - HandshakeHash& hash) + HandshakeHash& hash) : + s_version(ver), + sess_id(session_id), + s_random(rng.random_vec(32)) { bool have_rsa = false, have_dsa = false; @@ -249,10 +252,25 @@ Server_Hello::Server_Hello(RandomNumberGenerator& rng, comp_algo = policy.choose_compression(c_hello.compression_algos()); - s_version = ver; - s_random = rng.random_vec(32); - sess_id = session_id; + send(writer, hash); + } +/* +* Create a new Server Hello message +*/ +Server_Hello::Server_Hello(RandomNumberGenerator& rng, + Record_Writer& writer, + const MemoryRegion<byte>& session_id, + u16bit ciphersuite, + byte compression, + Version_Code ver, + HandshakeHash& hash) : + s_version(ver), + sess_id(session_id), + s_random(rng.random_vec(32)), + suite(ciphersuite), + comp_algo(compression) + { send(writer, hash); } diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index 201f9903e..480864f55 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -258,6 +258,14 @@ class Server_Hello : public HandshakeMessage Version_Code version, HandshakeHash& hash); + Server_Hello(RandomNumberGenerator& rng, + Record_Writer& writer, + const MemoryRegion<byte>& session_id, + u16bit ciphersuite, + byte compression, + Version_Code ver, + HandshakeHash& hash); + Server_Hello(const MemoryRegion<byte>& buf) { deserialize(buf); } private: MemoryVector<byte> serialize() const; diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 67db0f593..ac16aa42e 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -7,12 +7,10 @@ #include <botan/tls_server.h> #include <botan/internal/tls_state.h> +#include <botan/internal/stl_util.h> #include <botan/rsa.h> #include <botan/dh.h> -#include <stdio.h> -#include <fstream> - namespace Botan { namespace { @@ -31,6 +29,32 @@ Version_Code choose_version(Version_Code client, Version_Code minimum) return TLS_V11; } +bool check_for_resume(TLS_Session_Params& session_info, + TLS_Session_Manager& session_manager, + Client_Hello* client_hello) + { + MemoryVector<byte> client_session_id = client_hello->session_id(); + + if(client_session_id.empty()) + return false; + + if(!session_manager.find(client_session_id, session_info, SERVER)) + return false; + + if(client_hello->version() != session_info.version) + return false; + + if(!value_exists(client_hello->ciphersuites(), + session_info.ciphersuite)) + return false; + + if(!value_exists(client_hello->compression_algos(), + session_info.compression_method)) + return false; + + return true; + } + } /* @@ -116,26 +140,15 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, writer.set_version(state->version); reader.set_version(state->version); - MemoryVector<byte> client_session_id = state->client_hello->session_id(); - TLS_Session_Params session_info; - const bool resuming = - (!client_session_id.empty()) && - session_manager.find(client_session_id, session_info, SERVER); - - printf("Resuming ? %d\n", resuming); + const bool resuming = check_for_resume(session_info, + session_manager, + state->client_hello); if(resuming) { // resume session - // Check version matches the client requested version (???) - - // Check that resumed ciphersuite is in the client hello - - // Check that the resumed compression is in the client hello - - // FIXME: should only send the resumed ciphersuite // (eg even if policy object changed) state->server_hello = new Server_Hello( @@ -298,11 +311,6 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, ); session_manager.save(session_info); - - std::ofstream tmp("/tmp/session.data"); - SecureVector<byte> b = session_info.BER_encode(); - tmp.write((char*)&b[0], b.size()); - tmp.close(); } delete state; diff --git a/src/utils/stl_util.h b/src/utils/stl_util.h index 0e0617d5b..9ae5c5f7a 100644 --- a/src/utils/stl_util.h +++ b/src/utils/stl_util.h @@ -84,6 +84,19 @@ void multimap_insert(std::multimap<K, V>& multimap, #endif } +/** +* Existence check for values +*/ +template<typename T> +bool value_exists(const std::vector<T>& vec, + const T& val) + { + for(size_t i = 0; i != vec.size(); ++i) + if(vec[i] == val) + return true; + return false; + } + } #endif |