yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 08:21:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add transform (de)serialization

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2019-07-15 09:04:11 +02:00 committed by Jarno Lamsa
parent b9dfc9fd30
commit c2a7b891a1
1 changed files with 104 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

104
library/ssl_tls.c
View file

@ -11405,6 +11405,31 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
p += session_len;
}
/*
* Transform
*/
used += sizeof( ssl->transform->randbytes );
if( used <= buf_len )
{
memcpy( p, ssl->transform->randbytes,
sizeof( ssl->transform->randbytes ) );
p += sizeof( ssl->transform->randbytes );
}
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
used += 2 + ssl->transform->in_cid_len + ssl->transform->out_cid_len;
if( used <= buf_len )
{
*p++ = ssl->transform->in_cid_len;
memcpy( p, ssl->transform->in_cid, ssl->transform->in_cid_len );
p += ssl->transform->in_cid_len;
*p++ = ssl->transform->out_cid_len;
memcpy( p, ssl->transform->out_cid, ssl->transform->out_cid_len );
p += ssl->transform->out_cid_len;
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/*
* Done
*/
@ -11418,6 +11443,22 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
return( 0 );
}
/*
* Helper to get TLS 1.2 PRF from ciphersuite
* (Duplicates bits of logic from ssl_set_handshake_prfs().)
*/
typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen,
const char *label,
const unsigned char *random, size_t rlen,
unsigned char *dstbuf, size_t dlen );
static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
{
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
return ciphersuite_info->mac == MBEDTLS_MD_SHA384 ? tls_prf_sha384 : tls_prf_sha256;
}
/*
* Deserialize context, see mbedtls_ssl_context_save() for format.
*
@ -11506,6 +11547,69 @@ static int ssl_context_load( mbedtls_ssl_context *ssl,
p += session_len;
/*
* Transform
*/
/* Allocate and initialize structure */
ssl->transform = mbedtls_calloc( 1, sizeof( mbedtls_ssl_transform ) );
if( ssl->transform == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
mbedtls_ssl_transform_init( ssl->transform );
ssl->transform_in = ssl->transform;
ssl->transform_out = ssl->transform;
/* Read random bytes and populate structure */
if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ret = ssl_populate_transform( ssl->transform,
ssl->session->ciphersuite,
ssl->session->master,
#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
ssl->session->encrypt_then_mac,
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
ssl->session->trunc_hmac,
#endif
#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_ZLIB_SUPPORT)
ssl->session->compression,
#endif
ssl_tls12prf_from_cs( ssl->session->ciphersuite ),
p, /* currently pointing to randbytes */
MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */
ssl->conf->endpoint,
ssl );
if( ret != 0 )
return( ret );
p += sizeof( ssl->transform->randbytes );
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
/* Read connection IDs and store them */
if( (size_t)( end - p ) < 1 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl->transform->in_cid_len = *p++;
if( (size_t)( end - p ) < ssl->transform->in_cid_len + 1 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
memcpy( ssl->transform->in_cid, p, ssl->transform->in_cid_len );
p += ssl->transform->in_cid_len;
ssl->transform->out_cid_len = *p++;
if( (size_t)( end - p ) < ssl->transform->out_cid_len )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
memcpy( ssl->transform->out_cid, p, ssl->transform->out_cid_len );
p += ssl->transform->out_cid_len;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
/*
* Done - should have consumed entire buffer
*/