| Line | Count | Source (jump to first uncovered line) | 
| 1 |  | /* | 
| 2 |  |  * Copyright (C) 2009-2012 Free Software Foundation, Inc. | 
| 3 |  |  * Copyright (C) 2013 Nikos Mavrogiannopoulos | 
| 4 |  |  * | 
| 5 |  |  * Authors: Jonathan Bastien-Filiatrault | 
| 6 |  |  *    Nikos Mavrogiannopoulos | 
| 7 |  |  * | 
| 8 |  |  * This file is part of GNUTLS. | 
| 9 |  |  * | 
| 10 |  |  * The GNUTLS library is free software; you can redistribute it and/or | 
| 11 |  |  * modify it under the terms of the GNU Lesser General Public License | 
| 12 |  |  * as published by the Free Software Foundation; either version 2.1 of | 
| 13 |  |  * the License, or (at your option) any later version. | 
| 14 |  |  * | 
| 15 |  |  * This library is distributed in the hope that it will be useful, but | 
| 16 |  |  * WITHOUT ANY WARRANTY; without even the implied warranty of | 
| 17 |  |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU | 
| 18 |  |  * Lesser General Public License for more details. | 
| 19 |  |  * | 
| 20 |  |  * You should have received a copy of the GNU Lesser General Public License | 
| 21 |  |  * along with this program.  If not, see <https://www.gnu.org/licenses/> | 
| 22 |  |  * | 
| 23 |  |  */ | 
| 24 |  |  | 
| 25 |  | /* Functions that relate to DTLS retransmission and reassembly. | 
| 26 |  |  */ | 
| 27 |  |  | 
| 28 |  | #include "gnutls_int.h" | 
| 29 |  | #include "errors.h" | 
| 30 |  | #include "debug.h" | 
| 31 |  | #include "dtls.h" | 
| 32 |  | #include "record.h" | 
| 33 |  | #include <mbuffers.h> | 
| 34 |  | #include <buffers.h> | 
| 35 |  | #include <constate.h> | 
| 36 |  | #include <state.h> | 
| 37 |  | #include <gnutls/dtls.h> | 
| 38 |  | #include <algorithms.h> | 
| 39 |  |  | 
| 40 |  | void _dtls_async_timer_delete(gnutls_session_t session) | 
| 41 | 0 | { | 
| 42 | 0 |   if (session->internals.dtls.async_term != 0) { | 
| 43 | 0 |     _gnutls_dtls_log | 
| 44 | 0 |         ("DTLS[%p]: Deinitializing previous handshake state.\n", | 
| 45 | 0 |          session); | 
| 46 | 0 |     session->internals.dtls.async_term = 0; /* turn off "timer" */ | 
| 47 |  | 
 | 
| 48 | 0 |     _dtls_reset_hsk_state(session); | 
| 49 | 0 |     _gnutls_handshake_io_buffer_clear(session); | 
| 50 | 0 |     _gnutls_epoch_gc(session); | 
| 51 | 0 |   } | 
| 52 | 0 | } | 
| 53 |  |  | 
| 54 |  | /* This function fragments and transmits a previously buffered | 
| 55 |  |  * outgoing message. It accepts mtu_data which is a buffer to | 
| 56 |  |  * be reused (should be set to NULL initially). | 
| 57 |  |  */ | 
| 58 |  | static inline int | 
| 59 |  | transmit_message(gnutls_session_t session, mbuffer_st * bufel, uint8_t ** buf) | 
| 60 | 0 | { | 
| 61 | 0 |   uint8_t *data, *mtu_data; | 
| 62 | 0 |   int ret = 0; | 
| 63 | 0 |   unsigned int offset, frag_len, data_size; | 
| 64 | 0 |   unsigned int mtu = gnutls_dtls_get_data_mtu(session); | 
| 65 |  | 
 | 
| 66 | 0 |   if (session->security_parameters.max_record_send_size < mtu) | 
| 67 | 0 |     mtu = session->security_parameters.max_record_send_size; | 
| 68 |  | 
 | 
| 69 | 0 |   mtu -= DTLS_HANDSHAKE_HEADER_SIZE; | 
| 70 |  | 
 | 
| 71 | 0 |   if (bufel->type == GNUTLS_CHANGE_CIPHER_SPEC) { | 
| 72 | 0 |     _gnutls_dtls_log | 
| 73 | 0 |         ("DTLS[%p]: Sending Packet[%u] fragment %s(%d), mtu %u\n", | 
| 74 | 0 |          session, bufel->handshake_sequence, | 
| 75 | 0 |          _gnutls_handshake2str(bufel->htype), bufel->htype, mtu); | 
| 76 |  | 
 | 
| 77 | 0 |     return _gnutls_send_int(session, bufel->type, -1, | 
| 78 | 0 |           bufel->epoch, | 
| 79 | 0 |           _mbuffer_get_uhead_ptr(bufel), | 
| 80 | 0 |           _mbuffer_get_uhead_size(bufel), 0); | 
| 81 | 0 |   } | 
| 82 |  |  | 
| 83 | 0 |   if (*buf == NULL) | 
| 84 | 0 |     *buf = gnutls_malloc(mtu + DTLS_HANDSHAKE_HEADER_SIZE); | 
| 85 | 0 |   if (*buf == NULL) | 
| 86 | 0 |     return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); | 
| 87 |  |  | 
| 88 | 0 |   mtu_data = *buf; | 
| 89 |  | 
 | 
| 90 | 0 |   data = _mbuffer_get_udata_ptr(bufel); | 
| 91 | 0 |   data_size = _mbuffer_get_udata_size(bufel); | 
| 92 |  |  | 
| 93 |  |   /* Write fixed headers | 
| 94 |  |    */ | 
| 95 |  |  | 
| 96 |  |   /* Handshake type */ | 
| 97 | 0 |   mtu_data[0] = (uint8_t) bufel->htype; | 
| 98 |  |  | 
| 99 |  |   /* Total length */ | 
| 100 | 0 |   _gnutls_write_uint24(data_size, &mtu_data[1]); | 
| 101 |  |  | 
| 102 |  |   /* Handshake sequence */ | 
| 103 | 0 |   _gnutls_write_uint16(bufel->handshake_sequence, &mtu_data[4]); | 
| 104 |  |  | 
| 105 |  |   /* Chop up and send handshake message into mtu-size pieces. */ | 
| 106 | 0 |   for (offset = 0; offset <= data_size; offset += mtu) { | 
| 107 |  |     /* Calculate fragment length */ | 
| 108 | 0 |     if (offset + mtu > data_size) | 
| 109 | 0 |       frag_len = data_size - offset; | 
| 110 | 0 |     else | 
| 111 | 0 |       frag_len = mtu; | 
| 112 |  |  | 
| 113 |  |     /* we normally allow fragments of zero length, to allow | 
| 114 |  |      * the packets which have zero size. On the others don't | 
| 115 |  |      * send such fragments */ | 
| 116 | 0 |     if (frag_len == 0 && data_size > 0) { | 
| 117 | 0 |       ret = 0; | 
| 118 | 0 |       break; | 
| 119 | 0 |     } | 
| 120 |  |  | 
| 121 |  |     /* Fragment offset */ | 
| 122 | 0 |     _gnutls_write_uint24(offset, &mtu_data[6]); | 
| 123 |  |  | 
| 124 |  |     /* Fragment length */ | 
| 125 | 0 |     _gnutls_write_uint24(frag_len, &mtu_data[9]); | 
| 126 |  | 
 | 
| 127 | 0 |     memcpy(&mtu_data[DTLS_HANDSHAKE_HEADER_SIZE], | 
| 128 | 0 |            data + offset, frag_len); | 
| 129 |  | 
 | 
| 130 | 0 |     _gnutls_dtls_log | 
| 131 | 0 |         ("DTLS[%p]: Sending Packet[%u] fragment %s(%d) with " | 
| 132 | 0 |          "length: %u, offset: %u, fragment length: %u, mtu: %u\n", | 
| 133 | 0 |          session, bufel->handshake_sequence, | 
| 134 | 0 |          _gnutls_handshake2str(bufel->htype), bufel->htype, | 
| 135 | 0 |          data_size, offset, frag_len, mtu); | 
| 136 |  | 
 | 
| 137 | 0 |     ret = _gnutls_send_int(session, bufel->type, bufel->htype, | 
| 138 | 0 |                bufel->epoch, mtu_data, | 
| 139 | 0 |                DTLS_HANDSHAKE_HEADER_SIZE + | 
| 140 | 0 |                frag_len, 0); | 
| 141 | 0 |     if (ret < 0) { | 
| 142 | 0 |       gnutls_assert(); | 
| 143 | 0 |       break; | 
| 144 | 0 |     } | 
| 145 | 0 |   } | 
| 146 |  | 
 | 
| 147 | 0 |   return ret; | 
| 148 | 0 | } | 
| 149 |  |  | 
| 150 |  | static int drop_usage_count(gnutls_session_t session, | 
| 151 |  |           mbuffer_head_st * const send_buffer) | 
| 152 | 0 | { | 
| 153 | 0 |   int ret; | 
| 154 | 0 |   mbuffer_st *cur; | 
| 155 |  | 
 | 
| 156 | 0 |   for (cur = send_buffer->head; cur != NULL; cur = cur->next) { | 
| 157 | 0 |     ret = _gnutls_epoch_refcount_dec(session, cur->epoch); | 
| 158 | 0 |     if (ret < 0) | 
| 159 | 0 |       return gnutls_assert_val(ret); | 
| 160 | 0 |   } | 
| 161 |  |  | 
| 162 | 0 |   return 0; | 
| 163 | 0 | } | 
| 164 |  |  | 
| 165 |  | /* Checks whether the received packet contains a handshake | 
| 166 |  |  * packet with sequence higher that the previously received. | 
| 167 |  |  * It must be called only when an actual packet has been | 
| 168 |  |  * received. | 
| 169 |  |  * | 
| 170 |  |  * Returns: 0 if expected, negative value otherwise. | 
| 171 |  |  */ | 
| 172 |  | static int is_next_hpacket_expected(gnutls_session_t session) | 
| 173 | 0 | { | 
| 174 | 0 |   int ret; | 
| 175 |  |  | 
| 176 |  |   /* htype is arbitrary */ | 
| 177 | 0 |   ret = | 
| 178 | 0 |       _gnutls_recv_in_buffers(session, GNUTLS_HANDSHAKE, | 
| 179 | 0 |             GNUTLS_HANDSHAKE_FINISHED, 0); | 
| 180 | 0 |   if (ret < 0) | 
| 181 | 0 |     return gnutls_assert_val(ret); | 
| 182 |  |  | 
| 183 | 0 |   ret = _gnutls_parse_record_buffered_msgs(session); | 
| 184 | 0 |   if (ret < 0) | 
| 185 | 0 |     return gnutls_assert_val(ret); | 
| 186 |  |  | 
| 187 | 0 |   if (session->internals.handshake_recv_buffer_size > 0) | 
| 188 | 0 |     return 0; | 
| 189 | 0 |   else | 
| 190 | 0 |     return gnutls_assert_val(GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET); | 
| 191 | 0 | } | 
| 192 |  |  | 
| 193 |  | void _dtls_reset_hsk_state(gnutls_session_t session) | 
| 194 | 0 | { | 
| 195 | 0 |   session->internals.dtls.flight_init = 0; | 
| 196 | 0 |   drop_usage_count(session, &session->internals.handshake_send_buffer); | 
| 197 | 0 |   _mbuffer_head_clear(&session->internals.handshake_send_buffer); | 
| 198 | 0 | } | 
| 199 |  |  | 
| 200 | 0 | #define UPDATE_TIMER { \ | 
| 201 | 0 |       session->internals.dtls.actual_retrans_timeout_ms *= 2; \ | 
| 202 | 0 |       session->internals.dtls.actual_retrans_timeout_ms %= MAX_DTLS_TIMEOUT; \ | 
| 203 | 0 |     } | 
| 204 |  |  | 
| 205 |  | #define RESET_TIMER \ | 
| 206 | 0 |       session->internals.dtls.actual_retrans_timeout_ms = session->internals.dtls.retrans_timeout_ms | 
| 207 |  |  | 
| 208 | 0 | #define TIMER_WINDOW session->internals.dtls.actual_retrans_timeout_ms | 
| 209 |  |  | 
| 210 |  | /* This function transmits the flight that has been previously | 
| 211 |  |  * buffered. | 
| 212 |  |  * | 
| 213 |  |  * This function is called from the handshake layer and calls the | 
| 214 |  |  * record layer. | 
| 215 |  |  */ | 
| 216 |  | int _dtls_transmit(gnutls_session_t session) | 
| 217 | 0 | { | 
| 218 | 0 |   int ret; | 
| 219 | 0 |   uint8_t *buf = NULL; | 
| 220 | 0 |   unsigned int timeout; | 
| 221 |  |  | 
| 222 |  |   /* PREPARING -> SENDING state transition */ | 
| 223 | 0 |   mbuffer_head_st *const send_buffer = | 
| 224 | 0 |       &session->internals.handshake_send_buffer; | 
| 225 | 0 |   mbuffer_st *cur; | 
| 226 | 0 |   gnutls_handshake_description_t last_type = 0; | 
| 227 | 0 |   unsigned int diff; | 
| 228 | 0 |   struct timespec now; | 
| 229 |  | 
 | 
| 230 | 0 |   gnutls_gettime(&now); | 
| 231 |  |  | 
| 232 |  |   /* If we have already sent a flight and we are operating in a  | 
| 233 |  |    * non blocking way, check if it is time to retransmit or just | 
| 234 |  |    * return. | 
| 235 |  |    */ | 
| 236 | 0 |   if (session->internals.dtls.flight_init != 0 | 
| 237 | 0 |       && (session->internals.flags & GNUTLS_NONBLOCK)) { | 
| 238 |  |     /* just in case previous run was interrupted */ | 
| 239 | 0 |     ret = _gnutls_io_write_flush(session); | 
| 240 | 0 |     if (ret < 0) { | 
| 241 | 0 |       gnutls_assert(); | 
| 242 | 0 |       goto cleanup; | 
| 243 | 0 |     } | 
| 244 |  |  | 
| 245 | 0 |     if (session->internals.dtls.last_flight == 0 | 
| 246 | 0 |         || !_dtls_is_async(session)) { | 
| 247 |  |       /* check for ACK */ | 
| 248 | 0 |       ret = _gnutls_io_check_recv(session, 0); | 
| 249 | 0 |       if (ret == GNUTLS_E_TIMEDOUT) { | 
| 250 |  |         /* if no retransmission is required yet just return  | 
| 251 |  |          */ | 
| 252 | 0 |         if (timespec_sub_ms | 
| 253 | 0 |             (&now, | 
| 254 | 0 |              &session->internals.dtls.last_retransmit) < | 
| 255 | 0 |             TIMER_WINDOW) { | 
| 256 | 0 |           gnutls_assert(); | 
| 257 | 0 |           goto nb_timeout; | 
| 258 | 0 |         } | 
| 259 | 0 |       } else { /* received something */ | 
| 260 |  | 
 | 
| 261 | 0 |         if (ret == 0) { | 
| 262 | 0 |           ret = is_next_hpacket_expected(session); | 
| 263 | 0 |           if (ret == GNUTLS_E_AGAIN | 
| 264 | 0 |               || ret == GNUTLS_E_INTERRUPTED) | 
| 265 | 0 |             goto nb_timeout; | 
| 266 | 0 |           if (ret < 0 | 
| 267 | 0 |               && ret != | 
| 268 | 0 |               GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET) | 
| 269 | 0 |           { | 
| 270 | 0 |             gnutls_assert(); | 
| 271 | 0 |             goto cleanup; | 
| 272 | 0 |           } | 
| 273 | 0 |           if (ret == 0) | 
| 274 | 0 |             goto end_flight; | 
| 275 |  |           /* if ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET retransmit */ | 
| 276 | 0 |         } else | 
| 277 | 0 |           goto nb_timeout; | 
| 278 | 0 |       } | 
| 279 | 0 |     } | 
| 280 | 0 |   } | 
| 281 |  |  | 
| 282 | 0 |   do { | 
| 283 | 0 |     timeout = TIMER_WINDOW; | 
| 284 |  | 
 | 
| 285 | 0 |     diff = | 
| 286 | 0 |         timespec_sub_ms(&now, | 
| 287 | 0 |             &session->internals.handshake_start_time); | 
| 288 | 0 |     if (diff >= session->internals.handshake_timeout_ms) { | 
| 289 | 0 |       _gnutls_dtls_log("Session timeout: %u ms\n", diff); | 
| 290 | 0 |       ret = gnutls_assert_val(GNUTLS_E_TIMEDOUT); | 
| 291 | 0 |       goto end_flight; | 
| 292 | 0 |     } | 
| 293 |  |  | 
| 294 | 0 |     diff = | 
| 295 | 0 |         timespec_sub_ms(&now, | 
| 296 | 0 |             &session->internals.dtls.last_retransmit); | 
| 297 | 0 |     if (session->internals.dtls.flight_init == 0 | 
| 298 | 0 |         || diff >= TIMER_WINDOW) { | 
| 299 | 0 |       _gnutls_dtls_log | 
| 300 | 0 |           ("DTLS[%p]: %sStart of flight transmission.\n", | 
| 301 | 0 |            session, | 
| 302 | 0 |            (session->internals.dtls.flight_init == | 
| 303 | 0 |             0) ? "" : "re-"); | 
| 304 | 0 |       for (cur = send_buffer->head; cur != NULL; | 
| 305 | 0 |            cur = cur->next) { | 
| 306 | 0 |         ret = transmit_message(session, cur, &buf); | 
| 307 | 0 |         if (ret < 0) { | 
| 308 | 0 |           gnutls_assert(); | 
| 309 | 0 |           goto end_flight; | 
| 310 | 0 |         } | 
| 311 |  |  | 
| 312 | 0 |         last_type = cur->htype; | 
| 313 | 0 |       } | 
| 314 | 0 |       gnutls_gettime(&session->internals. | 
| 315 | 0 |                dtls.last_retransmit); | 
| 316 |  | 
 | 
| 317 | 0 |       if (session->internals.dtls.flight_init == 0) { | 
| 318 | 0 |         session->internals.dtls.flight_init = 1; | 
| 319 | 0 |         RESET_TIMER; | 
| 320 | 0 |         timeout = TIMER_WINDOW; | 
| 321 |  | 
 | 
| 322 | 0 |         if (last_type == GNUTLS_HANDSHAKE_FINISHED) { | 
| 323 |  |           /* On the last flight we cannot ensure retransmission | 
| 324 |  |            * from here. _dtls_wait_and_retransmit() is being called | 
| 325 |  |            * by handshake. | 
| 326 |  |            */ | 
| 327 | 0 |           session->internals.dtls.last_flight = 1; | 
| 328 | 0 |         } else | 
| 329 | 0 |           session->internals.dtls.last_flight = 0; | 
| 330 | 0 |       } else { | 
| 331 | 0 |         UPDATE_TIMER; | 
| 332 | 0 |       } | 
| 333 | 0 |     } | 
| 334 |  |  | 
| 335 | 0 |     ret = _gnutls_io_write_flush(session); | 
| 336 | 0 |     if (ret < 0) { | 
| 337 | 0 |       ret = gnutls_assert_val(ret); | 
| 338 | 0 |       goto cleanup; | 
| 339 | 0 |     } | 
| 340 |  |  | 
| 341 |  |     /* last message in handshake -> no ack */ | 
| 342 | 0 |     if (session->internals.dtls.last_flight != 0) { | 
| 343 |  |       /* we don't wait here. We just return 0 and | 
| 344 |  |        * if a retransmission occurs because peer didn't receive it | 
| 345 |  |        * we rely on the record or handshake | 
| 346 |  |        * layer calling this function again. | 
| 347 |  |        */ | 
| 348 | 0 |       ret = 0; | 
| 349 | 0 |       goto cleanup; | 
| 350 | 0 |     } else { /* all other messages -> implicit ack (receive of next flight) */ | 
| 351 |  | 
 | 
| 352 | 0 |       if (!(session->internals.flags & GNUTLS_NONBLOCK)) | 
| 353 | 0 |         ret = _gnutls_io_check_recv(session, timeout); | 
| 354 | 0 |       else { | 
| 355 | 0 |         ret = _gnutls_io_check_recv(session, 0); | 
| 356 | 0 |         if (ret == GNUTLS_E_TIMEDOUT) { | 
| 357 | 0 |           goto nb_timeout; | 
| 358 | 0 |         } | 
| 359 | 0 |       } | 
| 360 |  |  | 
| 361 | 0 |       if (ret == 0) { | 
| 362 | 0 |         ret = is_next_hpacket_expected(session); | 
| 363 | 0 |         if (ret == GNUTLS_E_AGAIN | 
| 364 | 0 |             || ret == GNUTLS_E_INTERRUPTED) | 
| 365 | 0 |           goto nb_timeout; | 
| 366 |  |  | 
| 367 | 0 |         if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET) { | 
| 368 | 0 |           ret = GNUTLS_E_TIMEDOUT; | 
| 369 | 0 |           goto keep_up; | 
| 370 | 0 |         } | 
| 371 | 0 |         if (ret < 0) { | 
| 372 | 0 |           gnutls_assert(); | 
| 373 | 0 |           goto cleanup; | 
| 374 | 0 |         } | 
| 375 | 0 |         goto end_flight; | 
| 376 | 0 |       } | 
| 377 | 0 |     } | 
| 378 |  |  | 
| 379 | 0 |  keep_up: | 
| 380 | 0 |     gnutls_gettime(&now); | 
| 381 | 0 |   } while (ret == GNUTLS_E_TIMEDOUT); | 
| 382 |  |  | 
| 383 | 0 |   if (ret < 0) { | 
| 384 | 0 |     ret = gnutls_assert_val(ret); | 
| 385 | 0 |     goto end_flight; | 
| 386 | 0 |   } | 
| 387 |  |  | 
| 388 | 0 |   ret = 0; | 
| 389 |  | 
 | 
| 390 | 0 |  end_flight: | 
| 391 | 0 |   _gnutls_dtls_log("DTLS[%p]: End of flight transmission.\n", session); | 
| 392 | 0 |   _dtls_reset_hsk_state(session); | 
| 393 |  | 
 | 
| 394 | 0 |  cleanup: | 
| 395 | 0 |   if (buf != NULL) | 
| 396 | 0 |     gnutls_free(buf); | 
| 397 |  |  | 
| 398 |  |   /* SENDING -> WAITING state transition */ | 
| 399 | 0 |   return ret; | 
| 400 |  |  | 
| 401 | 0 |  nb_timeout: | 
| 402 | 0 |   if (buf != NULL) | 
| 403 | 0 |     gnutls_free(buf); | 
| 404 |  | 
 | 
| 405 | 0 |   RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, ret); | 
| 406 | 0 | } | 
| 407 |  |  | 
| 408 |  | /* Waits for the last flight or retransmits | 
| 409 |  |  * the previous on timeout. Returns 0 on success. | 
| 410 |  |  */ | 
| 411 |  | int _dtls_wait_and_retransmit(gnutls_session_t session) | 
| 412 | 0 | { | 
| 413 | 0 |   int ret; | 
| 414 |  | 
 | 
| 415 | 0 |   if (!(session->internals.flags & GNUTLS_NONBLOCK)) | 
| 416 | 0 |     ret = _gnutls_io_check_recv(session, TIMER_WINDOW); | 
| 417 | 0 |   else | 
| 418 | 0 |     ret = _gnutls_io_check_recv(session, 0); | 
| 419 |  | 
 | 
| 420 | 0 |   if (ret == GNUTLS_E_TIMEDOUT) { | 
| 421 | 0 |     ret = _dtls_retransmit(session); | 
| 422 | 0 |     if (ret == 0) { | 
| 423 | 0 |       RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, 0); | 
| 424 | 0 |     } else | 
| 425 | 0 |       return gnutls_assert_val(ret); | 
| 426 | 0 |   } | 
| 427 |  |  | 
| 428 | 0 |   RESET_TIMER; | 
| 429 | 0 |   return 0; | 
| 430 | 0 | } | 
| 431 |  |  | 
| 432 |  | /** | 
| 433 |  |  * gnutls_dtls_set_timeouts: | 
| 434 |  |  * @session: is a #gnutls_session_t type. | 
| 435 |  |  * @retrans_timeout: The time at which a retransmission will occur in milliseconds | 
| 436 |  |  * @total_timeout: The time at which the connection will be aborted, in milliseconds. | 
| 437 |  |  * | 
| 438 |  |  * This function will set the timeouts required for the DTLS handshake | 
| 439 |  |  * protocol. The retransmission timeout is the time after which a | 
| 440 |  |  * message from the peer is not received, the previous messages will | 
| 441 |  |  * be retransmitted. The total timeout is the time after which the | 
| 442 |  |  * handshake will be aborted with %GNUTLS_E_TIMEDOUT. | 
| 443 |  |  * | 
| 444 |  |  * The DTLS protocol recommends the values of 1 sec and 60 seconds | 
| 445 |  |  * respectively, and these are the default values. | 
| 446 |  |  * | 
| 447 |  |  * To disable retransmissions set a @retrans_timeout larger than the @total_timeout. | 
| 448 |  |  * | 
| 449 |  |  * Since: 3.0 | 
| 450 |  |  **/ | 
| 451 |  | void gnutls_dtls_set_timeouts(gnutls_session_t session, | 
| 452 |  |             unsigned int retrans_timeout, | 
| 453 |  |             unsigned int total_timeout) | 
| 454 | 0 | { | 
| 455 | 0 |   if (total_timeout == GNUTLS_INDEFINITE_TIMEOUT) | 
| 456 | 0 |     session->internals.handshake_timeout_ms = 0; | 
| 457 | 0 |   else | 
| 458 | 0 |     session->internals.handshake_timeout_ms = total_timeout; | 
| 459 |  | 
 | 
| 460 | 0 |   session->internals.dtls.retrans_timeout_ms = retrans_timeout; | 
| 461 | 0 | } | 
| 462 |  |  | 
| 463 |  | /** | 
| 464 |  |  * gnutls_dtls_set_mtu: | 
| 465 |  |  * @session: is a #gnutls_session_t type. | 
| 466 |  |  * @mtu: The maximum transfer unit of the transport | 
| 467 |  |  * | 
| 468 |  |  * This function will set the maximum transfer unit of the transport | 
| 469 |  |  * that DTLS packets are sent over. Note that this should exclude | 
| 470 |  |  * the IP (or IPv6) and UDP headers. So for DTLS over IPv6 on an | 
| 471 |  |  * Ethernet device with MTU 1500, the DTLS MTU set with this function | 
| 472 |  |  * would be 1500 - 40 (IPV6 header) - 8 (UDP header) = 1452. | 
| 473 |  |  * | 
| 474 |  |  * Since: 3.0 | 
| 475 |  |  **/ | 
| 476 |  | void gnutls_dtls_set_mtu(gnutls_session_t session, unsigned int mtu) | 
| 477 | 0 | { | 
| 478 | 0 |   session->internals.dtls.mtu = MIN(mtu, DEFAULT_MAX_RECORD_SIZE); | 
| 479 | 0 | } | 
| 480 |  |  | 
| 481 |  | /* when max is non-zero this function will return the maximum | 
| 482 |  |  * overhead that this ciphersuite may introduce, e.g., the maximum | 
| 483 |  |  * amount of padding required */ | 
| 484 |  | unsigned _gnutls_record_overhead(const version_entry_st * ver, | 
| 485 |  |          const cipher_entry_st * cipher, | 
| 486 |  |          const mac_entry_st * mac, unsigned max) | 
| 487 | 0 | { | 
| 488 | 0 |   int total = 0; | 
| 489 | 0 |   int ret; | 
| 490 | 0 |   int hash_len = 0; | 
| 491 |  | 
 | 
| 492 | 0 |   if (unlikely(cipher == NULL)) | 
| 493 | 0 |     return 0; | 
| 494 |  |  | 
| 495 |  |   /* 1 octet content type in the unencrypted content */ | 
| 496 | 0 |   if (ver->tls13_sem) | 
| 497 | 0 |     total++; | 
| 498 |  | 
 | 
| 499 | 0 |   if (mac->id == GNUTLS_MAC_AEAD) { | 
| 500 | 0 |     if (!ver->tls13_sem) | 
| 501 | 0 |       total += _gnutls_cipher_get_explicit_iv_size(cipher); | 
| 502 |  | 
 | 
| 503 | 0 |     total += _gnutls_cipher_get_tag_size(cipher); | 
| 504 | 0 |   } else { | 
| 505 |  |     /* STREAM + BLOCK have a MAC appended */ | 
| 506 | 0 |     ret = _gnutls_mac_get_algo_len(mac); | 
| 507 | 0 |     if (unlikely(ret < 0)) | 
| 508 | 0 |       return 0; | 
| 509 |  |  | 
| 510 | 0 |     hash_len = ret; | 
| 511 | 0 |     total += hash_len; | 
| 512 | 0 |   } | 
| 513 |  |  | 
| 514 |  |   /* Block ciphers have padding + IV */ | 
| 515 | 0 |   if (_gnutls_cipher_type(cipher) == CIPHER_BLOCK) { | 
| 516 | 0 |     int exp_iv; | 
| 517 |  | 
 | 
| 518 | 0 |     exp_iv = _gnutls_cipher_get_explicit_iv_size(cipher); | 
| 519 |  | 
 | 
| 520 | 0 |     if (max) | 
| 521 | 0 |       total += 2 * exp_iv; /* block == iv size */ | 
| 522 | 0 |     else | 
| 523 | 0 |       total += exp_iv + 1; | 
| 524 | 0 |   } | 
| 525 |  | 
 | 
| 526 | 0 |   return total; | 
| 527 | 0 | } | 
| 528 |  |  | 
| 529 |  | /** | 
| 530 |  |  * gnutls_est_record_overhead_size: | 
| 531 |  |  * @version: is a #gnutls_protocol_t value | 
| 532 |  |  * @cipher: is a #gnutls_cipher_algorithm_t value | 
| 533 |  |  * @mac: is a #gnutls_mac_algorithm_t value | 
| 534 |  |  * @comp: is a #gnutls_compression_method_t value (ignored) | 
| 535 |  |  * @flags: must be zero | 
| 536 |  |  * | 
| 537 |  |  * This function will return the set size in bytes of the overhead | 
| 538 |  |  * due to TLS (or DTLS) per record. | 
| 539 |  |  * | 
| 540 |  |  * Note that this function may provide inaccurate values when TLS | 
| 541 |  |  * extensions that modify the record format are negotiated. In these | 
| 542 |  |  * cases a more accurate value can be obtained using gnutls_record_overhead_size()  | 
| 543 |  |  * after a completed handshake. | 
| 544 |  |  * | 
| 545 |  |  * Since: 3.2.2 | 
| 546 |  |  **/ | 
| 547 |  | size_t gnutls_est_record_overhead_size(gnutls_protocol_t version, | 
| 548 |  |                gnutls_cipher_algorithm_t cipher, | 
| 549 |  |                gnutls_mac_algorithm_t mac, | 
| 550 |  |                gnutls_compression_method_t comp, | 
| 551 |  |                unsigned int flags) | 
| 552 | 0 | { | 
| 553 | 0 |   const cipher_entry_st *c; | 
| 554 | 0 |   const mac_entry_st *m; | 
| 555 | 0 |   const version_entry_st *v; | 
| 556 | 0 |   size_t total = 0; | 
| 557 |  | 
 | 
| 558 | 0 |   c = cipher_to_entry(cipher); | 
| 559 | 0 |   if (c == NULL) | 
| 560 | 0 |     return 0; | 
| 561 |  |  | 
| 562 | 0 |   m = mac_to_entry(mac); | 
| 563 | 0 |   if (m == NULL) | 
| 564 | 0 |     return 0; | 
| 565 |  |  | 
| 566 | 0 |   v = version_to_entry(version); | 
| 567 | 0 |   if (v == NULL) | 
| 568 | 0 |     return 0; | 
| 569 |  |  | 
| 570 | 0 |   if (v->transport == GNUTLS_STREAM) | 
| 571 | 0 |     total = TLS_RECORD_HEADER_SIZE; | 
| 572 | 0 |   else | 
| 573 | 0 |     total = DTLS_RECORD_HEADER_SIZE; | 
| 574 |  | 
 | 
| 575 | 0 |   total += _gnutls_record_overhead(v, c, m, 1); | 
| 576 |  | 
 | 
| 577 | 0 |   return total; | 
| 578 | 0 | } | 
| 579 |  |  | 
| 580 |  | /* returns overhead imposed by the record layer (encryption/compression) | 
| 581 |  |  * etc. It does not include the record layer headers, since the caller | 
| 582 |  |  * needs to cope with rounding to multiples of blocksize, and the header | 
| 583 |  |  * is outside that. | 
| 584 |  |  * | 
| 585 |  |  * blocksize: will contain the block size when padding may be required or 1 | 
| 586 |  |  * | 
| 587 |  |  * It may return a negative error code on error. | 
| 588 |  |  */ | 
| 589 |  | static int record_overhead_rt(gnutls_session_t session) | 
| 590 | 0 | { | 
| 591 | 0 |   record_parameters_st *params; | 
| 592 | 0 |   int ret; | 
| 593 |  | 
 | 
| 594 | 0 |   if (session->internals.initial_negotiation_completed == 0) | 
| 595 | 0 |     return GNUTLS_E_INVALID_REQUEST; | 
| 596 | 0 |   ret = _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT, ¶ms); | 
| 597 | 0 |   if (ret < 0) | 
| 598 | 0 |     return gnutls_assert_val(ret); | 
| 599 |  |  | 
| 600 | 0 |   return _gnutls_record_overhead(get_version(session), params->cipher, | 
| 601 | 0 |                params->mac, 1); | 
| 602 | 0 | } | 
| 603 |  |  | 
| 604 |  | /** | 
| 605 |  |  * gnutls_record_overhead_size: | 
| 606 |  |  * @session: is #gnutls_session_t | 
| 607 |  |  * | 
| 608 |  |  * This function will return the size in bytes of the overhead | 
| 609 |  |  * due to TLS (or DTLS) per record. On certain occasions | 
| 610 |  |  * (e.g., CBC ciphers) the returned value is the maximum | 
| 611 |  |  * possible overhead. | 
| 612 |  |  * | 
| 613 |  |  * Since: 3.2.2 | 
| 614 |  |  **/ | 
| 615 |  | size_t gnutls_record_overhead_size(gnutls_session_t session) | 
| 616 | 0 | { | 
| 617 | 0 |   const version_entry_st *v = get_version(session); | 
| 618 | 0 |   int ret; | 
| 619 | 0 |   size_t total; | 
| 620 |  | 
 | 
| 621 | 0 |   if (v->transport == GNUTLS_STREAM) | 
| 622 | 0 |     total = TLS_RECORD_HEADER_SIZE; | 
| 623 | 0 |   else | 
| 624 | 0 |     total = DTLS_RECORD_HEADER_SIZE; | 
| 625 |  | 
 | 
| 626 | 0 |   ret = record_overhead_rt(session); | 
| 627 | 0 |   if (ret >= 0) | 
| 628 | 0 |     total += ret; | 
| 629 |  | 
 | 
| 630 | 0 |   return total; | 
| 631 | 0 | } | 
| 632 |  |  | 
| 633 |  | /** | 
| 634 |  |  * gnutls_dtls_get_data_mtu: | 
| 635 |  |  * @session: is a #gnutls_session_t type. | 
| 636 |  |  * | 
| 637 |  |  * This function will return the actual maximum transfer unit for | 
| 638 |  |  * application data. I.e. DTLS headers are subtracted from the | 
| 639 |  |  * actual MTU which is set using gnutls_dtls_set_mtu(). | 
| 640 |  |  * | 
| 641 |  |  * Returns: the maximum allowed transfer unit. | 
| 642 |  |  * | 
| 643 |  |  * Since: 3.0 | 
| 644 |  |  **/ | 
| 645 |  | unsigned int gnutls_dtls_get_data_mtu(gnutls_session_t session) | 
| 646 | 0 | { | 
| 647 | 0 |   int mtu = session->internals.dtls.mtu; | 
| 648 | 0 |   record_parameters_st *params; | 
| 649 | 0 |   int ret, k, hash_size, block; | 
| 650 |  | 
 | 
| 651 | 0 |   mtu -= RECORD_HEADER_SIZE(session); | 
| 652 |  | 
 | 
| 653 | 0 |   if (session->internals.initial_negotiation_completed == 0) | 
| 654 | 0 |     return mtu; | 
| 655 |  |  | 
| 656 | 0 |   ret = _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT, ¶ms); | 
| 657 | 0 |   if (ret < 0) | 
| 658 | 0 |     return mtu; | 
| 659 |  |  | 
| 660 | 0 |   if (params->cipher->type == CIPHER_AEAD | 
| 661 | 0 |       || params->cipher->type == CIPHER_STREAM) | 
| 662 | 0 |     return mtu - _gnutls_record_overhead(get_version(session), | 
| 663 | 0 |                  params->cipher, | 
| 664 | 0 |                  params->mac, 0); | 
| 665 |  |  | 
| 666 |  |   /* CIPHER_BLOCK: in CBC ciphers guess the data MTU as it depends on residues | 
| 667 |  |    */ | 
| 668 | 0 |   hash_size = _gnutls_mac_get_algo_len(params->mac); | 
| 669 | 0 |   block = _gnutls_cipher_get_explicit_iv_size(params->cipher); | 
| 670 | 0 |   assert(_gnutls_cipher_get_block_size(params->cipher) == block); | 
| 671 |  |  | 
| 672 | 0 |   if (params->etm) { | 
| 673 |  |     /* the maximum data mtu satisfies: | 
| 674 |  |      * data mtu (mod block) = block-1 | 
| 675 |  |      * or data mtu = (k+1)*(block) - 1 | 
| 676 |  |      * | 
| 677 |  |      * and data mtu + block + hash size + 1 = link_mtu | 
| 678 |  |      *     (k+2) * (block) + hash size = link_mtu | 
| 679 |  |      * | 
| 680 |  |      *     We try to find k, and thus data mtu | 
| 681 |  |      */ | 
| 682 | 0 |     k = ((mtu - hash_size) / block) - 2; | 
| 683 |  | 
 | 
| 684 | 0 |     return (k + 1) * block - 1; | 
| 685 | 0 |   } else { | 
| 686 |  |     /* the maximum data mtu satisfies: | 
| 687 |  |      * data mtu + hash size (mod block) = block-1 | 
| 688 |  |      * or data mtu = (k+1)*(block) - hash size - 1 | 
| 689 |  |      * | 
| 690 |  |      * and data mtu + block + hash size + 1 = link_mtu | 
| 691 |  |      *     (k+2) * (block) = link_mtu | 
| 692 |  |      * | 
| 693 |  |      *     We try to find k, and thus data mtu | 
| 694 |  |      */ | 
| 695 | 0 |     k = ((mtu) / block) - 2; | 
| 696 |  | 
 | 
| 697 | 0 |     return (k + 1) * block - hash_size - 1; | 
| 698 | 0 |   } | 
| 699 | 0 | } | 
| 700 |  |  | 
| 701 |  | /** | 
| 702 |  |  * gnutls_dtls_set_data_mtu: | 
| 703 |  |  * @session: is a #gnutls_session_t type. | 
| 704 |  |  * @mtu: The maximum unencrypted transfer unit of the session | 
| 705 |  |  * | 
| 706 |  |  * This function will set the maximum size of the *unencrypted* records | 
| 707 |  |  * which will be sent over a DTLS session. It is equivalent to calculating | 
| 708 |  |  * the DTLS packet overhead with the current encryption parameters, and | 
| 709 |  |  * calling gnutls_dtls_set_mtu() with that value. In particular, this means | 
| 710 |  |  * that you may need to call this function again after any negotiation or | 
| 711 |  |  * renegotiation, in order to ensure that the MTU is still sufficient to | 
| 712 |  |  * account for the new protocol overhead. | 
| 713 |  |  * | 
| 714 |  |  * In most cases you only need to call gnutls_dtls_set_mtu() with | 
| 715 |  |  * the maximum MTU of your transport layer. | 
| 716 |  |  * | 
| 717 |  |  * Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code. | 
| 718 |  |  * | 
| 719 |  |  * Since: 3.1 | 
| 720 |  |  **/ | 
| 721 |  | int gnutls_dtls_set_data_mtu(gnutls_session_t session, unsigned int mtu) | 
| 722 | 0 | { | 
| 723 | 0 |   int overhead; | 
| 724 |  | 
 | 
| 725 | 0 |   overhead = record_overhead_rt(session); | 
| 726 |  |  | 
| 727 |  |   /* You can't call this until the session is actually running */ | 
| 728 | 0 |   if (overhead < 0) | 
| 729 | 0 |     return GNUTLS_E_INVALID_SESSION; | 
| 730 |  |  | 
| 731 |  |   /* Add the overhead inside the encrypted part */ | 
| 732 | 0 |   mtu += overhead; | 
| 733 |  |  | 
| 734 |  |   /* Add the *unencrypted header size */ | 
| 735 | 0 |   mtu += RECORD_HEADER_SIZE(session); | 
| 736 |  | 
 | 
| 737 | 0 |   gnutls_dtls_set_mtu(session, mtu); | 
| 738 | 0 |   return GNUTLS_E_SUCCESS; | 
| 739 | 0 | } | 
| 740 |  |  | 
| 741 |  | /** | 
| 742 |  |  * gnutls_dtls_get_mtu: | 
| 743 |  |  * @session: is a #gnutls_session_t type. | 
| 744 |  |  * | 
| 745 |  |  * This function will return the MTU size as set with | 
| 746 |  |  * gnutls_dtls_set_mtu(). This is not the actual MTU | 
| 747 |  |  * of data you can transmit. Use gnutls_dtls_get_data_mtu() | 
| 748 |  |  * for that reason. | 
| 749 |  |  * | 
| 750 |  |  * Returns: the set maximum transfer unit. | 
| 751 |  |  * | 
| 752 |  |  * Since: 3.0 | 
| 753 |  |  **/ | 
| 754 |  | unsigned int gnutls_dtls_get_mtu(gnutls_session_t session) | 
| 755 | 0 | { | 
| 756 | 0 |   return session->internals.dtls.mtu; | 
| 757 | 0 | } | 
| 758 |  |  | 
| 759 |  | /** | 
| 760 |  |  * gnutls_dtls_get_timeout: | 
| 761 |  |  * @session: is a #gnutls_session_t type. | 
| 762 |  |  * | 
| 763 |  |  * This function will return the milliseconds remaining | 
| 764 |  |  * for a retransmission of the previously sent handshake | 
| 765 |  |  * message. This function is useful when DTLS is used in | 
| 766 |  |  * non-blocking mode, to estimate when to call gnutls_handshake() | 
| 767 |  |  * if no packets have been received. | 
| 768 |  |  * | 
| 769 |  |  * Returns: the remaining time in milliseconds. | 
| 770 |  |  * | 
| 771 |  |  * Since: 3.0 | 
| 772 |  |  **/ | 
| 773 |  | unsigned int gnutls_dtls_get_timeout(gnutls_session_t session) | 
| 774 | 0 | { | 
| 775 | 0 |   struct timespec now; | 
| 776 | 0 |   unsigned int diff; | 
| 777 |  | 
 | 
| 778 | 0 |   gnutls_gettime(&now); | 
| 779 |  | 
 | 
| 780 | 0 |   diff = timespec_sub_ms(&now, &session->internals.dtls.last_retransmit); | 
| 781 | 0 |   if (diff >= TIMER_WINDOW) | 
| 782 | 0 |     return 0; | 
| 783 | 0 |   else | 
| 784 | 0 |     return TIMER_WINDOW - diff; | 
| 785 | 0 | } | 
| 786 |  |  | 
| 787 | 0 | #define COOKIE_SIZE 16 | 
| 788 | 0 | #define COOKIE_MAC_SIZE 16 | 
| 789 |  |  | 
| 790 |  | /*   MAC | 
| 791 |  |  * 16 bytes | 
| 792 |  |  * | 
| 793 |  |  * total 19 bytes | 
| 794 |  |  */ | 
| 795 |  |  | 
| 796 | 0 | #define C_HASH GNUTLS_MAC_SHA1 | 
| 797 |  | #define C_HASH_SIZE 20 | 
| 798 |  |  | 
| 799 |  | /** | 
| 800 |  |  * gnutls_dtls_cookie_send: | 
| 801 |  |  * @key: is a random key to be used at cookie generation | 
| 802 |  |  * @client_data: contains data identifying the client (i.e. address) | 
| 803 |  |  * @client_data_size: The size of client's data | 
| 804 |  |  * @prestate: The previous cookie returned by gnutls_dtls_cookie_verify() | 
| 805 |  |  * @ptr: A transport pointer to be used by @push_func | 
| 806 |  |  * @push_func: A function that will be used to reply | 
| 807 |  |  * | 
| 808 |  |  * This function can be used to prevent denial of service | 
| 809 |  |  * attacks to a DTLS server by requiring the client to | 
| 810 |  |  * reply using a cookie sent by this function. That way | 
| 811 |  |  * it can be ensured that a client we allocated resources | 
| 812 |  |  * for (i.e. #gnutls_session_t) is the one that the  | 
| 813 |  |  * original incoming packet was originated from. | 
| 814 |  |  * | 
| 815 |  |  * This function must be called at the first incoming packet, | 
| 816 |  |  * prior to allocating any resources and must be succeeded | 
| 817 |  |  * by gnutls_dtls_cookie_verify(). | 
| 818 |  |  * | 
| 819 |  |  * Returns: the number of bytes sent, or a negative error code.   | 
| 820 |  |  * | 
| 821 |  |  * Since: 3.0 | 
| 822 |  |  **/ | 
| 823 |  | int gnutls_dtls_cookie_send(gnutls_datum_t * key, void *client_data, | 
| 824 |  |           size_t client_data_size, | 
| 825 |  |           gnutls_dtls_prestate_st * prestate, | 
| 826 |  |           gnutls_transport_ptr_t ptr, | 
| 827 |  |           gnutls_push_func push_func) | 
| 828 | 0 | { | 
| 829 | 0 |   uint8_t hvr[20 + DTLS_HANDSHAKE_HEADER_SIZE + COOKIE_SIZE]; | 
| 830 | 0 |   int hvr_size = 0, ret; | 
| 831 | 0 |   uint8_t digest[C_HASH_SIZE]; | 
| 832 |  | 
 | 
| 833 | 0 |   if (key == NULL || key->data == NULL || key->size == 0) | 
| 834 | 0 |     return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); | 
| 835 |  |  | 
| 836 |  | /* send | 
| 837 |  |  *  struct { | 
| 838 |  |  *    ContentType type - 1 byte GNUTLS_HANDSHAKE; | 
| 839 |  |  *    ProtocolVersion version; - 2 bytes (254,255) | 
| 840 |  |  *    uint16 epoch; - 2 bytes (0, 0) | 
| 841 |  |  *    uint48 sequence_number; - 4 bytes (0,0,0,0) | 
| 842 |  |  *    uint16 length; - 2 bytes (COOKIE_SIZE+1+2)+DTLS_HANDSHAKE_HEADER_SIZE | 
| 843 |  |  *    uint8_t fragment[DTLSPlaintext.length]; | 
| 844 |  |  *  } DTLSPlaintext; | 
| 845 |  |  * | 
| 846 |  |  * | 
| 847 |  |  * struct { | 
| 848 |  |  *    HandshakeType msg_type; 1 byte - GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST | 
| 849 |  |  *    uint24 length; - COOKIE_SIZE+3 | 
| 850 |  |  *    uint16 message_seq; - 2 bytes (0,0) | 
| 851 |  |  *    uint24 fragment_offset; - 3 bytes (0,0,0) | 
| 852 |  |  *    uint24 fragment_length; - same as length | 
| 853 |  |  * } | 
| 854 |  |  * | 
| 855 |  |  * struct { | 
| 856 |  |  *   ProtocolVersion server_version; | 
| 857 |  |  *   uint8_t cookie<0..32>; | 
| 858 |  |  * } HelloVerifyRequest; | 
| 859 |  |  */ | 
| 860 |  |  | 
| 861 | 0 |   hvr[hvr_size++] = GNUTLS_HANDSHAKE; | 
| 862 |  |   /* version */ | 
| 863 | 0 |   hvr[hvr_size++] = 254; | 
| 864 | 0 |   hvr[hvr_size++] = 255; | 
| 865 |  |  | 
| 866 |  |   /* epoch + seq */ | 
| 867 | 0 |   memset(&hvr[hvr_size], 0, 8); | 
| 868 | 0 |   hvr_size += 7; | 
| 869 | 0 |   hvr[hvr_size++] = prestate->record_seq; | 
| 870 |  |  | 
| 871 |  |   /* length */ | 
| 872 | 0 |   _gnutls_write_uint16(DTLS_HANDSHAKE_HEADER_SIZE + COOKIE_SIZE + 3, | 
| 873 | 0 |            &hvr[hvr_size]); | 
| 874 | 0 |   hvr_size += 2; | 
| 875 |  |  | 
| 876 |  |   /* now handshake headers */ | 
| 877 | 0 |   hvr[hvr_size++] = GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST; | 
| 878 | 0 |   _gnutls_write_uint24(COOKIE_SIZE + 3, &hvr[hvr_size]); | 
| 879 | 0 |   hvr_size += 3; | 
| 880 |  |  | 
| 881 |  |   /* handshake seq */ | 
| 882 | 0 |   hvr[hvr_size++] = 0; | 
| 883 | 0 |   hvr[hvr_size++] = prestate->hsk_write_seq; | 
| 884 |  | 
 | 
| 885 | 0 |   _gnutls_write_uint24(0, &hvr[hvr_size]); | 
| 886 | 0 |   hvr_size += 3; | 
| 887 |  | 
 | 
| 888 | 0 |   _gnutls_write_uint24(COOKIE_SIZE + 3, &hvr[hvr_size]); | 
| 889 | 0 |   hvr_size += 3; | 
| 890 |  |  | 
| 891 |  |   /* version */ | 
| 892 | 0 |   hvr[hvr_size++] = 254; | 
| 893 | 0 |   hvr[hvr_size++] = 255; | 
| 894 | 0 |   hvr[hvr_size++] = COOKIE_SIZE; | 
| 895 |  | 
 | 
| 896 | 0 |   ret = | 
| 897 | 0 |       _gnutls_mac_fast(C_HASH, key->data, key->size, client_data, | 
| 898 | 0 |            client_data_size, digest); | 
| 899 | 0 |   if (ret < 0) | 
| 900 | 0 |     return gnutls_assert_val(ret); | 
| 901 |  |  | 
| 902 | 0 |   memcpy(&hvr[hvr_size], digest, COOKIE_MAC_SIZE); | 
| 903 | 0 |   hvr_size += COOKIE_MAC_SIZE; | 
| 904 |  | 
 | 
| 905 | 0 |   ret = push_func(ptr, hvr, hvr_size); | 
| 906 | 0 |   if (ret < 0) | 
| 907 | 0 |     ret = GNUTLS_E_PUSH_ERROR; | 
| 908 |  | 
 | 
| 909 | 0 |   return ret; | 
| 910 | 0 | } | 
| 911 |  |  | 
| 912 |  | /** | 
| 913 |  |  * gnutls_dtls_cookie_verify: | 
| 914 |  |  * @key: is a random key to be used at cookie generation | 
| 915 |  |  * @client_data: contains data identifying the client (i.e. address) | 
| 916 |  |  * @client_data_size: The size of client's data | 
| 917 |  |  * @_msg: An incoming message that initiates a connection. | 
| 918 |  |  * @msg_size: The size of the message. | 
| 919 |  |  * @prestate: The cookie of this client. | 
| 920 |  |  * | 
| 921 |  |  * This function will verify the received message for | 
| 922 |  |  * a valid cookie. If a valid cookie is returned then | 
| 923 |  |  * it should be associated with the session using | 
| 924 |  |  * gnutls_dtls_prestate_set(); | 
| 925 |  |  * | 
| 926 |  |  * This function must be called after gnutls_dtls_cookie_send(). | 
| 927 |  |  * | 
| 928 |  |  * Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.   | 
| 929 |  |  * | 
| 930 |  |  * Since: 3.0 | 
| 931 |  |  **/ | 
| 932 |  | int gnutls_dtls_cookie_verify(gnutls_datum_t * key, | 
| 933 |  |             void *client_data, size_t client_data_size, | 
| 934 |  |             void *_msg, size_t msg_size, | 
| 935 |  |             gnutls_dtls_prestate_st * prestate) | 
| 936 | 0 | { | 
| 937 | 0 |   gnutls_datum_t cookie; | 
| 938 | 0 |   int ret; | 
| 939 | 0 |   unsigned int pos, sid_size; | 
| 940 | 0 |   uint8_t *msg = _msg; | 
| 941 | 0 |   uint8_t digest[C_HASH_SIZE]; | 
| 942 |  | 
 | 
| 943 | 0 |   if (key == NULL || key->data == NULL || key->size == 0) | 
| 944 | 0 |     return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); | 
| 945 |  |  | 
| 946 |  |   /* format: | 
| 947 |  |    * version - 2 bytes | 
| 948 |  |    * random - 32 bytes | 
| 949 |  |    * session_id - 1 byte length + content | 
| 950 |  |    * cookie - 1 byte length + content | 
| 951 |  |    */ | 
| 952 |  |  | 
| 953 | 0 |   pos = 34 + DTLS_RECORD_HEADER_SIZE + DTLS_HANDSHAKE_HEADER_SIZE; | 
| 954 |  | 
 | 
| 955 | 0 |   if (msg_size < pos + 1) | 
| 956 | 0 |     return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); | 
| 957 |  |  | 
| 958 | 0 |   sid_size = msg[pos++]; | 
| 959 |  | 
 | 
| 960 | 0 |   if (sid_size > 32 || msg_size < pos + sid_size + 1) | 
| 961 | 0 |     return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); | 
| 962 |  |  | 
| 963 | 0 |   pos += sid_size; | 
| 964 | 0 |   cookie.size = msg[pos++]; | 
| 965 |  | 
 | 
| 966 | 0 |   if (msg_size < pos + cookie.size + 1) | 
| 967 | 0 |     return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); | 
| 968 |  |  | 
| 969 | 0 |   cookie.data = &msg[pos]; | 
| 970 | 0 |   if (cookie.size != COOKIE_SIZE) { | 
| 971 | 0 |     if (cookie.size > 0) | 
| 972 | 0 |       _gnutls_audit_log(NULL, | 
| 973 | 0 |             "Received cookie with illegal size %d. Expected %d\n", | 
| 974 | 0 |             (int)cookie.size, COOKIE_SIZE); | 
| 975 | 0 |     return gnutls_assert_val(GNUTLS_E_BAD_COOKIE); | 
| 976 | 0 |   } | 
| 977 |  |  | 
| 978 | 0 |   ret = | 
| 979 | 0 |       _gnutls_mac_fast(C_HASH, key->data, key->size, client_data, | 
| 980 | 0 |            client_data_size, digest); | 
| 981 | 0 |   if (ret < 0) | 
| 982 | 0 |     return gnutls_assert_val(ret); | 
| 983 |  |  | 
| 984 | 0 |   if (memcmp(digest, cookie.data, COOKIE_MAC_SIZE) != 0) | 
| 985 | 0 |     return gnutls_assert_val(GNUTLS_E_BAD_COOKIE); | 
| 986 |  |  | 
| 987 | 0 |   prestate->record_seq = msg[10]; /* client's record seq */ | 
| 988 | 0 |   prestate->hsk_read_seq = msg[DTLS_RECORD_HEADER_SIZE + 5];  /* client's hsk seq */ | 
| 989 | 0 |   prestate->hsk_write_seq = 0;  /* we always send zero for this msg */ | 
| 990 |  | 
 | 
| 991 | 0 |   return 0; | 
| 992 | 0 | } | 
| 993 |  |  | 
| 994 |  | /** | 
| 995 |  |  * gnutls_dtls_prestate_set: | 
| 996 |  |  * @session: a new session | 
| 997 |  |  * @prestate: contains the client's prestate | 
| 998 |  |  * | 
| 999 |  |  * This function will associate the prestate acquired by | 
| 1000 |  |  * the cookie authentication with the client, with the newly  | 
| 1001 |  |  * established session. | 
| 1002 |  |  * | 
| 1003 |  |  * This functions must be called after a successful gnutls_dtls_cookie_verify() | 
| 1004 |  |  * and should be succeeded by the actual DTLS handshake using gnutls_handshake(). | 
| 1005 |  |  * | 
| 1006 |  |  * Since: 3.0 | 
| 1007 |  |  **/ | 
| 1008 |  | void gnutls_dtls_prestate_set(gnutls_session_t session, | 
| 1009 |  |             gnutls_dtls_prestate_st * prestate) | 
| 1010 | 0 | { | 
| 1011 | 0 |   record_parameters_st *params; | 
| 1012 | 0 |   int ret; | 
| 1013 |  | 
 | 
| 1014 | 0 |   if (prestate == NULL) | 
| 1015 | 0 |     return; | 
| 1016 |  |  | 
| 1017 |  |   /* we do not care about read_params, since we accept anything | 
| 1018 |  |    * the peer sends. | 
| 1019 |  |    */ | 
| 1020 | 0 |   ret = _gnutls_epoch_get(session, EPOCH_WRITE_CURRENT, ¶ms); | 
| 1021 | 0 |   if (ret < 0) | 
| 1022 | 0 |     return; | 
| 1023 |  |  | 
| 1024 | 0 |   params->write.sequence_number = prestate->record_seq; | 
| 1025 |  | 
 | 
| 1026 | 0 |   session->internals.dtls.hsk_read_seq = prestate->hsk_read_seq; | 
| 1027 | 0 |   session->internals.dtls.hsk_write_seq = prestate->hsk_write_seq + 1; | 
| 1028 | 0 | } | 
| 1029 |  |  | 
| 1030 |  | /** | 
| 1031 |  |  * gnutls_record_get_discarded: | 
| 1032 |  |  * @session: is a #gnutls_session_t type. | 
| 1033 |  |  * | 
| 1034 |  |  * Returns the number of discarded packets in a | 
| 1035 |  |  * DTLS connection. | 
| 1036 |  |  * | 
| 1037 |  |  * Returns: The number of discarded packets. | 
| 1038 |  |  * | 
| 1039 |  |  * Since: 3.0 | 
| 1040 |  |  **/ | 
| 1041 |  | unsigned int gnutls_record_get_discarded(gnutls_session_t session) | 
| 1042 | 0 | { | 
| 1043 | 0 |   return session->internals.dtls.packets_dropped; | 
| 1044 | 0 | } |