commit 35eb80210328c2776e1600804b13dd4e2961a292
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu May 16 11:11:08 2019 +0200
committer Jarno Lamsa <jarno.lamsa@arm.com> Fri Aug 23 12:48:41 2019 +0300
tree 3b10476cf509ef9730fd16f4d11d7fda83f03c0a
parent a3e7c65101a05479a1d1d0c1ebd50275241b2427

Add support for serialisation session with ticket

On client side, this is required for the main use case where of serialising a
session for later resumption, in case tickets are used.

On server side, this doesn't change much as ticket_len will always be 0.

This unblocks testing the functions by using them in ssl_client2, which will
be done in the next commit.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5c67bf7..5a4faa7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -9836,16 +9836,17 @@
 
 /*
  * Serialize a session in the following format:
+ * (in the presentation language of TLS, RFC 8446 section 3)
  *
- * - If MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is enabled:
- *    0       .   n-1   session structure, n = sizeof(mbedtls_ssl_session)
- *    n       .   n+2   peer_cert length = m (0 if no certificate)
- *    n+3     .   n+2+m peer cert ASN.1
+ *  opaque session_struct[n];       // n = sizeof(mbedtls_ssl_session)
+ *  select (MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) {
+ *      case enabled:  opaque peer_cert<0..2^24-1>; // length 0 means no cert
+ *      case disabled: uint8_t peer_cert_digest_type;
+ *                     opaque peer_cert_digest<0..2^8-1>;
+ *  }
+ *  opaque ticket<0..2^24-1>;       // 0 means no ticket
  *
- * - If MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is disabled:
- *    0       .   n-1   session structure, n = sizeof(mbedtls_ssl_session)
- *    n       .   n     length of peer certificate digest = k (0 if no digest)
- *    n+1     .   n+k   peer certificate digest (digest type encoded in session)
+ * Only the peer's certificate is saved, not the whole chain.
  */
 int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
                               unsigned char *buf,
@@ -9862,16 +9863,22 @@
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
+    /*
+     * Shallow copy of the session structure
+     */
     if( left < sizeof( mbedtls_ssl_session ) )
         return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    left -= sizeof( mbedtls_ssl_session );
 
     /* This also copies the values of pointer fields in the
      * session to be serialized, but they'll be ignored when
      * loading the session through ssl_load_session(). */
     memcpy( p, session, sizeof( mbedtls_ssl_session ) );
     p += sizeof( mbedtls_ssl_session );
-    left -= sizeof( mbedtls_ssl_session );
 
+    /*
+     * Copy of the peer's end-entity certificate
+     */
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     if( session->peer_cert == NULL )
@@ -9881,6 +9888,7 @@
 
     if( left < 3 + cert_len )
         return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    left -= 3 + cert_len;
 
     *p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF );
     *p++ = (unsigned char)( ( cert_len >>  8 ) & 0xFF );
@@ -9888,7 +9896,10 @@
     left -= 3;
 
     if( session->peer_cert != NULL )
+    {
         memcpy( p, session->peer_cert->raw.p, cert_len );
+        p += cert_len;
+    }
 
     p += cert_len;
     left -= cert_len;
@@ -9912,6 +9923,27 @@
 #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
+    /*
+     * Copy of the session ticket if any
+     */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+    if( left < 3 + session->ticket_len )
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+    left -= 3 + session->ticket_len;
+
+    *p++ = (unsigned char)( ( session->ticket_len >> 16 ) & 0xFF );
+    *p++ = (unsigned char)( ( session->ticket_len >>  8 ) & 0xFF );
+    *p++ = (unsigned char)( ( session->ticket_len       ) & 0xFF );
+
+    if( session->ticket != NULL )
+    {
+        memcpy( p, session->ticket, session->ticket_len );
+        p += session->ticket_len;
+    }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+    /* Done */
+    (void) left;
     *olen = p - buf;
 
     return( 0 );
@@ -9934,6 +9966,9 @@
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
+    /*
+     * Shallow session structure
+     */
     if( sizeof( mbedtls_ssl_session ) > (size_t)( end - p ) )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
@@ -9953,6 +9988,9 @@
     session->ticket = NULL;
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
 
+    /*
+     * Peer certificate
+     */
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     /* Deserialize CRT from the end of the ticket. */
@@ -10013,6 +10051,31 @@
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
+    /*
+     * Session ticket
+     */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+    if( 3 > (size_t)( end - p ) )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2];
+    p += 3;
+
+    if( session->ticket_len != 0 )
+    {
+        if( session->ticket_len > (size_t)( end - p ) )
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+        session->ticket = mbedtls_calloc( 1, session->ticket_len );
+        if( session->ticket == NULL )
+            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+
+        memcpy( session->ticket, p, session->ticket_len );
+        p += session->ticket_len;
+    }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+    /* Done, should have consumed entire buffer */
     if( p != end )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );