commit 4c90e858b5b251f45232dfc2533e5685c4b5d133
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Jul 11 10:58:10 2019 +0200
committer Jarno Lamsa <jarno.lamsa@arm.com> Fri Aug 23 13:11:31 2019 +0300
tree 47b48f3a23832a2fc858b11274fb9e5941132141
parent 0ff76407d245166caea505cffa3273fbbae24067

Add (stub) header writing and checking

The number of meaning of the flags will be determined later, when handling the
relevant struct members. For now three bytes are reserved as an example, but
this number may change later.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d555c5a..e838c20 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -11284,6 +11284,17 @@
     mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) );
 }
 
+static unsigned char ssl_serialized_context_header[] = {
+    MBEDTLS_VERSION_MAJOR,
+    MBEDTLS_VERSION_MINOR,
+    MBEDTLS_VERSION_PATCH,
+    ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF,
+    ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF,
+    0, /* placeholder */
+    0, /* placeholder */
+    0, /* placeholder */
+};
+
 /*
  * Serialize a full SSL context
  *
@@ -11292,9 +11303,9 @@
  *
  *  // header
  *  opaque mbedtls_version[3];   // major, minor, patch
- *  opaque context_format[n];    // version-specific field determining
+ *  opaque context_format[5];    // version-specific field determining
  *                               // the format of the remaining
- *                               // serialized data. (n TBD)
+ *                               // serialized data.
  *  Note: When updating the format, remember to keep
  *        these version+format bytes. (To be confirmed.)
  *
@@ -11327,6 +11338,9 @@
                               size_t buf_len,
                               size_t *olen )
 {
+    unsigned char *p = buf;
+    size_t used = 0;
+
     /*
      * Enforce current usage restrictions
      */
@@ -11354,11 +11368,25 @@
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
-    /* Unimplemented */
-    if( buf != NULL )
-        memset( buf, 0, buf_len );
+    /*
+     * Version and format identifier
+     */
+    used += sizeof( ssl_serialized_context_header );
 
-    *olen = 0;
+    if( used <= buf_len )
+    {
+        memcpy( p, ssl_serialized_context_header,
+                sizeof( ssl_serialized_context_header ) );
+        p += sizeof( ssl_serialized_context_header );
+    }
+
+    /*
+     * Done
+     */
+    *olen = used;
+
+    if( used > buf_len )
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
 
     return( 0 );
 }
@@ -11370,6 +11398,9 @@
                               const unsigned char *buf,
                               size_t len )
 {
+    const unsigned char *p = buf;
+    const unsigned char * const end = buf + len;
+
     /*
      * The context should have been freshly setup or reset.
      * Give the user an error in case of obvious misuse.
@@ -11399,9 +11430,24 @@
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
-    /* Unimplemented */
-    (void) buf;
-    (void) len;
+    /*
+     * Check version identifier
+     */
+    if( (size_t)( end - p ) < sizeof( ssl_serialized_context_header ) )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
+    if( memcmp( p, ssl_serialized_context_header,
+                sizeof( ssl_serialized_context_header ) ) != 0 )
+    {
+        return( MBEDTLS_ERR_SSL_VERSION_MISMATCH );
+    }
+    p += sizeof( ssl_serialized_context_header );
+
+    /*
+     * Done - should have consumed entire buffer
+     */
+    if( p != end )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
 
     return( 0 );
 }