git.samba.org / gd / gnutls / blob
? search:


dbb98cf620e5beb03500d104f9434bb4515ecb53
[gd/gnutls] / lib / ext / max_record.c
1 /*
2  * Copyright (C) 2001-2012 Free Software Foundation, Inc.
3  *
4  * Author: Nikos Mavrogiannopoulos
5  *
6  * This file is part of GnuTLS.
7  *
8  * The GnuTLS is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Lesser General Public License
10  * as published by the Free Software Foundation; either version 2.1 of
11  * the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * Lesser General Public License for more details.
17  *
18  * You should have received a copy of the GNU Lesser General Public License
19  * along with this program.  If not, see <https://www.gnu.org/licenses/>
20  *
21  */
22
23 /* This file contains the code for the Max Record Size TLS extension.
24  */
25
26 #include "gnutls_int.h"
27 #include "errors.h"
28 #include "num.h"
29 #include <hello_ext.h>
30 #include <ext/max_record.h>
31
32 static int _gnutls_max_record_recv_params(gnutls_session_t session,
33                                           const uint8_t * data,
34                                           size_t data_size);
35 static int _gnutls_max_record_send_params(gnutls_session_t session,
36                                           gnutls_buffer_st * extdata);
37
38 /* Maps record size to numbers according to the
39  * extensions draft.
40  */
41 static int _gnutls_mre_num2record(int num);
42 static int _gnutls_mre_record2num(uint16_t record_size);
43
44
45 const hello_ext_entry_st ext_mod_max_record_size = {
46         .name = "Maximum Record Size",
47         .tls_id = 1,
48         .gid = GNUTLS_EXTENSION_MAX_RECORD_SIZE,
49         .parse_type = GNUTLS_EXT_TLS,
50         .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_DTLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
51                     GNUTLS_EXT_FLAG_EE | GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO,
52         .recv_func = _gnutls_max_record_recv_params,
53         .send_func = _gnutls_max_record_send_params
54 };
55
56 /* 
57  * In case of a server: if a MAX_RECORD_SIZE extension type is received then it stores
58  * into the session the new value. The server may use gnutls_get_max_record_size(),
59  * in order to access it.
60  *
61  * In case of a client: If a different max record size (than the default) has
62  * been specified then it sends the extension.
63  *
64  */
65
66 static int
67 _gnutls_max_record_recv_params(gnutls_session_t session,
68                                const uint8_t * data, size_t _data_size)
69 {
70         ssize_t new_size;
71         ssize_t data_size = _data_size;
72
73         if (session->internals.hsk_flags & HSK_RECORD_SIZE_LIMIT_NEGOTIATED)
74                 return 0;
75
76         if (session->security_parameters.entity == GNUTLS_SERVER) {
77                 if (data_size > 0) {
78                         DECR_LEN(data_size, 1);
79
80                         new_size = _gnutls_mre_num2record(data[0]);
81
82                         if (new_size < 0) {
83                                 gnutls_assert();
84                                 return new_size;
85                         }
86
87                         session->security_parameters.max_record_send_size =
88                             new_size;
89                         session->security_parameters.max_record_recv_size =
90                             new_size;
91                 }
92         } else {                /* CLIENT SIDE - we must check if the sent record size is the right one 
93                                  */
94                 if (data_size > 0) {
95                         if (data_size != 1) {
96                                 gnutls_assert();
97                                 return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
98                         }
99
100                         new_size = _gnutls_mre_num2record(data[0]);
101
102                         if (new_size < 0) {
103                                 gnutls_assert();
104                                 return new_size;
105                         }
106
107                         if (new_size != session->security_parameters.
108                             max_user_record_send_size) {
109                                 gnutls_assert();
110                                 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
111                         } else {
112                                 session->security_parameters.
113                                     max_record_send_size = new_size;
114                                 session->security_parameters.
115                                     max_record_recv_size = new_size;
116                         }
117
118                 }
119
120
121         }
122
123         return 0;
124 }
125
126 /* returns data_size or a negative number on failure
127  */
128 static int
129 _gnutls_max_record_send_params(gnutls_session_t session,
130                                gnutls_buffer_st * extdata)
131 {
132         uint8_t p;
133         int ret;
134
135         /* this function sends the client extension data (dnsname) */
136         if (session->security_parameters.entity == GNUTLS_CLIENT) {
137                 /* if the user limits for sending and receiving are
138                  * different, that means the programmer had chosen to
139                  * use record_size_limit instead */
140                 if (session->security_parameters.max_user_record_send_size !=
141                     session->security_parameters.max_user_record_recv_size)
142                         return 0;
143
144                 if (session->security_parameters.max_user_record_send_size !=
145                     DEFAULT_MAX_RECORD_SIZE) {
146                         ret = _gnutls_mre_record2num
147                               (session->security_parameters.
148                                max_user_record_send_size);
149
150                         /* it's not an error, as long as we send the
151                          * record_size_limit extension with that value */
152                         if (ret < 0)
153                                 return 0;
154
155                         p = (uint8_t) ret;
156                         ret = _gnutls_buffer_append_data(extdata, &p, 1);
157                         if (ret < 0)
158                                 return gnutls_assert_val(ret);
159
160                         return 1;
161                 }
162
163         } else {                /* server side */
164
165                 if (session->internals.hsk_flags & HSK_RECORD_SIZE_LIMIT_SENT)
166                         return 0;
167
168                 if (session->security_parameters.max_record_recv_size !=
169                     DEFAULT_MAX_RECORD_SIZE) {
170                         ret = _gnutls_mre_record2num
171                               (session->security_parameters.
172                                max_record_recv_size);
173                         if (ret < 0)
174                                 return gnutls_assert_val(ret);
175
176                         p = (uint8_t) ret;
177                         ret = _gnutls_buffer_append_data(extdata, &p, 1);
178                         if (ret < 0)
179                                 return gnutls_assert_val(ret);
180
181                         return 1;
182                 }
183         }
184
185         return 0;
186 }
187
188
189 /* Maps numbers to record sizes according to the
190  * extensions draft.
191  */
192 static int _gnutls_mre_num2record(int num)
193 {
194         switch (num) {
195         case 1:
196                 return 512;
197         case 2:
198                 return 1024;
199         case 3:
200                 return 2048;
201         case 4:
202                 return 4096;
203         default:
204                 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
205         }
206 }
207
208 /* Maps record size to numbers according to the
209  * extensions draft.
210  */
211 static int _gnutls_mre_record2num(uint16_t record_size)
212 {
213         switch (record_size) {
214         case 512:
215                 return 1;
216         case 1024:
217                 return 2;
218         case 2048:
219                 return 3;
220         case 4096:
221                 return 4;
222         default:
223                 return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
224         }
225
226 }
227
228 /**
229  * gnutls_record_get_max_size:
230  * @session: is a #gnutls_session_t type.
231  *
232  * Get the record size.  The maximum record size is negotiated by the
233  * client after the first handshake message.
234  *
235  * Returns: The maximum record packet size in this connection.
236  **/
237 size_t gnutls_record_get_max_size(gnutls_session_t session)
238 {
239         /* Recv will hold the negotiated max record size
240          * always.
241          */
242         return session->security_parameters.max_record_recv_size;
243 }
244
245
246 /**
247  * gnutls_record_set_max_size:
248  * @session: is a #gnutls_session_t type.
249  * @size: is the new size
250  *
251  * This function sets the maximum amount of plaintext sent and
252  * received in a record in this connection.
253  *
254  * Prior to 3.6.4, this function was implemented using a TLS extension
255  * called 'max fragment length', which limits the acceptable values to
256  * 512(=2^9), 1024(=2^10), 2048(=2^11) and 4096(=2^12).
257  *
258  * Since 3.6.4, the limit is also negotiated through a new TLS
259  * extension called 'record size limit', which doesn't have the
260  * limitation, as long as the value ranges between 512 and 16384.
261  * Note that while the 'record size limit' extension is preferred, not
262  * all TLS implementations use or even understand the extension.
263  *
264  * Deprecated: if the client can assume that the 'record size limit'
265  * extension is supported by the server, we recommend using
266  * gnutls_record_set_max_recv_size() instead.
267  *
268  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
269  *   otherwise a negative error code is returned.
270  **/
271 ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size)
272 {
273         if (size < MIN_RECORD_SIZE || size > DEFAULT_MAX_RECORD_SIZE)
274                 return GNUTLS_E_INVALID_REQUEST;
275
276         if (session->internals.handshake_in_progress)
277                 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
278
279         session->security_parameters.max_user_record_send_size = size;
280         session->security_parameters.max_user_record_recv_size = size;
281
282         return 0;
283 }
284
285 /**
286  * gnutls_record_set_max_recv_size:
287  * @session: is a #gnutls_session_t type.
288  * @size: is the new size
289  *
290  * This function sets the maximum amount of plaintext received in a
291  * record in this connection.
292  *
293  * The limit is also negotiated through a TLS extension called 'record
294  * size limit'.  Note that while the 'record size limit' extension is
295  * preferred, not all TLS implementations use or even understand the
296  * extension.
297  *
298  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
299  *   otherwise a negative error code is returned.
300  *
301  * Since: 3.6.8
302  **/
303 ssize_t gnutls_record_set_max_recv_size(gnutls_session_t session, size_t size)
304 {
305         if (size <
306             (session->internals.allow_small_records ?
307              MIN_RECORD_SIZE_SMALL : MIN_RECORD_SIZE) ||
308             size > DEFAULT_MAX_RECORD_SIZE)
309                 return GNUTLS_E_INVALID_REQUEST;
310
311         if (session->internals.handshake_in_progress)
312                 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
313
314         session->security_parameters.max_user_record_recv_size = size;
315
316         return 0;
317 }
Unnamed repository; edit this file 'description' to name the repository.