Skip to content
Snippets Groups Projects
Commit b7d8e3af authored by Synchronet Admin's avatar Synchronet Admin
Browse files

Add flag to tell of PSK was used 

This allows adding a cert and PSK to TLS and being able to know
that PSK was used.
parent 377a9712
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
cryptlib.h
+ 1
0
View file @ b7d8e3af
...@@ -1767,6 +1767,7 @@ typedef enum { ...@@ -1767,6 +1767,7 @@ typedef enum {
#define CRYPT_TLSOPTION_RESUMED 0x080 /* TLS session is resumed */ #define CRYPT_TLSOPTION_RESUMED 0x080 /* TLS session is resumed */
#define CRYPT_TLSOPTION_SUITEB_128 0x100 /* SuiteB security levels (will */ #define CRYPT_TLSOPTION_SUITEB_128 0x100 /* SuiteB security levels (will */
#define CRYPT_TLSOPTION_SUITEB_256 0x200 /* vanish in future releases) */ #define CRYPT_TLSOPTION_SUITEB_256 0x200 /* vanish in future releases) */
#define CRYPT_TLSOPTION_USED_PSK 0x200 /* Synchronet extension */
#ifdef _CRYPT_DEFINED #ifdef _CRYPT_DEFINED
#define CRYPT_TLSOPTION_MAX 0x07F /* Defines for range checking */ #define CRYPT_TLSOPTION_MAX 0x07F /* Defines for range checking */
#endif /* _CRYPT_DEFINED */ #endif /* _CRYPT_DEFINED */
......
session/tls.c
+ 3
0
View file @ b7d8e3af
...@@ -1219,6 +1219,9 @@ static int getAttributeFunction( INOUT_PTR SESSION_INFO *sessionInfoPtr, ...@@ -1219,6 +1219,9 @@ static int getAttributeFunction( INOUT_PTR SESSION_INFO *sessionInfoPtr,
if( TEST_FLAG( sessionInfoPtr->protocolFlags, \ if( TEST_FLAG( sessionInfoPtr->protocolFlags, \
TLS_PFLAG_RESUMED_SESSION ) ) TLS_PFLAG_RESUMED_SESSION ) )
*valuePtr |= CRYPT_TLSOPTION_RESUMED; *valuePtr |= CRYPT_TLSOPTION_RESUMED;
if( TEST_FLAG( sessionInfoPtr->protocolFlags, \
TLS_PFLAG_USED_PSK) )
*valuePtr |= CRYPT_TLSOPTION_USED_PSK;
return( CRYPT_OK ); return( CRYPT_OK );
} }
......
session/tls.h
+ 2
1
View file @ b7d8e3af
...@@ -156,7 +156,8 @@ ...@@ -156,7 +156,8 @@
#define TLS_PFLAG_TLS12LTS 0x1000 /* Use TLS 1.2 LTS profile */ #define TLS_PFLAG_TLS12LTS 0x1000 /* Use TLS 1.2 LTS profile */
#define TLS_PFLAG_SERVER_SNI 0x2000 /* Apply server key switching for SNI */ #define TLS_PFLAG_SERVER_SNI 0x2000 /* Apply server key switching for SNI */
#define TLS_PFLAG_RESUMED_SESSION 0x4000 /* Session is resumed */ #define TLS_PFLAG_RESUMED_SESSION 0x4000 /* Session is resumed */
#define TLS_PFLAG_MAX 0x7FFF /* Maximum possible flag value */ #define TLS_PFLAG_USED_PSK 0x8000 /* Session is resumed */
#define TLS_PFLAG_MAX 0xFFFF /* Maximum possible flag value */
/* Some of the flags above denote extended TLS facilities that need to be /* Some of the flags above denote extended TLS facilities that need to be
preserved across session resumptions. The following value defines the preserved across session resumptions. The following value defines the
......
session/tls_svr.c
+ 3
0
View file @ b7d8e3af
...@@ -700,6 +700,9 @@ static int processPSKKeyex( INOUT_PTR SESSION_INFO *sessionInfoPtr, ...@@ -700,6 +700,9 @@ static int processPSKKeyex( INOUT_PTR SESSION_INFO *sessionInfoPtr,
} }
ENSURES( LOOP_BOUND_OK ); ENSURES( LOOP_BOUND_OK );
/* Indicate we used PSK */
SET_FLAG(sessionInfoPtr->protocolFlags, TLS_PFLAG_USED_PSK);
/* If it's PSK with DH, perform the keyex with the PSK added */ /* If it's PSK with DH, perform the keyex with the PSK added */
if( isKeyex ) if( isKeyex )
{ {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment