Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Secure Session serialization format #658

Merged
merged 2 commits into from
Jun 16, 2020
Merged

Fix Secure Session serialization format #658

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
878062e
Fix Secure Session serialization format
ilammy Jun 16, 2020
2b27caa
Fix typo in constant name
ilammy Jun 16, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,11 @@ _Code:_

provide Seal mode API that is safe to use with passphrases ([#577](https://github.com/cossacklabs/themis/pull/577)).

- **Secure Session**

- Fixed serialization issue in `secure_session_save()` and `secure_session_load()` methods
([#658](https://github.com/cossacklabs/themis/pull/658).

- **Breaking changes**

- <a id="0.13.0-drop-0.9.6-compat">Secure Cell compatibility with Themis 0.9.6 is now disabled by default ([#614](https://github.com/cossacklabs/themis/pull/614)).
Expand Down Expand Up @@ -70,6 +75,8 @@ _Code:_
([#639](https://github.com/cossacklabs/themis/pull/639)).
- Updated embedded BoringSSL to the latest version
([#643](https://github.com/cossacklabs/themis/pull/643)).
- Fixed broken `SecureSession#save` and `SecureSession#restore` methods
([#658](https://github.com/cossacklabs/themis/pull/658).

- **Breaking changes**

Expand Down Expand Up @@ -390,6 +397,8 @@ _Code:_
([#633](https://github.com/cossacklabs/themis/pull/633)).
- Kotlin is now officially supported language for JavaThemis
([#637](https://github.com/cossacklabs/themis/pull/637).
- Fixed broken `SecureSession#save` and `SecureSession#restore` methods
([#658](https://github.com/cossacklabs/themis/pull/658).

- Secure Cell API updates:

Expand Down
41 changes: 33 additions & 8 deletions src/themis/secure_session_serialize.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,35 @@

#define THEMIS_SESSION_CONTEXT_TAG "TSSC"

#define SESSION_CTX_SERIZALIZED_SIZE(ctx) \
(sizeof((ctx)->session_id) + sizeof((ctx)->is_client) + sizeof((ctx)->session_master_key) \
+ sizeof((ctx)->out_seq) + sizeof((ctx)->in_seq))
/*
* Data layout of serialized Secure Session state looks like this:
Copy link
Contributor

@vixentael vixentael Jun 16, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

woa, that looks amazing!

*
* 0 1 2 3 4 5 6 7
* +--------+--------+--------+--------+--------+--------+--------+--------+
* | 'T' | 'S' | 'S' | 'C' | size | Soter Container header
* +--------+--------+--------+--------+--------+--------+--------+--------+
* | CRC |
* +--------+--------+--------+--------+
*
* +--------+--------+--------+--------+--------+--------+--------+--------+
* | session ID | is_client | Secure Session context
* +--------+--------+--------+--------+--------+--------+--------+--------+
* | Secure Session master key |
* + - - - -+ - - - -+ - - - -+ - - - -+ - - - -+ - - - -+ - - - -+ - - - -+
* | |
* + - - - -+ - - - -+ - - - -+ - - - -+ - - - -+ - - - -+ - - - -+ - - - -+
* | |
* + - - - -+ - - - -+ - - - -+ - - - -+ - - - -+ - - - -+ - - - -+ - - - -+
* | |
* +--------+--------+--------+--------+--------+--------+--------+--------+
* | out seqnum | in seqnum |
* +--------+--------+--------+--------+--------+--------+--------+--------+
*
* All values are unsigned and encoded as big-endian.
*/

#define SESSION_CTX_SERIALIZED_SIZE \
(2 * sizeof(uint32_t) + SESSION_MASTER_KEY_LENGTH + 2 * sizeof(uint32_t))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bloody magic


themis_status_t secure_session_save(const secure_session_t* session_ctx, void* out, size_t* out_length)
{
Expand All @@ -45,15 +71,14 @@ themis_status_t secure_session_save(const secure_session_t* session_ctx, void* o

/* | session_id | is_client | master_key | out_seq | in_seq | */

if ((!out)
|| (*out_length < (sizeof(soter_container_hdr_t) + SESSION_CTX_SERIZALIZED_SIZE(session_ctx)))) {
*out_length = (sizeof(soter_container_hdr_t) + SESSION_CTX_SERIZALIZED_SIZE(session_ctx));
if ((!out) || (*out_length < (sizeof(soter_container_hdr_t) + SESSION_CTX_SERIALIZED_SIZE))) {
*out_length = (sizeof(soter_container_hdr_t) + SESSION_CTX_SERIALIZED_SIZE);
return THEMIS_BUFFER_TOO_SMALL;
}

*out_length = (sizeof(soter_container_hdr_t) + SESSION_CTX_SERIZALIZED_SIZE(session_ctx));
*out_length = (sizeof(soter_container_hdr_t) + SESSION_CTX_SERIALIZED_SIZE);

soter_container_set_data_size(hdr, SESSION_CTX_SERIZALIZED_SIZE(session_ctx));
soter_container_set_data_size(hdr, SESSION_CTX_SERIALIZED_SIZE);
memcpy(hdr->tag, THEMIS_SESSION_CONTEXT_TAG, SOTER_CONTAINER_TAG_LENGTH);

curr = (uint32_t*)soter_container_data(hdr);
Expand Down