diff options
author | Jack Lloyd <[email protected]> | 2019-05-24 19:58:52 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2019-05-24 19:58:52 -0400 |
commit | 6ea7db98d8fa394efac32b544d8906b68882d3ed (patch) | |
tree | b2ce267561f0261ed3676a45041dda0f9c81e13b /src/lib/tls | |
parent | 1e320e6e5b5edd6680136231db040fa8ad01c311 (diff) |
More record layer refactorings
Diffstat (limited to 'src/lib/tls')
-rw-r--r-- | src/lib/tls/tls_cbc/tls_cbc.cpp | 4 | ||||
-rw-r--r-- | src/lib/tls/tls_record.cpp | 48 | ||||
-rw-r--r-- | src/lib/tls/tls_session_key.cpp | 46 | ||||
-rw-r--r-- | src/lib/tls/tls_session_key.h | 32 |
4 files changed, 56 insertions, 74 deletions
diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp index e14f2ab86..b23718d89 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.cpp +++ b/src/lib/tls/tls_cbc/tls_cbc.cpp @@ -94,8 +94,8 @@ void TLS_CBC_HMAC_AEAD_Mode::key_schedule(const uint8_t key[], size_t keylen) if(keylen != m_cipher_keylen + m_mac_keylen) throw Invalid_Key_Length(name(), keylen); - cbc().set_key(&key[0], m_cipher_keylen); - mac().set_key(&key[m_cipher_keylen], m_mac_keylen); + mac().set_key(&key[0], m_mac_keylen); + cbc().set_key(&key[m_mac_keylen], m_cipher_keylen); } void TLS_CBC_HMAC_AEAD_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index ccad351d2..43f89de96 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -1,6 +1,6 @@ /* * TLS Record Handling -* (C) 2012,2013,2014,2015,2016 Jack Lloyd +* (C) 2012,2013,2014,2015,2016,2019 Jack Lloyd * 2016 Juraj Somorovsky * 2016 Matthias Gierlings * @@ -33,27 +33,23 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, bool uses_encrypt_then_mac) : m_start_time(std::chrono::system_clock::now()) { - SymmetricKey mac_key, cipher_key; - InitializationVector iv; + m_nonce_format = suite.nonce_format(); + m_nonce_bytes_from_record = suite.nonce_bytes_from_record(version); + m_nonce_bytes_from_handshake = suite.nonce_bytes_from_handshake(); + + secure_vector<uint8_t> aead_key; if(side == CLIENT) { - cipher_key = keys.client_cipher_key(); - iv = keys.client_iv(); - mac_key = keys.client_mac_key(); + aead_key = keys.client_aead_key(); + m_nonce = keys.client_nonce(); } else { - cipher_key = keys.server_cipher_key(); - iv = keys.server_iv(); - mac_key = keys.server_mac_key(); + aead_key = keys.server_aead_key(); + m_nonce = keys.server_nonce(); } - m_nonce = unlock(iv.bits_of()); - m_nonce_format = suite.nonce_format(); - m_nonce_bytes_from_record = suite.nonce_bytes_from_record(version); - m_nonce_bytes_from_handshake = suite.nonce_bytes_from_handshake(); - BOTAN_ASSERT_NOMSG(m_nonce.size() == m_nonce_bytes_from_handshake); if(nonce_format() == Nonce_Format::CBC_MODE) @@ -84,10 +80,10 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, uses_encrypt_then_mac)); } - m_aead->set_key(cipher_key + mac_key); + m_aead->set_key(aead_key); if(our_side == false) - m_aead->start(iv.bits_of()); + m_aead->start(m_nonce); #else throw Internal_Error("Negotiated disabled TLS CBC+HMAC ciphersuite"); #endif @@ -95,17 +91,7 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, else { m_aead = AEAD_Mode::create_or_throw(suite.cipher_algo(), our_side ? ENCRYPTION : DECRYPTION); - - m_aead->set_key(cipher_key + mac_key); - - if(nonce_format() == Nonce_Format::AEAD_IMPLICIT_4) - { - m_nonce.resize(m_nonce.size() + 8); - } - else if(nonce_format() != Nonce_Format::AEAD_XOR_12) - { - throw Invalid_State("Invalid AEAD nonce format used"); - } + m_aead->set_key(aead_key); } } @@ -134,7 +120,9 @@ std::vector<uint8_t> Connection_Cipher_State::aead_nonce(uint64_t seq, RandomNum } case Nonce_Format::AEAD_IMPLICIT_4: { - std::vector<uint8_t> nonce = m_nonce; + BOTAN_ASSERT_NOMSG(m_nonce.size() == 4); + std::vector<uint8_t> nonce(12); + copy_mem(&nonce[0], m_nonce.data(), 4); store_be(seq, &nonce[nonce_bytes_from_handshake()]); return nonce; } @@ -164,9 +152,11 @@ Connection_Cipher_State::aead_nonce(const uint8_t record[], size_t record_len, u } case Nonce_Format::AEAD_IMPLICIT_4: { + BOTAN_ASSERT_NOMSG(m_nonce.size() == 4); if(record_len < nonce_bytes_from_record()) throw Decoding_Error("Invalid AEAD packet too short to be valid"); - std::vector<uint8_t> nonce = m_nonce; + std::vector<uint8_t> nonce(12); + copy_mem(&nonce[0], m_nonce.data(), 4); copy_mem(&nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record()); return nonce; } diff --git a/src/lib/tls/tls_session_key.cpp b/src/lib/tls/tls_session_key.cpp index 469d1d387..206681041 100644 --- a/src/lib/tls/tls_session_key.cpp +++ b/src/lib/tls/tls_session_key.cpp @@ -1,6 +1,6 @@ /* * TLS Session Key -* (C) 2004-2006,2011,2016 Jack Lloyd +* (C) 2004-2006,2011,2016,2019 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -48,17 +48,17 @@ Session_Keys::Session_Keys(const Handshake_State* state, } else { - secure_vector<uint8_t> salt; - secure_vector<uint8_t> label; + std::vector<uint8_t> salt; + std::vector<uint8_t> label; if(extended_master_secret) { - label += std::make_pair(EXT_MASTER_SECRET_MAGIC, sizeof(EXT_MASTER_SECRET_MAGIC)); + label.assign(EXT_MASTER_SECRET_MAGIC, EXT_MASTER_SECRET_MAGIC + sizeof(EXT_MASTER_SECRET_MAGIC)); salt += state->hash().final(state->version(), state->ciphersuite().prf_algo()); } else { - label += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC)); + label.assign(MASTER_SECRET_MAGIC, MASTER_SECRET_MAGIC + sizeof(MASTER_SECRET_MAGIC)); salt += state->client_hello()->random(); salt += state->server_hello()->random(); } @@ -66,32 +66,34 @@ Session_Keys::Session_Keys(const Handshake_State* state, m_master_sec = prf->derive_key(48, pre_master_secret, salt, label); } - secure_vector<uint8_t> salt; - secure_vector<uint8_t> label; - label += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC)); + std::vector<uint8_t> salt; + std::vector<uint8_t> label; + label.assign(KEY_GEN_MAGIC, KEY_GEN_MAGIC + sizeof(KEY_GEN_MAGIC)); salt += state->server_hello()->random(); salt += state->client_hello()->random(); - SymmetricKey keyblock = prf->derive_key(prf_gen, m_master_sec, salt, label); + const secure_vector<uint8_t> prf_output = prf->derive_key( + prf_gen, + m_master_sec.data(), m_master_sec.size(), + salt.data(), salt.size(), + label.data(), label.size()); - const uint8_t* key_data = keyblock.begin(); + const uint8_t* key_data = prf_output.data(); - m_c_mac = SymmetricKey(key_data, mac_keylen); - key_data += mac_keylen; + m_c_aead.resize(mac_keylen + cipher_keylen); + m_s_aead.resize(mac_keylen + cipher_keylen); - m_s_mac = SymmetricKey(key_data, mac_keylen); - key_data += mac_keylen; + copy_mem(&m_c_aead[0], key_data, mac_keylen); + copy_mem(&m_s_aead[0], key_data + mac_keylen, mac_keylen); - m_c_cipher = SymmetricKey(key_data, cipher_keylen); - key_data += cipher_keylen; + copy_mem(&m_c_aead[mac_keylen], key_data + 2*mac_keylen, cipher_keylen); + copy_mem(&m_s_aead[mac_keylen], key_data + 2*mac_keylen + cipher_keylen, cipher_keylen); - m_s_cipher = SymmetricKey(key_data, cipher_keylen); - key_data += cipher_keylen; + m_c_nonce.resize(cipher_nonce_bytes); + m_s_nonce.resize(cipher_nonce_bytes); - m_c_iv = InitializationVector(key_data, cipher_nonce_bytes); - key_data += cipher_nonce_bytes; - - m_s_iv = InitializationVector(key_data, cipher_nonce_bytes); + copy_mem(&m_c_nonce[0], key_data + 2*(mac_keylen + cipher_keylen), cipher_nonce_bytes); + copy_mem(&m_s_nonce[0], key_data + 2*(mac_keylen + cipher_keylen) + cipher_nonce_bytes, cipher_nonce_bytes); } } diff --git a/src/lib/tls/tls_session_key.h b/src/lib/tls/tls_session_key.h index 2c1eac523..5f0ea3a66 100644 --- a/src/lib/tls/tls_session_key.h +++ b/src/lib/tls/tls_session_key.h @@ -8,7 +8,7 @@ #ifndef BOTAN_TLS_SESSION_KEYS_H_ #define BOTAN_TLS_SESSION_KEYS_H_ -#include <botan/symkey.h> +#include <botan/secmem.h> namespace Botan { @@ -23,34 +23,24 @@ class Session_Keys final { public: /** - * @return client encipherment key + * @return client AEAD key */ - const SymmetricKey& client_cipher_key() const { return m_c_cipher; } + const secure_vector<uint8_t>& client_aead_key() const { return m_c_aead; } /** - * @return client encipherment key + * @return server AEAD key */ - const SymmetricKey& server_cipher_key() const { return m_s_cipher; } + const secure_vector<uint8_t>& server_aead_key() const { return m_s_aead; } /** - * @return client MAC key + * @return client nonce */ - const SymmetricKey& client_mac_key() const { return m_c_mac; } + const std::vector<uint8_t>& client_nonce() const { return m_c_nonce; } /** - * @return server MAC key + * @return server nonce */ - const SymmetricKey& server_mac_key() const { return m_s_mac; } - - /** - * @return client IV - */ - const InitializationVector& client_iv() const { return m_c_iv; } - - /** - * @return server IV - */ - const InitializationVector& server_iv() const { return m_s_iv; } + const std::vector<uint8_t>& server_nonce() const { return m_s_nonce; } /** * @return TLS master secret @@ -70,8 +60,8 @@ class Session_Keys final private: secure_vector<uint8_t> m_master_sec; - SymmetricKey m_c_cipher, m_s_cipher, m_c_mac, m_s_mac; - InitializationVector m_c_iv, m_s_iv; + secure_vector<uint8_t> m_c_aead, m_s_aead; + std::vector<uint8_t> m_c_nonce, m_s_nonce; }; } |