aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-04-08 20:13:08 -0400
committerJack Lloyd <[email protected]>2018-04-09 18:48:46 -0400
commitec222c99719c396a1f4756b2ca345dbbfbeb5ed5 (patch)
treeec3f6764160048005953b7b90cb978b1db657382 /src/lib
parent74a1cc41045099ebd293f09451a780685eafb8e6 (diff)
Fix off by one when decoding TLS-CBC ciphertexts
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/tls/tls_cbc/tls_cbc.cpp17
-rw-r--r--src/lib/tls/tls_cbc/tls_cbc.h29
-rw-r--r--src/lib/tls/tls_record.cpp11
3 files changed, 30 insertions, 27 deletions
diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp
index ca80a3d3c..a745a548b 100644
--- a/src/lib/tls/tls_cbc/tls_cbc.cpp
+++ b/src/lib/tls/tls_cbc/tls_cbc.cpp
@@ -24,26 +24,25 @@ namespace TLS {
* TLS_CBC_HMAC_AEAD_Mode Constructor
*/
TLS_CBC_HMAC_AEAD_Mode::TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir dir,
- const std::string& cipher_name,
+ std::unique_ptr<BlockCipher> cipher,
+ std::unique_ptr<MessageAuthenticationCode> mac,
size_t cipher_keylen,
- const std::string& mac_name,
size_t mac_keylen,
bool use_explicit_iv,
bool use_encrypt_then_mac) :
- m_cipher_name(cipher_name),
- m_mac_name(mac_name),
+ m_cipher_name(cipher->name()),
+ m_mac_name(mac->name()),
m_cipher_keylen(cipher_keylen),
m_mac_keylen(mac_keylen),
m_use_encrypt_then_mac(use_encrypt_then_mac)
{
- m_mac = MessageAuthenticationCode::create_or_throw("HMAC(" + m_mac_name + ")");
- std::unique_ptr<BlockCipher> cipher = BlockCipher::create_or_throw(m_cipher_name);
-
- m_tag_size = m_mac->output_length();
+ m_tag_size = mac->output_length();
m_block_size = cipher->block_size();
m_iv_size = use_explicit_iv ? m_block_size : 0;
+ m_mac = std::move(mac);
+
if(dir == ENCRYPTION)
m_cbc.reset(new CBC_Encryption(cipher.release(), new Null_Padding));
else
@@ -419,7 +418,7 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<uint8_t>& buffer, size_t
(sending empty records, instead of 1/(n-1) splitting)
*/
- const uint16_t size_ok_mask = CT::is_lte<uint16_t>(static_cast<uint16_t>(tag_size() + pad_size), static_cast<uint16_t>(record_len + 1));
+ const uint16_t size_ok_mask = CT::is_lte<uint16_t>(static_cast<uint16_t>(tag_size() + pad_size), static_cast<uint16_t>(record_len));
pad_size &= size_ok_mask;
CT::unpoison(record_contents, record_len);
diff --git a/src/lib/tls/tls_cbc/tls_cbc.h b/src/lib/tls/tls_cbc/tls_cbc.h
index 012b9e51f..c8a808156 100644
--- a/src/lib/tls/tls_cbc/tls_cbc.h
+++ b/src/lib/tls/tls_cbc/tls_cbc.h
@@ -46,9 +46,9 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Mode : public AEAD_Mode
protected:
TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir direction,
- const std::string& cipher_name,
+ std::unique_ptr<BlockCipher> cipher,
+ std::unique_ptr<MessageAuthenticationCode> mac,
size_t cipher_keylen,
- const std::string& mac_name,
size_t mac_keylen,
bool use_explicit_iv,
bool use_encrypt_then_mac);
@@ -104,16 +104,17 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Encryption final : public TLS_CBC_HMAC_AE
public:
/**
*/
- TLS_CBC_HMAC_AEAD_Encryption(const std::string& cipher_algo,
- const size_t cipher_keylen,
- const std::string& mac_algo,
- const size_t mac_keylen,
- bool use_explicit_iv,
- bool use_encrypt_then_mac) :
+ TLS_CBC_HMAC_AEAD_Encryption(
+ std::unique_ptr<BlockCipher> cipher,
+ std::unique_ptr<MessageAuthenticationCode> mac,
+ const size_t cipher_keylen,
+ const size_t mac_keylen,
+ bool use_explicit_iv,
+ bool use_encrypt_then_mac) :
TLS_CBC_HMAC_AEAD_Mode(ENCRYPTION,
- cipher_algo,
+ std::move(cipher),
+ std::move(mac),
cipher_keylen,
- mac_algo,
mac_keylen,
use_explicit_iv,
use_encrypt_then_mac)
@@ -138,16 +139,16 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Decryption final : public TLS_CBC_HMAC_AE
public:
/**
*/
- TLS_CBC_HMAC_AEAD_Decryption(const std::string& cipher_algo,
+ TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr<BlockCipher> cipher,
+ std::unique_ptr<MessageAuthenticationCode> mac,
const size_t cipher_keylen,
- const std::string& mac_algo,
const size_t mac_keylen,
bool use_explicit_iv,
bool use_encrypt_then_mac) :
TLS_CBC_HMAC_AEAD_Mode(DECRYPTION,
- cipher_algo,
+ std::move(cipher),
+ std::move(mac),
cipher_keylen,
- mac_algo,
mac_keylen,
use_explicit_iv,
use_encrypt_then_mac)
diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp
index ded3831d0..1f564a689 100644
--- a/src/lib/tls/tls_record.cpp
+++ b/src/lib/tls/tls_record.cpp
@@ -57,12 +57,15 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version,
{
#if defined(BOTAN_HAS_TLS_CBC)
// legacy CBC+HMAC mode
+ auto mac = MessageAuthenticationCode::create_or_throw("HMAC(" + suite.mac_algo() + ")");
+ auto cipher = BlockCipher::create_or_throw(suite.cipher_algo());
+
if(our_side)
{
m_aead.reset(new TLS_CBC_HMAC_AEAD_Encryption(
- suite.cipher_algo(),
+ std::move(cipher),
+ std::move(mac),
suite.cipher_keylen(),
- suite.mac_algo(),
suite.mac_keylen(),
version.supports_explicit_cbc_ivs(),
uses_encrypt_then_mac));
@@ -70,9 +73,9 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version,
else
{
m_aead.reset(new TLS_CBC_HMAC_AEAD_Decryption(
- suite.cipher_algo(),
+ std::move(cipher),
+ std::move(mac),
suite.cipher_keylen(),
- suite.mac_algo(),
suite.mac_keylen(),
version.supports_explicit_cbc_ivs(),
uses_encrypt_then_mac));