aboutsummaryrefslogtreecommitdiffstats
path: root/src/ssl
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-04-09 14:03:13 +0000
committerlloyd <[email protected]>2010-04-09 14:03:13 +0000
commit143b5cb297a36b94c9d0e56e2d2145a7c55efde5 (patch)
tree000b11f87806678649e68e753aaad8ed6ef45803 /src/ssl
parenta1fc16d73b6e8fbb041c5163687bfd37c5705da4 (diff)
parentd7e2e9316a5540e93595b5386f67594135de736d (diff)
propagate from branch 'net.randombit.botan' (head 75d272c759511a9a99a371ddc74bd17b2c1453b6)
to branch 'net.randombit.botan.c++0x' (head 2ce9ba37cb9287a3d875921240d6682100625b9f)
Diffstat (limited to 'src/ssl')
-rw-r--r--src/ssl/c_kex.cpp11
-rw-r--r--src/ssl/cert_ver.cpp11
-rw-r--r--src/ssl/finished.cpp2
-rw-r--r--src/ssl/hello.cpp126
-rw-r--r--src/ssl/info.txt39
-rw-r--r--src/ssl/rec_read.cpp120
-rw-r--r--src/ssl/rec_wri.cpp56
-rw-r--r--src/ssl/s_kex.cpp2
-rw-r--r--src/ssl/socket.h7
-rw-r--r--src/ssl/tls_client.cpp32
-rw-r--r--src/ssl/tls_client.h2
-rw-r--r--src/ssl/tls_magic.h11
-rw-r--r--src/ssl/tls_messages.h3
-rw-r--r--src/ssl/tls_policy.h2
-rw-r--r--src/ssl/tls_reader.h140
-rw-r--r--src/ssl/tls_record.h46
-rw-r--r--src/ssl/tls_server.cpp46
-rw-r--r--src/ssl/tls_server.h6
-rw-r--r--src/ssl/tls_session_key.cpp2
-rw-r--r--src/ssl/unix_socket/unx_sock.cpp8
-rw-r--r--src/ssl/unix_socket/unx_sock.h4
21 files changed, 488 insertions, 188 deletions
diff --git a/src/ssl/c_kex.cpp b/src/ssl/c_kex.cpp
index 9e59beefc..e09e18ce1 100644
--- a/src/ssl/c_kex.cpp
+++ b/src/ssl/c_kex.cpp
@@ -6,6 +6,7 @@
*/
#include <botan/tls_messages.h>
+#include <botan/internal/tls_reader.h>
#include <botan/pubkey.h>
#include <botan/dh.h>
#include <botan/rsa.h>
@@ -99,14 +100,8 @@ void Client_Key_Exchange::deserialize(const MemoryRegion<byte>& buf)
{
if(include_length)
{
- if(buf.size() < 2)
- throw Decoding_Error("Client_Key_Exchange: Packet corrupted");
-
- u32bit size = make_u16bit(buf[0], buf[1]);
- if(size + 2 != buf.size())
- throw Decoding_Error("Client_Key_Exchange: Packet corrupted");
-
- key_material.set(buf + 2, size);
+ TLS_Data_Reader reader(buf);
+ key_material = reader.get_range<byte>(2, 0, 65535);
}
else
key_material = buf;
diff --git a/src/ssl/cert_ver.cpp b/src/ssl/cert_ver.cpp
index 0bf6c85be..3edf4266d 100644
--- a/src/ssl/cert_ver.cpp
+++ b/src/ssl/cert_ver.cpp
@@ -6,6 +6,7 @@
*/
#include <botan/tls_messages.h>
+#include <botan/internal/tls_reader.h>
#include <botan/pubkey.h>
#include <botan/rsa.h>
#include <botan/dsa.h>
@@ -62,14 +63,8 @@ SecureVector<byte> Certificate_Verify::serialize() const
*/
void Certificate_Verify::deserialize(const MemoryRegion<byte>& buf)
{
- if(buf.size() < 2)
- throw Decoding_Error("Certificate_Verify: Corrupted packet");
-
- u32bit sig_len = make_u16bit(buf[0], buf[1]);
- if(buf.size() != 2 + sig_len)
- throw Decoding_Error("Certificate_Verify: Corrupted packet");
-
- signature.set(buf + 2, sig_len);
+ TLS_Data_Reader reader(buf);
+ signature = reader.get_range<byte>(2, 0, 65535);
}
/**
diff --git a/src/ssl/finished.cpp b/src/ssl/finished.cpp
index edbd4a3fe..b0f6abd25 100644
--- a/src/ssl/finished.cpp
+++ b/src/ssl/finished.cpp
@@ -72,7 +72,7 @@ SecureVector<byte> Finished::compute_verify(const MemoryRegion<byte>& secret,
return hash.final_ssl3(secret);
}
- else if(version == TLS_V10)
+ else if(version == TLS_V10 || version == TLS_V11)
{
const byte TLS_CLIENT_LABEL[] = {
0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69,
diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp
index 53f680fba..a23d51c24 100644
--- a/src/ssl/hello.cpp
+++ b/src/ssl/hello.cpp
@@ -1,12 +1,12 @@
/**
* TLS Hello Messages
-* (C) 2004-2006 Jack Lloyd
+* (C) 2004-2010 Jack Lloyd
*
* Released under the terms of the Botan license
*/
#include <botan/tls_messages.h>
-#include <botan/loadstor.h>
+#include <botan/internal/tls_reader.h>
namespace Botan {
@@ -93,15 +93,15 @@ SecureVector<byte> Client_Hello::serialize() const
buf.append(get_byte(0, suites_size));
buf.append(get_byte(1, suites_size));
- for(u32bit j = 0; j != suites.size(); j++)
+ for(u32bit i = 0; i != suites.size(); i++)
{
- buf.append(get_byte(0, suites[j]));
- buf.append(get_byte(1, suites[j]));
+ buf.append(get_byte(0, suites[i]));
+ buf.append(get_byte(1, suites[i]));
}
buf.append(static_cast<byte>(comp_algos.size()));
- for(u32bit j = 0; j != comp_algos.size(); j++)
- buf.append(comp_algos[j]);
+ for(u32bit i = 0; i != comp_algos.size(); i++)
+ buf.append(comp_algos[i]);
return buf;
}
@@ -117,38 +117,61 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf)
if(buf.size() < 41)
throw Decoding_Error("Client_Hello: Packet corrupted");
- c_version = static_cast<Version_Code>(make_u16bit(buf[0], buf[1]));
- if(c_version != SSL_V3 && c_version != TLS_V10)
- throw TLS_Exception(PROTOCOL_VERSION, "Client_Hello: Bad version code");
+ TLS_Data_Reader reader(buf);
- c_random.set(buf + 2, 32);
+ c_version = static_cast<Version_Code>(reader.get_u16bit());
+ c_random = reader.get_fixed<byte>(32);
- u32bit session_id_len = buf[34];
- if(session_id_len > 32 || session_id_len + 41 > buf.size())
- throw Decoding_Error("Client_Hello: Packet corrupted");
- sess_id.copy(buf + 35, session_id_len);
+ sess_id = reader.get_range<byte>(1, 0, 32);
- u32bit offset = 2+32+1+session_id_len;
+ suites = reader.get_range_vector<u16bit>(2, 1, 32767);
- u16bit suites_size = make_u16bit(buf[offset], buf[offset+1]);
- offset += 2;
- if(suites_size % 2 == 1 || offset + suites_size + 2 > buf.size())
- throw Decoding_Error("Client_Hello: Packet corrupted");
+ comp_algos = reader.get_range_vector<byte>(1, 1, 255);
- for(u32bit j = 0; j != suites_size; j += 2)
+ if(reader.has_remaining())
{
- u16bit suite = make_u16bit(buf[offset+j], buf[offset+j+1]);
- suites.push_back(suite);
+ const u16bit all_extn_size = reader.get_u16bit();
+
+ if(reader.remaining_bytes() != all_extn_size)
+ throw Decoding_Error("Client_Hello: Bad extension size");
+
+ while(reader.has_remaining())
+ {
+ const u16bit extension_code = reader.get_u16bit();
+ const u16bit extension_size = reader.get_u16bit();
+
+ if(extension_code == TLSEXT_SERVER_NAME_INDICATION)
+ {
+ u16bit name_bytes = reader.get_u16bit();
+
+ while(name_bytes)
+ {
+ byte name_type = reader.get_byte();
+ name_bytes--;
+
+ if(name_type == 0) // DNS
+ {
+ std::vector<byte> name =
+ reader.get_range_vector<byte>(2, 1, 65535);
+
+ requested_hostname.assign((const char*)&name[0],
+ name.size());
+
+ name_bytes -= (2 + name.size());
+ }
+ else
+ {
+ reader.discard_next(name_bytes);
+ name_bytes = 0;
+ }
+ }
+ }
+ else
+ {
+ reader.discard_next(extension_size);
+ }
+ }
}
- offset += suites_size;
-
- byte comp_algo_size = buf[offset];
- offset += 1;
- if(offset + comp_algo_size > buf.size())
- throw Decoding_Error("Client_Hello: Packet corrupted");
-
- for(u32bit j = 0; j != comp_algo_size; j++)
- comp_algos.push_back(buf[offset+j]);
}
/**
@@ -156,8 +179,8 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf)
*/
bool Client_Hello::offered_suite(u16bit ciphersuite) const
{
- for(u32bit j = 0; j != suites.size(); j++)
- if(suites[j] == ciphersuite)
+ for(u32bit i = 0; i != suites.size(); i++)
+ if(suites[i] == ciphersuite)
return true;
return false;
}
@@ -172,11 +195,15 @@ Server_Hello::Server_Hello(RandomNumberGenerator& rng,
HandshakeHash& hash)
{
bool have_rsa = false, have_dsa = false;
- for(u32bit j = 0; j != certs.size(); j++)
+
+ for(u32bit i = 0; i != certs.size(); i++)
{
- Public_Key* key = certs[j].subject_public_key();
- if(key->algo_name() == "RSA") have_rsa = true;
- if(key->algo_name() == "DSA") have_dsa = true;
+ Public_Key* key = certs[i].subject_public_key();
+ if(key->algo_name() == "RSA")
+ have_rsa = true;
+
+ if(key->algo_name() == "DSA")
+ have_dsa = true;
}
suite = policy->choose_suite(c_hello.ciphersuites(), have_rsa, have_dsa);
@@ -218,23 +245,24 @@ void Server_Hello::deserialize(const MemoryRegion<byte>& buf)
if(buf.size() < 38)
throw Decoding_Error("Server_Hello: Packet corrupted");
- s_version = static_cast<Version_Code>(make_u16bit(buf[0], buf[1]));
- if(s_version != SSL_V3 && s_version != TLS_V10)
+ TLS_Data_Reader reader(buf);
+
+ s_version = static_cast<Version_Code>(reader.get_u16bit());
+
+ if(s_version != SSL_V3 && s_version != TLS_V10 && s_version != TLS_V11)
+ {
throw TLS_Exception(PROTOCOL_VERSION,
"Server_Hello: Unsupported server version");
+ }
- s_random.set(buf + 2, 32);
+ s_random = reader.get_fixed<byte>(32);
- u32bit session_id_len = buf[2+32];
- if(session_id_len > 32 || session_id_len + 38 != buf.size())
- throw Decoding_Error("Server_Hello: Packet corrupted");
- sess_id.copy(buf + 2 + 32 + 1, session_id_len);
+ sess_id = reader.get_range<byte>(1, 0, 32);
- suite = make_u16bit(buf[2+32+1+session_id_len],
- buf[2+32+1+session_id_len+1]);
- comp_algo = buf[2+32+1+session_id_len+2];
- }
+ suite = reader.get_u16bit();
+ comp_algo = reader.get_byte();
+ }
/**
* Create a new Server Hello Done message
diff --git a/src/ssl/info.txt b/src/ssl/info.txt
index 73e4207d8..1d28cf4f8 100644
--- a/src/ssl/info.txt
+++ b/src/ssl/info.txt
@@ -1 +1,40 @@
define SSL_TLS
+
+<header:public>
+handshake_hash.h
+socket.h
+tls_alerts.h
+tls_client.h
+tls_connection.h
+tls_exceptn.h
+tls_magic.h
+tls_messages.h
+tls_policy.h
+tls_record.h
+tls_server.h
+tls_session_key.h
+tls_state.h
+tls_suites.h
+</header:public>
+
+<header:internal>
+tls_reader.h
+</header:internal>
+
+<source>
+c_kex.cpp
+cert_req.cpp
+cert_ver.cpp
+finished.cpp
+handshake_hash.cpp
+handshake_state.cpp
+hello.cpp
+rec_read.cpp
+rec_wri.cpp
+s_kex.cpp
+tls_client.cpp
+tls_policy.cpp
+tls_server.cpp
+tls_session_key.cpp
+tls_suites.cpp
+</source>
diff --git a/src/ssl/rec_read.cpp b/src/ssl/rec_read.cpp
index 95059dbf2..8f8e5dc1e 100644
--- a/src/ssl/rec_read.cpp
+++ b/src/ssl/rec_read.cpp
@@ -1,6 +1,6 @@
/**
-* TLS Record Reading
-* (C) 2004-2006 Jack Lloyd
+* TLS Record Reading
+* (C) 2004-2010 Jack Lloyd
*
* Released under the terms of the Botan license
*/
@@ -13,23 +13,15 @@
namespace Botan {
/**
-* Record_Reader Constructor
-*/
-Record_Reader::Record_Reader(Socket& sock) : socket(sock)
- {
- reset();
- }
-
-/**
* Reset the state
*/
void Record_Reader::reset()
{
- compress.reset();
cipher.reset();
mac.reset();
- do_compress = false;
- mac_size = pad_amount = 0;
+ mac_size = 0;
+ block_size = 0;
+ iv_size = 0;
major = minor = 0;
seq_no = 0;
}
@@ -39,7 +31,7 @@ void Record_Reader::reset()
*/
void Record_Reader::set_version(Version_Code version)
{
- if(version != SSL_V3 && version != TLS_V10)
+ if(version != SSL_V3 && version != TLS_V10 && version != TLS_V11)
throw Invalid_Argument("Record_Reader: Invalid protocol version");
major = (version >> 8) & 0xFF;
@@ -47,15 +39,6 @@ void Record_Reader::set_version(Version_Code version)
}
/**
-* Set the compression algorithm
-*/
-void Record_Reader::set_compressor(Filter* compressor)
- {
- compress.append(compressor);
- do_compress = true;
- }
-
-/**
* Set the keys for reading
*/
void Record_Reader::set_keys(const CipherSuite& suite, const SessionKeys& keys,
@@ -89,12 +72,18 @@ void Record_Reader::set_keys(const CipherSuite& suite, const SessionKeys& keys,
cipher_algo + "/CBC/NoPadding",
cipher_key, iv, DECRYPTION)
);
- pad_amount = block_size_of(cipher_algo);
+ block_size = block_size_of(cipher_algo);
+
+ if(major == 3 && minor >= 2)
+ iv_size = block_size;
+ else
+ iv_size = 0;
}
else if(have_stream_cipher(cipher_algo))
{
cipher.append(get_cipher(cipher_algo, cipher_key, DECRYPTION));
- pad_amount = 0;
+ block_size = 0;
+ iv_size = 0;
}
else
throw Invalid_Argument("Record_Reader: Unknown cipher " + cipher_algo);
@@ -112,75 +101,102 @@ void Record_Reader::set_keys(const CipherSuite& suite, const SessionKeys& keys,
throw Invalid_Argument("Record_Reader: Unknown hash " + mac_algo);
}
+void Record_Reader::add_input(const byte input[], u32bit input_size)
+ {
+ input_queue.write(input, input_size);
+ }
+
/**
* Retrieve the next record
*/
-SecureVector<byte> Record_Reader::get_record(byte& msg_type)
+u32bit Record_Reader::get_record(byte& msg_type,
+ MemoryRegion<byte>& output)
{
byte header[5] = { 0 };
- u32bit got = socket.read(header, sizeof(header));
+ const u32bit have_in_queue = input_queue.size();
- if(got == 0)
- {
- msg_type = CONNECTION_CLOSED;
- return SecureVector<byte>();
- }
- else if(got != sizeof(header))
- throw Decoding_Error("Record_Reader: Record truncated");
+ if(have_in_queue < sizeof(header))
+ return (sizeof(header) - have_in_queue);
- msg_type = header[0];
+ /*
+ * We peek first to make sure we have the full record
+ */
+ input_queue.peek(header, sizeof(header));
- const u16bit version = make_u16bit(header[1], header[2]);
+ const u16bit version = make_u16bit(header[1], header[2]);
+ const u16bit record_len = make_u16bit(header[3], header[4]);
if(major && (header[1] != major || header[2] != minor))
throw TLS_Exception(PROTOCOL_VERSION,
"Record_Reader: Got unexpected version");
- SecureVector<byte> buffer(make_u16bit(header[3], header[4]));
- if(socket.read(buffer, buffer.size()) != buffer.size())
- throw Decoding_Error("Record_Reader: Record truncated");
+ // If insufficient data, return without doing anything
+ if(have_in_queue < (sizeof(header) + record_len))
+ return (sizeof(header) + record_len - have_in_queue);
+
+ SecureVector<byte> buffer(record_len);
+ input_queue.read(header, sizeof(header)); // pull off the header
+ input_queue.read(buffer, buffer.size());
+
+ /*
+ * We are handshaking, no crypto to do so return as-is
+ * TODO: Check msg_type to confirm a handshake?
+ */
if(mac_size == 0)
- return buffer;
+ {
+ msg_type = header[0];
+ output = buffer;
+ return 0; // got a full record
+ }
+
+ // Otherwise, decrypt, check MAC, return plaintext
cipher.process_msg(buffer);
SecureVector<byte> plaintext = cipher.read_all(Pipe::LAST_MESSAGE);
u32bit pad_size = 0;
- if(pad_amount)
+
+ if(block_size)
{
byte pad_value = plaintext[plaintext.size()-1];
pad_size = pad_value + 1;
+ /*
+ * Check the padding; if it is wrong, then say we have 0 bytes of
+ * padding, which should ensure that the MAC check below does not
+ * suceed. This hides a timing channel.
+ *
+ * This particular countermeasure is recommended in the TLS 1.2
+ * spec (RFC 5246) in section 6.2.3.2
+ */
if(version == SSL_V3)
{
- if(pad_value > pad_amount)
- throw TLS_Exception(BAD_RECORD_MAC,
- "Record_Reader: Bad padding");
+ if(pad_value > block_size)
+ pad_size = 0;
}
else
{
for(u32bit j = 0; j != pad_size; j++)
if(plaintext[plaintext.size()-j-1] != pad_value)
- throw TLS_Exception(BAD_RECORD_MAC,
- "Record_Reader: Bad padding");
+ pad_size = 0;
}
}
- if(plaintext.size() < mac_size + pad_size)
+ if(plaintext.size() < mac_size + pad_size + iv_size)
throw Decoding_Error("Record_Reader: Record truncated");
const u32bit mac_offset = plaintext.size() - (mac_size + pad_size);
SecureVector<byte> recieved_mac(plaintext.begin() + mac_offset,
mac_size);
- const u16bit plain_length = plaintext.size() - (mac_size + pad_size);
+ const u16bit plain_length = plaintext.size() - (mac_size + pad_size + iv_size);
mac.start_msg();
for(u32bit j = 0; j != 8; j++)
mac.write(get_byte(j, seq_no));
- mac.write(msg_type);
+ mac.write(header[0]); // msg_type
if(version != SSL_V3)
for(u32bit j = 0; j != 2; j++)
@@ -188,7 +204,7 @@ SecureVector<byte> Record_Reader::get_record(byte& msg_type)
for(u32bit j = 0; j != 2; j++)
mac.write(get_byte(j, plain_length));
- mac.write(plaintext, plain_length);
+ mac.write(&plaintext[iv_size], plain_length);
mac.end_msg();
++seq_no;
@@ -198,7 +214,9 @@ SecureVector<byte> Record_Reader::get_record(byte& msg_type)
if(recieved_mac != computed_mac)
throw TLS_Exception(BAD_RECORD_MAC, "Record_Reader: MAC failure");
- return SecureVector<byte>(plaintext, mac_offset);
+ msg_type = header[0];
+ output.set(&plaintext[iv_size], plain_length);
+ return 0;
}
}
diff --git a/src/ssl/rec_wri.cpp b/src/ssl/rec_wri.cpp
index 842b2698c..f8079c235 100644
--- a/src/ssl/rec_wri.cpp
+++ b/src/ssl/rec_wri.cpp
@@ -1,6 +1,6 @@
/**
-* TLS Record Writing
-* (C) 2004-2006 Jack Lloyd
+* TLS Record Writing
+* (C) 2004-2010 Jack Lloyd
*
* Released under the terms of the Botan license
*/
@@ -9,6 +9,7 @@
#include <botan/handshake_hash.h>
#include <botan/lookup.h>
#include <botan/loadstor.h>
+#include <botan/libstate.h>
namespace Botan {
@@ -26,13 +27,17 @@ Record_Writer::Record_Writer(Socket& sock) :
*/
void Record_Writer::reset()
{
- compress.reset();
cipher.reset();
mac.reset();
+
buffer.clear();
- do_compress = false;
+ buf_pos = 0;
+
major = minor = buf_type = 0;
- pad_amount = mac_size = buf_pos = 0;
+ block_size = 0;
+ mac_size = 0;
+ iv_size = 0;
+
seq_no = 0;
}
@@ -41,7 +46,7 @@ void Record_Writer::reset()
*/
void Record_Writer::set_version(Version_Code version)
{
- if(version != SSL_V3 && version != TLS_V10)
+ if(version != SSL_V3 && version != TLS_V10 && version != TLS_V11)
throw Invalid_Argument("Record_Writer: Invalid protocol version");
major = (version >> 8) & 0xFF;
@@ -49,15 +54,6 @@ void Record_Writer::set_version(Version_Code version)
}
/**
-* Set the compression algorithm
-*/
-void Record_Writer::set_compressor(Filter* compressor)
- {
- throw TLS_Exception(INTERNAL_ERROR, "Compression not implemented (FIXME)");
- compress.append(compressor);
- }
-
-/**
* Set the keys for writing
*/
void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys,
@@ -91,12 +87,18 @@ void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys,
cipher_algo + "/CBC/NoPadding",
cipher_key, iv, ENCRYPTION)
);
- pad_amount = block_size_of(cipher_algo);
+ block_size = block_size_of(cipher_algo);
+
+ if(major == 3 && minor >= 2)
+ iv_size = block_size;
+ else
+ iv_size = 0;
}
else if(have_stream_cipher(cipher_algo))
{
cipher.append(get_cipher(cipher_algo, cipher_key, ENCRYPTION));
- pad_amount = 0;
+ block_size = 0;
+ iv_size = 0;
}
else
throw Invalid_Argument("Record_Writer: Unknown cipher " + cipher_algo);
@@ -203,15 +205,30 @@ void Record_Writer::send_record(byte type, const byte buf[], u32bit length)
mac.write(buf, length);
mac.end_msg();
+ // TODO: This could all use a single buffer
+
SecureVector<byte> buf_mac = mac.read_all(Pipe::LAST_MESSAGE);
cipher.start_msg();
+
+ if(iv_size)
+ {
+ RandomNumberGenerator& rng = global_state().global_rng();
+
+ SecureVector<byte> random_iv(iv_size);
+
+ rng.randomize(&random_iv[0], random_iv.size());
+
+ cipher.write(random_iv);
+ }
+
cipher.write(buf, length);
cipher.write(buf_mac);
- if(pad_amount)
+
+ if(block_size)
{
u32bit pad_val =
- (pad_amount - (1 + length + buf_mac.size())) % pad_amount;
+ (block_size - (1 + length + buf_mac.size())) % block_size;
for(u32bit j = 0; j != pad_val + 1; j++)
cipher.write(pad_val);
@@ -240,7 +257,6 @@ void Record_Writer::send_record(byte type, byte major, byte minor,
for(u32bit j = 0; j != 2; j++)
header[j+3] = get_byte<u16bit>(j, length);
- // FIXME: tradoff of TCP/syscall overhead vs copy overhead
socket.write(header, 5);
socket.write(out, length);
}
diff --git a/src/ssl/s_kex.cpp b/src/ssl/s_kex.cpp
index 3223adc5b..9b8a3171d 100644
--- a/src/ssl/s_kex.cpp
+++ b/src/ssl/s_kex.cpp
@@ -51,7 +51,7 @@ Server_Key_Exchange::Server_Key_Exchange(RandomNumberGenerator& rng,
padding = "EMSA3(TLS.Digest.0)";
else if(priv_key->algo_name() == "DSA")
{
- padding == "EMSA1(SHA-1)";
+ padding = "EMSA1(SHA-1)";
format = DER_SEQUENCE;
}
else
diff --git a/src/ssl/socket.h b/src/ssl/socket.h
index 3d893ea77..62ceed028 100644
--- a/src/ssl/socket.h
+++ b/src/ssl/socket.h
@@ -19,11 +19,8 @@ namespace Botan {
class BOTAN_DLL Socket
{
public:
- virtual u32bit read(byte[], u32bit) = 0;
- virtual void write(const byte[], u32bit) = 0;
-
- u32bit read(byte& x) { return read(&x, 1); }
- void write(byte x) { write(&x, 1); }
+ virtual size_t read(byte[], size_t) = 0;
+ virtual void write(const byte[], size_t) = 0;
virtual std::string peer_id() const = 0;
diff --git a/src/ssl/tls_client.cpp b/src/ssl/tls_client.cpp
index ce33573f5..fbad1f838 100644
--- a/src/ssl/tls_client.cpp
+++ b/src/ssl/tls_client.cpp
@@ -1,6 +1,6 @@
/**
-* TLS Client
-* (C) 2004-2006 Jack Lloyd
+* TLS Client
+* (C) 2004-2010 Jack Lloyd
*
* Released under the terms of the Botan license
*/
@@ -83,7 +83,7 @@ void client_check_state(Handshake_Type new_msg, Handshake_State* state)
*/
TLS_Client::TLS_Client(RandomNumberGenerator& r,
Socket& sock, const TLS_Policy* pol) :
- rng(r), writer(sock), reader(sock), policy(pol ? pol : new TLS_Policy)
+ rng(r), peer(sock), writer(sock), policy(pol ? pol : new TLS_Policy)
{
peer_id = sock.peer_id();
@@ -96,7 +96,7 @@ TLS_Client::TLS_Client(RandomNumberGenerator& r,
TLS_Client::TLS_Client(RandomNumberGenerator& r,
Socket& sock, const X509_Certificate& cert,
const Private_Key& key, const TLS_Policy* pol) :
- rng(r), writer(sock), reader(sock), policy(pol ? pol : new TLS_Policy)
+ rng(r), peer(sock), writer(sock), policy(pol ? pol : new TLS_Policy)
{
peer_id = sock.peer_id();
@@ -243,8 +243,26 @@ void TLS_Client::close(Alert_Level level, Alert_Type alert_code)
*/
void TLS_Client::state_machine()
{
- byte rec_type;
- SecureVector<byte> record = reader.get_record(rec_type);
+ byte rec_type = CONNECTION_CLOSED;
+ SecureVector<byte> record(1024);
+
+ u32bit bytes_needed = reader.get_record(rec_type, record);
+
+ while(bytes_needed)
+ {
+ u32bit to_get = std::min<u32bit>(record.size(), bytes_needed);
+ u32bit got = peer.read(&record[0], to_get);
+
+ if(got == 0)
+ {
+ rec_type = CONNECTION_CLOSED;
+ break;
+ }
+
+ reader.add_input(&record[0], got);
+
+ bytes_needed = reader.get_record(rec_type, record);
+ }
if(rec_type == CONNECTION_CLOSED)
{
@@ -562,7 +580,7 @@ void TLS_Client::do_handshake()
if(active && !state)
break;
if(!active && !state)
- throw TLS_Exception(HANDSHAKE_FAILURE, "TLS_Client: Handshake failed");
+ throw TLS_Exception(HANDSHAKE_FAILURE, "TLS_Client: Handshake failed (do_handshake)");
state_machine();
}
diff --git a/src/ssl/tls_client.h b/src/ssl/tls_client.h
index 896decdf9..2439a58f0 100644
--- a/src/ssl/tls_client.h
+++ b/src/ssl/tls_client.h
@@ -60,6 +60,8 @@ class BOTAN_DLL TLS_Client : public TLS_Connection
RandomNumberGenerator& rng;
+ Socket& peer;
+
Record_Writer writer;
Record_Reader reader;
const TLS_Policy* policy;
diff --git a/src/ssl/tls_magic.h b/src/ssl/tls_magic.h
index 41fb756e9..a6ca1f8d6 100644
--- a/src/ssl/tls_magic.h
+++ b/src/ssl/tls_magic.h
@@ -115,6 +115,17 @@ enum Compression_Algo {
NO_COMPRESSION = 0x00
};
+enum TLS_Handshake_Extension_Type {
+ TLSEXT_SERVER_NAME_INDICATION = 0,
+ TLSEXT_MAX_FRAGMENT_LENGTH = 1,
+ TLSEXT_CLIENT_CERT_URL = 2,
+ TLSEXT_TRUSTED_CA_KEYS = 3,
+ TLSEXT_TRUNCATED_HMAC = 4,
+
+ TLSEXT_CERTIFICATE_TYPES = 9,
+ TLSEXT_SESSION_TICKET = 35,
+};
+
}
#endif
diff --git a/src/ssl/tls_messages.h b/src/ssl/tls_messages.h
index 4b512a963..1f72c05f7 100644
--- a/src/ssl/tls_messages.h
+++ b/src/ssl/tls_messages.h
@@ -49,6 +49,8 @@ class BOTAN_DLL Client_Hello : public HandshakeMessage
SecureVector<byte> random() const { return c_random; }
+ std::string hostname() const { return requested_hostname; }
+
bool offered_suite(u16bit) const;
Client_Hello(RandomNumberGenerator& rng,
@@ -63,6 +65,7 @@ class BOTAN_DLL Client_Hello : public HandshakeMessage
SecureVector<byte> sess_id, c_random;
std::vector<u16bit> suites;
std::vector<byte> comp_algos;
+ std::string requested_hostname;
};
/**
diff --git a/src/ssl/tls_policy.h b/src/ssl/tls_policy.h
index 98297181c..75d6d7663 100644
--- a/src/ssl/tls_policy.h
+++ b/src/ssl/tls_policy.h
@@ -40,7 +40,7 @@ class BOTAN_DLL TLS_Policy
virtual u32bit rsa_export_keysize() const { return 512; }
virtual Version_Code min_version() const { return SSL_V3; }
- virtual Version_Code pref_version() const { return TLS_V10; }
+ virtual Version_Code pref_version() const { return TLS_V11; }
virtual bool check_cert(const std::vector<X509_Certificate>&,
const std::string&) const;
diff --git a/src/ssl/tls_reader.h b/src/ssl/tls_reader.h
new file mode 100644
index 000000000..ff3e63ae8
--- /dev/null
+++ b/src/ssl/tls_reader.h
@@ -0,0 +1,140 @@
+/*
+* TLS Data Reader
+* (C) 2010 Jack Lloyd
+*
+* Released under the terms of the Botan license
+*/
+
+#ifndef BOTAN_TLS_READER_H__
+#define BOTAN_TLS_READER_H__
+
+#include <botan/secmem.h>
+#include <botan/loadstor.h>
+
+namespace Botan {
+
+class TLS_Data_Reader
+ {
+ public:
+ TLS_Data_Reader(const MemoryRegion<byte>& buf_in) :
+ buf(buf_in), offset(0) {}
+
+ u32bit remaining_bytes() const
+ {
+ return buf.size() - offset;
+ }
+
+ bool has_remaining() const
+ {
+ return (remaining_bytes() > 0);
+ }
+
+ void discard_next(u32bit bytes)
+ {
+ assert_at_least(bytes);
+ offset += bytes;
+ }
+
+ u16bit get_u16bit()
+ {
+ assert_at_least(2);
+ u16bit result = make_u16bit(buf[offset], buf[offset+1]);
+ offset += 2;
+ return result;
+ }
+
+ byte get_byte()
+ {
+ assert_at_least(1);
+ byte result = buf[offset];
+ offset += 1;
+ return result;
+ }
+
+ template<typename T, typename Container>
+ Container get_elem(u32bit num_elems)
+ {
+ assert_at_least(num_elems * sizeof(T));
+
+ Container result(num_elems);
+
+ for(u32bit i = 0; i != num_elems; ++i)
+ result[i] = load_be<T>(&buf[offset], i);
+
+ offset += num_elems * sizeof(T);
+
+ return result;
+ }
+
+ template<typename T>
+ SecureVector<T> get_range(u32bit len_bytes,
+ u32bit min_elems,
+ u32bit max_elems)
+ {
+ const u32bit num_elems =
+ get_num_elems(len_bytes, sizeof(T), min_elems, max_elems);
+
+ return get_elem<T, SecureVector<T> >(num_elems);
+ }
+
+ template<typename T>
+ std::vector<T> get_range_vector(u32bit len_bytes,
+ u32bit min_elems,
+ u32bit max_elems)
+ {
+ const u32bit num_elems =
+ get_num_elems(len_bytes, sizeof(T), min_elems, max_elems);
+
+ return get_elem<T, std::vector<T> >(num_elems);
+ }
+
+ template<typename T>
+ SecureVector<T> get_fixed(u32bit size)
+ {
+ return get_elem<T, SecureVector<T> >(size);
+ }
+
+ private:
+ u32bit get_length_field(u32bit len_bytes)
+ {
+ assert_at_least(len_bytes);
+
+ if(len_bytes == 1)
+ return get_byte();
+ else if(len_bytes == 2)
+ return get_u16bit();
+
+ throw Decoding_Error("TLS_Data_Reader: Bad length size");
+ }
+
+ u32bit get_num_elems(u32bit len_bytes,
+ u32bit T_size,
+ u32bit min_elems,
+ u32bit max_elems)
+ {
+ const u32bit byte_length = get_length_field(len_bytes);
+
+ if(byte_length % T_size != 0)
+ throw Decoding_Error("TLS_Data_Reader: Size isn't multiple of T");
+
+ const u32bit num_elems = byte_length / T_size;
+
+ if(num_elems < min_elems || num_elems > max_elems)
+ throw Decoding_Error("TLS_Data_Reader: Range outside paramaters");
+
+ return num_elems;
+ }
+
+ void assert_at_least(u32bit n) const
+ {
+ if(buf.size() - offset < n)
+ throw Decoding_Error("TLS_Data_Reader: Corrupt packet");
+ }
+
+ const MemoryRegion<byte>& buf;
+ u32bit offset;
+ };
+
+}
+
+#endif
diff --git a/src/ssl/tls_record.h b/src/ssl/tls_record.h
index 3bec2e8ef..2058933d0 100644
--- a/src/ssl/tls_record.h
+++ b/src/ssl/tls_record.h
@@ -1,6 +1,6 @@
/**
-* TLS Record Handling
-* (C) 2004-2006 Jack Lloyd
+* TLS Record Handling
+* (C) 2004-2010 Jack Lloyd
*
* Released under the terms of the Botan license
*/
@@ -12,6 +12,7 @@
#include <botan/socket.h>
#include <botan/tls_suites.h>
#include <botan/pipe.h>
+#include <botan/secqueue.h>
#include <vector>
namespace Botan {
@@ -29,24 +30,26 @@ class BOTAN_DLL Record_Writer
void alert(Alert_Level, Alert_Type);
void set_keys(const CipherSuite&, const SessionKeys&, Connection_Side);
- void set_compressor(Filter*);
void set_version(Version_Code);
void reset();
- Record_Writer(Socket&);
+ Record_Writer(Socket& socket);
+
private:
void send_record(byte, const byte[], u32bit);
void send_record(byte, byte, byte, const byte[], u32bit);
Socket& socket;
- Pipe compress, cipher, mac;
+ Pipe cipher, mac;
SecureVector<byte> buffer;
- u32bit pad_amount, mac_size, buf_pos;
+ u32bit buf_pos;
+
+ u32bit block_size, mac_size, iv_size;
+
u64bit seq_no;
byte major, minor, buf_type;
- bool do_compress;
};
/**
@@ -55,23 +58,34 @@ class BOTAN_DLL Record_Writer
class BOTAN_DLL Record_Reader
{
public:
- SecureVector<byte> get_record(byte&);
+ void add_input(const byte input[], u32bit input_size);
- void set_keys(const CipherSuite&, const SessionKeys&, Connection_Side);
- void set_compressor(Filter*);
+ /**
+ * @param msg_type (output variable)
+ * @param buffer (output variable)
+ * @return Number of bytes still needed (minimum), or 0 if success
+ */
+ u32bit get_record(byte& msg_type,
+ MemoryRegion<byte>& buffer);
- void set_version(Version_Code);
+ SecureVector<byte> get_record(byte& msg_type);
+
+ void set_keys(const CipherSuite& suite,
+ const SessionKeys& keys,
+ Connection_Side side);
+
+ void set_version(Version_Code version);
void reset();
- Record_Reader(Socket&);
+ Record_Reader() { reset(); }
private:
- Socket& socket;
- Pipe compress, cipher, mac;
- u32bit pad_amount, mac_size;
+ SecureQueue input_queue;
+
+ Pipe cipher, mac;
+ u32bit block_size, mac_size, iv_size;
u64bit seq_no;
byte major, minor;
- bool do_compress;
};
}
diff --git a/src/ssl/tls_server.cpp b/src/ssl/tls_server.cpp
index 37d9dbcd1..47902a71c 100644
--- a/src/ssl/tls_server.cpp
+++ b/src/ssl/tls_server.cpp
@@ -25,9 +25,9 @@ Version_Code choose_version(Version_Code client, Version_Code minimum)
throw TLS_Exception(PROTOCOL_VERSION,
"Client version is unacceptable by policy");
- if(client == SSL_V3 || client == TLS_V10)
+ if(client == SSL_V3 || client == TLS_V10 || client == TLS_V11)
return client;
- return TLS_V10;
+ return TLS_V11;
}
// FIXME: checks are wrong for session reuse (add a flag for that)
@@ -88,7 +88,8 @@ void server_check_state(Handshake_Type new_msg, Handshake_State* state)
TLS_Server::TLS_Server(RandomNumberGenerator& r,
Socket& sock, const X509_Certificate& cert,
const Private_Key& key, const TLS_Policy* pol) :
- rng(r), writer(sock), reader(sock), policy(pol ? pol : new TLS_Policy)
+ rng(r), peer(sock),
+ writer(sock), policy(pol ? pol : new TLS_Policy)
{
peer_id = sock.peer_id();
@@ -112,7 +113,8 @@ TLS_Server::TLS_Server(RandomNumberGenerator& r,
}
writer.alert(FATAL, HANDSHAKE_FAILURE);
- throw Stream_IO_Error("TLS_Server: Handshake failed");
+ throw Stream_IO_Error(std::string("TLS_Server: Handshake failed: ") +
+ e.what());
}
}
@@ -207,8 +209,26 @@ void TLS_Server::close(Alert_Level level, Alert_Type alert_code)
*/
void TLS_Server::state_machine()
{
- byte rec_type;
- SecureVector<byte> record = reader.get_record(rec_type);
+ byte rec_type = CONNECTION_CLOSED;
+ SecureVector<byte> record(1024);
+
+ u32bit bytes_needed = reader.get_record(rec_type, record);
+
+ while(bytes_needed)
+ {
+ u32bit to_get = std::min<u32bit>(record.size(), bytes_needed);
+ u32bit got = peer.read(&record[0], to_get);
+
+ if(got == 0)
+ {
+ rec_type = CONNECTION_CLOSED;
+ break;
+ }
+
+ reader.add_input(&record[0], got);
+
+ bytes_needed = reader.get_record(rec_type, record);
+ }
if(rec_type == CONNECTION_CLOSED)
{
@@ -250,7 +270,11 @@ void TLS_Server::read_handshake(byte rec_type,
const MemoryRegion<byte>& rec_buf)
{
if(rec_type == HANDSHAKE)
+ {
+ if(!state)
+ state = new Handshake_State;
state->queue.write(rec_buf, rec_buf.size());
+ }
while(true)
{
@@ -301,14 +325,6 @@ void TLS_Server::read_handshake(byte rec_type,
void TLS_Server::process_handshake_msg(Handshake_Type type,
const MemoryRegion<byte>& contents)
{
- if(type == CLIENT_HELLO)
- {
- if(state == 0)
- state = new Handshake_State();
- else
- return;
- }
-
if(state == 0)
throw Unexpected_Message("Unexpected handshake message");
@@ -327,6 +343,8 @@ void TLS_Server::process_handshake_msg(Handshake_Type type,
state->client_hello = new Client_Hello(contents);
+ client_requested_hostname = state->client_hello->hostname();
+
state->version = choose_version(state->client_hello->version(),
policy->min_version());
diff --git a/src/ssl/tls_server.h b/src/ssl/tls_server.h
index 683c3413a..5cf830a64 100644
--- a/src/ssl/tls_server.h
+++ b/src/ssl/tls_server.h
@@ -26,6 +26,9 @@ class BOTAN_DLL TLS_Server : public TLS_Connection
std::vector<X509_Certificate> peer_cert_chain() const;
+ std::string requested_hostname() const
+ { return client_requested_hostname; }
+
void close();
bool is_closed() const;
@@ -49,6 +52,8 @@ class BOTAN_DLL TLS_Server : public TLS_Connection
RandomNumberGenerator& rng;
+ Socket& peer;
+
Record_Writer writer;
Record_Reader reader;
const TLS_Policy* policy;
@@ -61,6 +66,7 @@ class BOTAN_DLL TLS_Server : public TLS_Connection
SecureVector<byte> session_id;
SecureQueue read_buf;
std::string peer_id;
+ std::string client_requested_hostname;
bool active;
};
diff --git a/src/ssl/tls_session_key.cpp b/src/ssl/tls_session_key.cpp
index 83c06ba07..13575adac 100644
--- a/src/ssl/tls_session_key.cpp
+++ b/src/ssl/tls_session_key.cpp
@@ -131,7 +131,7 @@ SessionKeys::SessionKeys(const CipherSuite& suite, Version_Code version,
const MemoryRegion<byte>& c_random,
const MemoryRegion<byte>& s_random)
{
- if(version != SSL_V3 && version != TLS_V10)
+ if(version != SSL_V3 && version != TLS_V10 && version != TLS_V11)
throw Invalid_Argument("SessionKeys: Unknown version code");
const u32bit mac_keylen = output_length_of(suite.mac_algo());
diff --git a/src/ssl/unix_socket/unx_sock.cpp b/src/ssl/unix_socket/unx_sock.cpp
index 0552a33b6..f9d9629fb 100644
--- a/src/ssl/unix_socket/unx_sock.cpp
+++ b/src/ssl/unix_socket/unx_sock.cpp
@@ -64,12 +64,12 @@ Unix_Socket::Unix_Socket(int fd, const std::string& peer_id)
/**
* Read from a Unix socket
*/
-u32bit Unix_Socket::read(byte buf[], u32bit length)
+size_t Unix_Socket::read(byte buf[], size_t length)
{
if(sockfd == -1)
throw Stream_IO_Error("Unix_Socket::read: Socket not connected");
- u32bit got = 0;
+ size_t got = 0;
while(length)
{
@@ -95,12 +95,12 @@ u32bit Unix_Socket::read(byte buf[], u32bit length)
/**
* Write to a Unix socket
*/
-void Unix_Socket::write(const byte buf[], u32bit length)
+void Unix_Socket::write(const byte buf[], size_t length)
{
if(sockfd == -1)
throw Stream_IO_Error("Unix_Socket::write: Socket not connected");
- u32bit offset = 0;
+ size_t offset = 0;
while(length)
{
ssize_t sent = ::send(sockfd, buf + offset, length, MSG_NOSIGNAL);
diff --git a/src/ssl/unix_socket/unx_sock.h b/src/ssl/unix_socket/unx_sock.h
index c1ff53ae3..58c7ada69 100644
--- a/src/ssl/unix_socket/unx_sock.h
+++ b/src/ssl/unix_socket/unx_sock.h
@@ -28,8 +28,8 @@ namespace Botan {
class BOTAN_DLL Unix_Socket : public Socket
{
public:
- u32bit read(byte[], u32bit);
- void write(const byte[], u32bit);
+ size_t read(byte[], size_t);
+ void write(const byte[], size_t);
std::string peer_id() const;