diff options
author | lloyd <[email protected]> | 2012-03-16 17:47:58 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-03-16 17:47:58 +0000 |
commit | b1238320b591bced237ab08bd32713c59d18525a (patch) | |
tree | 46cf73f2961e59054bda3f76bd57661e56a6a743 /src/tls | |
parent | 79119349636d195f8787384b72a7fc3f6935d784 (diff) |
Various merge fixups.
Use AES-256 so we don't encrypt session tickets with a weaker algo
than the ciphersuites.
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/c_hello.cpp | 47 | ||||
-rw-r--r-- | src/tls/tls_extensions.h | 11 | ||||
-rw-r--r-- | src/tls/tls_messages.h | 8 | ||||
-rw-r--r-- | src/tls/tls_session.cpp | 33 | ||||
-rw-r--r-- | src/tls/tls_session.h | 6 |
5 files changed, 58 insertions, 47 deletions
diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index e0fce03b5..1d02986ac 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -71,6 +71,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, m_next_protocol(next_protocol), m_fragment_size(0), m_secure_renegotiation(true), + m_supports_session_ticket(true), m_renegotiation_info(reneg_info) { std::vector<std::string> hashes = policy.allowed_hashes(); @@ -86,7 +87,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, } /* -* Create a new Client Hello message +* Create a new Client Hello message (session resumption case) */ Client_Hello::Client_Hello(Record_Writer& writer, Handshake_Hash& hash, @@ -100,7 +101,8 @@ Client_Hello::Client_Hello(Record_Writer& writer, m_srp_identifier(session.srp_identifier()), m_next_protocol(next_protocol), m_fragment_size(session.fragment_size()), - m_secure_renegotiation(session.secure_renegotiation()) + m_secure_renegotiation(session.secure_renegotiation()), + m_supports_session_ticket(true) { m_suites.push_back(session.ciphersuite_code()); m_comp_methods.push_back(session.compression_method()); @@ -110,10 +112,14 @@ Client_Hello::Client_Hello(Record_Writer& writer, hash.update(writer.send(*this)); } +/* +* Read a counterparty client hello +*/ Client_Hello::Client_Hello(const MemoryRegion<byte>& buf, Handshake_Type type) { m_next_protocol = false; m_secure_renegotiation = false; + m_supports_session_ticket = false; m_fragment_size = 0; if(type == CLIENT_HELLO) @@ -207,10 +213,6 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf) m_secure_renegotiation = value_exists(m_suites, static_cast<u16bit>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)); - - m_fragment_size = 0; - m_next_protocol = false; - m_supports_session_ticket = false; } /* @@ -304,21 +306,24 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf) m_supported_algos.push_back(std::make_pair("SHA-1", "DSA")); m_supported_algos.push_back(std::make_pair("SHA-1", "ECDSA")); } - else if(Maximum_Fragment_Length* frag = dynamic_cast<Maximum_Fragment_Length*>(extn)) - { - m_fragment_size = frag->fragment_size(); - } - else if(Session_Ticket* ticket = dynamic_cast<Session_Ticket*>(extn)) - { - m_supports_session_ticket = true; - m_session_ticket = ticket->contents(); - } - else if(Renegotation_Extension* reneg = dynamic_cast<Renegotation_Extension*>(extn)) - { - // checked by TLS_Client / TLS_Server as they know the handshake state - m_secure_renegotiation = true; - m_renegotiation_info = reneg->renegotiation_info(); - } + } + + if(Maximum_Fragment_Length* frag = extensions.get<Maximum_Fragment_Length>()) + { + m_fragment_size = frag->fragment_size(); + } + + if(Session_Ticket* ticket = extensions.get<Session_Ticket>()) + { + m_supports_session_ticket = true; + m_session_ticket = ticket->contents(); + } + + if(Renegotation_Extension* reneg = extensions.get<Renegotation_Extension>()) + { + // checked by TLS_Client / TLS_Server as they know the handshake state + m_secure_renegotiation = true; + m_renegotiation_info = reneg->renegotiation_info(); } if(value_exists(m_suites, static_cast<u16bit>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV))) diff --git a/src/tls/tls_extensions.h b/src/tls/tls_extensions.h index a9e85221e..1adb7f72b 100644 --- a/src/tls/tls_extensions.h +++ b/src/tls/tls_extensions.h @@ -210,12 +210,14 @@ class Next_Protocol_Notification : public Extension std::vector<std::string> m_protocols; }; -class Session_Ticket : public TLS_Extension +class Session_Ticket : public Extension { public: - TLS_Handshake_Extension_Type type() const + static Handshake_Extension_Type static_type() { return TLSEXT_SESSION_TICKET; } + Handshake_Extension_Type type() const { return static_type(); } + const MemoryVector<byte>& contents() const { return m_contents; } /** @@ -232,7 +234,10 @@ class Session_Ticket : public TLS_Extension /** * Deserialize a session ticket */ - Session_Ticket(const TLS_Data_Reader& reader, u16bit extension_size); + Session_Ticket(const TLS_Data_Reader& reader, u16bit extension_size) + { + // FIXME + } MemoryVector<byte> serialize() const { return m_contents; } diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index 617b03813..baee610d9 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -467,13 +467,13 @@ class New_Session_Ticket : public Handshake_Message public: Handshake_Type type() const { return NEW_SESSION_TICKET; } - static TLS_Session decrypt(const MemoryRegion<byte>& ctext, - const SymmetricKey& key, - const MemoryRegion<byte>& key_name); + static Session decrypt(const MemoryRegion<byte>& ctext, + const SymmetricKey& key, + const MemoryRegion<byte>& key_name); const MemoryVector<byte>& contents() const { return m_contents; } - New_Session_Ticket(const TLS_Session& session_info, + New_Session_Ticket(const Session& session_info, const SymmetricKey& key, const MemoryRegion<byte>& key_name, RandomNumberGenerator& rng); diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp index f8e686a4a..41d4a662d 100644 --- a/src/tls/tls_session.cpp +++ b/src/tls/tls_session.cpp @@ -128,23 +128,21 @@ std::string Session::PEM_encode() const return PEM_Code::encode(this->DER_encode(), "SSL SESSION"); } -} - MemoryVector<byte> -TLS_Session::encrypt(const SymmetricKey& master_key, - const MemoryRegion<byte>& key_name, - RandomNumberGenerator& rng) +Session::encrypt(const SymmetricKey& master_key, + const MemoryRegion<byte>& key_name, + RandomNumberGenerator& rng) { if(key_name.size() != 16) throw Encoding_Error("Bad length " + to_string(key_name.size()) + " for key_name in TLS_Session::encrypt"); if(master_key.length() == 0) - throw Decoding_Error("TLS_Session master_key not set"); + throw Decoding_Error("Session master_key not set"); std::auto_ptr<KDF> kdf(get_kdf("KDF2(SHA-256)")); - SymmetricKey aes_key = kdf->derive_key(16, master_key.bits_of(), + SymmetricKey aes_key = kdf->derive_key(32, master_key.bits_of(), "session-ticket.cipher-key"); SymmetricKey hmac_key = kdf->derive_key(32, master_key.bits_of(), @@ -155,8 +153,8 @@ TLS_Session::encrypt(const SymmetricKey& master_key, std::auto_ptr<MessageAuthenticationCode> mac(get_mac("HMAC(SHA-256)")); mac->set_key(hmac_key); - Pipe pipe(get_cipher("AES-128/CBC", aes_key, aes_iv, ENCRYPTION)); - pipe.process_msg(BER_encode()); + Pipe pipe(get_cipher("AES-256/CBC", aes_key, aes_iv, ENCRYPTION)); + pipe.process_msg(this->DER_encode()); MemoryVector<byte> ctext = pipe.read_all(0); MemoryVector<byte> out; @@ -170,9 +168,9 @@ TLS_Session::encrypt(const SymmetricKey& master_key, return out; } -TLS_Session TLS_Session::decrypt(const MemoryRegion<byte>& buf, - const SymmetricKey& master_key, - const MemoryRegion<byte>& key_name) +Session Session::decrypt(const MemoryRegion<byte>& buf, + const SymmetricKey& master_key, + const MemoryRegion<byte>& key_name) { try { @@ -180,7 +178,7 @@ TLS_Session TLS_Session::decrypt(const MemoryRegion<byte>& buf, throw Decoding_Error("Encrypted TLS_Session too short to be real"); if(master_key.length() == 0) - throw Decoding_Error("TLS_Session master_key not set"); + throw Decoding_Error("Session master_key not set"); if(key_name.size() != 16) throw Decoding_Error("Bad length " + to_string(key_name.size()) + @@ -200,16 +198,16 @@ TLS_Session TLS_Session::decrypt(const MemoryRegion<byte>& buf, if(!same_mem(&buf[buf.size() - 32], &computed_mac[0], computed_mac.size())) throw Decoding_Error("MAC verification failed"); - SymmetricKey aes_key = kdf->derive_key(16, master_key.bits_of(), + SymmetricKey aes_key = kdf->derive_key(32, master_key.bits_of(), "session-ticket.cipher-key"); InitializationVector aes_iv(&buf[16], 16); - Pipe pipe(get_cipher("AES-128/CBC", aes_key, aes_iv, DECRYPTION)); + Pipe pipe(get_cipher("AES-256/CBC", aes_key, aes_iv, DECRYPTION)); pipe.process_msg(&buf[16], buf.size() - (16 + 32)); MemoryVector<byte> ber = pipe.read_all(); - return TLS_Session(&ber[0], ber.size()); + return Session(&ber[0], ber.size()); } catch(...) { @@ -218,3 +216,6 @@ TLS_Session TLS_Session::decrypt(const MemoryRegion<byte>& buf, } } + +} + diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index 40aaee278..64a83367e 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -78,9 +78,9 @@ class BOTAN_DLL Session const MemoryRegion<byte>& key_name, RandomNumberGenerator& rng); - static TLS_Session decrypt(const MemoryRegion<byte>& ctext, - const SymmetricKey& key, - const MemoryRegion<byte>& key_name); + static Session decrypt(const MemoryRegion<byte>& ctext, + const SymmetricKey& key, + const MemoryRegion<byte>& key_name); /** * Encode this session data for storage |