aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-03-16 17:47:58 +0000
committerlloyd <[email protected]>2012-03-16 17:47:58 +0000
commitb1238320b591bced237ab08bd32713c59d18525a (patch)
tree46cf73f2961e59054bda3f76bd57661e56a6a743 /src/tls
parent79119349636d195f8787384b72a7fc3f6935d784 (diff)
Various merge fixups.
Use AES-256 so we don't encrypt session tickets with a weaker algo than the ciphersuites.
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/c_hello.cpp47
-rw-r--r--src/tls/tls_extensions.h11
-rw-r--r--src/tls/tls_messages.h8
-rw-r--r--src/tls/tls_session.cpp33
-rw-r--r--src/tls/tls_session.h6
5 files changed, 58 insertions, 47 deletions
diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp
index e0fce03b5..1d02986ac 100644
--- a/src/tls/c_hello.cpp
+++ b/src/tls/c_hello.cpp
@@ -71,6 +71,7 @@ Client_Hello::Client_Hello(Record_Writer& writer,
m_next_protocol(next_protocol),
m_fragment_size(0),
m_secure_renegotiation(true),
+ m_supports_session_ticket(true),
m_renegotiation_info(reneg_info)
{
std::vector<std::string> hashes = policy.allowed_hashes();
@@ -86,7 +87,7 @@ Client_Hello::Client_Hello(Record_Writer& writer,
}
/*
-* Create a new Client Hello message
+* Create a new Client Hello message (session resumption case)
*/
Client_Hello::Client_Hello(Record_Writer& writer,
Handshake_Hash& hash,
@@ -100,7 +101,8 @@ Client_Hello::Client_Hello(Record_Writer& writer,
m_srp_identifier(session.srp_identifier()),
m_next_protocol(next_protocol),
m_fragment_size(session.fragment_size()),
- m_secure_renegotiation(session.secure_renegotiation())
+ m_secure_renegotiation(session.secure_renegotiation()),
+ m_supports_session_ticket(true)
{
m_suites.push_back(session.ciphersuite_code());
m_comp_methods.push_back(session.compression_method());
@@ -110,10 +112,14 @@ Client_Hello::Client_Hello(Record_Writer& writer,
hash.update(writer.send(*this));
}
+/*
+* Read a counterparty client hello
+*/
Client_Hello::Client_Hello(const MemoryRegion<byte>& buf, Handshake_Type type)
{
m_next_protocol = false;
m_secure_renegotiation = false;
+ m_supports_session_ticket = false;
m_fragment_size = 0;
if(type == CLIENT_HELLO)
@@ -207,10 +213,6 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion<byte>& buf)
m_secure_renegotiation =
value_exists(m_suites, static_cast<u16bit>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV));
-
- m_fragment_size = 0;
- m_next_protocol = false;
- m_supports_session_ticket = false;
}
/*
@@ -304,21 +306,24 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf)
m_supported_algos.push_back(std::make_pair("SHA-1", "DSA"));
m_supported_algos.push_back(std::make_pair("SHA-1", "ECDSA"));
}
- else if(Maximum_Fragment_Length* frag = dynamic_cast<Maximum_Fragment_Length*>(extn))
- {
- m_fragment_size = frag->fragment_size();
- }
- else if(Session_Ticket* ticket = dynamic_cast<Session_Ticket*>(extn))
- {
- m_supports_session_ticket = true;
- m_session_ticket = ticket->contents();
- }
- else if(Renegotation_Extension* reneg = dynamic_cast<Renegotation_Extension*>(extn))
- {
- // checked by TLS_Client / TLS_Server as they know the handshake state
- m_secure_renegotiation = true;
- m_renegotiation_info = reneg->renegotiation_info();
- }
+ }
+
+ if(Maximum_Fragment_Length* frag = extensions.get<Maximum_Fragment_Length>())
+ {
+ m_fragment_size = frag->fragment_size();
+ }
+
+ if(Session_Ticket* ticket = extensions.get<Session_Ticket>())
+ {
+ m_supports_session_ticket = true;
+ m_session_ticket = ticket->contents();
+ }
+
+ if(Renegotation_Extension* reneg = extensions.get<Renegotation_Extension>())
+ {
+ // checked by TLS_Client / TLS_Server as they know the handshake state
+ m_secure_renegotiation = true;
+ m_renegotiation_info = reneg->renegotiation_info();
}
if(value_exists(m_suites, static_cast<u16bit>(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)))
diff --git a/src/tls/tls_extensions.h b/src/tls/tls_extensions.h
index a9e85221e..1adb7f72b 100644
--- a/src/tls/tls_extensions.h
+++ b/src/tls/tls_extensions.h
@@ -210,12 +210,14 @@ class Next_Protocol_Notification : public Extension
std::vector<std::string> m_protocols;
};
-class Session_Ticket : public TLS_Extension
+class Session_Ticket : public Extension
{
public:
- TLS_Handshake_Extension_Type type() const
+ static Handshake_Extension_Type static_type()
{ return TLSEXT_SESSION_TICKET; }
+ Handshake_Extension_Type type() const { return static_type(); }
+
const MemoryVector<byte>& contents() const { return m_contents; }
/**
@@ -232,7 +234,10 @@ class Session_Ticket : public TLS_Extension
/**
* Deserialize a session ticket
*/
- Session_Ticket(const TLS_Data_Reader& reader, u16bit extension_size);
+ Session_Ticket(const TLS_Data_Reader& reader, u16bit extension_size)
+ {
+ // FIXME
+ }
MemoryVector<byte> serialize() const { return m_contents; }
diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h
index 617b03813..baee610d9 100644
--- a/src/tls/tls_messages.h
+++ b/src/tls/tls_messages.h
@@ -467,13 +467,13 @@ class New_Session_Ticket : public Handshake_Message
public:
Handshake_Type type() const { return NEW_SESSION_TICKET; }
- static TLS_Session decrypt(const MemoryRegion<byte>& ctext,
- const SymmetricKey& key,
- const MemoryRegion<byte>& key_name);
+ static Session decrypt(const MemoryRegion<byte>& ctext,
+ const SymmetricKey& key,
+ const MemoryRegion<byte>& key_name);
const MemoryVector<byte>& contents() const { return m_contents; }
- New_Session_Ticket(const TLS_Session& session_info,
+ New_Session_Ticket(const Session& session_info,
const SymmetricKey& key,
const MemoryRegion<byte>& key_name,
RandomNumberGenerator& rng);
diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp
index f8e686a4a..41d4a662d 100644
--- a/src/tls/tls_session.cpp
+++ b/src/tls/tls_session.cpp
@@ -128,23 +128,21 @@ std::string Session::PEM_encode() const
return PEM_Code::encode(this->DER_encode(), "SSL SESSION");
}
-}
-
MemoryVector<byte>
-TLS_Session::encrypt(const SymmetricKey& master_key,
- const MemoryRegion<byte>& key_name,
- RandomNumberGenerator& rng)
+Session::encrypt(const SymmetricKey& master_key,
+ const MemoryRegion<byte>& key_name,
+ RandomNumberGenerator& rng)
{
if(key_name.size() != 16)
throw Encoding_Error("Bad length " + to_string(key_name.size()) +
" for key_name in TLS_Session::encrypt");
if(master_key.length() == 0)
- throw Decoding_Error("TLS_Session master_key not set");
+ throw Decoding_Error("Session master_key not set");
std::auto_ptr<KDF> kdf(get_kdf("KDF2(SHA-256)"));
- SymmetricKey aes_key = kdf->derive_key(16, master_key.bits_of(),
+ SymmetricKey aes_key = kdf->derive_key(32, master_key.bits_of(),
"session-ticket.cipher-key");
SymmetricKey hmac_key = kdf->derive_key(32, master_key.bits_of(),
@@ -155,8 +153,8 @@ TLS_Session::encrypt(const SymmetricKey& master_key,
std::auto_ptr<MessageAuthenticationCode> mac(get_mac("HMAC(SHA-256)"));
mac->set_key(hmac_key);
- Pipe pipe(get_cipher("AES-128/CBC", aes_key, aes_iv, ENCRYPTION));
- pipe.process_msg(BER_encode());
+ Pipe pipe(get_cipher("AES-256/CBC", aes_key, aes_iv, ENCRYPTION));
+ pipe.process_msg(this->DER_encode());
MemoryVector<byte> ctext = pipe.read_all(0);
MemoryVector<byte> out;
@@ -170,9 +168,9 @@ TLS_Session::encrypt(const SymmetricKey& master_key,
return out;
}
-TLS_Session TLS_Session::decrypt(const MemoryRegion<byte>& buf,
- const SymmetricKey& master_key,
- const MemoryRegion<byte>& key_name)
+Session Session::decrypt(const MemoryRegion<byte>& buf,
+ const SymmetricKey& master_key,
+ const MemoryRegion<byte>& key_name)
{
try
{
@@ -180,7 +178,7 @@ TLS_Session TLS_Session::decrypt(const MemoryRegion<byte>& buf,
throw Decoding_Error("Encrypted TLS_Session too short to be real");
if(master_key.length() == 0)
- throw Decoding_Error("TLS_Session master_key not set");
+ throw Decoding_Error("Session master_key not set");
if(key_name.size() != 16)
throw Decoding_Error("Bad length " + to_string(key_name.size()) +
@@ -200,16 +198,16 @@ TLS_Session TLS_Session::decrypt(const MemoryRegion<byte>& buf,
if(!same_mem(&buf[buf.size() - 32], &computed_mac[0], computed_mac.size()))
throw Decoding_Error("MAC verification failed");
- SymmetricKey aes_key = kdf->derive_key(16, master_key.bits_of(),
+ SymmetricKey aes_key = kdf->derive_key(32, master_key.bits_of(),
"session-ticket.cipher-key");
InitializationVector aes_iv(&buf[16], 16);
- Pipe pipe(get_cipher("AES-128/CBC", aes_key, aes_iv, DECRYPTION));
+ Pipe pipe(get_cipher("AES-256/CBC", aes_key, aes_iv, DECRYPTION));
pipe.process_msg(&buf[16], buf.size() - (16 + 32));
MemoryVector<byte> ber = pipe.read_all();
- return TLS_Session(&ber[0], ber.size());
+ return Session(&ber[0], ber.size());
}
catch(...)
{
@@ -218,3 +216,6 @@ TLS_Session TLS_Session::decrypt(const MemoryRegion<byte>& buf,
}
}
+
+}
+
diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h
index 40aaee278..64a83367e 100644
--- a/src/tls/tls_session.h
+++ b/src/tls/tls_session.h
@@ -78,9 +78,9 @@ class BOTAN_DLL Session
const MemoryRegion<byte>& key_name,
RandomNumberGenerator& rng);
- static TLS_Session decrypt(const MemoryRegion<byte>& ctext,
- const SymmetricKey& key,
- const MemoryRegion<byte>& key_name);
+ static Session decrypt(const MemoryRegion<byte>& ctext,
+ const SymmetricKey& key,
+ const MemoryRegion<byte>& key_name);
/**
* Encode this session data for storage