Run MAC as standalone object instead of running it through a Pipe at

record layer.
author: lloyd <[email protected]> 2010-10-19 04:39:26 +0000
committer: lloyd <[email protected]> 2010-10-19 04:39:26 +0000
commit: 221f9bd1469de9248b0233d366cdc2f0613fc182 (patch)
tree: 5235110a35cabb937e35f2f6b3a3d96b736aed1d /src
parent: 62de0178bcf2933be7c62af47490ea48dee8bc3e (diff)
3 files changed, 56 insertions, 48 deletions
diff --git a/src/ssl/rec_read.cpp b/src/ssl/rec_read.cpp
index e34359862..042aae0c9 100644
--- a/src/ssl/rec_read.cpp
+++ b/src/ssl/rec_read.cpp
@@ -17,7 +17,10 @@ namespace Botan {
 void Record_Reader::reset()
    {
    cipher.reset();
-   mac.reset();
+
+   delete mac;
+   mac = 0;
+
    mac_size = 0;
    block_size = 0;
    iv_size = 0;
@@ -44,7 +47,8 @@ void Record_Reader::set_keys(const CipherSuite& suite, const SessionKeys& keys,
                              Connection_Side side)
    {
    cipher.reset();
-   mac.reset();
+   delete mac;
+   mac = 0;
 
    SymmetricKey mac_key, cipher_key;
    InitializationVector iv;
@@ -89,12 +93,15 @@ void Record_Reader::set_keys(const CipherSuite& suite, const SessionKeys& keys,
 
    if(have_hash(mac_algo))
       {
+      Algorithm_Factory& af = global_state().algorithm_factory();
+
       if(major == 3 && minor == 0)
-         mac.append(new MAC_Filter("SSL3-MAC(" + mac_algo + ")", mac_key));
+         mac = af.make_mac("SSL3-MAC(" + mac_algo + ")");
       else
-         mac.append(new MAC_Filter("HMAC(" + mac_algo + ")", mac_key));
+         mac = af.make_mac("HMAC(" + mac_algo + ")");
 
-      mac_size = output_length_of(mac_algo);
+      mac->set_key(mac_key);
+      mac_size = mac->output_length();
       }
    else
       throw Invalid_Argument("Record_Reader: Unknown hash " + mac_algo);
@@ -221,23 +228,19 @@ size_t Record_Reader::get_record(byte& msg_type,
 
    const u16bit plain_length = plaintext.size() - (mac_size + pad_size + iv_size);
 
-   mac.start_msg();
-   for(size_t i = 0; i != 8; ++i)
-      mac.write(get_byte(i, seq_no));
-   mac.write(header[0]); // msg_type
+   mac->update_be(seq_no);
+   mac->update(header[0]); // msg_type
 
    if(version != SSL_V3)
       for(size_t i = 0; i != 2; ++i)
-         mac.write(get_byte(i, version));
+         mac->update(get_byte(i, version));
 
-   for(size_t i = 0; i != 2; ++i)
-      mac.write(get_byte(i, plain_length));
-   mac.write(&plaintext[iv_size], plain_length);
-   mac.end_msg();
+   mac->update_be(plain_length);
+   mac->update(&plaintext[iv_size], plain_length);
 
    ++seq_no;
 
-   SecureVector<byte> computed_mac = mac.read_all(Pipe::LAST_MESSAGE);
+   SecureVector<byte> computed_mac = mac->final();
 
    if(recieved_mac != computed_mac)
       throw TLS_Exception(BAD_RECORD_MAC, "Record_Reader: MAC failure");
diff --git a/src/ssl/rec_wri.cpp b/src/ssl/rec_wri.cpp
index 57eb62f6e..f3525a7d1 100644
--- a/src/ssl/rec_wri.cpp
+++ b/src/ssl/rec_wri.cpp
@@ -19,6 +19,7 @@ namespace Botan {
 Record_Writer::Record_Writer(Socket& sock) :
    socket(sock), buffer(DEFAULT_BUFFERSIZE)
    {
+   mac = 0;
    reset();
    }
 
@@ -28,7 +29,9 @@ Record_Writer::Record_Writer(Socket& sock) :
 void Record_Writer::reset()
    {
    cipher.reset();
-   mac.reset();
+
+   delete mac;
+   mac = 0;
 
    zeroise(buffer);
    buf_pos = 0;
@@ -60,7 +63,8 @@ void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys,
                              Connection_Side side)
    {
    cipher.reset();
-   mac.reset();
+   delete mac;
+   mac = 0;
 
    SymmetricKey mac_key, cipher_key;
    InitializationVector iv;
@@ -105,12 +109,15 @@ void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys,
 
    if(have_hash(mac_algo))
       {
+      Algorithm_Factory& af = global_state().algorithm_factory();
+
       if(major == 3 && minor == 0)
-         mac.append(new MAC_Filter("SSL3-MAC(" + mac_algo + ")", mac_key));
+         mac = af.make_mac("SSL3-MAC(" + mac_algo + ")");
       else
-         mac.append(new MAC_Filter("HMAC(" + mac_algo + ")", mac_key));
+         mac = af.make_mac("HMAC(" + mac_algo + ")");
 
-      mac_size = output_length_of(mac_algo);
+      mac->set_key(mac_key);
+      mac_size = mac->output_length();
       }
    else
       throw Invalid_Argument("Record_Writer: Unknown hash " + mac_algo);
@@ -119,14 +126,6 @@ void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys,
 /**
 * Send one or more records to the other side
 */
-void Record_Writer::send(byte type, byte input)
-   {
-   send(type, &input, 1);
-   }
-
-/**
-* Send one or more records to the other side
-*/
 void Record_Writer::send(byte type, const byte input[], size_t length)
    {
    if(type != buf_type)
@@ -189,26 +188,23 @@ void Record_Writer::send_record(byte type, const byte buf[], size_t length)
       send_record(type, major, minor, buf, length);
    else
       {
-      mac.start_msg();
-      for(size_t i = 0; i != 8; ++i)
-         mac.write(get_byte(i, seq_no));
-      mac.write(type);
+
+      mac->update_be(seq_no);
+      mac->update(type);
 
       if(major > 3 || (major == 3 && minor != 0))
          {
-         mac.write(major);
-         mac.write(minor);
+         mac->update(major);
+         mac->update(minor);
          }
 
-      mac.write(get_byte<u16bit>(0, length));
-      mac.write(get_byte<u16bit>(1, length));
-      mac.write(buf, length);
-      mac.end_msg();
+      mac->update(get_byte<u16bit>(0, length));
+      mac->update(get_byte<u16bit>(1, length));
+      mac->update(buf, length);
 
-      // TODO: This could all use a single buffer
-
-      SecureVector<byte> buf_mac = mac.read_all(Pipe::LAST_MESSAGE);
+      SecureVector<byte> buf_mac = mac->final();
 
+      // TODO: This could all use a single buffer
       cipher.start_msg();
 
       if(iv_size)
diff --git a/src/ssl/tls_record.h b/src/ssl/tls_record.h
index d39f1b557..7ad866c6e 100644
--- a/src/ssl/tls_record.h
+++ b/src/ssl/tls_record.h
@@ -12,6 +12,7 @@
 #include <botan/tls_suites.h>
 #include <botan/socket.h>
 #include <botan/pipe.h>
+#include <botan/mac.h>
 #include <botan/secqueue.h>
 #include <vector>
 
@@ -23,8 +24,9 @@ namespace Botan {
 class BOTAN_DLL Record_Writer
    {
    public:
-      void send(byte, const byte[], size_t);
-      void send(byte, byte);
+      void send(byte type, const byte input[], size_t length);
+      void send(byte type, byte val) { send(type, &val, 1); }
+
       void flush();
 
       void alert(Alert_Level, Alert_Type);
@@ -37,12 +39,16 @@ class BOTAN_DLL Record_Writer
 
       Record_Writer(Socket& socket);
 
+      ~Record_Writer() { delete mac; }
    private:
-      void send_record(byte, const byte[], size_t);
-      void send_record(byte, byte, byte, const byte[], size_t);
+      void send_record(byte type, const byte input[], size_t length);
+      void send_record(byte type, byte major, byte minor,
+                       const byte input[], size_t length);
 
       Socket& socket;
-      Pipe cipher, mac;
+      Pipe cipher;
+      MessageAuthenticationCode* mac;
+
       SecureVector<byte> buffer;
       size_t buf_pos;
 
@@ -78,11 +84,14 @@ class BOTAN_DLL Record_Reader
 
       void reset();
 
-      Record_Reader() { reset(); }
+      Record_Reader() { mac = 0; reset(); }
+
+      ~Record_Reader() { delete mac; }
    private:
       SecureQueue input_queue;
 
-      Pipe cipher, mac;
+      Pipe cipher;
+      MessageAuthenticationCode* mac;
       size_t block_size, mac_size, iv_size;
       u64bit seq_no;
       byte major, minor;
author	lloyd <[email protected]>	2010-10-19 04:39:26 +0000
committer	lloyd <[email protected]>	2010-10-19 04:39:26 +0000
commit	221f9bd1469de9248b0233d366cdc2f0613fc182 (patch)
tree	5235110a35cabb937e35f2f6b3a3d96b736aed1d /src
parent	62de0178bcf2933be7c62af47490ea48dee8bc3e (diff)