aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-09-04 21:36:47 +0000
committerlloyd <[email protected]>2012-09-04 21:36:47 +0000
commitc55c18691fe4f39f324a17717099ed20e15b84b5 (patch)
tree45c318a913e62594febf26dde172e8860370559a /src
parent1141af65915a10910fec5f00afc9a83cf89685c6 (diff)
Distinguish read and write specific objects
Diffstat (limited to 'src')
-rw-r--r--src/tls/rec_read.cpp58
-rw-r--r--src/tls/rec_wri.cpp57
-rw-r--r--src/tls/tls_record.h15
3 files changed, 65 insertions, 65 deletions
diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp
index 96fd9fb8e..cb99955e1 100644
--- a/src/tls/rec_read.cpp
+++ b/src/tls/rec_read.cpp
@@ -33,14 +33,14 @@ void Record_Reader::reset()
zeroise(m_readbuf);
m_readbuf_pos = 0;
- m_cipher.reset();
+ m_read_cipher.reset();
- m_mac.reset();
+ m_read_mac.reset();
m_block_size = 0;
m_iv_size = 0;
m_version = Protocol_Version();
- m_seq_no = 0;
+ m_read_seq_no = 0;
set_maximum_fragment_size(0);
}
@@ -73,9 +73,9 @@ void Record_Reader::change_cipher_spec(Connection_Side side,
const Session_Keys& keys,
byte compression_method)
{
- m_cipher.reset();
- m_mac.reset();
- m_seq_no = 0;
+ m_read_cipher.reset();
+ m_read_mac.reset();
+ m_read_seq_no = 0;
if(compression_method != NO_COMPRESSION)
throw Internal_Error("Negotiated unknown compression algorithm");
@@ -101,7 +101,7 @@ void Record_Reader::change_cipher_spec(Connection_Side side,
if(have_block_cipher(cipher_algo))
{
- m_cipher.append(get_cipher(
+ m_read_cipher.append(get_cipher(
cipher_algo + "/CBC/NoPadding",
cipher_key, iv, DECRYPTION)
);
@@ -114,7 +114,7 @@ void Record_Reader::change_cipher_spec(Connection_Side side,
}
else if(have_stream_cipher(cipher_algo))
{
- m_cipher.append(get_cipher(cipher_algo, cipher_key, DECRYPTION));
+ m_read_cipher.append(get_cipher(cipher_algo, cipher_key, DECRYPTION));
m_block_size = 0;
m_iv_size = 0;
}
@@ -126,12 +126,12 @@ void Record_Reader::change_cipher_spec(Connection_Side side,
Algorithm_Factory& af = global_state().algorithm_factory();
if(m_version == Protocol_Version::SSL_V3)
- m_mac.reset(af.make_mac("SSL3-MAC(" + mac_algo + ")"));
+ m_read_mac.reset(af.make_mac("SSL3-MAC(" + mac_algo + ")"));
else
- m_mac.reset(af.make_mac("HMAC(" + mac_algo + ")"));
+ m_read_mac.reset(af.make_mac("HMAC(" + mac_algo + ")"));
- m_mac->set_key(mac_key);
- m_macbuf.resize(m_mac->output_length());
+ m_read_mac->set_key(mac_key);
+ m_macbuf.resize(m_read_mac->output_length());
}
else
throw Invalid_Argument("Record_Reader: Unknown hash " + mac_algo);
@@ -236,7 +236,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz,
}
// Possible SSLv2 format client hello
- if((!m_mac) && (m_readbuf[0] & 0x80) && (m_readbuf[2] == 1))
+ if((!m_read_mac) && (m_readbuf[0] & 0x80) && (m_readbuf[2] == 1))
{
if(m_readbuf[3] == 0 && m_readbuf[4] == 2)
throw TLS_Exception(Alert::PROTOCOL_VERSION,
@@ -264,7 +264,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz,
copy_mem(&msg[4], &m_readbuf[2], m_readbuf_pos - 2);
m_readbuf_pos = 0;
- msg_sequence = m_seq_no++;
+ msg_sequence = m_read_seq_no++;
return 0;
}
}
@@ -305,7 +305,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz,
"Have the full record");
// Null mac means no encryption either, only valid during handshake
- if(!m_mac)
+ if(!m_read_mac)
{
if(m_readbuf[0] != CHANGE_CIPHER_SPEC &&
m_readbuf[0] != ALERT &&
@@ -319,22 +319,22 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz,
copy_mem(&msg[0], &m_readbuf[TLS_HEADER_SIZE], record_len);
m_readbuf_pos = 0;
- msg_sequence = m_seq_no++;
+ msg_sequence = m_read_seq_no++;
return 0; // got a full record
}
// Otherwise, decrypt, check MAC, return plaintext
// FIXME: avoid memory allocation by processing in place
- m_cipher.process_msg(&m_readbuf[TLS_HEADER_SIZE], record_len);
+ m_read_cipher.process_msg(&m_readbuf[TLS_HEADER_SIZE], record_len);
- const size_t got_back = m_cipher.read(&m_readbuf[TLS_HEADER_SIZE],
- record_len,
- Pipe::LAST_MESSAGE);
+ const size_t got_back = m_read_cipher.read(&m_readbuf[TLS_HEADER_SIZE],
+ record_len,
+ Pipe::LAST_MESSAGE);
BOTAN_ASSERT_EQUAL(got_back, record_len, "Cipher encrypted full amount");
- BOTAN_ASSERT_EQUAL(m_cipher.remaining(Pipe::LAST_MESSAGE), 0,
+ BOTAN_ASSERT_EQUAL(m_read_cipher.remaining(Pipe::LAST_MESSAGE), 0,
"Cipher had no remaining inputs");
/*
@@ -350,21 +350,21 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz,
if(record_len < mac_pad_iv_size)
throw Decoding_Error("Record sent with invalid length");
- m_mac->update_be(m_seq_no);
- m_mac->update(m_readbuf[0]); // msg_type
+ m_read_mac->update_be(m_read_seq_no);
+ m_read_mac->update(m_readbuf[0]); // msg_type
if(m_version != Protocol_Version::SSL_V3)
{
- m_mac->update(m_version.major_version());
- m_mac->update(m_version.minor_version());
+ m_read_mac->update(m_version.major_version());
+ m_read_mac->update(m_version.minor_version());
}
const u16bit plain_length = record_len - mac_pad_iv_size;
- m_mac->update_be(plain_length);
- m_mac->update(&m_readbuf[TLS_HEADER_SIZE + m_iv_size], plain_length);
+ m_read_mac->update_be(plain_length);
+ m_read_mac->update(&m_readbuf[TLS_HEADER_SIZE + m_iv_size], plain_length);
- m_mac->final(&m_macbuf[0]);
+ m_read_mac->final(&m_macbuf[0]);
const size_t mac_offset = record_len - (m_macbuf.size() + pad_size);
@@ -375,7 +375,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz,
throw TLS_Exception(Alert::RECORD_OVERFLOW, "Plaintext record is too large");
msg_type = m_readbuf[0];
- msg_sequence = m_seq_no++;
+ msg_sequence = m_read_seq_no++;
msg.assign(&m_readbuf[TLS_HEADER_SIZE + m_iv_size],
&m_readbuf[TLS_HEADER_SIZE + m_iv_size + plain_length]);
diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp
index 09a6803f4..19d4cca5f 100644
--- a/src/tls/rec_wri.cpp
+++ b/src/tls/rec_wri.cpp
@@ -46,16 +46,16 @@ void Record_Writer::set_maximum_fragment_size(size_t max_fragment)
void Record_Writer::reset()
{
set_maximum_fragment_size(0);
- m_cipher.reset();
+ m_write_cipher.reset();
- m_mac.reset();
+ m_write_mac.reset();
m_version = Protocol_Version();
m_block_size = 0;
m_mac_size = 0;
m_iv_size = 0;
- m_seq_no = 0;
+ m_write_seq_no = 0;
}
/*
@@ -74,8 +74,8 @@ void Record_Writer::change_cipher_spec(Connection_Side side,
const Session_Keys& keys,
byte compression_method)
{
- m_cipher.reset();
- m_mac.reset();
+ m_write_cipher.reset();
+ m_write_mac.reset();
if(compression_method != NO_COMPRESSION)
throw Internal_Error("Negotiated unknown compression algorithm");
@@ -86,7 +86,7 @@ void Record_Writer::change_cipher_spec(Connection_Side side,
the first record transmitted under a particular connection state
MUST use sequence number 0
*/
- m_seq_no = 0;
+ m_write_seq_no = 0;
SymmetricKey mac_key, cipher_key;
InitializationVector iv;
@@ -109,7 +109,7 @@ void Record_Writer::change_cipher_spec(Connection_Side side,
if(have_block_cipher(cipher_algo))
{
- m_cipher.append(get_cipher(
+ m_write_cipher.append(get_cipher(
cipher_algo + "/CBC/NoPadding",
cipher_key, iv, ENCRYPTION)
);
@@ -122,7 +122,7 @@ void Record_Writer::change_cipher_spec(Connection_Side side,
}
else if(have_stream_cipher(cipher_algo))
{
- m_cipher.append(get_cipher(cipher_algo, cipher_key, ENCRYPTION));
+ m_write_cipher.append(get_cipher(cipher_algo, cipher_key, ENCRYPTION));
m_block_size = 0;
m_iv_size = 0;
}
@@ -134,12 +134,12 @@ void Record_Writer::change_cipher_spec(Connection_Side side,
Algorithm_Factory& af = global_state().algorithm_factory();
if(m_version == Protocol_Version::SSL_V3)
- m_mac.reset(af.make_mac("SSL3-MAC(" + mac_algo + ")"));
+ m_write_mac.reset(af.make_mac("SSL3-MAC(" + mac_algo + ")"));
else
- m_mac.reset(af.make_mac("HMAC(" + mac_algo + ")"));
+ m_write_mac.reset(af.make_mac("HMAC(" + mac_algo + ")"));
- m_mac->set_key(mac_key);
- m_mac_size = m_mac->output_length();
+ m_write_mac->set_key(mac_key);
+ m_mac_size = m_write_mac->output_length();
}
else
throw Invalid_Argument("Record_Writer: Unknown hash " + mac_algo);
@@ -203,22 +203,21 @@ void Record_Writer::send_record(byte type, const byte input[], size_t length)
return;
}
- m_mac->update_be(m_seq_no);
- m_mac->update(type);
+ m_write_mac->update_be(m_write_seq_no);
+ m_write_mac->update(type);
if(m_version != Protocol_Version::SSL_V3)
{
- m_mac->update(m_version.major_version());
- m_mac->update(m_version.minor_version());
+ m_write_mac->update(m_version.major_version());
+ m_write_mac->update(m_version.minor_version());
}
- m_mac->update(get_byte<u16bit>(0, length));
- m_mac->update(get_byte<u16bit>(1, length));
- m_mac->update(input, length);
+ m_write_mac->update(get_byte<u16bit>(0, length));
+ m_write_mac->update(get_byte<u16bit>(1, length));
+ m_write_mac->update(input, length);
const size_t buf_size = round_up(m_iv_size + length +
- m_mac->output_length() +
- (m_block_size ? 1 : 0),
+ m_mac_size + (m_block_size ? 1 : 0),
m_block_size);
if(buf_size >= MAX_CIPHERTEXT_SIZE)
@@ -245,13 +244,13 @@ void Record_Writer::send_record(byte type, const byte input[], size_t length)
copy_mem(buf_write_ptr, input, length);
buf_write_ptr += length;
- m_mac->final(buf_write_ptr);
- buf_write_ptr += m_mac->output_length();
+ m_write_mac->final(buf_write_ptr);
+ buf_write_ptr += m_mac_size;
if(m_block_size)
{
const size_t pad_val =
- buf_size - (m_iv_size + length + m_mac->output_length() + 1);
+ buf_size - (m_iv_size + length + m_mac_size + 1);
for(size_t i = 0; i != pad_val + 1; ++i)
{
@@ -261,23 +260,23 @@ void Record_Writer::send_record(byte type, const byte input[], size_t length)
}
// FIXME: this could be done in-place without copying
- m_cipher.process_msg(&m_writebuf[TLS_HEADER_SIZE], buf_size);
+ m_write_cipher.process_msg(&m_writebuf[TLS_HEADER_SIZE], buf_size);
- const size_t ctext_size = m_cipher.remaining(Pipe::LAST_MESSAGE);
+ const size_t ctext_size = m_write_cipher.remaining(Pipe::LAST_MESSAGE);
BOTAN_ASSERT_EQUAL(ctext_size, buf_size, "Cipher encrypted full amount");
if(ctext_size > MAX_CIPHERTEXT_SIZE)
throw Internal_Error("Produced ciphertext larger than protocol allows");
- m_cipher.read(&m_writebuf[TLS_HEADER_SIZE], ctext_size, Pipe::LAST_MESSAGE);
+ m_write_cipher.read(&m_writebuf[TLS_HEADER_SIZE], ctext_size, Pipe::LAST_MESSAGE);
- BOTAN_ASSERT_EQUAL(m_cipher.remaining(Pipe::LAST_MESSAGE), 0,
+ BOTAN_ASSERT_EQUAL(m_write_cipher.remaining(Pipe::LAST_MESSAGE), 0,
"No data remains in pipe");
m_output_fn(&m_writebuf[0], TLS_HEADER_SIZE + buf_size);
- m_seq_no++;
+ m_write_seq_no++;
}
}
diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h
index 5dfcb7625..b1d964a9b 100644
--- a/src/tls/tls_record.h
+++ b/src/tls/tls_record.h
@@ -52,7 +52,6 @@ class BOTAN_DLL Record_Writer
RandomNumberGenerator& rng);
Record_Writer(const Record_Writer&) = delete;
-
Record_Writer& operator=(const Record_Writer&) = delete;
private:
void send_record(byte type, const byte input[], size_t length);
@@ -61,13 +60,13 @@ class BOTAN_DLL Record_Writer
std::vector<byte> m_writebuf;
- Pipe m_cipher;
- std::unique_ptr<MessageAuthenticationCode> m_mac;
+ Pipe m_write_cipher;
+ std::unique_ptr<MessageAuthenticationCode> m_write_mac;
RandomNumberGenerator& m_rng;
size_t m_block_size, m_mac_size, m_iv_size, m_max_fragment;
- u64bit m_seq_no;
+ u64bit m_write_seq_no;
Protocol_Version m_version;
};
@@ -122,10 +121,12 @@ class BOTAN_DLL Record_Reader
std::vector<byte> m_macbuf;
size_t m_readbuf_pos;
- Pipe m_cipher;
- std::unique_ptr<MessageAuthenticationCode> m_mac;
+ Pipe m_read_cipher;
+ std::unique_ptr<MessageAuthenticationCode> m_read_mac;
+
size_t m_block_size, m_iv_size, m_max_fragment;
- u64bit m_seq_no;
+
+ u64bit m_read_seq_no;
Protocol_Version m_version;
};