diff options
author | lloyd <[email protected]> | 2012-09-04 21:36:47 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-09-04 21:36:47 +0000 |
commit | c55c18691fe4f39f324a17717099ed20e15b84b5 (patch) | |
tree | 45c318a913e62594febf26dde172e8860370559a /src | |
parent | 1141af65915a10910fec5f00afc9a83cf89685c6 (diff) |
Distinguish read and write specific objects
Diffstat (limited to 'src')
-rw-r--r-- | src/tls/rec_read.cpp | 58 | ||||
-rw-r--r-- | src/tls/rec_wri.cpp | 57 | ||||
-rw-r--r-- | src/tls/tls_record.h | 15 |
3 files changed, 65 insertions, 65 deletions
diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index 96fd9fb8e..cb99955e1 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -33,14 +33,14 @@ void Record_Reader::reset() zeroise(m_readbuf); m_readbuf_pos = 0; - m_cipher.reset(); + m_read_cipher.reset(); - m_mac.reset(); + m_read_mac.reset(); m_block_size = 0; m_iv_size = 0; m_version = Protocol_Version(); - m_seq_no = 0; + m_read_seq_no = 0; set_maximum_fragment_size(0); } @@ -73,9 +73,9 @@ void Record_Reader::change_cipher_spec(Connection_Side side, const Session_Keys& keys, byte compression_method) { - m_cipher.reset(); - m_mac.reset(); - m_seq_no = 0; + m_read_cipher.reset(); + m_read_mac.reset(); + m_read_seq_no = 0; if(compression_method != NO_COMPRESSION) throw Internal_Error("Negotiated unknown compression algorithm"); @@ -101,7 +101,7 @@ void Record_Reader::change_cipher_spec(Connection_Side side, if(have_block_cipher(cipher_algo)) { - m_cipher.append(get_cipher( + m_read_cipher.append(get_cipher( cipher_algo + "/CBC/NoPadding", cipher_key, iv, DECRYPTION) ); @@ -114,7 +114,7 @@ void Record_Reader::change_cipher_spec(Connection_Side side, } else if(have_stream_cipher(cipher_algo)) { - m_cipher.append(get_cipher(cipher_algo, cipher_key, DECRYPTION)); + m_read_cipher.append(get_cipher(cipher_algo, cipher_key, DECRYPTION)); m_block_size = 0; m_iv_size = 0; } @@ -126,12 +126,12 @@ void Record_Reader::change_cipher_spec(Connection_Side side, Algorithm_Factory& af = global_state().algorithm_factory(); if(m_version == Protocol_Version::SSL_V3) - m_mac.reset(af.make_mac("SSL3-MAC(" + mac_algo + ")")); + m_read_mac.reset(af.make_mac("SSL3-MAC(" + mac_algo + ")")); else - m_mac.reset(af.make_mac("HMAC(" + mac_algo + ")")); + m_read_mac.reset(af.make_mac("HMAC(" + mac_algo + ")")); - m_mac->set_key(mac_key); - m_macbuf.resize(m_mac->output_length()); + m_read_mac->set_key(mac_key); + m_macbuf.resize(m_read_mac->output_length()); } else throw Invalid_Argument("Record_Reader: Unknown hash " + mac_algo); @@ -236,7 +236,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, } // Possible SSLv2 format client hello - if((!m_mac) && (m_readbuf[0] & 0x80) && (m_readbuf[2] == 1)) + if((!m_read_mac) && (m_readbuf[0] & 0x80) && (m_readbuf[2] == 1)) { if(m_readbuf[3] == 0 && m_readbuf[4] == 2) throw TLS_Exception(Alert::PROTOCOL_VERSION, @@ -264,7 +264,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, copy_mem(&msg[4], &m_readbuf[2], m_readbuf_pos - 2); m_readbuf_pos = 0; - msg_sequence = m_seq_no++; + msg_sequence = m_read_seq_no++; return 0; } } @@ -305,7 +305,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, "Have the full record"); // Null mac means no encryption either, only valid during handshake - if(!m_mac) + if(!m_read_mac) { if(m_readbuf[0] != CHANGE_CIPHER_SPEC && m_readbuf[0] != ALERT && @@ -319,22 +319,22 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, copy_mem(&msg[0], &m_readbuf[TLS_HEADER_SIZE], record_len); m_readbuf_pos = 0; - msg_sequence = m_seq_no++; + msg_sequence = m_read_seq_no++; return 0; // got a full record } // Otherwise, decrypt, check MAC, return plaintext // FIXME: avoid memory allocation by processing in place - m_cipher.process_msg(&m_readbuf[TLS_HEADER_SIZE], record_len); + m_read_cipher.process_msg(&m_readbuf[TLS_HEADER_SIZE], record_len); - const size_t got_back = m_cipher.read(&m_readbuf[TLS_HEADER_SIZE], - record_len, - Pipe::LAST_MESSAGE); + const size_t got_back = m_read_cipher.read(&m_readbuf[TLS_HEADER_SIZE], + record_len, + Pipe::LAST_MESSAGE); BOTAN_ASSERT_EQUAL(got_back, record_len, "Cipher encrypted full amount"); - BOTAN_ASSERT_EQUAL(m_cipher.remaining(Pipe::LAST_MESSAGE), 0, + BOTAN_ASSERT_EQUAL(m_read_cipher.remaining(Pipe::LAST_MESSAGE), 0, "Cipher had no remaining inputs"); /* @@ -350,21 +350,21 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, if(record_len < mac_pad_iv_size) throw Decoding_Error("Record sent with invalid length"); - m_mac->update_be(m_seq_no); - m_mac->update(m_readbuf[0]); // msg_type + m_read_mac->update_be(m_read_seq_no); + m_read_mac->update(m_readbuf[0]); // msg_type if(m_version != Protocol_Version::SSL_V3) { - m_mac->update(m_version.major_version()); - m_mac->update(m_version.minor_version()); + m_read_mac->update(m_version.major_version()); + m_read_mac->update(m_version.minor_version()); } const u16bit plain_length = record_len - mac_pad_iv_size; - m_mac->update_be(plain_length); - m_mac->update(&m_readbuf[TLS_HEADER_SIZE + m_iv_size], plain_length); + m_read_mac->update_be(plain_length); + m_read_mac->update(&m_readbuf[TLS_HEADER_SIZE + m_iv_size], plain_length); - m_mac->final(&m_macbuf[0]); + m_read_mac->final(&m_macbuf[0]); const size_t mac_offset = record_len - (m_macbuf.size() + pad_size); @@ -375,7 +375,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, throw TLS_Exception(Alert::RECORD_OVERFLOW, "Plaintext record is too large"); msg_type = m_readbuf[0]; - msg_sequence = m_seq_no++; + msg_sequence = m_read_seq_no++; msg.assign(&m_readbuf[TLS_HEADER_SIZE + m_iv_size], &m_readbuf[TLS_HEADER_SIZE + m_iv_size + plain_length]); diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index 09a6803f4..19d4cca5f 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -46,16 +46,16 @@ void Record_Writer::set_maximum_fragment_size(size_t max_fragment) void Record_Writer::reset() { set_maximum_fragment_size(0); - m_cipher.reset(); + m_write_cipher.reset(); - m_mac.reset(); + m_write_mac.reset(); m_version = Protocol_Version(); m_block_size = 0; m_mac_size = 0; m_iv_size = 0; - m_seq_no = 0; + m_write_seq_no = 0; } /* @@ -74,8 +74,8 @@ void Record_Writer::change_cipher_spec(Connection_Side side, const Session_Keys& keys, byte compression_method) { - m_cipher.reset(); - m_mac.reset(); + m_write_cipher.reset(); + m_write_mac.reset(); if(compression_method != NO_COMPRESSION) throw Internal_Error("Negotiated unknown compression algorithm"); @@ -86,7 +86,7 @@ void Record_Writer::change_cipher_spec(Connection_Side side, the first record transmitted under a particular connection state MUST use sequence number 0 */ - m_seq_no = 0; + m_write_seq_no = 0; SymmetricKey mac_key, cipher_key; InitializationVector iv; @@ -109,7 +109,7 @@ void Record_Writer::change_cipher_spec(Connection_Side side, if(have_block_cipher(cipher_algo)) { - m_cipher.append(get_cipher( + m_write_cipher.append(get_cipher( cipher_algo + "/CBC/NoPadding", cipher_key, iv, ENCRYPTION) ); @@ -122,7 +122,7 @@ void Record_Writer::change_cipher_spec(Connection_Side side, } else if(have_stream_cipher(cipher_algo)) { - m_cipher.append(get_cipher(cipher_algo, cipher_key, ENCRYPTION)); + m_write_cipher.append(get_cipher(cipher_algo, cipher_key, ENCRYPTION)); m_block_size = 0; m_iv_size = 0; } @@ -134,12 +134,12 @@ void Record_Writer::change_cipher_spec(Connection_Side side, Algorithm_Factory& af = global_state().algorithm_factory(); if(m_version == Protocol_Version::SSL_V3) - m_mac.reset(af.make_mac("SSL3-MAC(" + mac_algo + ")")); + m_write_mac.reset(af.make_mac("SSL3-MAC(" + mac_algo + ")")); else - m_mac.reset(af.make_mac("HMAC(" + mac_algo + ")")); + m_write_mac.reset(af.make_mac("HMAC(" + mac_algo + ")")); - m_mac->set_key(mac_key); - m_mac_size = m_mac->output_length(); + m_write_mac->set_key(mac_key); + m_mac_size = m_write_mac->output_length(); } else throw Invalid_Argument("Record_Writer: Unknown hash " + mac_algo); @@ -203,22 +203,21 @@ void Record_Writer::send_record(byte type, const byte input[], size_t length) return; } - m_mac->update_be(m_seq_no); - m_mac->update(type); + m_write_mac->update_be(m_write_seq_no); + m_write_mac->update(type); if(m_version != Protocol_Version::SSL_V3) { - m_mac->update(m_version.major_version()); - m_mac->update(m_version.minor_version()); + m_write_mac->update(m_version.major_version()); + m_write_mac->update(m_version.minor_version()); } - m_mac->update(get_byte<u16bit>(0, length)); - m_mac->update(get_byte<u16bit>(1, length)); - m_mac->update(input, length); + m_write_mac->update(get_byte<u16bit>(0, length)); + m_write_mac->update(get_byte<u16bit>(1, length)); + m_write_mac->update(input, length); const size_t buf_size = round_up(m_iv_size + length + - m_mac->output_length() + - (m_block_size ? 1 : 0), + m_mac_size + (m_block_size ? 1 : 0), m_block_size); if(buf_size >= MAX_CIPHERTEXT_SIZE) @@ -245,13 +244,13 @@ void Record_Writer::send_record(byte type, const byte input[], size_t length) copy_mem(buf_write_ptr, input, length); buf_write_ptr += length; - m_mac->final(buf_write_ptr); - buf_write_ptr += m_mac->output_length(); + m_write_mac->final(buf_write_ptr); + buf_write_ptr += m_mac_size; if(m_block_size) { const size_t pad_val = - buf_size - (m_iv_size + length + m_mac->output_length() + 1); + buf_size - (m_iv_size + length + m_mac_size + 1); for(size_t i = 0; i != pad_val + 1; ++i) { @@ -261,23 +260,23 @@ void Record_Writer::send_record(byte type, const byte input[], size_t length) } // FIXME: this could be done in-place without copying - m_cipher.process_msg(&m_writebuf[TLS_HEADER_SIZE], buf_size); + m_write_cipher.process_msg(&m_writebuf[TLS_HEADER_SIZE], buf_size); - const size_t ctext_size = m_cipher.remaining(Pipe::LAST_MESSAGE); + const size_t ctext_size = m_write_cipher.remaining(Pipe::LAST_MESSAGE); BOTAN_ASSERT_EQUAL(ctext_size, buf_size, "Cipher encrypted full amount"); if(ctext_size > MAX_CIPHERTEXT_SIZE) throw Internal_Error("Produced ciphertext larger than protocol allows"); - m_cipher.read(&m_writebuf[TLS_HEADER_SIZE], ctext_size, Pipe::LAST_MESSAGE); + m_write_cipher.read(&m_writebuf[TLS_HEADER_SIZE], ctext_size, Pipe::LAST_MESSAGE); - BOTAN_ASSERT_EQUAL(m_cipher.remaining(Pipe::LAST_MESSAGE), 0, + BOTAN_ASSERT_EQUAL(m_write_cipher.remaining(Pipe::LAST_MESSAGE), 0, "No data remains in pipe"); m_output_fn(&m_writebuf[0], TLS_HEADER_SIZE + buf_size); - m_seq_no++; + m_write_seq_no++; } } diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index 5dfcb7625..b1d964a9b 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -52,7 +52,6 @@ class BOTAN_DLL Record_Writer RandomNumberGenerator& rng); Record_Writer(const Record_Writer&) = delete; - Record_Writer& operator=(const Record_Writer&) = delete; private: void send_record(byte type, const byte input[], size_t length); @@ -61,13 +60,13 @@ class BOTAN_DLL Record_Writer std::vector<byte> m_writebuf; - Pipe m_cipher; - std::unique_ptr<MessageAuthenticationCode> m_mac; + Pipe m_write_cipher; + std::unique_ptr<MessageAuthenticationCode> m_write_mac; RandomNumberGenerator& m_rng; size_t m_block_size, m_mac_size, m_iv_size, m_max_fragment; - u64bit m_seq_no; + u64bit m_write_seq_no; Protocol_Version m_version; }; @@ -122,10 +121,12 @@ class BOTAN_DLL Record_Reader std::vector<byte> m_macbuf; size_t m_readbuf_pos; - Pipe m_cipher; - std::unique_ptr<MessageAuthenticationCode> m_mac; + Pipe m_read_cipher; + std::unique_ptr<MessageAuthenticationCode> m_read_mac; + size_t m_block_size, m_iv_size, m_max_fragment; - u64bit m_seq_no; + + u64bit m_read_seq_no; Protocol_Version m_version; }; |