aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/tls/msg_cert_req.cpp20
-rw-r--r--src/tls/msg_cert_verify.cpp30
-rw-r--r--src/tls/msg_client_kex.cpp70
-rw-r--r--src/tls/msg_finished.cpp8
-rw-r--r--src/tls/tls_messages.h28
5 files changed, 78 insertions, 78 deletions
diff --git a/src/tls/msg_cert_req.cpp b/src/tls/msg_cert_req.cpp
index 5087865d4..63d830b9e 100644
--- a/src/tls/msg_cert_req.cpp
+++ b/src/tls/msg_cert_req.cpp
@@ -58,11 +58,11 @@ Certificate_Req::Certificate_Req(Handshake_IO& io,
Protocol_Version version)
{
for(size_t i = 0; i != ca_certs.size(); ++i)
- names.push_back(ca_certs[i].subject_dn());
+ m_names.push_back(ca_certs[i].subject_dn());
- cert_key_types.push_back("RSA");
- cert_key_types.push_back("DSA");
- cert_key_types.push_back("ECDSA");
+ m_cert_key_types.push_back("RSA");
+ m_cert_key_types.push_back("DSA");
+ m_cert_key_types.push_back("ECDSA");
if(version.supports_negotiable_signature_algorithms())
{
@@ -97,7 +97,7 @@ Certificate_Req::Certificate_Req(const std::vector<byte>& buf,
if(cert_type_name == "") // something we don't know
continue;
- cert_key_types.push_back(cert_type_name);
+ m_cert_key_types.push_back(cert_type_name);
}
if(version.supports_negotiable_signature_algorithms())
@@ -127,7 +127,7 @@ Certificate_Req::Certificate_Req(const std::vector<byte>& buf,
BER_Decoder decoder(&name_bits[0], name_bits.size());
X509_DN name;
decoder.decode(name);
- names.push_back(name);
+ m_names.push_back(name);
}
}
@@ -140,8 +140,8 @@ std::vector<byte> Certificate_Req::serialize() const
std::vector<byte> cert_types;
- for(size_t i = 0; i != cert_key_types.size(); ++i)
- cert_types.push_back(cert_type_name_to_code(cert_key_types[i]));
+ for(size_t i = 0; i != m_cert_key_types.size(); ++i)
+ cert_types.push_back(cert_type_name_to_code(m_cert_key_types[i]));
append_tls_length_value(buf, cert_types, 1);
@@ -150,10 +150,10 @@ std::vector<byte> Certificate_Req::serialize() const
std::vector<byte> encoded_names;
- for(size_t i = 0; i != names.size(); ++i)
+ for(size_t i = 0; i != m_names.size(); ++i)
{
DER_Encoder encoder;
- encoder.encode(names[i]);
+ encoder.encode(m_names[i]);
append_tls_length_value(encoded_names, encoder.get_contents(), 2);
}
diff --git a/src/tls/msg_cert_verify.cpp b/src/tls/msg_cert_verify.cpp
index 7a58ea28a..a6ec298c9 100644
--- a/src/tls/msg_cert_verify.cpp
+++ b/src/tls/msg_cert_verify.cpp
@@ -28,7 +28,7 @@ Certificate_Verify::Certificate_Verify(Handshake_IO& io,
BOTAN_ASSERT_NONNULL(priv_key);
std::pair<std::string, Signature_Format> format =
- state->choose_sig_format(priv_key, hash_algo, sig_algo, true, policy);
+ state->choose_sig_format(priv_key, m_hash_algo, m_sig_algo, true, policy);
PK_Signer signer(*priv_key, format.first, format.second);
@@ -38,13 +38,13 @@ Certificate_Verify::Certificate_Verify(Handshake_IO& io,
state->keys.master_secret());
if(priv_key->algo_name() == "DSA")
- signature = signer.sign_message(&md5_sha[16], md5_sha.size()-16, rng);
+ m_signature = signer.sign_message(&md5_sha[16], md5_sha.size()-16, rng);
else
- signature = signer.sign_message(md5_sha, rng);
+ m_signature = signer.sign_message(md5_sha, rng);
}
else
{
- signature = signer.sign_message(state->hash.get_contents(), rng);
+ m_signature = signer.sign_message(state->hash.get_contents(), rng);
}
state->hash.update(io.send(*this));
@@ -60,11 +60,11 @@ Certificate_Verify::Certificate_Verify(const std::vector<byte>& buf,
if(version.supports_negotiable_signature_algorithms())
{
- hash_algo = Signature_Algorithms::hash_algo_name(reader.get_byte());
- sig_algo = Signature_Algorithms::sig_algo_name(reader.get_byte());
+ m_hash_algo = Signature_Algorithms::hash_algo_name(reader.get_byte());
+ m_sig_algo = Signature_Algorithms::sig_algo_name(reader.get_byte());
}
- signature = reader.get_range<byte>(2, 0, 65535);
+ m_signature = reader.get_range<byte>(2, 0, 65535);
}
/*
@@ -74,16 +74,16 @@ std::vector<byte> Certificate_Verify::serialize() const
{
std::vector<byte> buf;
- if(hash_algo != "" && sig_algo != "")
+ if(m_hash_algo != "" && m_sig_algo != "")
{
- buf.push_back(Signature_Algorithms::hash_algo_code(hash_algo));
- buf.push_back(Signature_Algorithms::sig_algo_code(sig_algo));
+ buf.push_back(Signature_Algorithms::hash_algo_code(m_hash_algo));
+ buf.push_back(Signature_Algorithms::sig_algo_code(m_sig_algo));
}
- const u16bit sig_len = signature.size();
+ const u16bit sig_len = m_signature.size();
buf.push_back(get_byte(0, sig_len));
buf.push_back(get_byte(1, sig_len));
- buf += signature;
+ buf += m_signature;
return buf;
}
@@ -97,7 +97,7 @@ bool Certificate_Verify::verify(const X509_Certificate& cert,
std::unique_ptr<Public_Key> key(cert.subject_public_key());
std::pair<std::string, Signature_Format> format =
- state->understand_sig_format(key.get(), hash_algo, sig_algo, true);
+ state->understand_sig_format(key.get(), m_hash_algo, m_sig_algo, true);
PK_Verifier verifier(*key, format.first, format.second);
@@ -107,10 +107,10 @@ bool Certificate_Verify::verify(const X509_Certificate& cert,
state->keys.master_secret());
return verifier.verify_message(&md5_sha[16], md5_sha.size()-16,
- &signature[0], signature.size());
+ &m_signature[0], m_signature.size());
}
- return verifier.verify_message(state->hash.get_contents(), signature);
+ return verifier.verify_message(state->hash.get_contents(), m_signature);
}
}
diff --git a/src/tls/msg_client_kex.cpp b/src/tls/msg_client_kex.cpp
index 1bf41cff2..176187d08 100644
--- a/src/tls/msg_client_kex.cpp
+++ b/src/tls/msg_client_kex.cpp
@@ -73,14 +73,14 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
hostname,
identity_hint);
- append_tls_length_value(key_material, psk_identity, 2);
+ append_tls_length_value(m_key_material, psk_identity, 2);
SymmetricKey psk = creds.psk("tls-client", hostname, psk_identity);
std::vector<byte> zeros(psk.length());
- append_tls_length_value(pre_master, zeros, 2);
- append_tls_length_value(pre_master, psk.bits_of(), 2);
+ append_tls_length_value(m_pre_master, zeros, 2);
+ append_tls_length_value(m_pre_master, psk.bits_of(), 2);
}
else if(state->server_kex)
{
@@ -98,7 +98,7 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
hostname,
identity_hint);
- append_tls_length_value(key_material, psk_identity, 2);
+ append_tls_length_value(m_key_material, psk_identity, 2);
psk = creds.psk("tls-client", hostname, psk_identity);
}
@@ -144,14 +144,14 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
ka.derive_key(0, counterparty_key.public_value()).bits_of());
if(kex_algo == "DH")
- pre_master = dh_secret;
+ m_pre_master = dh_secret;
else
{
- append_tls_length_value(pre_master, dh_secret, 2);
- append_tls_length_value(pre_master, psk.bits_of(), 2);
+ append_tls_length_value(m_pre_master, dh_secret, 2);
+ append_tls_length_value(m_pre_master, psk.bits_of(), 2);
}
- append_tls_length_value(key_material, priv_key.public_value(), 2);
+ append_tls_length_value(m_key_material, priv_key.public_value(), 2);
}
else if(kex_algo == "ECDH" || kex_algo == "ECDHE_PSK")
{
@@ -180,14 +180,14 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
secure_vector<byte> ecdh_secret = ka.derive_key(0, counterparty_key.public_value()).bits_of();
if(kex_algo == "ECDH")
- pre_master = ecdh_secret;
+ m_pre_master = ecdh_secret;
else
{
- append_tls_length_value(pre_master, ecdh_secret, 2);
- append_tls_length_value(pre_master, psk.bits_of(), 2);
+ append_tls_length_value(m_pre_master, ecdh_secret, 2);
+ append_tls_length_value(m_pre_master, psk.bits_of(), 2);
}
- append_tls_length_value(key_material, priv_key.public_value(), 1);
+ append_tls_length_value(m_key_material, priv_key.public_value(), 1);
}
else if(kex_algo == "SRP_SHA")
{
@@ -213,8 +213,8 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
B,
rng);
- append_tls_length_value(key_material, BigInt::encode(srp_vals.first), 2);
- pre_master = srp_vals.second.bits_of();
+ append_tls_length_value(m_key_material, BigInt::encode(srp_vals.first), 2);
+ m_pre_master = srp_vals.second.bits_of();
}
else
{
@@ -240,18 +240,18 @@ Client_Key_Exchange::Client_Key_Exchange(Handshake_IO& io,
{
const Protocol_Version offered_version = state->client_hello->version();
- pre_master = rng.random_vec(48);
- pre_master[0] = offered_version.major_version();
- pre_master[1] = offered_version.minor_version();
+ m_pre_master = rng.random_vec(48);
+ m_pre_master[0] = offered_version.major_version();
+ m_pre_master[1] = offered_version.minor_version();
PK_Encryptor_EME encryptor(*rsa_pub, "PKCS1v15");
- std::vector<byte> encrypted_key = encryptor.encrypt(pre_master, rng);
+ std::vector<byte> encrypted_key = encryptor.encrypt(m_pre_master, rng);
if(state->version() == Protocol_Version::SSL_V3)
- key_material = encrypted_key; // no length field
+ m_key_material = encrypted_key; // no length field
else
- append_tls_length_value(key_material, encrypted_key, 2);
+ append_tls_length_value(m_key_material, encrypted_key, 2);
}
else
throw TLS_Exception(Alert::HANDSHAKE_FAILURE,
@@ -294,17 +294,17 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents,
{
if(state->version() == Protocol_Version::SSL_V3)
{
- pre_master = decryptor.decrypt(contents);
+ m_pre_master = decryptor.decrypt(contents);
}
else
{
TLS_Data_Reader reader(contents);
- pre_master = decryptor.decrypt(reader.get_range<byte>(2, 0, 65535));
+ m_pre_master = decryptor.decrypt(reader.get_range<byte>(2, 0, 65535));
}
- if(pre_master.size() != 48 ||
- client_version.major_version() != pre_master[0] ||
- client_version.minor_version() != pre_master[1])
+ if(m_pre_master.size() != 48 ||
+ client_version.major_version() != m_pre_master[0] ||
+ client_version.minor_version() != m_pre_master[1])
{
throw Decoding_Error("Client_Key_Exchange: Secret corrupted");
}
@@ -312,9 +312,9 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents,
catch(...)
{
// Randomize to hide timing channel
- pre_master = rng.random_vec(48);
- pre_master[0] = client_version.major_version();
- pre_master[1] = client_version.minor_version();
+ m_pre_master = rng.random_vec(48);
+ m_pre_master[0] = client_version.major_version();
+ m_pre_master[1] = client_version.minor_version();
}
}
else
@@ -344,14 +344,14 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents,
if(kex_algo == "PSK")
{
std::vector<byte> zeros(psk.length());
- append_tls_length_value(pre_master, zeros, 2);
- append_tls_length_value(pre_master, psk.bits_of(), 2);
+ append_tls_length_value(m_pre_master, zeros, 2);
+ append_tls_length_value(m_pre_master, psk.bits_of(), 2);
}
else if(kex_algo == "SRP_SHA")
{
SRP6_Server_Session& srp = state->server_kex->server_srp_params();
- pre_master = srp.step2(BigInt::decode(reader.get_range<byte>(2, 0, 65535))).bits_of();
+ m_pre_master = srp.step2(BigInt::decode(reader.get_range<byte>(2, 0, 65535))).bits_of();
}
else if(kex_algo == "DH" || kex_algo == "DHE_PSK" ||
kex_algo == "ECDH" || kex_algo == "ECDHE_PSK")
@@ -383,11 +383,11 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents,
if(kex_algo == "DHE_PSK" || kex_algo == "ECDHE_PSK")
{
- append_tls_length_value(pre_master, shared_secret, 2);
- append_tls_length_value(pre_master, psk.bits_of(), 2);
+ append_tls_length_value(m_pre_master, shared_secret, 2);
+ append_tls_length_value(m_pre_master, psk.bits_of(), 2);
}
else
- pre_master = shared_secret;
+ m_pre_master = shared_secret;
}
catch(std::exception &e)
{
@@ -397,7 +397,7 @@ Client_Key_Exchange::Client_Key_Exchange(const std::vector<byte>& contents,
* on, allowing the protocol to fail later in the finished
* checks.
*/
- pre_master = rng.random_vec(ka_key->public_value().size());
+ m_pre_master = rng.random_vec(ka_key->public_value().size());
}
}
else
diff --git a/src/tls/msg_finished.cpp b/src/tls/msg_finished.cpp
index 9205331de..4f4f384c5 100644
--- a/src/tls/msg_finished.cpp
+++ b/src/tls/msg_finished.cpp
@@ -70,7 +70,7 @@ Finished::Finished(Handshake_IO& io,
Handshake_State* state,
Connection_Side side)
{
- verification_data = finished_compute_verify(state, side);
+ m_verification_data = finished_compute_verify(state, side);
state->hash.update(io.send(*this));
}
@@ -79,7 +79,7 @@ Finished::Finished(Handshake_IO& io,
*/
std::vector<byte> Finished::serialize() const
{
- return verification_data;
+ return m_verification_data;
}
/*
@@ -87,7 +87,7 @@ std::vector<byte> Finished::serialize() const
*/
Finished::Finished(const std::vector<byte>& buf)
{
- verification_data = buf;
+ m_verification_data = buf;
}
/*
@@ -96,7 +96,7 @@ Finished::Finished(const std::vector<byte>& buf)
bool Finished::verify(Handshake_State* state,
Connection_Side side)
{
- return (verification_data == finished_compute_verify(state, side));
+ return (m_verification_data == finished_compute_verify(state, side));
}
}
diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h
index de56a1cd2..2834a916e 100644
--- a/src/tls/tls_messages.h
+++ b/src/tls/tls_messages.h
@@ -245,7 +245,7 @@ class Client_Key_Exchange : public Handshake_Message
Handshake_Type type() const { return CLIENT_KEX; }
const secure_vector<byte>& pre_master_secret() const
- { return pre_master; }
+ { return m_pre_master; }
Client_Key_Exchange(Handshake_IO& io,
Handshake_State* state,
@@ -262,10 +262,10 @@ class Client_Key_Exchange : public Handshake_Message
RandomNumberGenerator& rng);
private:
- std::vector<byte> serialize() const { return key_material; }
+ std::vector<byte> serialize() const { return m_key_material; }
- std::vector<byte> key_material;
- secure_vector<byte> pre_master;
+ std::vector<byte> m_key_material;
+ secure_vector<byte> m_pre_master;
};
/**
@@ -300,9 +300,9 @@ class Certificate_Req : public Handshake_Message
Handshake_Type type() const { return CERTIFICATE_REQUEST; }
const std::vector<std::string>& acceptable_cert_types() const
- { return cert_key_types; }
+ { return m_cert_key_types; }
- std::vector<X509_DN> acceptable_CAs() const { return names; }
+ std::vector<X509_DN> acceptable_CAs() const { return m_names; }
std::vector<std::pair<std::string, std::string> > supported_algos() const
{ return m_supported_algos; }
@@ -318,8 +318,8 @@ class Certificate_Req : public Handshake_Message
private:
std::vector<byte> serialize() const;
- std::vector<X509_DN> names;
- std::vector<std::string> cert_key_types;
+ std::vector<X509_DN> m_names;
+ std::vector<std::string> m_cert_key_types;
std::vector<std::pair<std::string, std::string> > m_supported_algos;
};
@@ -351,9 +351,9 @@ class Certificate_Verify : public Handshake_Message
private:
std::vector<byte> serialize() const;
- std::string sig_algo; // sig algo used to create signature
- std::string hash_algo; // hash used to create signature
- std::vector<byte> signature;
+ std::string m_sig_algo; // sig algo used to create signature
+ std::string m_hash_algo; // hash used to create signature
+ std::vector<byte> m_signature;
};
/**
@@ -365,7 +365,7 @@ class Finished : public Handshake_Message
Handshake_Type type() const { return FINISHED; }
std::vector<byte> verify_data() const
- { return verification_data; }
+ { return m_verification_data; }
bool verify(Handshake_State* state,
Connection_Side side);
@@ -378,8 +378,8 @@ class Finished : public Handshake_Message
private:
std::vector<byte> serialize() const;
- Connection_Side side;
- std::vector<byte> verification_data;
+ Connection_Side m_side;
+ std::vector<byte> m_verification_data;
};
/**
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 03:37:03 +0000