diff options
-rw-r--r-- | src/ssl/c_kex.cpp | 13 | ||||
-rw-r--r-- | src/ssl/cert_req.cpp | 12 | ||||
-rw-r--r-- | src/ssl/hello.cpp | 22 | ||||
-rw-r--r-- | src/ssl/info.txt | 2 | ||||
-rw-r--r-- | src/ssl/s_kex.cpp | 15 | ||||
-rw-r--r-- | src/ssl/tls_reader.h | 43 |
6 files changed, 60 insertions, 47 deletions
diff --git a/src/ssl/c_kex.cpp b/src/ssl/c_kex.cpp index 3ce4a2f06..0f20b819c 100644 --- a/src/ssl/c_kex.cpp +++ b/src/ssl/c_kex.cpp @@ -77,17 +77,14 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents, */ SecureVector<byte> Client_Key_Exchange::serialize() const { - SecureVector<byte> buf; - if(include_length) { - u16bit key_size = key_material.size(); - buf.push_back(get_byte(0, key_size)); - buf.push_back(get_byte(1, key_size)); + SecureVector<byte> buf; + append_tls_length_value(buf, key_material, 2); + return buf; } - buf += key_material; - - return buf; + else + return key_material; } /** diff --git a/src/ssl/cert_req.cpp b/src/ssl/cert_req.cpp index f30bc2fd7..e72ffe735 100644 --- a/src/ssl/cert_req.cpp +++ b/src/ssl/cert_req.cpp @@ -6,6 +6,7 @@ */ #include <botan/internal/tls_messages.h> +#include <botan/internal/tls_reader.h> #include <botan/der_enc.h> #include <botan/ber_dec.h> #include <botan/loadstor.h> @@ -37,20 +38,13 @@ SecureVector<byte> Certificate_Req::serialize() const { SecureVector<byte> buf; - buf.push_back(types.size()); - for(u32bit i = 0; i != types.size(); i++) - buf.push_back(types[i]); + append_tls_length_value(buf, types, 1); DER_Encoder encoder; for(u32bit i = 0; i != names.size(); i++) encoder.encode(names[i]); - SecureVector<byte> der_names = encoder.get_contents(); - u16bit names_size = der_names.size(); - - buf.push_back(get_byte(0, names_size)); - buf.push_back(get_byte(1, names_size)); - buf += der_names; + append_tls_length_value(buf, encoder.get_contents(), 2); return buf; } diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp index b0f18d28f..5228807b4 100644 --- a/src/ssl/hello.cpp +++ b/src/ssl/hello.cpp @@ -86,22 +86,9 @@ SecureVector<byte> Client_Hello::serialize() const buf.push_back(static_cast<byte>(c_version )); buf += c_random; - buf.push_back(static_cast<byte>(sess_id.size())); - buf += sess_id; - - u16bit suites_size = 2*suites.size(); - - buf.push_back(get_byte(0, suites_size)); - buf.push_back(get_byte(1, suites_size)); - for(u32bit i = 0; i != suites.size(); i++) - { - buf.push_back(get_byte(0, suites[i])); - buf.push_back(get_byte(1, suites[i])); - } - - buf.push_back(static_cast<byte>(comp_algos.size())); - for(u32bit i = 0; i != comp_algos.size(); i++) - buf.push_back(comp_algos[i]); + append_tls_length_value(buf, sess_id, 1); + append_tls_length_value(buf, suites, 2); + append_tls_length_value(buf, comp_algos, 1); return buf; } @@ -265,8 +252,7 @@ SecureVector<byte> Server_Hello::serialize() const buf.push_back(static_cast<byte>(s_version )); buf += s_random; - buf.push_back(static_cast<byte>(sess_id.size())); - buf += sess_id; + append_tls_length_value(buf, sess_id, 1); buf.push_back(get_byte(0, suite)); buf.push_back(get_byte(1, suite)); diff --git a/src/ssl/info.txt b/src/ssl/info.txt index 8460e68e4..161b51569 100644 --- a/src/ssl/info.txt +++ b/src/ssl/info.txt @@ -52,7 +52,7 @@ md5 rng rsa sha1 -ssl3_mac +ssl3mac ssl_prf tls_prf x509 diff --git a/src/ssl/s_kex.cpp b/src/ssl/s_kex.cpp index b04cad3ea..f9a595fe9 100644 --- a/src/ssl/s_kex.cpp +++ b/src/ssl/s_kex.cpp @@ -6,6 +6,7 @@ */ #include <botan/internal/tls_messages.h> +#include <botan/internal/tls_reader.h> #include <botan/pubkey.h> #include <botan/dh.h> #include <botan/rsa.h> @@ -74,10 +75,7 @@ Server_Key_Exchange::Server_Key_Exchange(RandomNumberGenerator& rng, SecureVector<byte> Server_Key_Exchange::serialize() const { SecureVector<byte> buf = serialize_params(); - u16bit sig_len = signature.size(); - buf.push_back(get_byte(0, sig_len)); - buf.push_back(get_byte(1, sig_len)); - buf += signature; + append_tls_length_value(buf, signature, 2); return buf; } @@ -87,15 +85,10 @@ SecureVector<byte> Server_Key_Exchange::serialize() const SecureVector<byte> Server_Key_Exchange::serialize_params() const { SecureVector<byte> buf; + for(u32bit j = 0; j != params.size(); j++) - { - SecureVector<byte> param = BigInt::encode(params[j]); - u16bit param_size = param.size(); + append_tls_length_value(buf, BigInt::encode(params[j]), 2); - buf.push_back(get_byte(0, param_size)); - buf.push_back(get_byte(1, param_size)); - buf += param; - } return buf; } diff --git a/src/ssl/tls_reader.h b/src/ssl/tls_reader.h index 641d1ecdb..733e9bdc9 100644 --- a/src/ssl/tls_reader.h +++ b/src/ssl/tls_reader.h @@ -138,6 +138,49 @@ class TLS_Data_Reader u32bit offset; }; +/** +* Helper function for encoding length-tagged vectors +*/ +template<typename T> +void append_tls_length_value(MemoryRegion<byte>& buf, + const T* vals, + u32bit vals_size, + u32bit tag_size) + { + const u32bit T_size = sizeof(T); + const u32bit val_bytes = T_size * vals_size; + + if(tag_size != 1 && tag_size != 2) + throw std::invalid_argument("append_tls_length_value: invalid tag size"); + + if((tag_size == 1 && val_bytes > 255) || + (tag_size == 2 && val_bytes > 65535)) + throw std::invalid_argument("append_tls_length_value: value too large"); + + for(u32bit i = 0; i != tag_size; ++i) + buf.push_back(get_byte(4-tag_size+i, val_bytes)); + + for(u32bit i = 0; i != vals_size; ++i) + for(u32bit j = 0; j != T_size; ++j) + buf.push_back(get_byte(j, vals[i])); + } + +template<typename T> +void append_tls_length_value(MemoryRegion<byte>& buf, + const MemoryRegion<T>& vals, + u32bit tag_size) + { + append_tls_length_value(buf, &vals[0], vals.size(), tag_size); + } + +template<typename T> +void append_tls_length_value(MemoryRegion<byte>& buf, + const std::vector<T>& vals, + u32bit tag_size) + { + append_tls_length_value(buf, &vals[0], vals.size(), tag_size); + } + } #endif |