diff options
-rw-r--r-- | src/lib/tls/tls_ciphersuite.cpp | 24 | ||||
-rw-r--r-- | src/lib/tls/tls_ciphersuite.h | 2 | ||||
-rw-r--r-- | src/lib/tls/tls_record.cpp | 12 | ||||
-rw-r--r-- | src/lib/tls/tls_record.h | 6 |
4 files changed, 34 insertions, 10 deletions
diff --git a/src/lib/tls/tls_ciphersuite.cpp b/src/lib/tls/tls_ciphersuite.cpp index 88837387e..cf284e565 100644 --- a/src/lib/tls/tls_ciphersuite.cpp +++ b/src/lib/tls/tls_ciphersuite.cpp @@ -37,6 +37,30 @@ size_t Ciphersuite::nonce_bytes_from_handshake() const throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value"); } +size_t Ciphersuite::nonce_bytes_from_record(Protocol_Version version) const + { + switch(m_nonce_format) + { + case Nonce_Format::CBC_MODE: + { + if(version.supports_explicit_cbc_ivs()) + { + return cipher_algo() == "3DES" ? 8 : 16; + } + else + { + return 0; + } + } + case Nonce_Format::AEAD_IMPLICIT_4: + return 8; + case Nonce_Format::AEAD_XOR_12: + return 0; + } + + throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value"); + } + bool Ciphersuite::is_scsv(uint16_t suite) { // TODO: derive from IANA file in script diff --git a/src/lib/tls/tls_ciphersuite.h b/src/lib/tls/tls_ciphersuite.h index 7ef7623bb..1d23a6c4a 100644 --- a/src/lib/tls/tls_ciphersuite.h +++ b/src/lib/tls/tls_ciphersuite.h @@ -114,6 +114,8 @@ class BOTAN_PUBLIC_API(2,0) Ciphersuite final size_t nonce_bytes_from_handshake() const; + size_t nonce_bytes_from_record(Protocol_Version version) const; + Nonce_Format nonce_format() const { return m_nonce_format; } size_t mac_keylen() const { return m_mac_keylen; } diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index 730751855..ccad351d2 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -50,8 +50,11 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, } m_nonce = unlock(iv.bits_of()); - m_nonce_bytes_from_handshake = m_nonce.size(); m_nonce_format = suite.nonce_format(); + m_nonce_bytes_from_record = suite.nonce_bytes_from_record(version); + m_nonce_bytes_from_handshake = suite.nonce_bytes_from_handshake(); + + BOTAN_ASSERT_NOMSG(m_nonce.size() == m_nonce_bytes_from_handshake); if(nonce_format() == Nonce_Format::CBC_MODE) { @@ -83,11 +86,7 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, m_aead->set_key(cipher_key + mac_key); - m_nonce_bytes_from_record = 0; - - if(version.supports_explicit_cbc_ivs()) - m_nonce_bytes_from_record = m_nonce_bytes_from_handshake; - else if(our_side == false) + if(our_side == false) m_aead->start(iv.bits_of()); #else throw Internal_Error("Negotiated disabled TLS CBC+HMAC ciphersuite"); @@ -101,7 +100,6 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, if(nonce_format() == Nonce_Format::AEAD_IMPLICIT_4) { - m_nonce_bytes_from_record = 8; m_nonce.resize(m_nonce.size() + 8); } else if(nonce_format() != Nonce_Format::AEAD_XOR_12) diff --git a/src/lib/tls/tls_record.h b/src/lib/tls/tls_record.h index 7ccd78b86..7cf577217 100644 --- a/src/lib/tls/tls_record.h +++ b/src/lib/tls/tls_record.h @@ -68,9 +68,9 @@ class Connection_Cipher_State final std::unique_ptr<AEAD_Mode> m_aead; std::vector<uint8_t> m_nonce; - Nonce_Format m_nonce_format = Nonce_Format::CBC_MODE; - size_t m_nonce_bytes_from_handshake = 0; - size_t m_nonce_bytes_from_record = 0; + Nonce_Format m_nonce_format; + size_t m_nonce_bytes_from_handshake; + size_t m_nonce_bytes_from_record; }; class Record final |