aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp2
-rw-r--r--src/tls/tls_session.cpp90
2 files changed, 54 insertions, 38 deletions
diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp
index 04201efe3..4d78a5365 100644
--- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp
+++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp
@@ -211,7 +211,7 @@ Session_Manager_SQLite::Session_Manager_SQLite(const std::string& passphrase,
// new database case
MemoryVector<byte> salt = rng.random_vec(16);
- const size_t iterations = 32000;
+ const size_t iterations = 64 * 1024;
size_t check_val = 0;
m_session_key = derive_key(passphrase, &salt[0], salt.size(),
diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp
index c01590000..2a532196d 100644
--- a/src/tls/tls_session.cpp
+++ b/src/tls/tls_session.cpp
@@ -133,7 +133,16 @@ std::string Session::PEM_encode() const
namespace {
-const u64bit ENCRYPTED_SESSION_MAGIC = 0xACE4480800000000;
+const u32bit SESSION_CRYPTO_MAGIC = 0x571B0E4E;
+const std::string SESSION_CRYPTO_CIPHER = "AES-256/CBC";
+const std::string SESSION_CRYPTO_MAC = "HMAC(SHA-256)";
+const std::string SESSION_CRYPTO_KDF = "KDF2(SHA-256)";
+
+const size_t MAGIC_LENGTH = 4;
+const size_t MAC_KEY_LENGTH = 32;
+const size_t CIPHER_KEY_LENGTH = 32;
+const size_t CIPHER_IV_LENGTH = 16;
+const size_t MAC_OUTPUT_LENGTH = 32;
}
@@ -141,26 +150,30 @@ MemoryVector<byte>
Session::encrypt(const SymmetricKey& master_key,
RandomNumberGenerator& rng) const
{
- std::auto_ptr<KDF> kdf(get_kdf("KDF2(SHA-256)"));
+ std::auto_ptr<KDF> kdf(get_kdf(SESSION_CRYPTO_KDF));
- SymmetricKey aes_key = kdf->derive_key(32, master_key.bits_of(),
- "tls.session.cipher-key");
+ SymmetricKey cipher_key =
+ kdf->derive_key(CIPHER_KEY_LENGTH,
+ master_key.bits_of(),
+ "tls.session.cipher-key");
- SymmetricKey hmac_key = kdf->derive_key(32, master_key.bits_of(),
- "tls.session.mac-key");
+ SymmetricKey mac_key =
+ kdf->derive_key(MAC_KEY_LENGTH,
+ master_key.bits_of(),
+ "tls.session.mac-key");
- InitializationVector aes_iv(rng, 16);
+ InitializationVector cipher_iv(rng, 16);
- std::auto_ptr<MessageAuthenticationCode> mac(get_mac("HMAC(SHA-256)"));
- mac->set_key(hmac_key);
+ std::auto_ptr<MessageAuthenticationCode> mac(get_mac(SESSION_CRYPTO_MAC));
+ mac->set_key(mac_key);
- Pipe pipe(get_cipher("AES-256/CBC", aes_key, aes_iv, ENCRYPTION));
+ Pipe pipe(get_cipher(SESSION_CRYPTO_CIPHER, cipher_key, cipher_iv, ENCRYPTION));
pipe.process_msg(this->DER_encode());
MemoryVector<byte> ctext = pipe.read_all(0);
- MemoryVector<byte> out(8);
- store_be(ENCRYPTED_SESSION_MAGIC, &out[0]);
- out += aes_iv.bits_of();
+ MemoryVector<byte> out(MAGIC_LENGTH);
+ store_be(SESSION_CRYPTO_MAGIC, &out[0]);
+ out += cipher_iv.bits_of();
out += ctext;
mac->update(out);
@@ -174,42 +187,45 @@ Session Session::decrypt(const byte buf[], size_t buf_len,
{
try
{
- /*
- 8 bytes header
- 16 bytes IV
- 32 bytes MAC
- 16 bytes per AES block * 4 blocks (absolute min amount due to
- 48 bytes master secret)
- */
- if(buf_len < (8 + 16 + 32 + 4*16))
+ const size_t MIN_CTEXT_SIZE = 4 * 16; // due to 48 byte master secret
+
+ if(buf_len < (MAGIC_LENGTH +
+ CIPHER_IV_LENGTH +
+ MIN_CTEXT_SIZE +
+ MAC_OUTPUT_LENGTH))
throw Decoding_Error("Encrypted TLS session too short to be valid");
- std::auto_ptr<KDF> kdf(get_kdf("KDF2(SHA-256)"));
+ if(load_be<u32bit>(buf, 0) != SESSION_CRYPTO_MAGIC)
+ throw Decoding_Error("Unknown header value in encrypted session");
+
+ std::auto_ptr<KDF> kdf(get_kdf(SESSION_CRYPTO_KDF));
- SymmetricKey hmac_key = kdf->derive_key(32, master_key.bits_of(),
- "tls.session.mac-key");
+ SymmetricKey mac_key =
+ kdf->derive_key(MAC_KEY_LENGTH,
+ master_key.bits_of(),
+ "tls.session.mac-key");
- std::auto_ptr<MessageAuthenticationCode> mac(get_mac("HMAC(SHA-256)"));
- mac->set_key(hmac_key);
+ std::auto_ptr<MessageAuthenticationCode> mac(get_mac(SESSION_CRYPTO_MAC));
+ mac->set_key(mac_key);
- mac->update(&buf[0], buf_len - 32);
+ mac->update(&buf[0], buf_len - MAC_OUTPUT_LENGTH);
MemoryVector<byte> computed_mac = mac->final();
- if(!same_mem(&buf[buf_len - 32], &computed_mac[0], computed_mac.size()))
+ if(!same_mem(&buf[buf_len - MAC_OUTPUT_LENGTH], &computed_mac[0], computed_mac.size()))
throw Decoding_Error("MAC verification failed for encrypted session");
- const u64bit header = load_be<u64bit>(buf, 0);
-
- if(header != ENCRYPTED_SESSION_MAGIC)
- throw Decoding_Error("Unknown header value in encrypted session");
+ SymmetricKey cipher_key =
+ kdf->derive_key(CIPHER_KEY_LENGTH,
+ master_key.bits_of(),
+ "tls.session.cipher-key");
- SymmetricKey aes_key = kdf->derive_key(32, master_key.bits_of(),
- "tls.session.cipher-key");
+ InitializationVector cipher_iv(&buf[MAGIC_LENGTH], CIPHER_IV_LENGTH);
- InitializationVector aes_iv(&buf[8], 16);
+ const size_t CTEXT_OFFSET = MAGIC_LENGTH + CIPHER_IV_LENGTH;
- Pipe pipe(get_cipher("AES-256/CBC", aes_key, aes_iv, DECRYPTION));
- pipe.process_msg(&buf[8+16], buf_len - (32 + 8 + 16));
+ Pipe pipe(get_cipher(SESSION_CRYPTO_CIPHER, cipher_key, cipher_iv, DECRYPTION));
+ pipe.process_msg(&buf[CTEXT_OFFSET],
+ buf_len - (MAC_OUTPUT_LENGTH + CTEXT_OFFSET));
SecureVector<byte> ber = pipe.read_all();
return Session(&ber[0], ber.size());