aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/tls/tls_cbc/tls_cbc.cpp4
-rw-r--r--src/lib/tls/tls_record.cpp48
-rw-r--r--src/lib/tls/tls_session_key.cpp46
-rw-r--r--src/lib/tls/tls_session_key.h32
4 files changed, 56 insertions, 74 deletions
diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp
index e14f2ab86..b23718d89 100644
--- a/src/lib/tls/tls_cbc/tls_cbc.cpp
+++ b/src/lib/tls/tls_cbc/tls_cbc.cpp
@@ -94,8 +94,8 @@ void TLS_CBC_HMAC_AEAD_Mode::key_schedule(const uint8_t key[], size_t keylen)
if(keylen != m_cipher_keylen + m_mac_keylen)
throw Invalid_Key_Length(name(), keylen);
- cbc().set_key(&key[0], m_cipher_keylen);
- mac().set_key(&key[m_cipher_keylen], m_mac_keylen);
+ mac().set_key(&key[0], m_mac_keylen);
+ cbc().set_key(&key[m_mac_keylen], m_cipher_keylen);
}
void TLS_CBC_HMAC_AEAD_Mode::start_msg(const uint8_t nonce[], size_t nonce_len)
diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp
index ccad351d2..43f89de96 100644
--- a/src/lib/tls/tls_record.cpp
+++ b/src/lib/tls/tls_record.cpp
@@ -1,6 +1,6 @@
/*
* TLS Record Handling
-* (C) 2012,2013,2014,2015,2016 Jack Lloyd
+* (C) 2012,2013,2014,2015,2016,2019 Jack Lloyd
* 2016 Juraj Somorovsky
* 2016 Matthias Gierlings
*
@@ -33,27 +33,23 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version,
bool uses_encrypt_then_mac) :
m_start_time(std::chrono::system_clock::now())
{
- SymmetricKey mac_key, cipher_key;
- InitializationVector iv;
+ m_nonce_format = suite.nonce_format();
+ m_nonce_bytes_from_record = suite.nonce_bytes_from_record(version);
+ m_nonce_bytes_from_handshake = suite.nonce_bytes_from_handshake();
+
+ secure_vector<uint8_t> aead_key;
if(side == CLIENT)
{
- cipher_key = keys.client_cipher_key();
- iv = keys.client_iv();
- mac_key = keys.client_mac_key();
+ aead_key = keys.client_aead_key();
+ m_nonce = keys.client_nonce();
}
else
{
- cipher_key = keys.server_cipher_key();
- iv = keys.server_iv();
- mac_key = keys.server_mac_key();
+ aead_key = keys.server_aead_key();
+ m_nonce = keys.server_nonce();
}
- m_nonce = unlock(iv.bits_of());
- m_nonce_format = suite.nonce_format();
- m_nonce_bytes_from_record = suite.nonce_bytes_from_record(version);
- m_nonce_bytes_from_handshake = suite.nonce_bytes_from_handshake();
-
BOTAN_ASSERT_NOMSG(m_nonce.size() == m_nonce_bytes_from_handshake);
if(nonce_format() == Nonce_Format::CBC_MODE)
@@ -84,10 +80,10 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version,
uses_encrypt_then_mac));
}
- m_aead->set_key(cipher_key + mac_key);
+ m_aead->set_key(aead_key);
if(our_side == false)
- m_aead->start(iv.bits_of());
+ m_aead->start(m_nonce);
#else
throw Internal_Error("Negotiated disabled TLS CBC+HMAC ciphersuite");
#endif
@@ -95,17 +91,7 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version,
else
{
m_aead = AEAD_Mode::create_or_throw(suite.cipher_algo(), our_side ? ENCRYPTION : DECRYPTION);
-
- m_aead->set_key(cipher_key + mac_key);
-
- if(nonce_format() == Nonce_Format::AEAD_IMPLICIT_4)
- {
- m_nonce.resize(m_nonce.size() + 8);
- }
- else if(nonce_format() != Nonce_Format::AEAD_XOR_12)
- {
- throw Invalid_State("Invalid AEAD nonce format used");
- }
+ m_aead->set_key(aead_key);
}
}
@@ -134,7 +120,9 @@ std::vector<uint8_t> Connection_Cipher_State::aead_nonce(uint64_t seq, RandomNum
}
case Nonce_Format::AEAD_IMPLICIT_4:
{
- std::vector<uint8_t> nonce = m_nonce;
+ BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
+ std::vector<uint8_t> nonce(12);
+ copy_mem(&nonce[0], m_nonce.data(), 4);
store_be(seq, &nonce[nonce_bytes_from_handshake()]);
return nonce;
}
@@ -164,9 +152,11 @@ Connection_Cipher_State::aead_nonce(const uint8_t record[], size_t record_len, u
}
case Nonce_Format::AEAD_IMPLICIT_4:
{
+ BOTAN_ASSERT_NOMSG(m_nonce.size() == 4);
if(record_len < nonce_bytes_from_record())
throw Decoding_Error("Invalid AEAD packet too short to be valid");
- std::vector<uint8_t> nonce = m_nonce;
+ std::vector<uint8_t> nonce(12);
+ copy_mem(&nonce[0], m_nonce.data(), 4);
copy_mem(&nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record());
return nonce;
}
diff --git a/src/lib/tls/tls_session_key.cpp b/src/lib/tls/tls_session_key.cpp
index 469d1d387..206681041 100644
--- a/src/lib/tls/tls_session_key.cpp
+++ b/src/lib/tls/tls_session_key.cpp
@@ -1,6 +1,6 @@
/*
* TLS Session Key
-* (C) 2004-2006,2011,2016 Jack Lloyd
+* (C) 2004-2006,2011,2016,2019 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -48,17 +48,17 @@ Session_Keys::Session_Keys(const Handshake_State* state,
}
else
{
- secure_vector<uint8_t> salt;
- secure_vector<uint8_t> label;
+ std::vector<uint8_t> salt;
+ std::vector<uint8_t> label;
if(extended_master_secret)
{
- label += std::make_pair(EXT_MASTER_SECRET_MAGIC, sizeof(EXT_MASTER_SECRET_MAGIC));
+ label.assign(EXT_MASTER_SECRET_MAGIC, EXT_MASTER_SECRET_MAGIC + sizeof(EXT_MASTER_SECRET_MAGIC));
salt += state->hash().final(state->version(),
state->ciphersuite().prf_algo());
}
else
{
- label += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC));
+ label.assign(MASTER_SECRET_MAGIC, MASTER_SECRET_MAGIC + sizeof(MASTER_SECRET_MAGIC));
salt += state->client_hello()->random();
salt += state->server_hello()->random();
}
@@ -66,32 +66,34 @@ Session_Keys::Session_Keys(const Handshake_State* state,
m_master_sec = prf->derive_key(48, pre_master_secret, salt, label);
}
- secure_vector<uint8_t> salt;
- secure_vector<uint8_t> label;
- label += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC));
+ std::vector<uint8_t> salt;
+ std::vector<uint8_t> label;
+ label.assign(KEY_GEN_MAGIC, KEY_GEN_MAGIC + sizeof(KEY_GEN_MAGIC));
salt += state->server_hello()->random();
salt += state->client_hello()->random();
- SymmetricKey keyblock = prf->derive_key(prf_gen, m_master_sec, salt, label);
+ const secure_vector<uint8_t> prf_output = prf->derive_key(
+ prf_gen,
+ m_master_sec.data(), m_master_sec.size(),
+ salt.data(), salt.size(),
+ label.data(), label.size());
- const uint8_t* key_data = keyblock.begin();
+ const uint8_t* key_data = prf_output.data();
- m_c_mac = SymmetricKey(key_data, mac_keylen);
- key_data += mac_keylen;
+ m_c_aead.resize(mac_keylen + cipher_keylen);
+ m_s_aead.resize(mac_keylen + cipher_keylen);
- m_s_mac = SymmetricKey(key_data, mac_keylen);
- key_data += mac_keylen;
+ copy_mem(&m_c_aead[0], key_data, mac_keylen);
+ copy_mem(&m_s_aead[0], key_data + mac_keylen, mac_keylen);
- m_c_cipher = SymmetricKey(key_data, cipher_keylen);
- key_data += cipher_keylen;
+ copy_mem(&m_c_aead[mac_keylen], key_data + 2*mac_keylen, cipher_keylen);
+ copy_mem(&m_s_aead[mac_keylen], key_data + 2*mac_keylen + cipher_keylen, cipher_keylen);
- m_s_cipher = SymmetricKey(key_data, cipher_keylen);
- key_data += cipher_keylen;
+ m_c_nonce.resize(cipher_nonce_bytes);
+ m_s_nonce.resize(cipher_nonce_bytes);
- m_c_iv = InitializationVector(key_data, cipher_nonce_bytes);
- key_data += cipher_nonce_bytes;
-
- m_s_iv = InitializationVector(key_data, cipher_nonce_bytes);
+ copy_mem(&m_c_nonce[0], key_data + 2*(mac_keylen + cipher_keylen), cipher_nonce_bytes);
+ copy_mem(&m_s_nonce[0], key_data + 2*(mac_keylen + cipher_keylen) + cipher_nonce_bytes, cipher_nonce_bytes);
}
}
diff --git a/src/lib/tls/tls_session_key.h b/src/lib/tls/tls_session_key.h
index 2c1eac523..5f0ea3a66 100644
--- a/src/lib/tls/tls_session_key.h
+++ b/src/lib/tls/tls_session_key.h
@@ -8,7 +8,7 @@
#ifndef BOTAN_TLS_SESSION_KEYS_H_
#define BOTAN_TLS_SESSION_KEYS_H_
-#include <botan/symkey.h>
+#include <botan/secmem.h>
namespace Botan {
@@ -23,34 +23,24 @@ class Session_Keys final
{
public:
/**
- * @return client encipherment key
+ * @return client AEAD key
*/
- const SymmetricKey& client_cipher_key() const { return m_c_cipher; }
+ const secure_vector<uint8_t>& client_aead_key() const { return m_c_aead; }
/**
- * @return client encipherment key
+ * @return server AEAD key
*/
- const SymmetricKey& server_cipher_key() const { return m_s_cipher; }
+ const secure_vector<uint8_t>& server_aead_key() const { return m_s_aead; }
/**
- * @return client MAC key
+ * @return client nonce
*/
- const SymmetricKey& client_mac_key() const { return m_c_mac; }
+ const std::vector<uint8_t>& client_nonce() const { return m_c_nonce; }
/**
- * @return server MAC key
+ * @return server nonce
*/
- const SymmetricKey& server_mac_key() const { return m_s_mac; }
-
- /**
- * @return client IV
- */
- const InitializationVector& client_iv() const { return m_c_iv; }
-
- /**
- * @return server IV
- */
- const InitializationVector& server_iv() const { return m_s_iv; }
+ const std::vector<uint8_t>& server_nonce() const { return m_s_nonce; }
/**
* @return TLS master secret
@@ -70,8 +60,8 @@ class Session_Keys final
private:
secure_vector<uint8_t> m_master_sec;
- SymmetricKey m_c_cipher, m_s_cipher, m_c_mac, m_s_mac;
- InitializationVector m_c_iv, m_s_iv;
+ secure_vector<uint8_t> m_c_aead, m_s_aead;
+ std::vector<uint8_t> m_c_nonce, m_s_nonce;
};
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 14:07:42 +0000