diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/tls/tls_cbc/tls_cbc.cpp | 17 | ||||
-rw-r--r-- | src/lib/tls/tls_cbc/tls_cbc.h | 29 | ||||
-rw-r--r-- | src/lib/tls/tls_record.cpp | 11 |
3 files changed, 30 insertions, 27 deletions
diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp index ca80a3d3c..a745a548b 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.cpp +++ b/src/lib/tls/tls_cbc/tls_cbc.cpp @@ -24,26 +24,25 @@ namespace TLS { * TLS_CBC_HMAC_AEAD_Mode Constructor */ TLS_CBC_HMAC_AEAD_Mode::TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir dir, - const std::string& cipher_name, + std::unique_ptr<BlockCipher> cipher, + std::unique_ptr<MessageAuthenticationCode> mac, size_t cipher_keylen, - const std::string& mac_name, size_t mac_keylen, bool use_explicit_iv, bool use_encrypt_then_mac) : - m_cipher_name(cipher_name), - m_mac_name(mac_name), + m_cipher_name(cipher->name()), + m_mac_name(mac->name()), m_cipher_keylen(cipher_keylen), m_mac_keylen(mac_keylen), m_use_encrypt_then_mac(use_encrypt_then_mac) { - m_mac = MessageAuthenticationCode::create_or_throw("HMAC(" + m_mac_name + ")"); - std::unique_ptr<BlockCipher> cipher = BlockCipher::create_or_throw(m_cipher_name); - - m_tag_size = m_mac->output_length(); + m_tag_size = mac->output_length(); m_block_size = cipher->block_size(); m_iv_size = use_explicit_iv ? m_block_size : 0; + m_mac = std::move(mac); + if(dir == ENCRYPTION) m_cbc.reset(new CBC_Encryption(cipher.release(), new Null_Padding)); else @@ -419,7 +418,7 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<uint8_t>& buffer, size_t (sending empty records, instead of 1/(n-1) splitting) */ - const uint16_t size_ok_mask = CT::is_lte<uint16_t>(static_cast<uint16_t>(tag_size() + pad_size), static_cast<uint16_t>(record_len + 1)); + const uint16_t size_ok_mask = CT::is_lte<uint16_t>(static_cast<uint16_t>(tag_size() + pad_size), static_cast<uint16_t>(record_len)); pad_size &= size_ok_mask; CT::unpoison(record_contents, record_len); diff --git a/src/lib/tls/tls_cbc/tls_cbc.h b/src/lib/tls/tls_cbc/tls_cbc.h index 012b9e51f..c8a808156 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.h +++ b/src/lib/tls/tls_cbc/tls_cbc.h @@ -46,9 +46,9 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Mode : public AEAD_Mode protected: TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir direction, - const std::string& cipher_name, + std::unique_ptr<BlockCipher> cipher, + std::unique_ptr<MessageAuthenticationCode> mac, size_t cipher_keylen, - const std::string& mac_name, size_t mac_keylen, bool use_explicit_iv, bool use_encrypt_then_mac); @@ -104,16 +104,17 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Encryption final : public TLS_CBC_HMAC_AE public: /** */ - TLS_CBC_HMAC_AEAD_Encryption(const std::string& cipher_algo, - const size_t cipher_keylen, - const std::string& mac_algo, - const size_t mac_keylen, - bool use_explicit_iv, - bool use_encrypt_then_mac) : + TLS_CBC_HMAC_AEAD_Encryption( + std::unique_ptr<BlockCipher> cipher, + std::unique_ptr<MessageAuthenticationCode> mac, + const size_t cipher_keylen, + const size_t mac_keylen, + bool use_explicit_iv, + bool use_encrypt_then_mac) : TLS_CBC_HMAC_AEAD_Mode(ENCRYPTION, - cipher_algo, + std::move(cipher), + std::move(mac), cipher_keylen, - mac_algo, mac_keylen, use_explicit_iv, use_encrypt_then_mac) @@ -138,16 +139,16 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Decryption final : public TLS_CBC_HMAC_AE public: /** */ - TLS_CBC_HMAC_AEAD_Decryption(const std::string& cipher_algo, + TLS_CBC_HMAC_AEAD_Decryption(std::unique_ptr<BlockCipher> cipher, + std::unique_ptr<MessageAuthenticationCode> mac, const size_t cipher_keylen, - const std::string& mac_algo, const size_t mac_keylen, bool use_explicit_iv, bool use_encrypt_then_mac) : TLS_CBC_HMAC_AEAD_Mode(DECRYPTION, - cipher_algo, + std::move(cipher), + std::move(mac), cipher_keylen, - mac_algo, mac_keylen, use_explicit_iv, use_encrypt_then_mac) diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index ded3831d0..1f564a689 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -57,12 +57,15 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, { #if defined(BOTAN_HAS_TLS_CBC) // legacy CBC+HMAC mode + auto mac = MessageAuthenticationCode::create_or_throw("HMAC(" + suite.mac_algo() + ")"); + auto cipher = BlockCipher::create_or_throw(suite.cipher_algo()); + if(our_side) { m_aead.reset(new TLS_CBC_HMAC_AEAD_Encryption( - suite.cipher_algo(), + std::move(cipher), + std::move(mac), suite.cipher_keylen(), - suite.mac_algo(), suite.mac_keylen(), version.supports_explicit_cbc_ivs(), uses_encrypt_then_mac)); @@ -70,9 +73,9 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, else { m_aead.reset(new TLS_CBC_HMAC_AEAD_Decryption( - suite.cipher_algo(), + std::move(cipher), + std::move(mac), suite.cipher_keylen(), - suite.mac_algo(), suite.mac_keylen(), version.supports_explicit_cbc_ivs(), uses_encrypt_then_mac)); |