aboutsummaryrefslogtreecommitdiffstats
path: root/src/ssl/rec_wri.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/ssl/rec_wri.cpp')
-rw-r--r--src/ssl/rec_wri.cpp258
1 files changed, 258 insertions, 0 deletions
diff --git a/src/ssl/rec_wri.cpp b/src/ssl/rec_wri.cpp
new file mode 100644
index 000000000..258b4ec17
--- /dev/null
+++ b/src/ssl/rec_wri.cpp
@@ -0,0 +1,258 @@
+/**
+* TLS Record Writing
+* (C) 2004-2006 Jack Lloyd
+*
+* Released under the terms of the Botan license
+*/
+
+#include <botan/tls_record.h>
+#include <botan/handshake_hash.h>
+#include <botan/lookup.h>
+#include <botan/loadstor.h>
+
+namespace Botan {
+
+/**
+* Record_Writer Constructor
+*/
+Record_Writer::Record_Writer(Socket& sock) :
+ socket(sock), buffer(DEFAULT_BUFFERSIZE)
+ {
+ reset();
+ }
+
+/**
+* Reset the state
+*/
+void Record_Writer::reset()
+ {
+ compress.reset();
+ cipher.reset();
+ mac.reset();
+ buffer.clear();
+ do_compress = false;
+ major = minor = buf_type = 0;
+ pad_amount = mac_size = buf_pos = 0;
+ seq_no = 0;
+ }
+
+/**
+* Set the version to use
+*/
+void Record_Writer::set_version(Version_Code version)
+ {
+ if(version != SSL_V3 && version != TLS_V10)
+ throw Invalid_Argument("Record_Writer: Invalid protocol version");
+
+ major = (version >> 8) & 0xFF;
+ minor = (version & 0xFF);
+ }
+
+/**
+* Set the compression algorithm
+*/
+void Record_Writer::set_compressor(Filter* compressor)
+ {
+ throw TLS_Exception(INTERNAL_ERROR, "Compression not implemented (FIXME)");
+ compress.append(compressor);
+ }
+
+/**
+* Set the keys for writing
+*/
+void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys,
+ Connection_Side side)
+ {
+ cipher.reset();
+ mac.reset();
+
+ SymmetricKey mac_key, cipher_key;
+ InitializationVector iv;
+
+ if(side == CLIENT)
+ {
+ cipher_key = keys.client_cipher_key();
+ iv = keys.client_iv();
+ mac_key = keys.client_mac_key();
+ }
+ else
+ {
+ cipher_key = keys.server_cipher_key();
+ iv = keys.server_iv();
+ mac_key = keys.server_mac_key();
+ }
+
+ const std::string cipher_algo = suite.cipher_algo();
+ const std::string mac_algo = suite.mac_algo();
+
+ if(have_block_cipher(cipher_algo))
+ {
+ cipher.append(get_cipher(
+ cipher_algo + "/CBC/NoPadding",
+ cipher_key, iv, ENCRYPTION)
+ );
+ pad_amount = block_size_of(cipher_algo);
+ }
+ else if(have_stream_cipher(cipher_algo))
+ {
+ cipher.append(get_cipher(cipher_algo, cipher_key, ENCRYPTION));
+ pad_amount = 0;
+ }
+ else
+ throw Invalid_Argument("Record_Writer: Unknown cipher " + cipher_algo);
+
+ if(have_hash(mac_algo))
+ {
+ if(major == 3 && minor == 0)
+ mac.append(new MAC_Filter("SSL3-MAC(" + mac_algo + ")", mac_key));
+ else
+ mac.append(new MAC_Filter("HMAC(" + mac_algo + ")", mac_key));
+
+ mac_size = output_length_of(mac_algo);
+ }
+ else
+ throw Invalid_Argument("Record_Writer: Unknown hash " + mac_algo);
+ }
+
+/**
+* Send one or more records to the other side
+*/
+void Record_Writer::send(byte type, byte input)
+ {
+ send(type, &input, 1);
+ }
+
+/**
+* Send one or more records to the other side
+*/
+void Record_Writer::send(byte type, const byte input[], u32bit length)
+ {
+ if(type != buf_type)
+ flush();
+
+ const u32bit BUFFER_SIZE = buffer.size();
+ buf_type = type;
+
+ // FIXME: compression right here
+
+ buffer.copy(buf_pos, input, length);
+ if(buf_pos + length >= BUFFER_SIZE)
+ {
+ send_record(buf_type, buffer, length);
+ input += (BUFFER_SIZE - buf_pos);
+ length -= (BUFFER_SIZE - buf_pos);
+ while(length >= BUFFER_SIZE)
+ {
+ send_record(buf_type, input, BUFFER_SIZE);
+ input += BUFFER_SIZE;
+ length -= BUFFER_SIZE;
+ }
+ buffer.copy(input, length);
+ buf_pos = 0;
+ }
+ buf_pos += length;
+ }
+
+/**
+* Split buffer into records, and send them all
+*/
+void Record_Writer::flush()
+ {
+ const byte* buf_ptr = buffer.begin();
+ u32bit offset = 0;
+
+ while(offset != buf_pos)
+ {
+ u32bit record_size = buf_pos - offset;
+ if(record_size > MAX_PLAINTEXT_SIZE)
+ record_size = MAX_PLAINTEXT_SIZE;
+
+ send_record(buf_type, buf_ptr + offset, record_size);
+ offset += record_size;
+ }
+ buf_type = 0;
+ buf_pos = 0;
+ }
+
+/**
+* Encrypt and send the record
+*/
+void Record_Writer::send_record(byte type, const byte buf[], u32bit length)
+ {
+ if(length >= MAX_COMPRESSED_SIZE)
+ throw TLS_Exception(INTERNAL_ERROR,
+ "Record_Writer: Compressed packet is too big");
+
+ if(mac_size == 0)
+ send_record(type, major, minor, buf, length);
+ else
+ {
+ mac.start_msg();
+ for(u32bit j = 0; j != 8; j++)
+ mac.write(get_byte(j, seq_no));
+ mac.write(type);
+
+ if(major > 3 || (major == 3 && minor != 0))
+ {
+ mac.write(major);
+ mac.write(minor);
+ }
+
+ mac.write(get_byte(2, length));
+ mac.write(get_byte(3, length));
+ mac.write(buf, length);
+ mac.end_msg();
+
+ SecureVector<byte> buf_mac = mac.read_all(Pipe::LAST_MESSAGE);
+
+ cipher.start_msg();
+ cipher.write(buf, length);
+ cipher.write(buf_mac);
+ if(pad_amount)
+ {
+ u32bit pad_val =
+ (pad_amount - (1 + length + buf_mac.size())) % pad_amount;
+
+ for(u32bit j = 0; j != pad_val + 1; j++)
+ cipher.write(pad_val);
+ }
+ cipher.end_msg();
+
+ SecureVector<byte> output = cipher.read_all(Pipe::LAST_MESSAGE);
+
+ send_record(type, major, minor, output, output.size());
+
+ seq_no++;
+ }
+ }
+
+/**
+* Send a final record packet
+*/
+void Record_Writer::send_record(byte type, byte major, byte minor,
+ const byte out[], u32bit length)
+ {
+ if(length >= MAX_CIPHERTEXT_SIZE)
+ throw TLS_Exception(INTERNAL_ERROR,
+ "Record_Writer: Record is too big");
+
+ byte header[5] = { type, major, minor, 0 };
+ for(u32bit j = 0; j != 2; j++)
+ header[j+3] = get_byte<u16bit>(j, length);
+
+ // FIXME: tradoff of TCP/syscall overhead vs copy overhead
+ socket.write(header, 5);
+ socket.write(out, length);
+ }
+
+/**
+* Send an alert
+*/
+void Record_Writer::alert(Alert_Level level, Alert_Type type)
+ {
+ byte alert[2] = { level, type };
+ send(ALERT, alert, sizeof(alert));
+ flush();
+ }
+
+}