diff options
Diffstat (limited to 'src/ssl/rec_wri.cpp')
| -rw-r--r-- | src/ssl/rec_wri.cpp | 56 |
1 files changed, 36 insertions, 20 deletions
diff --git a/src/ssl/rec_wri.cpp b/src/ssl/rec_wri.cpp index 842b2698c..f8079c235 100644 --- a/src/ssl/rec_wri.cpp +++ b/src/ssl/rec_wri.cpp @@ -1,6 +1,6 @@ /** -* TLS Record Writing -* (C) 2004-2006 Jack Lloyd +* TLS Record Writing +* (C) 2004-2010 Jack Lloyd * * Released under the terms of the Botan license */ @@ -9,6 +9,7 @@ #include <botan/handshake_hash.h> #include <botan/lookup.h> #include <botan/loadstor.h> +#include <botan/libstate.h> namespace Botan { @@ -26,13 +27,17 @@ Record_Writer::Record_Writer(Socket& sock) : */ void Record_Writer::reset() { - compress.reset(); cipher.reset(); mac.reset(); + buffer.clear(); - do_compress = false; + buf_pos = 0; + major = minor = buf_type = 0; - pad_amount = mac_size = buf_pos = 0; + block_size = 0; + mac_size = 0; + iv_size = 0; + seq_no = 0; } @@ -41,7 +46,7 @@ void Record_Writer::reset() */ void Record_Writer::set_version(Version_Code version) { - if(version != SSL_V3 && version != TLS_V10) + if(version != SSL_V3 && version != TLS_V10 && version != TLS_V11) throw Invalid_Argument("Record_Writer: Invalid protocol version"); major = (version >> 8) & 0xFF; @@ -49,15 +54,6 @@ void Record_Writer::set_version(Version_Code version) } /** -* Set the compression algorithm -*/ -void Record_Writer::set_compressor(Filter* compressor) - { - throw TLS_Exception(INTERNAL_ERROR, "Compression not implemented (FIXME)"); - compress.append(compressor); - } - -/** * Set the keys for writing */ void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys, @@ -91,12 +87,18 @@ void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys, cipher_algo + "/CBC/NoPadding", cipher_key, iv, ENCRYPTION) ); - pad_amount = block_size_of(cipher_algo); + block_size = block_size_of(cipher_algo); + + if(major == 3 && minor >= 2) + iv_size = block_size; + else + iv_size = 0; } else if(have_stream_cipher(cipher_algo)) { cipher.append(get_cipher(cipher_algo, cipher_key, ENCRYPTION)); - pad_amount = 0; + block_size = 0; + iv_size = 0; } else throw Invalid_Argument("Record_Writer: Unknown cipher " + cipher_algo); @@ -203,15 +205,30 @@ void Record_Writer::send_record(byte type, const byte buf[], u32bit length) mac.write(buf, length); mac.end_msg(); + // TODO: This could all use a single buffer + SecureVector<byte> buf_mac = mac.read_all(Pipe::LAST_MESSAGE); cipher.start_msg(); + + if(iv_size) + { + RandomNumberGenerator& rng = global_state().global_rng(); + + SecureVector<byte> random_iv(iv_size); + + rng.randomize(&random_iv[0], random_iv.size()); + + cipher.write(random_iv); + } + cipher.write(buf, length); cipher.write(buf_mac); - if(pad_amount) + + if(block_size) { u32bit pad_val = - (pad_amount - (1 + length + buf_mac.size())) % pad_amount; + (block_size - (1 + length + buf_mac.size())) % block_size; for(u32bit j = 0; j != pad_val + 1; j++) cipher.write(pad_val); @@ -240,7 +257,6 @@ void Record_Writer::send_record(byte type, byte major, byte minor, for(u32bit j = 0; j != 2; j++) header[j+3] = get_byte<u16bit>(j, length); - // FIXME: tradoff of TCP/syscall overhead vs copy overhead socket.write(header, 5); socket.write(out, length); } |