diff options
Diffstat (limited to 'src/ssl')
-rw-r--r-- | src/ssl/rec_read.cpp | 33 | ||||
-rw-r--r-- | src/ssl/rec_wri.cpp | 48 | ||||
-rw-r--r-- | src/ssl/tls_record.h | 23 |
3 files changed, 56 insertions, 48 deletions
diff --git a/src/ssl/rec_read.cpp b/src/ssl/rec_read.cpp index e34359862..042aae0c9 100644 --- a/src/ssl/rec_read.cpp +++ b/src/ssl/rec_read.cpp @@ -17,7 +17,10 @@ namespace Botan { void Record_Reader::reset() { cipher.reset(); - mac.reset(); + + delete mac; + mac = 0; + mac_size = 0; block_size = 0; iv_size = 0; @@ -44,7 +47,8 @@ void Record_Reader::set_keys(const CipherSuite& suite, const SessionKeys& keys, Connection_Side side) { cipher.reset(); - mac.reset(); + delete mac; + mac = 0; SymmetricKey mac_key, cipher_key; InitializationVector iv; @@ -89,12 +93,15 @@ void Record_Reader::set_keys(const CipherSuite& suite, const SessionKeys& keys, if(have_hash(mac_algo)) { + Algorithm_Factory& af = global_state().algorithm_factory(); + if(major == 3 && minor == 0) - mac.append(new MAC_Filter("SSL3-MAC(" + mac_algo + ")", mac_key)); + mac = af.make_mac("SSL3-MAC(" + mac_algo + ")"); else - mac.append(new MAC_Filter("HMAC(" + mac_algo + ")", mac_key)); + mac = af.make_mac("HMAC(" + mac_algo + ")"); - mac_size = output_length_of(mac_algo); + mac->set_key(mac_key); + mac_size = mac->output_length(); } else throw Invalid_Argument("Record_Reader: Unknown hash " + mac_algo); @@ -221,23 +228,19 @@ size_t Record_Reader::get_record(byte& msg_type, const u16bit plain_length = plaintext.size() - (mac_size + pad_size + iv_size); - mac.start_msg(); - for(size_t i = 0; i != 8; ++i) - mac.write(get_byte(i, seq_no)); - mac.write(header[0]); // msg_type + mac->update_be(seq_no); + mac->update(header[0]); // msg_type if(version != SSL_V3) for(size_t i = 0; i != 2; ++i) - mac.write(get_byte(i, version)); + mac->update(get_byte(i, version)); - for(size_t i = 0; i != 2; ++i) - mac.write(get_byte(i, plain_length)); - mac.write(&plaintext[iv_size], plain_length); - mac.end_msg(); + mac->update_be(plain_length); + mac->update(&plaintext[iv_size], plain_length); ++seq_no; - SecureVector<byte> computed_mac = mac.read_all(Pipe::LAST_MESSAGE); + SecureVector<byte> computed_mac = mac->final(); if(recieved_mac != computed_mac) throw TLS_Exception(BAD_RECORD_MAC, "Record_Reader: MAC failure"); diff --git a/src/ssl/rec_wri.cpp b/src/ssl/rec_wri.cpp index 57eb62f6e..f3525a7d1 100644 --- a/src/ssl/rec_wri.cpp +++ b/src/ssl/rec_wri.cpp @@ -19,6 +19,7 @@ namespace Botan { Record_Writer::Record_Writer(Socket& sock) : socket(sock), buffer(DEFAULT_BUFFERSIZE) { + mac = 0; reset(); } @@ -28,7 +29,9 @@ Record_Writer::Record_Writer(Socket& sock) : void Record_Writer::reset() { cipher.reset(); - mac.reset(); + + delete mac; + mac = 0; zeroise(buffer); buf_pos = 0; @@ -60,7 +63,8 @@ void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys, Connection_Side side) { cipher.reset(); - mac.reset(); + delete mac; + mac = 0; SymmetricKey mac_key, cipher_key; InitializationVector iv; @@ -105,12 +109,15 @@ void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys, if(have_hash(mac_algo)) { + Algorithm_Factory& af = global_state().algorithm_factory(); + if(major == 3 && minor == 0) - mac.append(new MAC_Filter("SSL3-MAC(" + mac_algo + ")", mac_key)); + mac = af.make_mac("SSL3-MAC(" + mac_algo + ")"); else - mac.append(new MAC_Filter("HMAC(" + mac_algo + ")", mac_key)); + mac = af.make_mac("HMAC(" + mac_algo + ")"); - mac_size = output_length_of(mac_algo); + mac->set_key(mac_key); + mac_size = mac->output_length(); } else throw Invalid_Argument("Record_Writer: Unknown hash " + mac_algo); @@ -119,14 +126,6 @@ void Record_Writer::set_keys(const CipherSuite& suite, const SessionKeys& keys, /** * Send one or more records to the other side */ -void Record_Writer::send(byte type, byte input) - { - send(type, &input, 1); - } - -/** -* Send one or more records to the other side -*/ void Record_Writer::send(byte type, const byte input[], size_t length) { if(type != buf_type) @@ -189,26 +188,23 @@ void Record_Writer::send_record(byte type, const byte buf[], size_t length) send_record(type, major, minor, buf, length); else { - mac.start_msg(); - for(size_t i = 0; i != 8; ++i) - mac.write(get_byte(i, seq_no)); - mac.write(type); + + mac->update_be(seq_no); + mac->update(type); if(major > 3 || (major == 3 && minor != 0)) { - mac.write(major); - mac.write(minor); + mac->update(major); + mac->update(minor); } - mac.write(get_byte<u16bit>(0, length)); - mac.write(get_byte<u16bit>(1, length)); - mac.write(buf, length); - mac.end_msg(); + mac->update(get_byte<u16bit>(0, length)); + mac->update(get_byte<u16bit>(1, length)); + mac->update(buf, length); - // TODO: This could all use a single buffer - - SecureVector<byte> buf_mac = mac.read_all(Pipe::LAST_MESSAGE); + SecureVector<byte> buf_mac = mac->final(); + // TODO: This could all use a single buffer cipher.start_msg(); if(iv_size) diff --git a/src/ssl/tls_record.h b/src/ssl/tls_record.h index d39f1b557..7ad866c6e 100644 --- a/src/ssl/tls_record.h +++ b/src/ssl/tls_record.h @@ -12,6 +12,7 @@ #include <botan/tls_suites.h> #include <botan/socket.h> #include <botan/pipe.h> +#include <botan/mac.h> #include <botan/secqueue.h> #include <vector> @@ -23,8 +24,9 @@ namespace Botan { class BOTAN_DLL Record_Writer { public: - void send(byte, const byte[], size_t); - void send(byte, byte); + void send(byte type, const byte input[], size_t length); + void send(byte type, byte val) { send(type, &val, 1); } + void flush(); void alert(Alert_Level, Alert_Type); @@ -37,12 +39,16 @@ class BOTAN_DLL Record_Writer Record_Writer(Socket& socket); + ~Record_Writer() { delete mac; } private: - void send_record(byte, const byte[], size_t); - void send_record(byte, byte, byte, const byte[], size_t); + void send_record(byte type, const byte input[], size_t length); + void send_record(byte type, byte major, byte minor, + const byte input[], size_t length); Socket& socket; - Pipe cipher, mac; + Pipe cipher; + MessageAuthenticationCode* mac; + SecureVector<byte> buffer; size_t buf_pos; @@ -78,11 +84,14 @@ class BOTAN_DLL Record_Reader void reset(); - Record_Reader() { reset(); } + Record_Reader() { mac = 0; reset(); } + + ~Record_Reader() { delete mac; } private: SecureQueue input_queue; - Pipe cipher, mac; + Pipe cipher; + MessageAuthenticationCode* mac; size_t block_size, mac_size, iv_size; u64bit seq_no; byte major, minor; |