From d470084173f251e0c319dfc30d7eca40be9d5824 Mon Sep 17 00:00:00 2001 From: lloyd Date: Tue, 27 Dec 2011 18:06:13 +0000 Subject: Clean up SessionKeys implementation --- src/tls/tls_session_key.cpp | 148 ++++++++++++++------------------------------ 1 file changed, 48 insertions(+), 100 deletions(-) (limited to 'src/tls/tls_session_key.cpp') diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp index 94761dd3a..01e74ba69 100644 --- a/src/tls/tls_session_key.cpp +++ b/src/tls/tls_session_key.cpp @@ -13,73 +13,31 @@ namespace Botan { -/** -* Generate SSLv3 session keys -*/ -SymmetricKey SessionKeys::ssl3_keygen(size_t prf_gen, - const MemoryRegion& pre_master, - const MemoryRegion& client_random, - const MemoryRegion& server_random) - { - SSL3_PRF prf; - - SecureVector salt; - salt += client_random; - salt += server_random; - - master_sec = prf.derive_key(48, pre_master, salt); +namespace { - salt.clear(); - salt += server_random; - salt += client_random; - - return prf.derive_key(prf_gen, master_sec, salt); - } - -/** -* Generate TLS 1.0 session keys -*/ -SymmetricKey SessionKeys::tls1_keygen(size_t prf_gen, - const MemoryRegion& pre_master, - const MemoryRegion& client_random, - const MemoryRegion& server_random) +std::string lookup_prf_name(Version_Code version) { - const byte MASTER_SECRET_MAGIC[] = { - 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, - 0x74 }; - const byte KEY_GEN_MAGIC[] = { - 0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, - 0x6E }; - - TLS_PRF prf; - - SecureVector salt; - salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC)); - salt += client_random; - salt += server_random; - - master_sec = prf.derive_key(48, pre_master, salt); - - salt.clear(); - salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC)); - salt += server_random; - salt += client_random; - - return prf.derive_key(prf_gen, master_sec, salt); + if(version == SSL_V3) + return "SSL3-PRF"; + else if(version == TLS_V10 || version == TLS_V11) + return "TLS-PRF"; + else + throw Invalid_Argument("SessionKeys: Unknown version code"); } +} + /** * SessionKeys Constructor */ SessionKeys::SessionKeys(const CipherSuite& suite, Version_Code version, const MemoryRegion& pre_master_secret, - const MemoryRegion& c_random, - const MemoryRegion& s_random, + const MemoryRegion& client_random, + const MemoryRegion& server_random, bool resuming) { - if(version != SSL_V3 && version != TLS_V10 && version != TLS_V11) - throw Invalid_Argument("SessionKeys: Unknown version code"); + const std::string prf_name = lookup_prf_name(version); const size_t mac_keylen = output_length_of(suite.mac_algo()); const size_t cipher_keylen = suite.cipher_keylen(); @@ -90,67 +48,57 @@ SessionKeys::SessionKeys(const CipherSuite& suite, const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_ivlen); - if(resuming) - { - master_sec = pre_master_secret; + const byte MASTER_SECRET_MAGIC[] = { + 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 }; - const byte KEY_GEN_MAGIC[] = { - 0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, 0x6E }; + const byte KEY_GEN_MAGIC[] = { + 0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, 0x6E }; - TLS_PRF prf; + std::auto_ptr prf(get_kdf(prf_name)); + if(resuming) + { + master_sec = pre_master_secret; + } + else + { SecureVector salt; - salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC)); - salt += s_random; - salt += c_random; - - SymmetricKey keyblock = prf.derive_key(prf_gen, master_sec, salt); - - const byte* key_data = keyblock.begin(); - - c_mac = SymmetricKey(key_data, mac_keylen); - key_data += mac_keylen; - s_mac = SymmetricKey(key_data, mac_keylen); - key_data += mac_keylen; + if(version != SSL_V3) + salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC)); - c_cipher = SymmetricKey(key_data, cipher_keylen); - key_data += cipher_keylen; + salt += client_random; + salt += server_random; - s_cipher = SymmetricKey(key_data, cipher_keylen); - key_data += cipher_keylen; - - c_iv = InitializationVector(key_data, cipher_ivlen); - key_data += cipher_ivlen; - - s_iv = InitializationVector(key_data, cipher_ivlen); + master_sec = prf->derive_key(48, pre_master_secret, salt); } - else - { - SymmetricKey keyblock = (version == SSL_V3) ? - ssl3_keygen(prf_gen, pre_master_secret, c_random, s_random) : - tls1_keygen(prf_gen, pre_master_secret, c_random, s_random); - const byte* key_data = keyblock.begin(); + SecureVector salt; + if(version != SSL_V3) + salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC)); + salt += server_random; + salt += client_random; - c_mac = SymmetricKey(key_data, mac_keylen); - key_data += mac_keylen; + SymmetricKey keyblock = prf->derive_key(prf_gen, master_sec, salt); - s_mac = SymmetricKey(key_data, mac_keylen); - key_data += mac_keylen; + const byte* key_data = keyblock.begin(); - c_cipher = SymmetricKey(key_data, cipher_keylen); - key_data += cipher_keylen; + c_mac = SymmetricKey(key_data, mac_keylen); + key_data += mac_keylen; - s_cipher = SymmetricKey(key_data, cipher_keylen); - key_data += cipher_keylen; + s_mac = SymmetricKey(key_data, mac_keylen); + key_data += mac_keylen; - c_iv = InitializationVector(key_data, cipher_ivlen); - key_data += cipher_ivlen; + c_cipher = SymmetricKey(key_data, cipher_keylen); + key_data += cipher_keylen; - s_iv = InitializationVector(key_data, cipher_ivlen); - } + s_cipher = SymmetricKey(key_data, cipher_keylen); + key_data += cipher_keylen; + + c_iv = InitializationVector(key_data, cipher_ivlen); + key_data += cipher_ivlen; + s_iv = InitializationVector(key_data, cipher_ivlen); } } -- cgit v1.2.3