diff options
Diffstat (limited to 'src/libtls/tls_aead_impl.c')
| -rw-r--r-- | src/libtls/tls_aead_impl.c | 214 |
1 files changed, 214 insertions, 0 deletions
diff --git a/src/libtls/tls_aead_impl.c b/src/libtls/tls_aead_impl.c new file mode 100644 index 000000000..fb14026e0 --- /dev/null +++ b/src/libtls/tls_aead_impl.c @@ -0,0 +1,214 @@ +/* + * Copyright (C) 2014 Martin Willi + * Copyright (C) 2014 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tls_aead.h" + +typedef struct private_tls_aead_t private_tls_aead_t; + +/** + * Private data of an tls_aead_t object. + */ +struct private_tls_aead_t { + + /** + * Public tls_aead_t interface. + */ + tls_aead_t public; + + /** + * traditional crypter + */ + crypter_t *crypter; + + /** + * traditional signer + */ + signer_t *signer; + + /** + * Next implicit IV + */ + chunk_t iv; +}; + +/** + * Associated header data to create signature over + */ +typedef struct __attribute__((__packed__)) { + u_int64_t seq; + u_int8_t type; + u_int16_t version; + u_int16_t length; +} sigheader_t; + +METHOD(tls_aead_t, encrypt, bool, + private_tls_aead_t *this, tls_version_t version, + tls_content_type_t type, u_int64_t seq, chunk_t *data) +{ + chunk_t assoc, mac, padding; + u_int8_t bs, padlen; + sigheader_t hdr; + + hdr.type = type; + htoun64(&hdr.seq, seq); + htoun16(&hdr.version, version); + htoun16(&hdr.length, data->len); + + assoc = chunk_from_thing(hdr); + if (!this->signer->get_signature(this->signer, assoc, NULL) || + !this->signer->allocate_signature(this->signer, *data, &mac)) + { + return FALSE; + } + bs = this->crypter->get_block_size(this->crypter); + padlen = pad_len(data->len + mac.len + 1, bs); + + padding = chunk_alloca(padlen); + memset(padding.ptr, padlen, padding.len); + + *data = chunk_cat("mmcc", *data, mac, padding, chunk_from_thing(padlen)); + /* encrypt inline */ + if (!this->crypter->encrypt(this->crypter, *data, this->iv, NULL)) + { + return FALSE; + } + if (data->len < this->iv.len) + { + return FALSE; + } + /* next record IV is last ciphertext block of this record */ + memcpy(this->iv.ptr, data->ptr + data->len - this->iv.len, this->iv.len); + return TRUE; +} + +METHOD(tls_aead_t, decrypt, bool, + private_tls_aead_t *this, tls_version_t version, + tls_content_type_t type, u_int64_t seq, chunk_t *data) +{ + chunk_t assoc, mac, iv; + u_int8_t bs, padlen; + sigheader_t hdr; + + bs = this->crypter->get_block_size(this->crypter); + if (data->len < bs || data->len < this->iv.len || data->len % bs) + { + return FALSE; + } + iv = chunk_alloca(this->iv.len); + memcpy(iv.ptr, this->iv.ptr, this->iv.len); + memcpy(this->iv.ptr, data->ptr + data->len - this->iv.len, this->iv.len); + if (!this->crypter->decrypt(this->crypter, *data, iv, NULL)) + { + return FALSE; + } + padlen = data->ptr[data->len - 1]; + if (padlen < data->len) + { /* If padding looks valid, remove it */ + data->len -= padlen + 1; + } + + bs = this->signer->get_block_size(this->signer); + if (data->len < bs) + { + return FALSE; + } + mac = chunk_skip(*data, data->len - bs); + data->len -= bs; + + hdr.type = type; + htoun64(&hdr.seq, seq); + htoun16(&hdr.version, version); + htoun16(&hdr.length, data->len); + + assoc = chunk_from_thing(hdr); + if (!this->signer->get_signature(this->signer, assoc, NULL) || + !this->signer->verify_signature(this->signer, *data, mac)) + { + return FALSE; + } + return TRUE; +} + +METHOD(tls_aead_t, get_mac_key_size, size_t, + private_tls_aead_t *this) +{ + return this->signer->get_key_size(this->signer); +} + +METHOD(tls_aead_t, get_encr_key_size, size_t, + private_tls_aead_t *this) +{ + return this->crypter->get_key_size(this->crypter); +} + +METHOD(tls_aead_t, get_iv_size, size_t, + private_tls_aead_t *this) +{ + return this->iv.len; +} + +METHOD(tls_aead_t, set_keys, bool, + private_tls_aead_t *this, chunk_t mac, chunk_t encr, chunk_t iv) +{ + if (iv.len != this->iv.len) + { + return FALSE; + } + memcpy(this->iv.ptr, iv.ptr, this->iv.len); + return this->signer->set_key(this->signer, mac) && + this->crypter->set_key(this->crypter, encr); +} + +METHOD(tls_aead_t, destroy, void, + private_tls_aead_t *this) +{ + DESTROY_IF(this->crypter); + DESTROY_IF(this->signer); + chunk_free(&this->iv); + free(this); +} + +/** + * See header + */ +tls_aead_t *tls_aead_create_implicit(integrity_algorithm_t mac, + encryption_algorithm_t encr, size_t encr_size) +{ + private_tls_aead_t *this; + + INIT(this, + .public = { + .encrypt = _encrypt, + .decrypt = _decrypt, + .get_mac_key_size = _get_mac_key_size, + .get_encr_key_size = _get_encr_key_size, + .get_iv_size = _get_iv_size, + .set_keys = _set_keys, + .destroy = _destroy, + }, + .crypter = lib->crypto->create_crypter(lib->crypto, encr, encr_size), + .signer = lib->crypto->create_signer(lib->crypto, mac), + ); + + if (!this->crypter || !this->signer) + { + destroy(this); + return NULL; + } + + this->iv = chunk_alloc(this->crypter->get_iv_size(this->crypter)); + + return &this->public; +} |