sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-19 00:01:57 -04:00
Code Issues Projects Releases Wiki Activity

libtls: Allow tls_aead_t to change the content type

Browse Source 
The actual content type is encrypted with TLS 1.3, the type in the record
header is always Application Data.
This commit is contained in:
Tobias Brunner 2020-04-22 15:44:31 +02:00
parent 0d43b39931
commit ba2bcdd882
6 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/libtls/tls_aead.c
View File

@ -51,7 +51,7 @@ typedef struct __attribute__((__packed__)) {
} sigheader_t; } sigheader_t;
METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, private_tls_aead_t *this, tls_version_t version, tls_content_type_t *type,
uint64_t seq, chunk_t *data) uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, encrypted, iv, plain; chunk_t assoc, encrypted, iv, plain;
@ -74,7 +74,7 @@ METHOD(tls_aead_t, encrypt, bool,
plain = chunk_skip(encrypted, iv.len); plain = chunk_skip(encrypted, iv.len);
plain.len -= icvlen; plain.len -= icvlen;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, plain.len); htoun16(&hdr.length, plain.len);
@ -91,7 +91,7 @@ METHOD(tls_aead_t, encrypt, bool,
} }
METHOD(tls_aead_t, decrypt, bool, METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, private_tls_aead_t *this, tls_version_t version, tls_content_type_t *type,
uint64_t seq, chunk_t *data) uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, iv; chunk_t assoc, iv;
@ -111,7 +111,7 @@ METHOD(tls_aead_t, decrypt, bool,
return FALSE; return FALSE;
} }
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len - icvlen); htoun16(&hdr.length, data->len - icvlen);

8
src/libtls/tls_aead.h
View File

@ -44,13 +44,13 @@ struct tls_aead_t {
* gets updated to the IV for the next record. * gets updated to the IV for the next record.
* *
* @param version TLS version * @param version TLS version
* @param type TLS content type * @param type TLS content type (may be changed)
* @param seq record sequence number * @param seq record sequence number
* @param data data to encrypt, encryption result * @param data data to encrypt, encryption result
* @return TRUE if successfully encrypted * @return TRUE if successfully encrypted
*/ */
bool (*encrypt)(tls_aead_t *this, tls_version_t version, bool (*encrypt)(tls_aead_t *this, tls_version_t version,
tls_content_type_t type, uint64_t seq, chunk_t *data); tls_content_type_t *type, uint64_t seq, chunk_t *data);
/** /**
* Decrypt and verify a TLS record. * Decrypt and verify a TLS record.
@ -59,13 +59,13 @@ struct tls_aead_t {
* length, decryption is done inline. * length, decryption is done inline.
* *
* @param version TLS version * @param version TLS version
* @param type TLS content type * @param type TLS content type (may be changed)
* @param seq record sequence number * @param seq record sequence number
* @param data data to decrypt, decrypted result * @param data data to decrypt, decrypted result
* @return TRUE if successfully decrypted * @return TRUE if successfully decrypted
*/ */
bool (*decrypt)(tls_aead_t *this, tls_version_t version, bool (*decrypt)(tls_aead_t *this, tls_version_t version,
tls_content_type_t type, uint64_t seq, chunk_t *data); tls_content_type_t *type, uint64_t seq, chunk_t *data);
/** /**
* Get the authentication key size. * Get the authentication key size.

8
src/libtls/tls_aead_expl.c
View File

@ -56,14 +56,14 @@ typedef struct __attribute__((__packed__)) {
} sigheader_t; } sigheader_t;
METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, private_tls_aead_t *this, tls_version_t version, tls_content_type_t *type,
uint64_t seq, chunk_t *data) uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, mac, padding, iv; chunk_t assoc, mac, padding, iv;
uint8_t bs, padlen; uint8_t bs, padlen;
sigheader_t hdr; sigheader_t hdr;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len); htoun16(&hdr.length, data->len);
@ -99,7 +99,7 @@ METHOD(tls_aead_t, encrypt, bool,
} }
METHOD(tls_aead_t, decrypt, bool, METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, private_tls_aead_t *this, tls_version_t version, tls_content_type_t *type,
uint64_t seq, chunk_t *data) uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, mac, iv; chunk_t assoc, mac, iv;
@ -144,7 +144,7 @@ METHOD(tls_aead_t, decrypt, bool,
mac = chunk_skip(*data, data->len - bs); mac = chunk_skip(*data, data->len - bs);
data->len -= bs; data->len -= bs;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len); htoun16(&hdr.length, data->len);

8
src/libtls/tls_aead_impl.c
View File

@ -55,13 +55,13 @@ typedef struct __attribute__((__packed__)) {
METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version, private_tls_aead_t *this, tls_version_t version,
tls_content_type_t type, uint64_t seq, chunk_t *data) tls_content_type_t *type, uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, mac, padding; chunk_t assoc, mac, padding;
uint8_t bs, padlen; uint8_t bs, padlen;
sigheader_t hdr; sigheader_t hdr;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len); htoun16(&hdr.length, data->len);
@ -95,7 +95,7 @@ METHOD(tls_aead_t, encrypt, bool,
METHOD(tls_aead_t, decrypt, bool, METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version, private_tls_aead_t *this, tls_version_t version,
tls_content_type_t type, uint64_t seq, chunk_t *data) tls_content_type_t *type, uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, mac, iv; chunk_t assoc, mac, iv;
uint8_t bs, padlen; uint8_t bs, padlen;
@ -135,7 +135,7 @@ METHOD(tls_aead_t, decrypt, bool,
mac = chunk_skip(*data, data->len - bs); mac = chunk_skip(*data, data->len - bs);
data->len -= bs; data->len -= bs;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len); htoun16(&hdr.length, data->len);

8
src/libtls/tls_aead_null.c
View File

@ -45,12 +45,12 @@ typedef struct __attribute__((__packed__)) {
METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version, private_tls_aead_t *this, tls_version_t version,
tls_content_type_t type, uint64_t seq, chunk_t *data) tls_content_type_t *type, uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, mac; chunk_t assoc, mac;
sigheader_t hdr; sigheader_t hdr;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len); htoun16(&hdr.length, data->len);
@ -67,7 +67,7 @@ METHOD(tls_aead_t, encrypt, bool,
METHOD(tls_aead_t, decrypt, bool, METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version, private_tls_aead_t *this, tls_version_t version,
tls_content_type_t type, uint64_t seq, chunk_t *data) tls_content_type_t *type, uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, mac; chunk_t assoc, mac;
sigheader_t hdr; sigheader_t hdr;
@ -80,7 +80,7 @@ METHOD(tls_aead_t, decrypt, bool,
mac = chunk_skip(*data, data->len - mac.len); mac = chunk_skip(*data, data->len - mac.len);
data->len -= mac.len; data->len -= mac.len;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len); htoun16(&hdr.length, data->len);

4
src/libtls/tls_protection.c
View File

@ -76,7 +76,7 @@ METHOD(tls_protection_t, process, status_t,
if (this->aead_in) if (this->aead_in)
{ {
if (!this->aead_in->decrypt(this->aead_in, this->version, if (!this->aead_in->decrypt(this->aead_in, this->version,
type, this->seq_in, &data)) &type, this->seq_in, &data))
{ {
DBG1(DBG_TLS, "TLS record decryption failed"); DBG1(DBG_TLS, "TLS record decryption failed");
this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC); this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC);
@ -111,7 +111,7 @@ METHOD(tls_protection_t, build, status_t,
if (this->aead_out) if (this->aead_out)
{ {
if (!this->aead_out->encrypt(this->aead_out, this->version, if (!this->aead_out->encrypt(this->aead_out, this->version,
*type, this->seq_out, data)) type, this->seq_out, data))
{ {
DBG1(DBG_TLS, "TLS record encryption failed"); DBG1(DBG_TLS, "TLS record encryption failed");
chunk_free(data); chunk_free(data);