libtls: Allow tls_aead_t to change the content type

The actual content type is encrypted with TLS 1.3, the type in the record
header is always Application Data.
This commit is contained in:
Tobias Brunner 2020-04-22 15:44:31 +02:00
parent 0d43b39931
commit ba2bcdd882
6 changed files with 22 additions and 22 deletions

View File

@ -51,7 +51,7 @@ typedef struct __attribute__((__packed__)) {
} sigheader_t; } sigheader_t;
METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, private_tls_aead_t *this, tls_version_t version, tls_content_type_t *type,
uint64_t seq, chunk_t *data) uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, encrypted, iv, plain; chunk_t assoc, encrypted, iv, plain;
@ -74,7 +74,7 @@ METHOD(tls_aead_t, encrypt, bool,
plain = chunk_skip(encrypted, iv.len); plain = chunk_skip(encrypted, iv.len);
plain.len -= icvlen; plain.len -= icvlen;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, plain.len); htoun16(&hdr.length, plain.len);
@ -91,7 +91,7 @@ METHOD(tls_aead_t, encrypt, bool,
} }
METHOD(tls_aead_t, decrypt, bool, METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, private_tls_aead_t *this, tls_version_t version, tls_content_type_t *type,
uint64_t seq, chunk_t *data) uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, iv; chunk_t assoc, iv;
@ -111,7 +111,7 @@ METHOD(tls_aead_t, decrypt, bool,
return FALSE; return FALSE;
} }
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len - icvlen); htoun16(&hdr.length, data->len - icvlen);

View File

@ -44,13 +44,13 @@ struct tls_aead_t {
* gets updated to the IV for the next record. * gets updated to the IV for the next record.
* *
* @param version TLS version * @param version TLS version
* @param type TLS content type * @param type TLS content type (may be changed)
* @param seq record sequence number * @param seq record sequence number
* @param data data to encrypt, encryption result * @param data data to encrypt, encryption result
* @return TRUE if successfully encrypted * @return TRUE if successfully encrypted
*/ */
bool (*encrypt)(tls_aead_t *this, tls_version_t version, bool (*encrypt)(tls_aead_t *this, tls_version_t version,
tls_content_type_t type, uint64_t seq, chunk_t *data); tls_content_type_t *type, uint64_t seq, chunk_t *data);
/** /**
* Decrypt and verify a TLS record. * Decrypt and verify a TLS record.
@ -59,13 +59,13 @@ struct tls_aead_t {
* length, decryption is done inline. * length, decryption is done inline.
* *
* @param version TLS version * @param version TLS version
* @param type TLS content type * @param type TLS content type (may be changed)
* @param seq record sequence number * @param seq record sequence number
* @param data data to decrypt, decrypted result * @param data data to decrypt, decrypted result
* @return TRUE if successfully decrypted * @return TRUE if successfully decrypted
*/ */
bool (*decrypt)(tls_aead_t *this, tls_version_t version, bool (*decrypt)(tls_aead_t *this, tls_version_t version,
tls_content_type_t type, uint64_t seq, chunk_t *data); tls_content_type_t *type, uint64_t seq, chunk_t *data);
/** /**
* Get the authentication key size. * Get the authentication key size.

View File

@ -56,14 +56,14 @@ typedef struct __attribute__((__packed__)) {
} sigheader_t; } sigheader_t;
METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, private_tls_aead_t *this, tls_version_t version, tls_content_type_t *type,
uint64_t seq, chunk_t *data) uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, mac, padding, iv; chunk_t assoc, mac, padding, iv;
uint8_t bs, padlen; uint8_t bs, padlen;
sigheader_t hdr; sigheader_t hdr;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len); htoun16(&hdr.length, data->len);
@ -99,7 +99,7 @@ METHOD(tls_aead_t, encrypt, bool,
} }
METHOD(tls_aead_t, decrypt, bool, METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, private_tls_aead_t *this, tls_version_t version, tls_content_type_t *type,
uint64_t seq, chunk_t *data) uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, mac, iv; chunk_t assoc, mac, iv;
@ -144,7 +144,7 @@ METHOD(tls_aead_t, decrypt, bool,
mac = chunk_skip(*data, data->len - bs); mac = chunk_skip(*data, data->len - bs);
data->len -= bs; data->len -= bs;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len); htoun16(&hdr.length, data->len);

View File

@ -55,13 +55,13 @@ typedef struct __attribute__((__packed__)) {
METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version, private_tls_aead_t *this, tls_version_t version,
tls_content_type_t type, uint64_t seq, chunk_t *data) tls_content_type_t *type, uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, mac, padding; chunk_t assoc, mac, padding;
uint8_t bs, padlen; uint8_t bs, padlen;
sigheader_t hdr; sigheader_t hdr;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len); htoun16(&hdr.length, data->len);
@ -95,7 +95,7 @@ METHOD(tls_aead_t, encrypt, bool,
METHOD(tls_aead_t, decrypt, bool, METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version, private_tls_aead_t *this, tls_version_t version,
tls_content_type_t type, uint64_t seq, chunk_t *data) tls_content_type_t *type, uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, mac, iv; chunk_t assoc, mac, iv;
uint8_t bs, padlen; uint8_t bs, padlen;
@ -135,7 +135,7 @@ METHOD(tls_aead_t, decrypt, bool,
mac = chunk_skip(*data, data->len - bs); mac = chunk_skip(*data, data->len - bs);
data->len -= bs; data->len -= bs;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len); htoun16(&hdr.length, data->len);

View File

@ -45,12 +45,12 @@ typedef struct __attribute__((__packed__)) {
METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, encrypt, bool,
private_tls_aead_t *this, tls_version_t version, private_tls_aead_t *this, tls_version_t version,
tls_content_type_t type, uint64_t seq, chunk_t *data) tls_content_type_t *type, uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, mac; chunk_t assoc, mac;
sigheader_t hdr; sigheader_t hdr;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len); htoun16(&hdr.length, data->len);
@ -67,7 +67,7 @@ METHOD(tls_aead_t, encrypt, bool,
METHOD(tls_aead_t, decrypt, bool, METHOD(tls_aead_t, decrypt, bool,
private_tls_aead_t *this, tls_version_t version, private_tls_aead_t *this, tls_version_t version,
tls_content_type_t type, uint64_t seq, chunk_t *data) tls_content_type_t *type, uint64_t seq, chunk_t *data)
{ {
chunk_t assoc, mac; chunk_t assoc, mac;
sigheader_t hdr; sigheader_t hdr;
@ -80,7 +80,7 @@ METHOD(tls_aead_t, decrypt, bool,
mac = chunk_skip(*data, data->len - mac.len); mac = chunk_skip(*data, data->len - mac.len);
data->len -= mac.len; data->len -= mac.len;
hdr.type = type; hdr.type = *type;
htoun64(&hdr.seq, seq); htoun64(&hdr.seq, seq);
htoun16(&hdr.version, version); htoun16(&hdr.version, version);
htoun16(&hdr.length, data->len); htoun16(&hdr.length, data->len);

View File

@ -76,7 +76,7 @@ METHOD(tls_protection_t, process, status_t,
if (this->aead_in) if (this->aead_in)
{ {
if (!this->aead_in->decrypt(this->aead_in, this->version, if (!this->aead_in->decrypt(this->aead_in, this->version,
type, this->seq_in, &data)) &type, this->seq_in, &data))
{ {
DBG1(DBG_TLS, "TLS record decryption failed"); DBG1(DBG_TLS, "TLS record decryption failed");
this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC); this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC);
@ -111,7 +111,7 @@ METHOD(tls_protection_t, build, status_t,
if (this->aead_out) if (this->aead_out)
{ {
if (!this->aead_out->encrypt(this->aead_out, this->version, if (!this->aead_out->encrypt(this->aead_out, this->version,
*type, this->seq_out, data)) type, this->seq_out, data))
{ {
DBG1(DBG_TLS, "TLS record encryption failed"); DBG1(DBG_TLS, "TLS record encryption failed");
chunk_free(data); chunk_free(data);