Andrew Boyson
A simple library to support serving https.
Dependents: oldheating gps motorhome heating
Diff: tls/tls-response.c
- Revision:
- 18:e3cf22ba2a06
- Parent:
- 17:93feb2a51d58
- Child:
- 19:f22327e8be7b
--- a/tls/tls-response.c Thu Oct 10 07:38:13 2019 +0000
+++ b/tls/tls-response.c Thu Oct 10 15:29:05 2019 +0000
@@ -6,7 +6,7 @@
#include "ser-cer.h"
#include "pri-key.h"
#include "log.h"
-#include "aes128.h"
+#include "tls-aes128cbc-sha.h"
#include "random.h"
#include "tls-mac.h"
#include "http.h"
@@ -24,63 +24,6 @@
*p++ = size & 0xFF;
*pp = p;
}
-
-static uint8_t* encryptIvPointer;
-static uint8_t* encryptPayloadPointer;
-static int encryptPayloadSize;
-static void encryptAddIv(uint8_t** pp)
-{
- uint8_t* p = *pp;
-
- //Add the IV
- encryptIvPointer = p;
- for (int i = 0; i < TLS_LENGTH_CIPHER_BLOCK; i++) *p++ = RandomGetByte();
-
- encryptPayloadPointer = p;
-
- *pp = p;
-}
-static void encryptAddMac(uint8_t** pp, struct TlsConnection* pConnection, uint8_t contentType)
-{
- uint8_t* p = *pp;
-
- encryptPayloadSize = p - encryptPayloadPointer;
-
- //Add the MAC
- TlsMacSha1(TLS_LENGTH_MAC_KEY,
- pConnection->serverMacKey,
- pConnection->serverSequence,
- contentType,
- 0x03,
- 0x03,
- encryptPayloadSize,
- encryptPayloadPointer,
- p);
- p += TLS_LENGTH_MAC;
-
- *pp = p;
-}
-
-static void encryptAddPadding(uint8_t** pp)
-{
- uint8_t* p = *pp;
-
- int paddingSize = TLS_LENGTH_CIPHER_BLOCK - 1 - (encryptPayloadSize + TLS_LENGTH_MAC + 1 - 1) % TLS_LENGTH_CIPHER_BLOCK;
- LogF("- padding size %d\r\n", paddingSize);
- for (int i = 0; i < paddingSize; i++) *p++ = paddingSize;
-
- *p++ = paddingSize;
-
- *pp = p;
-}
-static void encryptPayload(uint8_t* p, struct TlsConnection* pConnection)
-{
- //Encrypt payload + mac + padding
- struct AES_ctx ctx;
- AES_init_ctx_iv(&ctx, pConnection->serverWriteKey, encryptIvPointer);
- AES_CBC_encrypt_buffer(&ctx, encryptPayloadPointer, p - encryptPayloadPointer);}
-
-
static uint8_t* pHandshakeSize;
static uint8_t* pHandshakePayload;
static void addHandshakeStart(uint8_t** pp)
@@ -159,7 +102,7 @@
LogTime(" sending handshake finished\r\n");
uint8_t* p = *pp;
- encryptAddIv(&p);
+ TlsAes128CbcSha1EncryptStart(&p);
//Make the 'finished' handshake which is part of the payload to be encrypted
*p++ = TLS_HANDSHAKE_FINISHED;
@@ -175,9 +118,7 @@
TlsPrfServerFinished(pSession->masterSecret, hash, p); //Hash over all handshakes
p += TLS_LENGTH_VERIFY;
- encryptAddMac (&p, pConnection, TLS_CONTENT_TYPE_HANDSHAKE);
- encryptAddPadding(&p);
- encryptPayload ( p, pConnection);
+ TlsAes128CbcSha1EncryptEnd(&p, pConnection, TLS_CONTENT_TYPE_HANDSHAKE);
*pp = p;
}
@@ -273,20 +214,6 @@
}
static bool sendContent(struct TlsConnection* pConnection, int* pWindowSize, uint8_t* pWindow, uint32_t positionOfWindowInStream)
{
-/*
-content:
- contentType * 1
- version * 2
- length * 2
- iv * AES_BLOCKLEN (16)
- message:
- payload * payloadLength
- mac * SHA1_HASH_SIZE (20)
- padding * 0 to AES_BLOCKLEN - 1 (0 to 15)
- paddingLength * 1
-*/
-#define CONTENT_MAX_OVERHEAD (5 + AES_BLOCKLEN + SHA1_HASH_SIZE + AES_BLOCKLEN - 1 + 1)
-
//Start
LogTime(" adding application content\r\n");
LogF("- available window size %d\r\n", *pWindowSize);
@@ -299,10 +226,10 @@
uint8_t* pBackfillSize = p;
*p++ = 0; *p++ = 0;
- encryptAddIv(&p);
+ TlsAes128CbcSha1EncryptStart(&p);
//Add the plain payload
- int payloadSize = *pWindowSize - CONTENT_MAX_OVERHEAD;
+ int payloadSize = *pWindowSize - 5 - TLS_AES_128_CBC_SHA1_MAX_OVERHEAD;
LogF("- available payload size %d\r\n", payloadSize);
uint32_t positionOfPayloadInStream = positionOfWindowInStream - pConnection->serverPositionInStreamOffset;
LogF("- position of payload in stream %d\r\n", positionOfPayloadInStream);
@@ -310,9 +237,7 @@
LogF("- resulting payload size %d\r\n", payloadSize);
p += payloadSize;
- encryptAddMac (&p, pConnection, TLS_CONTENT_TYPE_APPLICATION);
- encryptAddPadding(&p);
- encryptPayload ( p, pConnection);
+ TlsAes128CbcSha1EncryptEnd(&p, pConnection, TLS_CONTENT_TYPE_APPLICATION);
//Backfill the size
backfillSize(p, pBackfillSize);