A simple library to support serving https.
Dependents: oldheating gps motorhome heating
Diff: tls/tls-response.c
- Revision:
- 18:e3cf22ba2a06
- Parent:
- 17:93feb2a51d58
- Child:
- 19:f22327e8be7b
diff -r 93feb2a51d58 -r e3cf22ba2a06 tls/tls-response.c --- a/tls/tls-response.c Thu Oct 10 07:38:13 2019 +0000 +++ b/tls/tls-response.c Thu Oct 10 15:29:05 2019 +0000 @@ -6,7 +6,7 @@ #include "ser-cer.h" #include "pri-key.h" #include "log.h" -#include "aes128.h" +#include "tls-aes128cbc-sha.h" #include "random.h" #include "tls-mac.h" #include "http.h" @@ -24,63 +24,6 @@ *p++ = size & 0xFF; *pp = p; } - -static uint8_t* encryptIvPointer; -static uint8_t* encryptPayloadPointer; -static int encryptPayloadSize; -static void encryptAddIv(uint8_t** pp) -{ - uint8_t* p = *pp; - - //Add the IV - encryptIvPointer = p; - for (int i = 0; i < TLS_LENGTH_CIPHER_BLOCK; i++) *p++ = RandomGetByte(); - - encryptPayloadPointer = p; - - *pp = p; -} -static void encryptAddMac(uint8_t** pp, struct TlsConnection* pConnection, uint8_t contentType) -{ - uint8_t* p = *pp; - - encryptPayloadSize = p - encryptPayloadPointer; - - //Add the MAC - TlsMacSha1(TLS_LENGTH_MAC_KEY, - pConnection->serverMacKey, - pConnection->serverSequence, - contentType, - 0x03, - 0x03, - encryptPayloadSize, - encryptPayloadPointer, - p); - p += TLS_LENGTH_MAC; - - *pp = p; -} - -static void encryptAddPadding(uint8_t** pp) -{ - uint8_t* p = *pp; - - int paddingSize = TLS_LENGTH_CIPHER_BLOCK - 1 - (encryptPayloadSize + TLS_LENGTH_MAC + 1 - 1) % TLS_LENGTH_CIPHER_BLOCK; - LogF("- padding size %d\r\n", paddingSize); - for (int i = 0; i < paddingSize; i++) *p++ = paddingSize; - - *p++ = paddingSize; - - *pp = p; -} -static void encryptPayload(uint8_t* p, struct TlsConnection* pConnection) -{ - //Encrypt payload + mac + padding - struct AES_ctx ctx; - AES_init_ctx_iv(&ctx, pConnection->serverWriteKey, encryptIvPointer); - AES_CBC_encrypt_buffer(&ctx, encryptPayloadPointer, p - encryptPayloadPointer);} - - static uint8_t* pHandshakeSize; static uint8_t* pHandshakePayload; static void addHandshakeStart(uint8_t** pp) @@ -159,7 +102,7 @@ LogTime(" sending handshake finished\r\n"); uint8_t* p = *pp; - encryptAddIv(&p); + TlsAes128CbcSha1EncryptStart(&p); //Make the 'finished' handshake which is part of the payload to be encrypted *p++ = TLS_HANDSHAKE_FINISHED; @@ -175,9 +118,7 @@ TlsPrfServerFinished(pSession->masterSecret, hash, p); //Hash over all handshakes p += TLS_LENGTH_VERIFY; - encryptAddMac (&p, pConnection, TLS_CONTENT_TYPE_HANDSHAKE); - encryptAddPadding(&p); - encryptPayload ( p, pConnection); + TlsAes128CbcSha1EncryptEnd(&p, pConnection, TLS_CONTENT_TYPE_HANDSHAKE); *pp = p; } @@ -273,20 +214,6 @@ } static bool sendContent(struct TlsConnection* pConnection, int* pWindowSize, uint8_t* pWindow, uint32_t positionOfWindowInStream) { -/* -content: - contentType * 1 - version * 2 - length * 2 - iv * AES_BLOCKLEN (16) - message: - payload * payloadLength - mac * SHA1_HASH_SIZE (20) - padding * 0 to AES_BLOCKLEN - 1 (0 to 15) - paddingLength * 1 -*/ -#define CONTENT_MAX_OVERHEAD (5 + AES_BLOCKLEN + SHA1_HASH_SIZE + AES_BLOCKLEN - 1 + 1) - //Start LogTime(" adding application content\r\n"); LogF("- available window size %d\r\n", *pWindowSize); @@ -299,10 +226,10 @@ uint8_t* pBackfillSize = p; *p++ = 0; *p++ = 0; - encryptAddIv(&p); + TlsAes128CbcSha1EncryptStart(&p); //Add the plain payload - int payloadSize = *pWindowSize - CONTENT_MAX_OVERHEAD; + int payloadSize = *pWindowSize - 5 - TLS_AES_128_CBC_SHA1_MAX_OVERHEAD; LogF("- available payload size %d\r\n", payloadSize); uint32_t positionOfPayloadInStream = positionOfWindowInStream - pConnection->serverPositionInStreamOffset; LogF("- position of payload in stream %d\r\n", positionOfPayloadInStream); @@ -310,9 +237,7 @@ LogF("- resulting payload size %d\r\n", payloadSize); p += payloadSize; - encryptAddMac (&p, pConnection, TLS_CONTENT_TYPE_APPLICATION); - encryptAddPadding(&p); - encryptPayload ( p, pConnection); + TlsAes128CbcSha1EncryptEnd(&p, pConnection, TLS_CONTENT_TYPE_APPLICATION); //Backfill the size backfillSize(p, pBackfillSize);