Andrew Boyson
/
crypto
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: oldheating gps motorhome heating
Diff: tls/tls-request.c
- Revision:
- 17:93feb2a51d58
- Parent:
- 14:03a0b8fd6ddc
- Child:
- 18:e3cf22ba2a06
--- a/tls/tls-request.c Sun Oct 06 08:00:30 2019 +0000
+++ b/tls/tls-request.c Thu Oct 10 07:38:13 2019 +0000
@@ -8,7 +8,6 @@
#include "log.h"
#include "pri-key.h"
#include "aes128.h"
-#include "sha1.h"
#include "tls-mac.h"
#include "led.h"
#include "http.h"
@@ -69,7 +68,7 @@
if (TlsTrace)
{
LogF("- client version HH:LL: %02x:%02x\r\n", versionH, versionL);
- Log ("- client random:\r\n"); LogBytesAsHex(pConnection->clientRandom, 32); Log("\r\n");
+ Log ("- client random:\r\n"); LogBytesAsHex(pConnection->clientRandom, TLS_LENGTH_RANDOM); Log("\r\n");
Log ("- client session id:\r\n"); LogBytesAsHex(pSessionId, sessionIdLength); Log("\r\n");
LogF("- session index: %u\r\n", pConnection->sessionId);
if (pConnection->resume) Log ("- existing session so resume\r\n");
@@ -128,10 +127,10 @@
}
//Calculate the verify message
- uint8_t verify[12];
+ uint8_t verify[TLS_LENGTH_VERIFY];
TlsPrfClientFinished(pSession->masterSecret, pConnection->clientHandshakeHash, verify);
Log("- verify handshake\r\n");
- LogBytesAsHex(verify, 12);
+ LogBytesAsHex(verify, TLS_LENGTH_VERIFY);
Log("\r\n");
if (pConnection->resume) pConnection->toDo = DO_APPLICATION;
@@ -242,21 +241,21 @@
{
//Decrypt the message
uint8_t* pIv = pBuffer;
- pBuffer += 16;
+ pBuffer += TLS_LENGTH_CIPHER_BLOCK;
struct AES_ctx ctx;
AES_init_ctx_iv(&ctx, pConnection->clientWriteKey, pIv);
- AES_CBC_decrypt_buffer(&ctx, pBuffer, length - 16);
+ AES_CBC_decrypt_buffer(&ctx, pBuffer, length - TLS_LENGTH_CIPHER_BLOCK);
Log("- decrypted message\r\n");
- LogBytesAsHex(pBuffer, length - 16);
+ LogBytesAsHex(pBuffer, length - TLS_LENGTH_CIPHER_BLOCK);
Log("\r\n");
- uint8_t paddingLength = *(pBuffer + length - 16 - 1);
+ uint8_t paddingLength = *(pBuffer + length - TLS_LENGTH_CIPHER_BLOCK - 1);
LogF("- padding length %u\r\n", paddingLength);
- int payloadLength = length - 16 - paddingLength - SHA1_HASH_SIZE - 1;
+ int payloadLength = length - TLS_LENGTH_CIPHER_BLOCK - paddingLength - TLS_LENGTH_MAC - 1;
LogF("- payload length %d\r\n", payloadLength);
LogF("- sequence number %llu\r\n", pConnection->clientSequence);
- uint8_t mac[SHA1_HASH_SIZE];
- TlsMacSha1(TLS_KEY_SIZE_MAC,
+ uint8_t mac[TLS_LENGTH_MAC];
+ TlsMacSha1(TLS_LENGTH_MAC_KEY,
pConnection->clientMacKey,
pConnection->clientSequence,
contentType,
@@ -267,7 +266,7 @@
mac);
Log("- verify message MAC\r\n");
- LogBytesAsHex(mac, SHA1_HASH_SIZE);
+ LogBytesAsHex(mac, TLS_LENGTH_MAC);
Log("\r\n");
pConnection->clientSequence++;
@@ -358,13 +357,10 @@
if (pSession->valid) return;
if (!PriKeyDecryptFinished(pConnection->slotPriKeyDecryption)) return;
-
- uint8_t *pPreMasterSecretMessage = PriKeyDecryptResult(pConnection->slotPriKeyDecryption);
- LogTime("Decrypted pre master secret little endian\r\n"); LogBytesAsHex(pPreMasterSecretMessage, 128); Log("\r\n");
- uint8_t preMasterSecret[48];
- for (int i = 0; i < 48; i++) preMasterSecret[i] = *(pPreMasterSecretMessage + 47 - i);
- LogTime("Pre master secret\r\n"); LogBytesAsHex(preMasterSecret, 48); Log("\r\n");
+ uint8_t preMasterSecret[TLS_LENGTH_PRE_MASTER_SECRET];
+ PriKeyDecryptResultTail(pConnection->slotPriKeyDecryption, TLS_LENGTH_PRE_MASTER_SECRET, preMasterSecret);
+ LogTime("Pre master secret\r\n"); LogBytesAsHex(preMasterSecret, TLS_LENGTH_PRE_MASTER_SECRET); Log("\r\n");
PriKeyDecryptClear(pConnection->slotPriKeyDecryption);
TlsPrfMasterSecret(preMasterSecret, pConnection->clientRandom, pConnection->serverRandom, pSession->masterSecret);