tls_dhe_rsa_with_aes_128_cbc_sha __tls_cipher_suite ( 03 ) = {
.code = htons ( TLS_DHE_RSA_WITH_AES_128_CBC_SHA ),
.key_len = ( 128 / 8 ),
+ .fixed_iv_len = 0,
+ .record_iv_len = AES_BLOCKSIZE,
.exchange = &tls_dhe_exchange_algorithm,
.pubkey = &rsa_algorithm,
.cipher = &aes_cbc_algorithm,
tls_dhe_rsa_with_aes_256_cbc_sha __tls_cipher_suite ( 04 ) = {
.code = htons ( TLS_DHE_RSA_WITH_AES_256_CBC_SHA ),
.key_len = ( 256 / 8 ),
+ .fixed_iv_len = 0,
+ .record_iv_len = AES_BLOCKSIZE,
.exchange = &tls_dhe_exchange_algorithm,
.pubkey = &rsa_algorithm,
.cipher = &aes_cbc_algorithm,
tls_rsa_with_aes_128_cbc_sha __tls_cipher_suite ( 13 ) = {
.code = htons ( TLS_RSA_WITH_AES_128_CBC_SHA ),
.key_len = ( 128 / 8 ),
+ .fixed_iv_len = 0,
+ .record_iv_len = AES_BLOCKSIZE,
.exchange = &tls_pubkey_exchange_algorithm,
.pubkey = &rsa_algorithm,
.cipher = &aes_cbc_algorithm,
tls_rsa_with_aes_256_cbc_sha __tls_cipher_suite ( 14 ) = {
.code = htons ( TLS_RSA_WITH_AES_256_CBC_SHA ),
.key_len = ( 256 / 8 ),
+ .fixed_iv_len = 0,
+ .record_iv_len = AES_BLOCKSIZE,
.exchange = &tls_pubkey_exchange_algorithm,
.pubkey = &rsa_algorithm,
.cipher = &aes_cbc_algorithm,
tls_dhe_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite ( 01 ) = {
.code = htons ( TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ),
.key_len = ( 128 / 8 ),
+ .fixed_iv_len = 0,
+ .record_iv_len = AES_BLOCKSIZE,
.exchange = &tls_dhe_exchange_algorithm,
.pubkey = &rsa_algorithm,
.cipher = &aes_cbc_algorithm,
tls_dhe_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite ( 02 ) = {
.code = htons ( TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ),
.key_len = ( 256 / 8 ),
+ .fixed_iv_len = 0,
+ .record_iv_len = AES_BLOCKSIZE,
.exchange = &tls_dhe_exchange_algorithm,
.pubkey = &rsa_algorithm,
.cipher = &aes_cbc_algorithm,
tls_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite ( 11 ) = {
.code = htons ( TLS_RSA_WITH_AES_128_CBC_SHA256 ),
.key_len = ( 128 / 8 ),
+ .fixed_iv_len = 0,
+ .record_iv_len = AES_BLOCKSIZE,
.exchange = &tls_pubkey_exchange_algorithm,
.pubkey = &rsa_algorithm,
.cipher = &aes_cbc_algorithm,
tls_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite ( 12 ) = {
.code = htons ( TLS_RSA_WITH_AES_256_CBC_SHA256 ),
.key_len = ( 256 / 8 ),
+ .fixed_iv_len = 0,
+ .record_iv_len = AES_BLOCKSIZE,
.exchange = &tls_pubkey_exchange_algorithm,
.pubkey = &rsa_algorithm,
.cipher = &aes_cbc_algorithm,
struct cipher_algorithm *cipher;
/** MAC digest algorithm */
struct digest_algorithm *digest;
- /** Key length */
- uint16_t key_len;
/** Numeric code (in network-endian order) */
uint16_t code;
+ /** Key length */
+ uint8_t key_len;
+ /** Fixed initialisation vector length */
+ uint8_t fixed_iv_len;
+ /** Record initialisation vector length */
+ uint8_t record_iv_len;
};
/** TLS cipher suite table */
void *cipher_ctx;
/** MAC secret */
void *mac_secret;
+ /** Fixed initialisation vector */
+ void *fixed_iv;
};
/** A TLS signature and hash algorithm identifier */
struct tls_cipherspec *rx_cipherspec = &tls->rx_cipherspec_pending;
size_t hash_size = tx_cipherspec->suite->digest->digestsize;
size_t key_size = tx_cipherspec->suite->key_len;
- size_t total = ( 2 * ( hash_size + key_size ) );
+ size_t iv_size = tx_cipherspec->suite->fixed_iv_len;
+ size_t total = ( 2 * ( hash_size + key_size + iv_size ) );
uint8_t key_block[total];
uint8_t *key;
int rc;
DBGC_HD ( tls, key, key_size );
key += key_size;
+ /* TX initialisation vector */
+ memcpy ( tx_cipherspec->fixed_iv, key, iv_size );
+ DBGC ( tls, "TLS %p TX IV:\n", tls );
+ DBGC_HD ( tls, key, iv_size );
+ key += iv_size;
+
+ /* RX initialisation vector */
+ memcpy ( rx_cipherspec->fixed_iv, key, iv_size );
+ DBGC ( tls, "TLS %p RX IV:\n", tls );
+ DBGC_HD ( tls, key, iv_size );
+ key += iv_size;
+
assert ( ( key_block + total ) == key );
return 0;
/* Clear out old cipher contents, if any */
tls_clear_cipher ( tls, cipherspec );
-
+
/* Allocate dynamic storage */
- total = ( pubkey->ctxsize + cipher->ctxsize + digest->digestsize );
+ total = ( pubkey->ctxsize + cipher->ctxsize + digest->digestsize +
+ suite->fixed_iv_len );
dynamic = zalloc ( total );
if ( ! dynamic ) {
DBGC ( tls, "TLS %p could not allocate %zd bytes for crypto "
cipherspec->pubkey_ctx = dynamic; dynamic += pubkey->ctxsize;
cipherspec->cipher_ctx = dynamic; dynamic += cipher->ctxsize;
cipherspec->mac_secret = dynamic; dynamic += digest->digestsize;
+ cipherspec->fixed_iv = dynamic; dynamic += suite->fixed_iv_len;
assert ( ( cipherspec->dynamic + total ) == dynamic );
/* Store parameters */
void *mac;
void *padding;
+ /* Sanity check */
+ assert ( iv_len == tls->tx_cipherspec.suite->record_iv_len );
+
/* Calculate block-ciphered struct length */
padding_len = ( ( blocksize - 1 ) & -( iv_len + len + mac_len + 1 ) );
*plaintext_len = ( iv_len + len + mac_len + padding_len + 1 );
uint8_t *padding;
size_t padding_len;
+ /* Sanity check */
+ assert ( iv_len == tls->rx_cipherspec.suite->record_iv_len );
+
/* Extract initialisation vector */
iobuf = list_first_entry ( rx_data, struct io_buffer, list );
if ( iob_len ( iobuf ) < iv_len ) {
projects / thirdparty / ipxe.git / commitdiff
