File Manager

003 File Manager

Current Path: /usr/src/contrib/bearssl/src/ssl

usr / src / contrib / bearssl / src / ssl /

📁 ..
📄 prf.c(2.24 KB)
📄 prf_md5sha1.c(1.59 KB)
📄 prf_sha256.c(1.43 KB)
📄 prf_sha384.c(1.43 KB)
📄 ssl_ccert_single_ec.c(4.41 KB)
📄 ssl_ccert_single_rsa.c(4.09 KB)
📄 ssl_client.c(2.44 KB)
📄 ssl_client_default_rsapub.c(1.29 KB)
📄 ssl_client_full.c(6.22 KB)
📄 ssl_engine.c(40.71 KB)
📄 ssl_engine_default_aescbc.c(2.01 KB)
📄 ssl_engine_default_aesccm.c(2.12 KB)
📄 ssl_engine_default_aesgcm.c(2.49 KB)
📄 ssl_engine_default_chapol.c(1.9 KB)
📄 ssl_engine_default_descbc.c(1.4 KB)
📄 ssl_engine_default_ec.c(1.34 KB)
📄 ssl_engine_default_ecdsa.c(1.45 KB)
📄 ssl_engine_default_rsavrfy.c(1.3 KB)
📄 ssl_hashes.c(1.43 KB)
📄 ssl_hs_client.c(51.57 KB)
📄 ssl_hs_client.t0(34.04 KB)
📄 ssl_hs_common.t0(39.41 KB)
📄 ssl_hs_server.c(53.74 KB)
📄 ssl_hs_server.t0(40.7 KB)
📄 ssl_io.c(6.4 KB)
📄 ssl_keyexport.c(2.73 KB)
📄 ssl_lru.c(14.86 KB)
📄 ssl_rec_cbc.c(12.46 KB)
📄 ssl_rec_ccm.c(5.54 KB)
📄 ssl_rec_chapol.c(4.62 KB)
📄 ssl_rec_gcm.c(6.32 KB)
📄 ssl_scert_single_ec.c(4.17 KB)
📄 ssl_scert_single_rsa.c(4.54 KB)
📄 ssl_server.c(1.81 KB)
📄 ssl_server_full_ec.c(4.82 KB)
📄 ssl_server_full_rsa.c(4.17 KB)
📄 ssl_server_mine2c.c(2.25 KB)
📄 ssl_server_mine2g.c(2.25 KB)
📄 ssl_server_minf2c.c(2.27 KB)
📄 ssl_server_minf2g.c(2.26 KB)
📄 ssl_server_minr2g.c(2.14 KB)
📄 ssl_server_minu2g.c(2.16 KB)
📄 ssl_server_minv2g.c(2.16 KB)

Editing: ssl_rec_gcm.c

/*
 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
 *
 * Permission is hereby granted, free of charge, to any person obtaining 
 * a copy of this software and associated documentation files (the
 * "Software"), to deal in the Software without restriction, including
 * without limitation the rights to use, copy, modify, merge, publish,
 * distribute, sublicense, and/or sell copies of the Software, and to
 * permit persons to whom the Software is furnished to do so, subject to
 * the following conditions:
 *
 * The above copyright notice and this permission notice shall be 
 * included in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

#include "inner.h"

/*
 * GCM initialisation. This does everything except setting the vtable,
 * which depends on whether this is a context for encrypting or for
 * decrypting.
 */
static void
gen_gcm_init(br_sslrec_gcm_context *cc,
	const br_block_ctr_class *bc_impl,
	const void *key, size_t key_len,
	br_ghash gh_impl,
	const void *iv)
{
	unsigned char tmp[12];

cc->seq = 0;
	bc_impl->init(&cc->bc.vtable, key, key_len);
	cc->gh = gh_impl;
	memcpy(cc->iv, iv, sizeof cc->iv);
	memset(cc->h, 0, sizeof cc->h);
	memset(tmp, 0, sizeof tmp);
	bc_impl->run(&cc->bc.vtable, tmp, 0, cc->h, sizeof cc->h);
}

static void
in_gcm_init(br_sslrec_gcm_context *cc,
	const br_block_ctr_class *bc_impl,
	const void *key, size_t key_len,
	br_ghash gh_impl,
	const void *iv)
{
	cc->vtable.in = &br_sslrec_in_gcm_vtable;
	gen_gcm_init(cc, bc_impl, key, key_len, gh_impl, iv);
}

static int
gcm_check_length(const br_sslrec_gcm_context *cc, size_t rlen)
{
	/*
	 * GCM adds a fixed overhead:
	 *   8 bytes for the nonce_explicit (before the ciphertext)
	 *  16 bytes for the authentication tag (after the ciphertext)
	 */
	(void)cc;
	return rlen >= 24 && rlen <= (16384 + 24);
}

/*
 * Compute the authentication tag. The value written in 'tag' must still
 * be CTR-encrypted.
 */
static void
do_tag(br_sslrec_gcm_context *cc,
	int record_type, unsigned version,
	void *data, size_t len, void *tag)
{
	unsigned char header[13];
	unsigned char footer[16];

/*
	 * Compute authentication tag. Three elements must be injected in
	 * sequence, each possibly 0-padded to reach a length multiple
	 * of the block size: the 13-byte header (sequence number, record
	 * type, protocol version, record length), the cipher text, and
	 * the word containing the encodings of the bit lengths of the two
	 * other elements.
	 */
	br_enc64be(header, cc->seq ++);
	header[8] = (unsigned char)record_type;
	br_enc16be(header + 9, version);
	br_enc16be(header + 11, len);
	br_enc64be(footer, (uint64_t)(sizeof header) << 3);
	br_enc64be(footer + 8, (uint64_t)len << 3);
	memset(tag, 0, 16);
	cc->gh(tag, cc->h, header, sizeof header);
	cc->gh(tag, cc->h, data, len);
	cc->gh(tag, cc->h, footer, sizeof footer);
}

/*
 * Do CTR encryption. This also does CTR encryption of a single block at
 * address 'xortag' with the counter value appropriate for the final
 * processing of the authentication tag.
 */
static void
do_ctr(br_sslrec_gcm_context *cc, const void *nonce, void *data, size_t len,
	void *xortag)
{
	unsigned char iv[12];

memcpy(iv, cc->iv, 4);
	memcpy(iv + 4, nonce, 8);
	cc->bc.vtable->run(&cc->bc.vtable, iv, 2, data, len);
	cc->bc.vtable->run(&cc->bc.vtable, iv, 1, xortag, 16);
}

static unsigned char *
gcm_decrypt(br_sslrec_gcm_context *cc,
	int record_type, unsigned version, void *data, size_t *data_len)
{
	unsigned char *buf;
	size_t len, u;
	uint32_t bad;
	unsigned char tag[16];

buf = (unsigned char *)data + 8;
	len = *data_len - 24;
	do_tag(cc, record_type, version, buf, len, tag);
	do_ctr(cc, data, buf, len, tag);

/*
	 * Compare the computed tag with the value from the record. It
	 * is possibly useless to do a constant-time comparison here,
	 * but it does not hurt.
	 */
	bad = 0;
	for (u = 0; u < 16; u ++) {
		bad |= tag[u] ^ buf[len + u];
	}
	if (bad) {
		return NULL;
	}
	*data_len = len;
	return buf;
}

/* see bearssl_ssl.h */
const br_sslrec_in_gcm_class br_sslrec_in_gcm_vtable = {
	{
		sizeof(br_sslrec_gcm_context),
		(int (*)(const br_sslrec_in_class *const *, size_t))
			&gcm_check_length,
		(unsigned char *(*)(const br_sslrec_in_class **,
			int, unsigned, void *, size_t *))
			&gcm_decrypt
	},
	(void (*)(const br_sslrec_in_gcm_class **,
		const br_block_ctr_class *, const void *, size_t,
		br_ghash, const void *))
		&in_gcm_init
};

static void
out_gcm_init(br_sslrec_gcm_context *cc,
	const br_block_ctr_class *bc_impl,
	const void *key, size_t key_len,
	br_ghash gh_impl,
	const void *iv)
{
	cc->vtable.out = &br_sslrec_out_gcm_vtable;
	gen_gcm_init(cc, bc_impl, key, key_len, gh_impl, iv);
}

static void
gcm_max_plaintext(const br_sslrec_gcm_context *cc,
	size_t *start, size_t *end)
{
	size_t len;

(void)cc;
	*start += 8;
	len = *end - *start - 16;
	if (len > 16384) {
		len = 16384;
	}
	*end = *start + len;
}

static unsigned char *
gcm_encrypt(br_sslrec_gcm_context *cc,
	int record_type, unsigned version, void *data, size_t *data_len)
{
	unsigned char *buf;
	size_t u, len;
	unsigned char tmp[16];

buf = (unsigned char *)data;
	len = *data_len;
	memset(tmp, 0, sizeof tmp);
	br_enc64be(buf - 8, cc->seq);
	do_ctr(cc, buf - 8, buf, len, tmp);
	do_tag(cc, record_type, version, buf, len, buf + len);
	for (u = 0; u < 16; u ++) {
		buf[len + u] ^= tmp[u];
	}
	len += 24;
	buf -= 13;
	buf[0] = (unsigned char)record_type;
	br_enc16be(buf + 1, version);
	br_enc16be(buf + 3, len);
	*data_len = len + 5;
	return buf;
}

/* see bearssl_ssl.h */
const br_sslrec_out_gcm_class br_sslrec_out_gcm_vtable = {
	{
		sizeof(br_sslrec_gcm_context),
		(void (*)(const br_sslrec_out_class *const *,
			size_t *, size_t *))
			&gcm_max_plaintext,
		(unsigned char *(*)(const br_sslrec_out_class **,
			int, unsigned, void *, size_t *))
			&gcm_encrypt
	},
	(void (*)(const br_sslrec_out_gcm_class **,
		const br_block_ctr_class *, const void *, size_t,
		br_ghash, const void *))
		&out_gcm_init
};

003 File Manager

Editing: ssl_rec_gcm.c

Upload File

Create Folder