EInternalError = 80,
EUserCanceled = 90,
ENoRenegotiation = 100,
+ EUnrecognizedName = 112,
EMAX = 256
};
static int rc4enc(Secret *sec, uchar *buf, int n);
static int des3enc(Secret *sec, uchar *buf, int n);
static int des3dec(Secret *sec, uchar *buf, int n);
+static int aesenc(Secret *sec, uchar *buf, int n);
+static int aesdec(Secret *sec, uchar *buf, int n);
static int noenc(Secret *sec, uchar *buf, int n);
static int sslunpad(uchar *buf, int n, int block);
static int tlsunpad(uchar *buf, int n, int block);
{
OneWay *volatile in;
Block *volatile b;
- uchar *p, seq[8], header[RecHdrLen], hmac[MD5dlen];
+ uchar *p, seq[8], header[RecHdrLen], hmac[MaxMacLen];
int volatile nconsumed;
int len, type, ver, unpad_len;
rcvError(tr, EIllegalParameter, "invalid alert fatal code");
/*
- * propate non-fatal alerts to handshaker
+ * propagate non-fatal alerts to handshaker
*/
- if(p[1] == ECloseNotify) {
+ switch(p[1]){
+ case ECloseNotify:
tlsclosed(tr, SRClose);
if(tr->opened)
error("tls hungup");
error("close notify");
- }
- if(p[1] == ENoRenegotiation)
+ break;
+ case ENoRenegotiation:
alertHand(tr, "no renegotiation");
- else if(p[1] == EUserCanceled)
+ break;
+ case EUserCanceled:
alertHand(tr, "handshake canceled by user");
- else
+ break;
+ case EUnrecognizedName:
+ /* happens in response to SNI, can be ignored. */
+ break;
+ default:
rcvError(tr, EIllegalParameter, "invalid alert code");
+ }
break;
case RHandshake:
/*
tr = tlsdevs[CONV(c->qid)];
if(tr == nil)
- panic("tlsbread");
+ panic("tlsbwrite");
ty = TYPE(c->qid);
switch(ty) {
setupDES3state(s->enckey, (uchar(*)[8])p, iv);
}
+static void
+initAESkey(Encalg *ea, Secret *s, uchar *p, uchar *iv)
+{
+ s->enckey = smalloc(sizeof(AESstate));
+ s->enc = aesenc;
+ s->dec = aesdec;
+ s->block = 16;
+ setupAESstate(s->enckey, p, ea->keylen, iv);
+}
+
static void
initclearenc(Encalg *, Secret *s, uchar *, uchar *)
{
{ "clear", 0, 0, initclearenc },
{ "rc4_128", 128/8, 0, initRC4key },
{ "3des_ede_cbc", 3 * 8, 8, initDES3key },
+ { "aes_128_cbc", 128/8, 16, initAESkey },
+ { "aes_256_cbc", 256/8, 16, initAESkey },
{ 0 }
};
{
int s;
-if(tr->debug)pprint("tleError %s\n", msg);
+if(tr->debug)pprint("tlsError %s\n", msg);
lock(&tr->statelk);
s = tr->state;
tr->state = SError;
des3CBCdecrypt(buf, n, sec->enckey);
return (*sec->unpad)(buf, n, 8);
}
+
+static int
+aesenc(Secret *sec, uchar *buf, int n)
+{
+ n = blockpad(buf, n, 16);
+ aesCBCencrypt(buf, n, sec->enckey);
+ return n;
+}
+
+static int
+aesdec(Secret *sec, uchar *buf, int n)
+{
+ aesCBCdecrypt(buf, n, sec->enckey);
+ return (*sec->unpad)(buf, n, 16);
+}
+
static DigestState*
nomac(uchar *, ulong, uchar *, ulong, uchar *, DigestState *)
{
projects / plan9front.git / blobdiff