support TLS1.1 explicit block IV
despite the fact that it works, it's missing a step at key block set time, so that we don't use the computed IV, but use a random generated one seeded by the computed IV.
This commit is contained in:
Vincent Hanquez
parent
b71ea6729c
commit
f37b2e3bce
2 changed files with 17 additions and 6 deletions
|
|
@ -23,6 +23,7 @@ import Data.ByteString (ByteString)
|
|||
import qualified Data.ByteString.Lazy as L
|
||||
import qualified Data.ByteString as B
|
||||
|
||||
import Network.TLS.Cap
|
||||
import Network.TLS.Struct
|
||||
import Network.TLS.Packet
|
||||
import Network.TLS.State
|
||||
|
|
@ -164,16 +165,22 @@ decryptData (EncryptedData econtent) = do
|
|||
let padding_size = fromIntegral $ cipherPaddingSize cipher
|
||||
|
||||
let writekey = cstKey cst
|
||||
let iv = cstIV cst
|
||||
|
||||
contentpadded <- case cipherF cipher of
|
||||
CipherNoneF -> fail "none decrypt"
|
||||
CipherBlockF _ decryptF -> do
|
||||
{- update IV -}
|
||||
let newiv = takelast padding_size econtent
|
||||
let (iv, econtent') =
|
||||
if hasExplicitBlockIV $ stVersion st
|
||||
then
|
||||
B.splitAt (fromIntegral $ cipherIVSize cipher) econtent
|
||||
else
|
||||
(cstIV cst, econtent)
|
||||
let newiv = takelast padding_size econtent'
|
||||
putTLSState $ st { stRxCryptState = Just $ cst { cstIV = newiv } }
|
||||
return $ decryptF writekey iv econtent
|
||||
return $ decryptF writekey iv econtent'
|
||||
CipherStreamF initF _ decryptF -> do
|
||||
let iv = cstIV cst
|
||||
let (content, newiv) = decryptF (if iv /= B.empty then iv else initF writekey) econtent
|
||||
{- update Ctx -}
|
||||
putTLSState $ st { stRxCryptState = Just $ cst { cstIV = newiv } }
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import Data.Maybe
|
|||
import Data.ByteString (ByteString)
|
||||
import qualified Data.ByteString as B
|
||||
|
||||
import Network.TLS.Cap
|
||||
import Network.TLS.Wire
|
||||
import Network.TLS.Struct
|
||||
import Network.TLS.Packet
|
||||
|
|
@ -132,16 +133,19 @@ encryptData content = do
|
|||
else
|
||||
B.empty
|
||||
let writekey = cstKey cst
|
||||
let iv = cstIV cst
|
||||
|
||||
econtent <- case cipherF cipher of
|
||||
CipherNoneF -> fail "none encrypt"
|
||||
CipherBlockF encrypt _ -> do
|
||||
let iv = cstIV cst
|
||||
let e = encrypt writekey iv (B.concat [ content, padding ])
|
||||
let newiv = takelast (fromIntegral padding_size) e
|
||||
let newiv = takelast (fromIntegral $ cipherIVSize cipher) e
|
||||
putTLSState $ st { stTxCryptState = Just $ cst { cstIV = newiv } }
|
||||
return e
|
||||
return $ if hasExplicitBlockIV $ stVersion st
|
||||
then B.concat [iv,e]
|
||||
else e
|
||||
CipherStreamF initF encryptF _ -> do
|
||||
let iv = cstIV cst
|
||||
let (e, newiv) = encryptF (if iv /= B.empty then iv else initF writekey) content
|
||||
putTLSState $ st { stTxCryptState = Just $ cst { cstIV = newiv } }
|
||||
return e
|
||||
|
|
|
|||
Loading…
Reference in a new issue