diff options
Diffstat (limited to 'lib/ssl/src/tls_record.erl')
-rw-r--r-- | lib/ssl/src/tls_record.erl | 62 |
1 files changed, 35 insertions, 27 deletions
diff --git a/lib/ssl/src/tls_record.erl b/lib/ssl/src/tls_record.erl index ce21e40dd8..e68f9a19df 100644 --- a/lib/ssl/src/tls_record.erl +++ b/lib/ssl/src/tls_record.erl @@ -155,26 +155,34 @@ encode_data(Frag, Version, %% %% Description: Decode cipher text %%-------------------------------------------------------------------- -decode_cipher_text(#ssl_tls{type = Type, version = Version} = CipherText, +decode_cipher_text(CipherText, #{current_read := #{sequence_number := Seq, - security_parameters := #security_parameters{cipher_type = ?AEAD} = SecParams - } = ReadState0} = ConnnectionStates0, _) -> - AAD = start_additional_data(Type, Version, Seq), - #{cipher_state := CipherS0} = ReadState0, - BulkCipherAlgo = SecParams#security_parameters.bulk_cipher_algorithm, - CipherS1 = ssl_record:nonce_seed(BulkCipherAlgo, <<?UINT64(Seq)>>, CipherS0), - case ssl_record:decipher_aead(BulkCipherAlgo, CipherS1, AAD, CipherText#ssl_tls.fragment, Version) of - {PlainFragment, CipherState} -> - #{compression_state := CompressionS0} = ReadState0, - {Plain, CompressionS1} = ssl_record:uncompress(SecParams#security_parameters.compression_algorithm, - PlainFragment, CompressionS0), - ConnnectionStates = ConnnectionStates0#{ + security_parameters := + #security_parameters{cipher_type = ?AEAD, + bulk_cipher_algorithm = BulkCipherAlgo}, + cipher_state := CipherS0 + } + } = ConnectionStates0, _) -> + SeqBin = <<?UINT64(Seq)>>, + CipherS1 = ssl_record:nonce_seed(BulkCipherAlgo, SeqBin, CipherS0), + #ssl_tls{type = Type, version = {MajVer,MinVer} = Version, fragment = Fragment} = CipherText, + StartAdditionalData = <<SeqBin/binary, ?BYTE(Type), ?BYTE(MajVer), ?BYTE(MinVer)>>, + case ssl_record:decipher_aead( + BulkCipherAlgo, CipherS1, StartAdditionalData, Fragment, Version) + of + {PlainFragment, CipherS} -> + #{current_read := + #{security_parameters := SecParams, + compression_state := CompressionS0} = ReadState0} = ConnectionStates0, + {Plain, CompressionS} = ssl_record:uncompress(SecParams#security_parameters.compression_algorithm, + PlainFragment, CompressionS0), + ConnectionStates = ConnectionStates0#{ current_read => ReadState0#{ - cipher_state => CipherState, + cipher_state => CipherS, sequence_number => Seq + 1, - compression_state => CompressionS1}}, - {CipherText#ssl_tls{fragment = Plain}, ConnnectionStates}; + compression_state => CompressionS}}, + {CipherText#ssl_tls{fragment = Plain}, ConnectionStates}; #alert{} = Alert -> Alert end; @@ -534,10 +542,14 @@ encode_iolist(Type, Version, [Text|Data], compression_algorithm = CompAlg} = SecPars}} = CS, CompS0, CipherS0, Seq, CipherFragments) -> {CompText, CompS} = ssl_record:compress(CompAlg, Text, CompS0), - CipherS1 = ssl_record:nonce_seed(BCAlg, <<?UINT64(Seq)>>, CipherS0), - AAD = start_additional_data(Type, Version, Seq), - {CipherFragment,CipherS} = ssl_record:cipher_aead(Version, CompText, CipherS1, AAD, SecPars), - CipherHeader = cipher_header(Type, Version, CipherFragment), + SeqBin = <<?UINT64(Seq)>>, + CipherS1 = ssl_record:nonce_seed(BCAlg, SeqBin, CipherS0), + {MajVer, MinVer} = Version, + VersionBin = <<?BYTE(MajVer), ?BYTE(MinVer)>>, + StartAdditionalData = <<SeqBin/binary, ?BYTE(Type), VersionBin/binary>>, + {CipherFragment,CipherS} = ssl_record:cipher_aead(Version, CompText, CipherS1, StartAdditionalData, SecPars), + Length = byte_size(CipherFragment), + CipherHeader = <<?BYTE(Type), VersionBin/binary, ?UINT16(Length)>>, encode_iolist(Type, Version, Data, CS, CompS, CipherS, Seq + 1, [[CipherHeader, CipherFragment] | CipherFragments]); encode_iolist(Type, Version, [Text|Data], @@ -549,18 +561,14 @@ encode_iolist(Type, Version, [Text|Data], {CompText, CompS} = ssl_record:compress(CompAlg, Text, CompS0), MacHash = ssl_cipher:calc_mac_hash(Type, Version, CompText, MacAlgorithm, MacSecret, Seq), {CipherFragment,CipherS} = ssl_record:cipher(Version, CompText, CipherS0, MacHash, SecPars), - CipherHeader = cipher_header(Type, Version, CipherFragment), + Length = byte_size(CipherFragment), + {MajVer, MinVer} = Version, + CipherHeader = <<?BYTE(Type), ?BYTE(MajVer), ?BYTE(MinVer), ?UINT16(Length)>>, encode_iolist(Type, Version, Data, CS, CompS, CipherS, Seq + 1, [[CipherHeader, CipherFragment] | CipherFragments]); encode_iolist(_Type, _Version, _Data, CS, _CompS, _CipherS, _Seq, _CipherFragments) -> exit({cs, CS}). %%-------------------------------------------------------------------- -cipher_header(Type, {MajVer, MinVer}, CipherFragment) -> - Length = erlang:iolist_size(CipherFragment), - <<?BYTE(Type), ?BYTE(MajVer), ?BYTE(MinVer), ?UINT16(Length)>>. - -start_additional_data(Type, {MajVer, MinVer}, SeqNo) -> - <<?UINT64(SeqNo), ?BYTE(Type), ?BYTE(MajVer), ?BYTE(MinVer)>>. %% 1/n-1 splitting countermeasure Rizzo/Duong-Beast, RC4 chiphers are %% not vulnerable to this attack. |