pike.git / lib / modules / SSL.pmod / Session.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Session.pike:17:   import Constants;   protected constant Struct = ADT.struct;      #ifdef SSL3_DEBUG   #define SSL3_DEBUG_MSG(X ...) werror(X)   #else /*! SSL3_DEBUG */   #define SSL3_DEBUG_MSG(X ...)   #endif /* SSL3_DEBUG */      //! Identifies the session to the server - string(0..255) identity; + string(8bit) identity;      //! Always COMPRESSION_null.   int compression_algorithm;      //! Constant defining a choice of keyexchange, encryption and mac   //! algorithm.   int cipher_suite;      //! Information about the encryption method derived from the   //! cipher_suite.   Cipher.CipherSpec cipher_spec;      //! Key exchange method, also derived from the cipher_suite.   int ke_method;      //! Key exchange factory, derived from @[ke_method].   program(Cipher.KeyExchange) ke_factory;      //! 48 byte secret shared between the client and the server. Used for   //! deriving the actual keys. - string(0..255) master_secret; + string(8bit) master_secret;      //! information about the certificate in use by the peer, such as issuing authority, and verification status.   mapping cert_data;      //! Negotiated protocol version.   ProtocolVersion version;      //! the peer certificate chain   array(string(8bit)) peer_certificate_chain;   
pike.git/lib/modules/SSL.pmod/Session.pike:70:      //! Indicates that the packet HMACs should be truncated   //! to the first 10 bytes (80 bits). Cf RFC 3546 3.5.   int(0..1) truncated_hmac;      /*    * Extensions provided by the peer.    */      //! RFC 4366 3.1 (SNI) - array(string(0..255)) server_names; + array(string(8bit)) server_names;      //! The set of <hash, signature> combinations supported by the other end.   //!   //! Only used with TLS 1.2 and later.   //!   //! Defaults to the settings from RFC 5246 7.4.1.4.1.   array(array(int)) signature_algorithms = ({    // RFC 5246 7.4.1.4.1:    // Note: this is a change from TLS 1.1 where there are no explicit    // rules, but as a practical matter one can assume that the peer
pike.git/lib/modules/SSL.pmod/Session.pike:437:    case COMPRESSION_null:    break;    case COMPRESSION_deflate:    break;    default:    error( "Method not supported\n" );    }    compression_algorithm = compr;   }    - protected string(0..255) generate_key_block(string(0..255) client_random, -  string(0..255) server_random, + protected string(8bit) generate_key_block(string(8bit) client_random, +  string(8bit) server_random,    ProtocolVersion version)   {    int required = 2 * (    cipher_spec->is_exportable ?    (5 + cipher_spec->hash_size)    : ( cipher_spec->key_material +    cipher_spec->hash_size +    cipher_spec->iv_size)    ); -  string(0..255) key = ""; +  string(8bit) key = "";       key = cipher_spec->prf(master_secret, "key expansion",    server_random + client_random, required);      #ifdef SSL3_DEBUG    werror("key_block: %O\n", key);   #endif    return key;   }   
pike.git/lib/modules/SSL.pmod/Session.pike:491:   //! Server write MAC secret   //! @elem string 2   //! Client write key   //! @elem string 3   //! Server write key   //! @elem string 4   //! Client write IV   //! @elem string 5   //! Server write IV   //! @endarray - array(string(0..255)) generate_keys(string(0..255) client_random, -  string(0..255) server_random, + array(string(8bit)) generate_keys(string(8bit) client_random, +  string(8bit) server_random,    ProtocolVersion version)   {    Struct key_data = Struct(generate_key_block(client_random, server_random,    version)); -  array(string(0..255)) keys = allocate(6); +  array(string(8bit)) keys = allocate(6);      #ifdef SSL3_DEBUG    werror("client_random: %s\nserver_random: %s\nversion: %d.%d\n",    client_random?String.string2hex(client_random):"NULL",    server_random?String.string2hex(server_random):"NULL",    version>>8, version & 0xff);   #endif    // client_write_MAC_secret    keys[0] = key_data->get_fix_string(cipher_spec->hash_size);    // server_write_MAC_secret
pike.git/lib/modules/SSL.pmod/Session.pike:531:    if (cipher_spec->iv_size)    {    keys[4] = Crypto.MD5.hash(client_random +    server_random)[..cipher_spec->iv_size-1];    keys[5] = Crypto.MD5.hash(server_random +    client_random)[..cipher_spec->iv_size-1];    }       } else if(version >= PROTOCOL_TLS_1_0) {    // TLS 1.0 or later. -  string(0..255) client_wkey = key_data->get_fix_string(5); -  string(0..255) server_wkey = key_data->get_fix_string(5); +  string(8bit) client_wkey = key_data->get_fix_string(5); +  string(8bit) server_wkey = key_data->get_fix_string(5);    keys[2] = cipher_spec->prf(client_wkey, "client write key",    client_random + server_random,    cipher_spec->key_material);    keys[3] = cipher_spec->prf(server_wkey, "server write key",    client_random + server_random,    cipher_spec->key_material);    if(cipher_spec->iv_size) { -  string(0..255) iv_block = +  string(8bit) iv_block =    cipher_spec->prf("", "IV block",    client_random + server_random,    2 * cipher_spec->iv_size);    keys[4]=iv_block[..cipher_spec->iv_size-1];    keys[5]=iv_block[cipher_spec->iv_size..];   #ifdef SSL3_DEBUG    werror("sizeof(keys[4]):%d sizeof(keys[5]):%d\n",    sizeof(keys[4]), sizeof(keys[4]));   #endif    }
pike.git/lib/modules/SSL.pmod/Session.pike:594:   //! client_random, server_random and master_secret strings.   //!   //! @returns   //! @array   //! @elem SSL.state read_state   //! Read state   //! @elem SSL.state write_state   //! Write state   //! @endarray   array(State) new_server_states(.Connection con, -  string(0..255) client_random, -  string(0..255) server_random, +  string(8bit) client_random, +  string(8bit) server_random,    ProtocolVersion version)   {    State write_state = State(con);    State read_state = State(con);    array(string) keys = generate_keys(client_random, server_random, version);       if (cipher_spec->mac_algorithm)    {    read_state->mac = cipher_spec->mac_algorithm(keys[0]);    write_state->mac = cipher_spec->mac_algorithm(keys[1]);
pike.git/lib/modules/SSL.pmod/Session.pike:663:   //! client_random, server_random and master_secret strings.   //!   //! @returns   //! @array   //! @elem SSL.state read_state   //! Read state   //! @elem SSL.state write_state   //! Write state   //! @endarray   array(State) new_client_states(.Connection con, -  string(0..255) client_random, -  string(0..255) server_random, +  string(8bit) client_random, +  string(8bit) server_random,    ProtocolVersion version)   {    State write_state = State(con);    State read_state = State(con);    array(string) keys = generate_keys(client_random, server_random, version);       if (cipher_spec->mac_algorithm)    {    read_state->mac = cipher_spec->mac_algorithm(keys[1]);    write_state->mac = cipher_spec->mac_algorithm(keys[0]);