Botan
1.11.15
|
00001 /* 00002 * TLS Session Key 00003 * (C) 2004-2006,2011 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #include <botan/internal/tls_session_key.h> 00009 #include <botan/internal/tls_handshake_state.h> 00010 #include <botan/internal/tls_messages.h> 00011 00012 namespace Botan { 00013 00014 namespace TLS { 00015 00016 /** 00017 * Session_Keys Constructor 00018 */ 00019 Session_Keys::Session_Keys(const Handshake_State* state, 00020 const secure_vector<byte>& pre_master_secret, 00021 bool resuming) 00022 { 00023 const size_t cipher_keylen = state->ciphersuite().cipher_keylen(); 00024 const size_t mac_keylen = state->ciphersuite().mac_keylen(); 00025 const size_t cipher_nonce_bytes = state->ciphersuite().nonce_bytes_from_handshake(); 00026 00027 const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_nonce_bytes); 00028 00029 const byte MASTER_SECRET_MAGIC[] = { 00030 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 }; 00031 00032 const byte KEY_GEN_MAGIC[] = { 00033 0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, 0x6E }; 00034 00035 std::unique_ptr<KDF> prf(state->protocol_specific_prf()); 00036 00037 if(resuming) 00038 { 00039 master_sec = pre_master_secret; 00040 } 00041 else 00042 { 00043 secure_vector<byte> salt; 00044 salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC)); 00045 salt += state->client_hello()->random(); 00046 salt += state->server_hello()->random(); 00047 00048 master_sec = prf->derive_key(48, pre_master_secret, salt); 00049 } 00050 00051 secure_vector<byte> salt; 00052 salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC)); 00053 salt += state->server_hello()->random(); 00054 salt += state->client_hello()->random(); 00055 00056 SymmetricKey keyblock = prf->derive_key(prf_gen, master_sec, salt); 00057 00058 const byte* key_data = keyblock.begin(); 00059 00060 c_mac = SymmetricKey(key_data, mac_keylen); 00061 key_data += mac_keylen; 00062 00063 s_mac = SymmetricKey(key_data, mac_keylen); 00064 key_data += mac_keylen; 00065 00066 c_cipher = SymmetricKey(key_data, cipher_keylen); 00067 key_data += cipher_keylen; 00068 00069 s_cipher = SymmetricKey(key_data, cipher_keylen); 00070 key_data += cipher_keylen; 00071 00072 c_iv = InitializationVector(key_data, cipher_nonce_bytes); 00073 key_data += cipher_nonce_bytes; 00074 00075 s_iv = InitializationVector(key_data, cipher_nonce_bytes); 00076 } 00077 00078 } 00079 00080 }