summaryrefslogtreecommitdiff
path: root/lib/ssl/src/dtls_record.erl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/src/dtls_record.erl')
-rw-r--r--lib/ssl/src/dtls_record.erl51
1 files changed, 18 insertions, 33 deletions
diff --git a/lib/ssl/src/dtls_record.erl b/lib/ssl/src/dtls_record.erl
index 98c60f599c..daadae0725 100644
--- a/lib/ssl/src/dtls_record.erl
+++ b/lib/ssl/src/dtls_record.erl
@@ -30,7 +30,7 @@
%% Misc.
-export([protocol_version/1, lowest_protocol_version/2,
highest_protocol_version/1, supported_protocol_versions/0,
- is_acceptable_version/2]).
+ is_acceptable_version/2, cipher/4, decipher/2]).
%%--------------------------------------------------------------------
-spec init_connection_state_seq(tls_version(), #connection_states{}) ->
@@ -71,25 +71,18 @@ current_connection_state_epoch(#connection_states{current_write = Current},
%% Description: Returns the instance of the connection_state record
%% that is defined by the Epoch.
%%--------------------------------------------------------------------
-connection_state_by_epoch(#connection_states{previous_read = CS}, Epoch, read)
- when CS#connection_state.epoch == Epoch ->
- CS;
connection_state_by_epoch(#connection_states{current_read = CS}, Epoch, read)
when CS#connection_state.epoch == Epoch ->
CS;
connection_state_by_epoch(#connection_states{pending_read = CS}, Epoch, read)
when CS#connection_state.epoch == Epoch ->
CS;
-connection_state_by_epoch(#connection_states{previous_write = CS}, Epoch, write)
- when CS#connection_state.epoch == Epoch ->
- CS;
connection_state_by_epoch(#connection_states{current_write = CS}, Epoch, write)
when CS#connection_state.epoch == Epoch ->
CS;
connection_state_by_epoch(#connection_states{pending_write = CS}, Epoch, write)
when CS#connection_state.epoch == Epoch ->
CS.
-
%%--------------------------------------------------------------------
-spec set_connection_state_by_epoch(#connection_states{},
#connection_state{}, read | write) -> ok.
@@ -98,12 +91,6 @@ connection_state_by_epoch(#connection_states{pending_write = CS}, Epoch, write)
%% that is defined by the Epoch.
%%--------------------------------------------------------------------
set_connection_state_by_epoch(ConnectionStates0 =
- #connection_states{previous_read = CS},
- NewCS = #connection_state{epoch = Epoch}, read)
- when CS#connection_state.epoch == Epoch ->
- ConnectionStates0#connection_states{previous_read = NewCS};
-
-set_connection_state_by_epoch(ConnectionStates0 =
#connection_states{current_read = CS},
NewCS = #connection_state{epoch = Epoch}, read)
when CS#connection_state.epoch == Epoch ->
@@ -116,12 +103,6 @@ set_connection_state_by_epoch(ConnectionStates0 =
ConnectionStates0#connection_states{pending_read = NewCS};
set_connection_state_by_epoch(ConnectionStates0 =
- #connection_states{previous_write = CS},
- NewCS = #connection_state{epoch = Epoch}, write)
- when CS#connection_state.epoch == Epoch ->
- ConnectionStates0#connection_states{previous_write = NewCS};
-
-set_connection_state_by_epoch(ConnectionStates0 =
#connection_states{current_write = CS},
NewCS = #connection_state{epoch = Epoch}, write)
when CS#connection_state.epoch == Epoch ->
@@ -133,7 +114,6 @@ set_connection_state_by_epoch(ConnectionStates0 =
when CS#connection_state.epoch == Epoch ->
ConnectionStates0#connection_states{pending_write = NewCS}.
-
%%--------------------------------------------------------------------
-spec protocol_version(tls_atom_version() | tls_version()) ->
tls_version() | tls_atom_version().
@@ -283,20 +263,21 @@ supported_connection_protocol_versions([]) ->
is_acceptable_version(Version, Versions) ->
lists:member(Version, Versions).
-%%--------------------------------------------------------------------
--spec clear_previous_epoch(#connection_states{}) ->
- #connection_states{}.
-%%
-%% Description: Advance to min_read_epoch to the current read epoch.
-%%--------------------------------------------------------------------
-clear_previous_epoch(States =
- #connection_states{current_read = Current}) ->
- States#connection_states{min_read_epoch = Current#connection_state.epoch}.
-
+cipher(Type, Version, Fragment, CS0) ->
+ Length = erlang:iolist_size(Fragment),
+ {MacHash, CS1=#connection_state{cipher_state = CipherS0,
+ security_parameters=
+ #security_parameters{bulk_cipher_algorithm =
+ BCA}
+ }} =
+ hash_and_bump_seqno(CS0, Type, Version, Length, Fragment),
+ {Ciphered, CipherS1} = ssl_cipher:cipher(BCA, CipherS0, MacHash, Fragment, Version),
+ CS2 = CS1#connection_state{cipher_state=CipherS1},
+ {Ciphered, CS2}.
decipher(TLS=#ssl_tls{type=Type, version=Version={254, _},
- epoch = Epoch, sequence = SeqNo,
+ epoch = Epoch, record_seq = SeqNo,
fragment=Fragment}, CS0) ->
SP = CS0#connection_state.security_parameters,
BCA = SP#security_parameters.bulk_cipher_algorithm,
@@ -307,7 +288,7 @@ decipher(TLS=#ssl_tls{type=Type, version=Version={254, _},
CS1 = CS0#connection_state{cipher_state = CipherS1},
TLength = size(T),
MacHash = hash_with_seqno(CS1, Type, Version, Epoch, SeqNo, TLength, T),
- case is_correct_mac(Mac, MacHash) of
+ case ssl_record:is_correct_mac(Mac, MacHash) of
true ->
{TLS#ssl_tls{fragment = T}, CS1};
false ->
@@ -338,3 +319,7 @@ hash_and_bump_seqno(#connection_state{epoch = Epoch,
MacSecret, (Epoch bsl 48) + SeqNo, Type,
Length, Fragment),
{Hash, CS0#connection_state{sequence_number = SeqNo+1}}.
+
+mac_hash(Version, MacAlg, MacSecret, SeqNo, Type, Length, Fragment) ->
+ dtls_v1:mac_hash(MacAlg, MacSecret, SeqNo, Type, Version,
+ Length, Fragment).
View Lorry Controller Status