tls_protect.h (1777B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this file, 5 * You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef tls_protection_h_ 8 #define tls_protection_h_ 9 10 #include <cstdint> 11 #include <memory> 12 13 #include "pk11pub.h" 14 #include "sslt.h" 15 #include "sslexp.h" 16 17 #include "databuffer.h" 18 #include "scoped_ptrs_ssl.h" 19 20 namespace nss_test { 21 class TlsRecordHeader; 22 23 // Our analog of ssl3CipherSpec 24 class TlsCipherSpec { 25 public: 26 TlsCipherSpec(bool dtls, uint16_t epoc); 27 bool SetKeys(SSLCipherSuiteInfo* cipherinfo, PK11SymKey* secret); 28 29 bool Protect(const TlsRecordHeader& header, const DataBuffer& plaintext, 30 DataBuffer* ciphertext, TlsRecordHeader* out_header); 31 bool Unprotect(const TlsRecordHeader& header, const DataBuffer& ciphertext, 32 DataBuffer* plaintext, TlsRecordHeader* out_header); 33 34 uint16_t epoch() const { return epoch_; } 35 uint64_t next_in_seqno() const { return in_seqno_; } 36 void RecordUnprotected(uint64_t seqno) { 37 // Reordering happens, so don't let this go backwards. 38 in_seqno_ = (std::max)(in_seqno_, seqno + 1); 39 } 40 uint64_t next_out_seqno() { return out_seqno_; } 41 void RecordProtected() { out_seqno_++; } 42 43 void RecordDropped() { record_dropped_ = true; } 44 bool record_dropped() const { return record_dropped_; } 45 46 bool is_protected() const { return aead_ != nullptr; } 47 48 private: 49 bool dtls_; 50 uint16_t epoch_; 51 uint64_t in_seqno_; 52 uint64_t out_seqno_; 53 bool record_dropped_ = false; 54 ScopedSSLAeadContext aead_; 55 ScopedSSLMaskingContext mask_; 56 }; 57 58 } // namespace nss_test 59 60 #endif