diff --git a/.gitattributes b/.gitattributes
index 7ae26c235ac8c758a1540919d01a08c851891882..7931d5823b1df8bf23570198233ab49e7b9e08b4 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -165,11 +165,12 @@ testfont binary
/lib/modules/Protocols.pmod/X.pmod/_Types.pmod foreign_ident
/lib/modules/Protocols.pmod/X.pmod/_Xlib.pmod foreign_ident
/lib/modules/Protocols.pmod/XMLRPC.pmod/testsuite.in foreign_ident
+/lib/modules/SSL.pmod/Cipher.pmod foreign_ident
+/lib/modules/SSL.pmod/Constants.pmod foreign_ident
/lib/modules/SSL.pmod/TODO foreign_ident
/lib/modules/SSL.pmod/alert.pike foreign_ident
/lib/modules/SSL.pmod/cipher.pike foreign_ident
/lib/modules/SSL.pmod/connection.pike foreign_ident
-/lib/modules/SSL.pmod/constants.pike foreign_ident
/lib/modules/SSL.pmod/context.pike foreign_ident
/lib/modules/SSL.pmod/handshake.pike foreign_ident
/lib/modules/SSL.pmod/https.pike foreign_ident
diff --git a/lib/modules/SSL.pmod/Cipher.pmod b/lib/modules/SSL.pmod/Cipher.pmod
new file mode 100644
index 0000000000000000000000000000000000000000..7708c4be2e09626d717bc68517bc676d08cbacfd
--- /dev/null
+++ b/lib/modules/SSL.pmod/Cipher.pmod
@@ -0,0 +1,446 @@
+//
+// $Id: Cipher.pmod,v 1.1 2003/01/27 15:03:00 nilsson Exp $
+
+#pike __REAL_VERSION__
+
+//! Encryption and MAC algorithms used in SSL.
+
+import .Constants;
+
+class CipherSpec {
+ program bulk_cipher_algorithm;
+ int cipher_type;
+ program mac_algorithm;
+ int is_exportable;
+ int hash_size;
+ int key_material;
+ int iv_size;
+ int key_bits;
+ function sign;
+ function verify;
+}
+
+#if 0
+class mac_none
+{
+ /* Dummy MAC algorithm */
+ string hash(string data, object seq_num) { return ""; }
+}
+#endif
+
+//!
+class MACsha
+{
+ constant pad_1 = "6666666666666666666666666666666666666666";
+ constant pad_2 = ("\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
+ "\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\");
+
+ constant algorithm = Crypto.sha;
+
+ string secret;
+
+ //!
+ string hash_raw(string data)
+ {
+#ifdef SSL3_DEBUG_CRYPT
+ werror("SSL.cipher: hash_raw(%O)\n", data);
+#endif
+
+ object h = algorithm();
+ string res = h->update(data)->digest();
+#ifdef SSL3_DEBUG_CRYPT
+ werror("SSL.cipher: hash_raw->%O\n",res);
+#endif
+
+ return res;
+ }
+
+ //!
+ string hash(object packet, Gmp.mpz seq_num)
+ {
+ string s = sprintf("%~8s%c%2c%s",
+ "\0\0\0\0\0\0\0\0", seq_num->digits(256),
+ packet->content_type, sizeof(packet->fragment),
+ packet->fragment);
+#ifdef SSL3_DEBUG_CRYPT
+// werror("SSL.cipher: hashing %O\n", s);
+#endif
+ return hash_raw(secret + pad_2 +
+ hash_raw(secret + pad_1 + s));
+ }
+
+ //!
+ string hash_master(string data, string|void s)
+ {
+ s = s || secret;
+ return hash_raw(s + pad_2 +
+ hash_raw(data + s + pad_1));
+ }
+
+ //!
+ void create (string|void s)
+ {
+ secret = s || "";
+ }
+}
+
+//!
+class MACmd5 {
+ inherit MACsha;
+
+ constant pad_1 = "666666666666666666666666666666666666666666666666";
+ constant pad_2 = ("\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
+ "\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\");
+
+ constant algorithm = Crypto.md5;
+}
+
+//!
+class MAChmac_sha {
+
+ string secret;
+ Crypto.hmac hmac;
+
+ //!
+ string hash(object packet, Gmp.mpz seq_num) {
+
+ string s = sprintf("%~8s%c%c%c%2c%s",
+ "\0\0\0\0\0\0\0\0", seq_num->digits(256),
+ packet->content_type,
+ packet->protocol_version[0],packet->protocol_version[1],
+ sizeof(packet->fragment),
+ packet->fragment);
+
+ return hmac(secret)(s);
+ }
+
+ //!
+ void create(string|void s) {
+ secret = s || "";
+ hmac=Crypto.hmac(Crypto.sha);
+ }
+}
+
+//!
+class MAChmac_md5 {
+ inherit MAChmac_sha;
+
+ //!
+ void create(string|void s) {
+ secret = s || "";
+ hmac=Crypto.hmac(Crypto.md5);
+ }
+}
+
+// Hashfn is either a Crypto.md5 or Crypto.sha
+static string P_hash(object hashfn,int hlen,string secret,string seed,int len) {
+
+ Crypto.hmac hmac=Crypto.hmac(hashfn);
+ string temp=seed;
+ string res="";
+
+ int noblocks=(int)ceil((1.0*len)/hlen);
+
+ for(int i=0 ; i<noblocks ; i++) {
+ temp=hmac(secret)(temp);
+ res+=hmac(secret)(temp+seed);
+ }
+ return res[..(len-1)];
+}
+
+//!
+string prf(string secret,string label,string seed,int len) {
+
+ string s1=secret[..(int)(ceil(sizeof(secret)/2.0)-1)];
+ string s2=secret[(int)(floor(sizeof(secret)/2.0))..];
+
+ string a=P_hash(Crypto.md5,16,s1,label+seed,len);
+ string b=P_hash(Crypto.sha,20,s2,label+seed,len);
+
+ return a ^ b;
+}
+
+//!
+class DES
+{
+ inherit Crypto.des_cbc : c;
+
+ this_program set_encrypt_key(string k)
+ {
+ c::set_encrypt_key(Crypto.des_parity(k));
+ return this_object();
+ }
+
+ this_program set_decrypt_key(string k)
+ {
+ c::set_decrypt_key(Crypto.des_parity(k));
+ return this_object();
+ }
+}
+
+//!
+class DES3
+{
+ inherit Crypto.des3_cbc : c;
+
+ this_program set_encrypt_key(string k)
+ {
+ c::set_encrypt_key(Crypto.des_parity(k));
+ return this_object();
+ }
+
+ this_program set_decrypt_key(string k)
+ {
+ c::set_decrypt_key(Crypto.des_parity(k));
+ return this_object();
+ }
+}
+
+ADT.struct rsa_sign(object context, string cookie, ADT.struct struct)
+{
+ /* Exactly how is the signature process defined? */
+
+ string params = cookie + struct->contents();
+ string digest = Crypto.md5()->update(params)->digest()
+ + Crypto.sha()->update(params)->digest();
+
+ object s = context->rsa->raw_sign(digest);
+#ifdef SSL3_DEBUG_CRYPT
+ werror(" Digest: '%O'\n"
+ " Signature: '%O'\n",
+ digest, s->digits(256));
+#endif
+
+ struct->put_bignum(s);
+ return struct;
+}
+
+int rsa_verify(object context, string cookie, ADT.struct struct,
+ Gmp.mpz signature)
+{
+ /* Exactly how is the signature process defined? */
+
+ string params = cookie + struct->contents();
+ string digest = Crypto.md5()->update(params)->digest()
+ + Crypto.sha()->update(params)->digest();
+
+ return context->rsa->raw_verify(digest, signature);
+}
+
+ADT.struct dsa_sign(object context, string cookie, ADT.struct struct)
+{
+ /* NOTE: The details are not described in the SSL 3 spec. */
+ string s = context->dsa->sign_ssl(cookie + struct->contents());
+ struct->put_var_string(s, 2);
+ return struct;
+}
+
+ADT.struct anon_sign(object context, string cookie, ADT.struct struct)
+{
+ return struct;
+}
+
+class DHParameters
+{
+ Gmp.mpz p, g, order;
+
+ /* Default prime and generator, taken from the ssh2 spec:
+ *
+ * "This group was taken from the ISAKMP/Oakley specification, and was
+ * originally generated by Richard Schroeppel at the University of Arizona.
+ * Properties of this prime are described in [Orm96].
+ *...
+ * [Orm96] Orman, H., "The Oakley Key Determination Protocol", version 1,
+ * TR97-92, Department of Computer Science Technical Report, University of
+ * Arizona."
+ */
+
+ /* p = 2^1024 - 2^960 - 1 + 2^64 * floor( 2^894 Pi + 129093 ) */
+
+ Gmp.mpz orm96() {
+ p = Gmp.mpz("FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1"
+ "29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD"
+ "EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245"
+ "E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED"
+ "EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381"
+ "FFFFFFFF FFFFFFFF", 16);
+ order = (p-1) / 2;
+
+ g = Gmp.mpz(2);
+
+ return this_object();
+ }
+
+ void create(object ... args) {
+ switch (sizeof(args))
+ {
+ case 0:
+ orm96();
+ break;
+ case 3:
+ [p, g, order] = args;
+ break;
+ default:
+ error( "Wrong number of arguments.\n" );
+ }
+ }
+}
+
+class DHKeyExchange
+{
+ /* Public parameters */
+ DHParameters parameters;
+
+ Gmp.mpz our; /* Our value */
+ Gmp.mpz other; /* Other party's value */
+ Gmp.mpz secret; /* our = g ^ secret mod p */
+
+ void create(DHParameters p) {
+ parameters = p;
+ }
+
+ this_program new_secret(function random) {
+ secret = Gmp.mpz(random( (parameters->order->size() + 10 / 8)), 256)
+ % (parameters->order - 1) + 1;
+
+ our = parameters->g->powm(secret, parameters->p);
+ return this_object();
+ }
+
+ this_program set_other(Gmp.mpz o) {
+ other = o;
+ return this_object();
+ }
+
+ object get_shared() {
+ return other->powm(secret, parameters->p);
+ }
+}
+
+/* Return array of auth_method, cipher_spec */
+array lookup(int suite,int version)
+{
+ CipherSpec res = CipherSpec();
+ int ke_method;
+
+ array algorithms = CIPHER_SUITES[suite];
+ if (!algorithms)
+ return 0;
+
+ ke_method = algorithms[0];
+
+ switch(ke_method)
+ {
+ case KE_rsa:
+ case KE_dhe_rsa:
+ res->sign = rsa_sign;
+ res->verify = rsa_verify;
+ break;
+ case KE_dhe_dss:
+ res->sign = dsa_sign;
+ break;
+ case KE_dh_anon:
+ res->sign = anon_sign;
+ break;
+ default:
+ error( "Internal error.\n" );
+ }
+
+ switch(algorithms[1])
+ {
+ case CIPHER_rc4_40:
+#if constant(Crypto.arcfour)
+ res->bulk_cipher_algorithm = Crypto.arcfour;
+#else /* !constant(Crypto.arcfour) */
+ res->bulk_cipher_algorithm = Crypto.rc4;
+#endif /* constant(Crypto.arcfour) */
+ res->cipher_type = CIPHER_stream;
+ res->is_exportable = 1;
+ res->key_material = 16;
+ res->iv_size = 0;
+ res->key_bits = 40;
+ break;
+ case CIPHER_des40:
+ res->bulk_cipher_algorithm = DES;
+ res->cipher_type = CIPHER_block;
+ res->is_exportable = 1;
+ res->key_material = 8;
+ res->iv_size = 8;
+ res->key_bits = 40;
+ break;
+ case CIPHER_null:
+ res->bulk_cipher_algorithm = 0;
+ res->cipher_type = CIPHER_stream;
+ res->is_exportable = 1;
+ res->key_material = 0;
+ res->iv_size = 0;
+ res->key_bits = 0;
+ break;
+#ifndef WEAK_CRYPTO_40BIT
+ case CIPHER_rc4:
+#if constant(Crypto.arcfour)
+ res->bulk_cipher_algorithm = Crypto.arcfour;
+#else /* !constant(Crypto.arcfour) */
+ res->bulk_cipher_algorithm = Crypto.rc4;
+#endif /* constant(Crypto.arcfour) */
+ res->cipher_type = CIPHER_stream;
+ res->is_exportable = 0;
+ res->key_material = 16;
+ res->iv_size = 0;
+ res->key_bits = 128;
+ break;
+ case CIPHER_des:
+ res->bulk_cipher_algorithm = DES;
+ res->cipher_type = CIPHER_block;
+ res->is_exportable = 0;
+ res->key_material = 8;
+ res->iv_size = 8;
+ res->key_bits = 56;
+ break;
+ case CIPHER_3des:
+ res->bulk_cipher_algorithm = DES3;
+ res->cipher_type = CIPHER_block;
+ res->is_exportable = 0;
+ res->key_material = 24;
+ res->iv_size = 8;
+ res->key_bits = 168;
+ break;
+ case CIPHER_idea:
+ res->bulk_cipher_algorithm = Crypto.idea_cbc;
+ res->cipher_type = CIPHER_block;
+ res->is_exportable = 0;
+ res->key_material = 16;
+ res->iv_size = 8;
+ res->key_bits = 128;
+ break;
+#endif /* !WEAK_CRYPTO_40BIT (magic comment) */
+ default:
+ return 0;
+ }
+
+ switch(algorithms[2])
+ {
+ case HASH_sha:
+ if(version==1)
+ res->mac_algorithm = MAChmac_sha;
+ else
+ res->mac_algorithm = MACsha;
+ res->hash_size = 20;
+ break;
+ case HASH_md5:
+ if(version==1)
+ res->mac_algorithm = MAChmac_md5;
+ else
+ res->mac_algorithm = MACmd5;
+ res->hash_size = 16;
+ break;
+ case 0:
+ res->mac_algorithm = 0;
+ res->hash_size = 0;
+ break;
+ default:
+ return 0;
+ }
+
+ return ({ ke_method, res });
+}
diff --git a/lib/modules/SSL.pmod/constants.pike b/lib/modules/SSL.pmod/Constants.pmod
similarity index 99%
rename from lib/modules/SSL.pmod/constants.pike
rename to lib/modules/SSL.pmod/Constants.pmod
index 7a2745d4a4a4b1b486db979a8433e1ba299ea9f8..9407620234307e0bef61c5e2fb792d7bc878b7fb 100644
--- a/lib/modules/SSL.pmod/constants.pike
+++ b/lib/modules/SSL.pmod/Constants.pmod
@@ -1,6 +1,6 @@
#pike __REAL_VERSION__
-/* $Id: constants.pike,v 1.10 2002/03/20 16:40:01 nilsson Exp $
+/* $Id: Constants.pmod,v 1.1 2003/01/27 15:03:00 nilsson Exp $
*
*/
diff --git a/lib/modules/SSL.pmod/alert.pike b/lib/modules/SSL.pmod/alert.pike
index 36a7fd3d0e19d9923fdc3614c0e5faf90d25282a..097637de3b5c6fed5aaa3eee5cb6007e89926454 100644
--- a/lib/modules/SSL.pmod/alert.pike
+++ b/lib/modules/SSL.pmod/alert.pike
@@ -1,11 +1,12 @@
#pike __REAL_VERSION__
-/* $Id: alert.pike,v 1.8 2003/01/27 01:41:16 nilsson Exp $
+/* $Id: alert.pike,v 1.9 2003/01/27 15:03:00 nilsson Exp $
*
*/
//! Alert package.
+import .Constants;
inherit "packet" : packet;
int level;
diff --git a/lib/modules/SSL.pmod/client.pike b/lib/modules/SSL.pmod/client.pike
index 15e78a6e01ea43aba0ea9f2515d5a8a649c8743e..9a3e6dbc8c9097d708d36011d489d669400305b5 100755
--- a/lib/modules/SSL.pmod/client.pike
+++ b/lib/modules/SSL.pmod/client.pike
@@ -3,7 +3,7 @@
// SSL Client example
-import SSL.constants;
+import SSL.Constants;
SSL.sslfile sslfile;
diff --git a/lib/modules/SSL.pmod/connection.pike b/lib/modules/SSL.pmod/connection.pike
index d2e1ce15fc16ae4654a49eea9907dc62457a70e4..6c126552d1b0560e7ca59c142550b4f70a4689c5 100644
--- a/lib/modules/SSL.pmod/connection.pike
+++ b/lib/modules/SSL.pmod/connection.pike
@@ -1,6 +1,6 @@
#pike __REAL_VERSION__
-/* $Id: connection.pike,v 1.25 2003/01/27 01:41:16 nilsson Exp $
+/* $Id: connection.pike,v 1.26 2003/01/27 15:03:00 nilsson Exp $
*
* SSL packet layer
*/
@@ -22,7 +22,8 @@ int closing;
function(object,int|object,string:void) alert_callback;
-inherit "constants";
+import .Constants;
+
inherit "handshake";
constant PRI_alert = 1;
diff --git a/lib/modules/SSL.pmod/constants.pmod b/lib/modules/SSL.pmod/constants.pmod
new file mode 100644
index 0000000000000000000000000000000000000000..6b58603e8695e4c86a1293d5755822b2adf5841f
--- /dev/null
+++ b/lib/modules/SSL.pmod/constants.pmod
@@ -0,0 +1,5 @@
+#pike __REAL_VERSION__
+
+// Compatibility
+inherit .Constants;
+
diff --git a/lib/modules/SSL.pmod/context.pike b/lib/modules/SSL.pmod/context.pike
index 3ae3d0a0c740d661b9d2420e15b89d146c9a7262..c67affbd1439d5456c3f9dd97781f03e70c8d380 100644
--- a/lib/modules/SSL.pmod/context.pike
+++ b/lib/modules/SSL.pmod/context.pike
@@ -1,6 +1,6 @@
#pike __REAL_VERSION__
-/* $Id: context.pike,v 1.17 2003/01/27 01:41:16 nilsson Exp $
+/* $Id: context.pike,v 1.18 2003/01/27 15:03:00 nilsson Exp $
*
* Keeps track of global data for an SSL server,
* such as preferred encryption algorithms and session cache.
@@ -11,10 +11,10 @@
//! certificate, the server's private key(s), etc. It also includes the
//! session cache.
-inherit "constants";
+import .Constants;
//! The server's private key
-object rsa;
+Crypto.rsa rsa;
//! Temporary, non-certified, private keys, used with a
//! server_key_exchange message. The rules are as follows:
@@ -28,10 +28,10 @@ object rsa;
//! message with the (public part of) the long_rsa key.
//!
//! Otherwise, dont send any server_key_exchange message.
-object long_rsa;
-object short_rsa;
+Crypto.rsa long_rsa;
+Crypto.rsa short_rsa;
-object dsa; /* Servers dsa key */
+Crypto.dsa dsa; /* Servers dsa key */
object dh_params; /* Parameters for dh keyexchange */
//! Used to generate random cookies for the hello-message. If we use
diff --git a/lib/modules/SSL.pmod/handshake.pike b/lib/modules/SSL.pmod/handshake.pike
index 5c85457113263b83f797e8fe197e11c44b36481c..0fa6d2e96a2201f0f8f3503769a821e8451d8c37 100644
--- a/lib/modules/SSL.pmod/handshake.pike
+++ b/lib/modules/SSL.pmod/handshake.pike
@@ -1,6 +1,6 @@
#pike __REAL_VERSION__
-/* $Id: handshake.pike,v 1.31 2003/01/27 01:41:16 nilsson Exp $
+/* $Id: handshake.pike,v 1.32 2003/01/27 15:03:00 nilsson Exp $
*
*/
@@ -16,7 +16,7 @@
//#define SSL3_PROFILING
-inherit "cipher";
+import .Constants;
#ifdef SSL3_DEBUG
#define SSL3_DEBUG_MSG(X ...) werror(X)
@@ -198,7 +198,7 @@ object server_key_exchange_packet()
struct = Struct();
/* werror("dh_params = %O\n", context->dh_params); */
- dh_state = dh_key_exchange(context->dh_params);
+ dh_state = .Cipher.DHKeyExchange(context->dh_params);
dh_state->new_secret(context->random);
struct->put_bignum(context->dh_params->p);
@@ -337,15 +337,15 @@ object change_cipher_packet()
string hash_messages(string sender)
{
-
if(version[1] == 0) {
- return mac_md5(session->master_secret)->hash_master(handshake_messages + sender) +
- mac_sha(session->master_secret)->hash_master(handshake_messages + sender);
+ return .Cipher.MACmd5(session->master_secret)->hash_master(handshake_messages + sender) +
+ .Cipher.MACsha(session->master_secret)->hash_master(handshake_messages + sender);
}
else if(version[1] == 1) {
- return prf(session->master_secret,sender,mac_md5()->hash_raw(handshake_messages)+mac_sha()->hash_raw(handshake_messages),12);
+ return .Cipher.prf(session->master_secret, sender,
+ .Cipher.MACmd5()->hash_raw(handshake_messages)+
+ .Cipher.MACsha()->hash_raw(handshake_messages),12);
}
-
}
object finished_packet(string sender)
@@ -455,8 +455,8 @@ string server_derive_master_secret(string data)
}
string res = "";
- object sha = mac_sha();
- object md5 = mac_md5();
+ .Cipher.MACsha sha = .Cipher.MACsha();
+ .Cipher.MACmd5 md5 = .Cipher.MACmd5();
if(version[1] == 0) {
foreach( ({ "A", "BB", "CCC" }), string cookie)
@@ -465,7 +465,7 @@ string server_derive_master_secret(string data)
+ client_random + server_random));
}
else if(version[1] == 1) {
- res=prf(premaster_secret,"master secret",client_random+server_random,48);
+ res=.Cipher.prf(premaster_secret,"master secret",client_random+server_random,48);
}
#ifdef SSL3_DEBUG
@@ -478,8 +478,8 @@ string client_derive_master_secret(string premaster_secret)
{
string res = "";
- object sha = mac_sha();
- object md5 = mac_md5();
+ .Cipher.MACsha sha = .Cipher.MACsha();
+ .Cipher.MACmd5 md5 = .Cipher.MACmd5();
#ifdef SSL3_DEBUG
werror("Handshake.pike: in client_derive_master_secret is version[1]="+version[1]+"\n");
@@ -492,7 +492,7 @@ string client_derive_master_secret(string premaster_secret)
+ client_random + server_random));
}
else if(version[1] == 1) {
- res+=prf(premaster_secret,"master secret",client_random+server_random,48);
+ res+=.Cipher.prf(premaster_secret,"master secret",client_random+server_random,48);
}
#ifdef SSL3_DEBUG
@@ -511,8 +511,8 @@ mapping state_descriptions = lambda()
mapping type_descriptions = lambda()
{
- array inds = glob("HANDSHAKE_*", indices(SSL.constants));
- array vals = map(inds, lambda(string ind) { return SSL.constants()[ind]; });
+ array inds = glob("HANDSHAKE_*", indices(SSL.Constants));
+ array vals = map(inds, lambda(string ind) { return SSL.Constants()[ind]; });
return mkmapping(vals, inds);
}();
@@ -979,7 +979,7 @@ int(-1..1) handle_handshake(int type, string data, string raw)
if(public_key->type == "rsa")
{
- object rsa = Crypto.rsa();
+ Crypto.rsa rsa = Crypto.rsa();
rsa->set_public_key(public_key->rsa->get_n(), public_key->rsa->get_e());
context->rsa = rsa;
}
@@ -993,8 +993,7 @@ int(-1..1) handle_handshake(int type, string data, string raw)
}
};
- if(error)
-
+ if(error)
{
werror("Failed to decode certificate!\n");
send_packet(Alert(ALERT_fatal, ALERT_unexpected_message, version[1],
diff --git a/lib/modules/SSL.pmod/packet.pike b/lib/modules/SSL.pmod/packet.pike
index 6b1ae3a3ae87fdaeff4bb078e789eeedcedac105..80602ca1811df81101d422319b058f7cd93792dd 100644
--- a/lib/modules/SSL.pmod/packet.pike
+++ b/lib/modules/SSL.pmod/packet.pike
@@ -1,6 +1,6 @@
#pike __REAL_VERSION__
-/* $Id: packet.pike,v 1.13 2003/01/27 01:41:17 nilsson Exp $
+/* $Id: packet.pike,v 1.14 2003/01/27 15:03:00 nilsson Exp $
*
* SSL Record Layer
*/
@@ -8,8 +8,7 @@
//! SSL Record Layer. Handle formatting and parsing of packets.
-inherit "constants";
-
+import .Constants;
constant SUPPORT_V2 = 1;
diff --git a/lib/modules/SSL.pmod/session.pike b/lib/modules/SSL.pmod/session.pike
index be74d613758bfdd4d63130b004b06dbc33b84dc5..483ac66b702ebb5bc8f458fd346193cd7494be96 100644
--- a/lib/modules/SSL.pmod/session.pike
+++ b/lib/modules/SSL.pmod/session.pike
@@ -1,6 +1,6 @@
#pike __REAL_VERSION__
-/* $Id: session.pike,v 1.22 2003/01/27 01:41:17 nilsson Exp $
+/* $Id: session.pike,v 1.23 2003/01/27 15:03:00 nilsson Exp $
*
*/
@@ -15,8 +15,7 @@
//! It is also possible to change to a new session in the middle of a
//! connection.
-
-inherit "cipher" : cipher;
+import .Constants;
//! Identifies the session to the server
string identity;
@@ -48,7 +47,7 @@ array(string) server_certificate_chain;
//!
void set_cipher_suite(int suite,int version)
{
- array res = cipher::lookup(suite,version);
+ array res = .Cipher.lookup(suite,version);
cipher_suite = suite;
ke_method = res[0];
cipher_spec = res[1];
@@ -79,8 +78,8 @@ string generate_key_block(string client_random, string server_random,array(int)
cipher_spec->iv_size)
#endif /* !WEAK_CRYPTO_40BIT (magic comment) */
);
- object sha = mac_sha();
- object md5 = mac_md5();
+ .Cipher.MACsha sha = .Cipher.MACsha();
+ .Cipher.MACmd5 md5 = .Cipher.MACmd5();
int i = 0;
string key = "";
@@ -97,8 +96,7 @@ string generate_key_block(string client_random, string server_random,array(int)
server_random + client_random));
}
} else if(version[1]==1) {
- key=prf(master_secret,"key expansion",server_random+client_random,required);
-
+ key=.Cipher.prf(master_secret,"key expansion",server_random+client_random,required);
}
#ifdef SSL3_DEBUG
werror("key_block: %O\n", key);
@@ -119,7 +117,6 @@ void printKey(string name , string key) {
res+="\n";
werror(res);
}
-
#endif
array generate_keys(string client_random, string server_random,array(int) version)
@@ -142,7 +139,7 @@ array generate_keys(string client_random, string server_random,array(int) versio
{
if(version[1]==0) {
//SSL3.0
- object md5 = mac_md5()->hash_raw;
+ .Cipher.MACmd5 md5 = .Cipher.MACmd5()->hash_raw;
keys[2] = md5(key_data->get_fix_string(5) +
client_random + server_random)
@@ -160,10 +157,13 @@ array generate_keys(string client_random, string server_random,array(int) versio
//TLS1.0
string client_wkey= key_data->get_fix_string(5);
string server_wkey= key_data->get_fix_string(5);
- keys[2] = prf(client_wkey,"client write key",client_random+server_random,cipher_spec->key_material);
- keys[3] = prf(server_wkey,"server write key",client_random+server_random,cipher_spec->key_material);
+ keys[2] = .Cipher.prf(client_wkey, "client write key",
+ client_random+server_random, cipher_spec->key_material);
+ keys[3] = .Cipher.prf(server_wkey, "server write key",
+ client_random+server_random, cipher_spec->key_material);
if(cipher_spec->iv_size) {
- string iv_block=prf("","IV block",client_random+server_random,2*cipher_spec->iv_size);
+ string iv_block = .Cipher.prf("", "IV block", client_random+server_random,
+ 2*cipher_spec->iv_size);
keys[4]=iv_block[..cipher_spec->iv_size-1];
keys[5]=iv_block[cipher_spec->iv_size..];
werror("sizeof(keys[4]):"+sizeof(keys[4])+" sizeof(keys[5]):"+sizeof(keys[4])+"\n");
@@ -215,8 +215,8 @@ array generate_keys(string client_random, string server_random,array(int) versio
//! @endarray
array new_server_states(string client_random, string server_random,array(int) version)
{
- object write_state = State(this_object());
- object read_state = State(this_object());
+ State write_state = State(this_object());
+ State read_state = State(this_object());
array keys = generate_keys(client_random, server_random,version);
if (cipher_spec->mac_algorithm)
@@ -256,8 +256,8 @@ array new_server_states(string client_random, string server_random,array(int) ve
//! @endarray
array new_client_states(string client_random, string server_random,array(int) version)
{
- object write_state = State(this_object());
- object read_state = State(this_object());
+ State write_state = State(this_object());
+ State read_state = State(this_object());
array keys = generate_keys(client_random, server_random,version);
if (cipher_spec->mac_algorithm)
diff --git a/lib/modules/SSL.pmod/sslfile.pike b/lib/modules/SSL.pmod/sslfile.pike
index 4029a570cd481eb881d79c50144f1e84d6ef78c7..e95c8d143b4f493968a9df506bfd2612bf85cb46 100644
--- a/lib/modules/SSL.pmod/sslfile.pike
+++ b/lib/modules/SSL.pmod/sslfile.pike
@@ -1,11 +1,12 @@
#pike __REAL_VERSION__
-/* $Id: sslfile.pike,v 1.52 2003/01/27 01:41:17 nilsson Exp $
+/* $Id: sslfile.pike,v 1.53 2003/01/27 15:03:00 nilsson Exp $
*
*/
//! Interface similar to Stdio.File.
+import .Constants;
inherit "connection" : connection;
#ifdef SSL3_DEBUG_TRANSPORT
diff --git a/lib/modules/SSL.pmod/state.pike b/lib/modules/SSL.pmod/state.pike
index 0afd15118961e60405c937aa6dc6e72bbc00bba7..09cb6f49e7a5970aae8aeefa3eeff4d216ff19eb 100644
--- a/lib/modules/SSL.pmod/state.pike
+++ b/lib/modules/SSL.pmod/state.pike
@@ -1,6 +1,6 @@
#pike __REAL_VERSION__
-/* $Id: state.pike,v 1.16 2003/01/27 01:41:17 nilsson Exp $
+/* $Id: state.pike,v 1.17 2003/01/27 15:03:00 nilsson Exp $
*
*/
@@ -9,7 +9,7 @@
//! stream of packets, and operates in either decryption or encryption
//! mode.
-inherit "constants";
+import .Constants;
//! Information about the used algorithms.
object session;