Added support for GCM ciphersuites (not tested with other implementation).

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2011-02-04 11:02:30 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2011-02-06 22:05:53 +0100
commit: 74ff2e952564018a93d5930f2427cdf98266673b (patch)
tree: 0a611a4dc93b335f7226bb7a7e8b85e07c70672c /lib/gnutls_constate.c
parent: e971ba89e1fac6892ead5c2210e4687055cbad79 (diff)
download: gnutls-74ff2e952564018a93d5930f2427cdf98266673b.tar.gz
1 files changed, 14 insertions, 8 deletions
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index a3f2b028de..0546e92d32 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -291,14 +291,20 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
 }
 
 static int
-_gnutls_init_record_state (record_parameters_st * params, int read,
+_gnutls_init_record_state (record_parameters_st * params, int ver, int read,
                            record_state_st * state)
 {
   int ret;
+  gnutls_datum_t * iv = NULL;
 
-  ret = _gnutls_cipher_init (&state->cipher_state,
-                             params->cipher_algorithm,
-                             &state->key, &state->IV);
+  if (!_gnutls_version_has_explicit_iv(ver))
+    {
+      iv = &state->IV;
+    }
+
+  ret = _gnutls_auth_cipher_init (&state->cipher_state,
+    params->cipher_algorithm, &state->key, iv,
+    params->mac_algorithm, &state->mac_secret, (ver==GNUTLS_SSL3)?1:0);
   if (ret < 0 && params->cipher_algorithm != GNUTLS_CIPHER_NULL)
     return gnutls_assert_val (ret);
 
@@ -396,6 +402,7 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
   gnutls_compression_method_t comp_algo;
   record_parameters_st *params;
   int ret;
+  int ver = gnutls_protocol_get_version (session);
 
   ret = _gnutls_epoch_get (session, epoch, &params);
   if (ret < 0)
@@ -428,11 +435,11 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
   if (ret < 0)
     return gnutls_assert_val (ret);
 
-  ret = _gnutls_init_record_state (params, 1, &params->read);
+  ret = _gnutls_init_record_state (params, ver, 1, &params->read);
   if (ret < 0)
     return gnutls_assert_val (ret);
 
-  ret = _gnutls_init_record_state (params, 0, &params->write);
+  ret = _gnutls_init_record_state (params, ver, 0, &params->write);
   if (ret < 0)
     return gnutls_assert_val (ret);
 
@@ -673,7 +680,6 @@ epoch_get_slot (gnutls_session_t session, uint16_t epoch)
       gnutls_assert ();
       return NULL;
     }
-
   /* The slot may still be empty (NULL) */
   return &session->record_parameters[epoch_index];
 }
@@ -783,7 +789,7 @@ free_record_state (record_state_st * state, int read)
   _gnutls_free_datum (&state->IV);
   _gnutls_free_datum (&state->key);
 
-  _gnutls_cipher_deinit (&state->cipher_state);
+  _gnutls_auth_cipher_deinit (&state->cipher_state);
 
   if (state->compression_state != NULL)
     _gnutls_comp_deinit (state->compression_state, read);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2011-02-04 11:02:30 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2011-02-06 22:05:53 +0100
commit	74ff2e952564018a93d5930f2427cdf98266673b (patch)
tree	0a611a4dc93b335f7226bb7a7e8b85e07c70672c /lib/gnutls_constate.c
parent	e971ba89e1fac6892ead5c2210e4687055cbad79 (diff)
download	gnutls-74ff2e952564018a93d5930f2427cdf98266673b.tar.gz