aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-08-02 18:29:37 +0000
committerlloyd <[email protected]>2012-08-02 18:29:37 +0000
commit3afca900a272114ab6d4b1c12ddbc2c2ce6cbf3b (patch)
tree32dd3ae6a1e69ff70baa270dd93615e8ae97c48b
parent8945ad6c6647dccce403e0093e0f134537e2d3f4 (diff)
Add TLS::Protocol_Version::supports_ciphersuite_specific_prf
-rw-r--r--src/tls/tls_handshake_hash.cpp11
-rw-r--r--src/tls/tls_handshake_state.cpp8
-rw-r--r--src/tls/tls_version.cpp6
-rw-r--r--src/tls/tls_version.h5
4 files changed, 16 insertions, 14 deletions
diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp
index fd9d93bb2..ba3ee52db 100644
--- a/src/tls/tls_handshake_hash.cpp
+++ b/src/tls/tls_handshake_hash.cpp
@@ -25,20 +25,15 @@ secure_vector<byte> Handshake_Hash::final(Protocol_Version version,
std::unique_ptr<HashFunction> hash;
- if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11)
+ if(version.supports_ciphersuite_specific_prf())
{
- hash.reset(af.make_hash_function("TLS.Digest.0"));
- }
- else if(version == Protocol_Version::TLS_V12)
- {
- if(mac_algo == "MD5" || mac_algo == "SHA-1" || mac_algo == "SHA-256")
+ if(mac_algo == "MD5" || mac_algo == "SHA-1")
hash.reset(af.make_hash_function("SHA-256"));
else
hash.reset(af.make_hash_function(mac_algo));
}
else
- throw TLS_Exception(Alert::PROTOCOL_VERSION,
- "Unknown version for handshake hashes");
+ hash.reset(af.make_hash_function("TLS.Digest.0"));
hash->update(data);
return hash->final();
diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp
index 304366719..d79ed15d4 100644
--- a/src/tls/tls_handshake_state.cpp
+++ b/src/tls/tls_handshake_state.cpp
@@ -157,14 +157,10 @@ KDF* Handshake_State::protocol_specific_prf()
{
return get_kdf("TLS-PRF");
}
- else if(version() == Protocol_Version::TLS_V12)
+ else if(version().supports_ciphersuite_specific_prf())
{
- if(suite.mac_algo() == "MD5" ||
- suite.mac_algo() == "SHA-1" ||
- suite.mac_algo() == "SHA-256")
- {
+ if(suite.mac_algo() == "MD5" || suite.mac_algo() == "SHA-1")
return get_kdf("TLS-12-PRF(SHA-256)");
- }
return get_kdf("TLS-12-PRF(" + suite.mac_algo() + ")");
}
diff --git a/src/tls/tls_version.cpp b/src/tls/tls_version.cpp
index f451da70e..32a408830 100644
--- a/src/tls/tls_version.cpp
+++ b/src/tls/tls_version.cpp
@@ -80,6 +80,12 @@ bool Protocol_Version::supports_explicit_cbc_ivs() const
m_version == Protocol_Version::DTLS_V12);
}
+bool Protocol_Version::supports_ciphersuite_specific_prf() const
+ {
+ return (m_version == Protocol_Version::TLS_V12 ||
+ m_version == Protocol_Version::DTLS_V12);
+ }
+
}
}
diff --git a/src/tls/tls_version.h b/src/tls/tls_version.h
index 8112b2a11..651eebafc 100644
--- a/src/tls/tls_version.h
+++ b/src/tls/tls_version.h
@@ -94,6 +94,11 @@ class BOTAN_DLL Protocol_Version
bool supports_explicit_cbc_ivs() const;
/**
+ * @return true if this version uses a ciphersuite specific PRF
+ */
+ bool supports_ciphersuite_specific_prf() const;
+
+ /**
* @return if this version is equal to other
*/
bool operator==(const Protocol_Version& other) const