aboutsummaryrefslogtreecommitdiffstats
path: root/src/kdf/prf_tls
diff options
context:
space:
mode:
Diffstat (limited to 'src/kdf/prf_tls')
-rw-r--r--src/kdf/prf_tls/info.txt1
-rw-r--r--src/kdf/prf_tls/prf_tls.cpp25
-rw-r--r--src/kdf/prf_tls/prf_tls.h4
3 files changed, 20 insertions, 10 deletions
diff --git a/src/kdf/prf_tls/info.txt b/src/kdf/prf_tls/info.txt
index 9531a6a83..113c92251 100644
--- a/src/kdf/prf_tls/info.txt
+++ b/src/kdf/prf_tls/info.txt
@@ -1,4 +1,5 @@
define TLS_V10_PRF
+define TLS_V12_PRF
<requires>
hmac
diff --git a/src/kdf/prf_tls/prf_tls.cpp b/src/kdf/prf_tls/prf_tls.cpp
index 2b57cdd25..006b418c9 100644
--- a/src/kdf/prf_tls/prf_tls.cpp
+++ b/src/kdf/prf_tls/prf_tls.cpp
@@ -18,14 +18,23 @@ namespace {
/*
* TLS PRF P_hash function
*/
-void P_hash(MemoryRegion<byte>& output,
+void P_hash(secure_vector<byte>& output,
MessageAuthenticationCode* mac,
const byte secret[], size_t secret_len,
const byte seed[], size_t seed_len)
{
- mac->set_key(secret, secret_len);
+ try
+ {
+ mac->set_key(secret, secret_len);
+ }
+ catch(Invalid_Key_Length)
+ {
+ throw Internal_Error("The premaster secret of " +
+ std::to_string(secret_len) +
+ " bytes is too long for the PRF");
+ }
- SecureVector<byte> A(seed, seed_len);
+ secure_vector<byte> A(seed, seed + seed_len);
size_t offset = 0;
@@ -38,7 +47,7 @@ void P_hash(MemoryRegion<byte>& output,
mac->update(A);
mac->update(seed, seed_len);
- SecureVector<byte> block = mac->final();
+ secure_vector<byte> block = mac->final();
xor_buf(&output[offset], &block[0], this_block_len);
offset += this_block_len;
@@ -65,11 +74,11 @@ TLS_PRF::~TLS_PRF()
/*
* TLS PRF
*/
-SecureVector<byte> TLS_PRF::derive(size_t key_len,
+secure_vector<byte> TLS_PRF::derive(size_t key_len,
const byte secret[], size_t secret_len,
const byte seed[], size_t seed_len) const
{
- SecureVector<byte> output(key_len);
+ secure_vector<byte> output(key_len);
size_t S1_len = (secret_len + 1) / 2,
S2_len = (secret_len + 1) / 2;
@@ -94,11 +103,11 @@ TLS_12_PRF::~TLS_12_PRF()
delete hmac;
}
-SecureVector<byte> TLS_12_PRF::derive(size_t key_len,
+secure_vector<byte> TLS_12_PRF::derive(size_t key_len,
const byte secret[], size_t secret_len,
const byte seed[], size_t seed_len) const
{
- SecureVector<byte> output(key_len);
+ secure_vector<byte> output(key_len);
P_hash(output, hmac, secret, secret_len, seed, seed_len);
diff --git a/src/kdf/prf_tls/prf_tls.h b/src/kdf/prf_tls/prf_tls.h
index 5237f17c0..fce11eae0 100644
--- a/src/kdf/prf_tls/prf_tls.h
+++ b/src/kdf/prf_tls/prf_tls.h
@@ -20,7 +20,7 @@ namespace Botan {
class BOTAN_DLL TLS_PRF : public KDF
{
public:
- SecureVector<byte> derive(size_t key_len,
+ secure_vector<byte> derive(size_t key_len,
const byte secret[], size_t secret_len,
const byte seed[], size_t seed_len) const;
@@ -40,7 +40,7 @@ class BOTAN_DLL TLS_PRF : public KDF
class BOTAN_DLL TLS_12_PRF : public KDF
{
public:
- SecureVector<byte> derive(size_t key_len,
+ secure_vector<byte> derive(size_t key_len,
const byte secret[], size_t secret_len,
const byte seed[], size_t seed_len) const;