From 3afca900a272114ab6d4b1c12ddbc2c2ce6cbf3b Mon Sep 17 00:00:00 2001 From: lloyd Date: Thu, 2 Aug 2012 18:29:37 +0000 Subject: Add TLS::Protocol_Version::supports_ciphersuite_specific_prf --- src/tls/tls_handshake_hash.cpp | 11 +++-------- src/tls/tls_handshake_state.cpp | 8 ++------ src/tls/tls_version.cpp | 6 ++++++ src/tls/tls_version.h | 5 +++++ 4 files changed, 16 insertions(+), 14 deletions(-) (limited to 'src') diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index fd9d93bb2..ba3ee52db 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -25,20 +25,15 @@ secure_vector Handshake_Hash::final(Protocol_Version version, std::unique_ptr hash; - if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11) + if(version.supports_ciphersuite_specific_prf()) { - hash.reset(af.make_hash_function("TLS.Digest.0")); - } - else if(version == Protocol_Version::TLS_V12) - { - if(mac_algo == "MD5" || mac_algo == "SHA-1" || mac_algo == "SHA-256") + if(mac_algo == "MD5" || mac_algo == "SHA-1") hash.reset(af.make_hash_function("SHA-256")); else hash.reset(af.make_hash_function(mac_algo)); } else - throw TLS_Exception(Alert::PROTOCOL_VERSION, - "Unknown version for handshake hashes"); + hash.reset(af.make_hash_function("TLS.Digest.0")); hash->update(data); return hash->final(); diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 304366719..d79ed15d4 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -157,14 +157,10 @@ KDF* Handshake_State::protocol_specific_prf() { return get_kdf("TLS-PRF"); } - else if(version() == Protocol_Version::TLS_V12) + else if(version().supports_ciphersuite_specific_prf()) { - if(suite.mac_algo() == "MD5" || - suite.mac_algo() == "SHA-1" || - suite.mac_algo() == "SHA-256") - { + if(suite.mac_algo() == "MD5" || suite.mac_algo() == "SHA-1") return get_kdf("TLS-12-PRF(SHA-256)"); - } return get_kdf("TLS-12-PRF(" + suite.mac_algo() + ")"); } diff --git a/src/tls/tls_version.cpp b/src/tls/tls_version.cpp index f451da70e..32a408830 100644 --- a/src/tls/tls_version.cpp +++ b/src/tls/tls_version.cpp @@ -80,6 +80,12 @@ bool Protocol_Version::supports_explicit_cbc_ivs() const m_version == Protocol_Version::DTLS_V12); } +bool Protocol_Version::supports_ciphersuite_specific_prf() const + { + return (m_version == Protocol_Version::TLS_V12 || + m_version == Protocol_Version::DTLS_V12); + } + } } diff --git a/src/tls/tls_version.h b/src/tls/tls_version.h index 8112b2a11..651eebafc 100644 --- a/src/tls/tls_version.h +++ b/src/tls/tls_version.h @@ -93,6 +93,11 @@ class BOTAN_DLL Protocol_Version */ bool supports_explicit_cbc_ivs() const; + /** + * @return true if this version uses a ciphersuite specific PRF + */ + bool supports_ciphersuite_specific_prf() const; + /** * @return if this version is equal to other */ -- cgit v1.2.3