lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-03 20:33:16 +03:00
Code Activity

Implement hmac truncation

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard
2013-07-19 12:19:21 +02:00
committed by Paul Bakker
parent 57c2852807
commit 277f7f23e2
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/polarssl/ssl.h
View File

@@ -150,6 +150,7 @@
#define SSL_TRUNC_HMAC_DISABLED 0 #define SSL_TRUNC_HMAC_DISABLED 0
#define SSL_TRUNC_HMAC_ENABLED 1 #define SSL_TRUNC_HMAC_ENABLED 1
#define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
/* /*
* Size of the input / output buffer. * Size of the input / output buffer.

8
library/ssl_tls.c
View File

@@ -475,6 +475,14 @@ int ssl_derive_keys( ssl_context *ssl )
} }
transform->maclen = md_get_size( md_info ); transform->maclen = md_get_size( md_info );
/*
* If HMAC is to be truncated, we shall keep the leftmost bytes,
* (rfc 6066 page 13 or rfc 2104 section 4),
* so we only need to adjust the length here.
*/
if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
transform->maclen = SSL_TRUNCATED_HMAC_LEN;
} }
transform->keylen = cipher_info->key_length; transform->keylen = cipher_info->key_length;