mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-23 16:20:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Implement hmac truncation

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-07-19 12:19:21 +02:00 committed by Paul Bakker
parent 57c2852807
commit 277f7f23e2
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/polarssl/ssl.h
View File

@ -150,6 +150,7 @@
#define SSL_TRUNC_HMAC_DISABLED 0 #define SSL_TRUNC_HMAC_DISABLED 0
#define SSL_TRUNC_HMAC_ENABLED 1 #define SSL_TRUNC_HMAC_ENABLED 1
#define SSL_TRUNCATED_HMAC_LEN 10 /* 80 bits, rfc 6066 section 7 */
/* /*
* Size of the input / output buffer. * Size of the input / output buffer.

8
library/ssl_tls.c
View File

@ -475,6 +475,14 @@ int ssl_derive_keys( ssl_context *ssl )
} }
transform->maclen = md_get_size( md_info ); transform->maclen = md_get_size( md_info );
/*
* If HMAC is to be truncated, we shall keep the leftmost bytes,
* (rfc 6066 page 13 or rfc 2104 section 4),
* so we only need to adjust the length here.
*/
if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
transform->maclen = SSL_TRUNCATED_HMAC_LEN;
} }
transform->keylen = cipher_info->key_length; transform->keylen = cipher_info->key_length;