/src/botan/src/lib/tls/msg_hello_verify.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * DTLS Hello Verify Request |
3 | | * (C) 2012 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #include <botan/tls_messages.h> |
9 | | #include <botan/mac.h> |
10 | | |
11 | | namespace Botan { |
12 | | |
13 | | namespace TLS { |
14 | | |
15 | | Hello_Verify_Request::Hello_Verify_Request(const std::vector<uint8_t>& buf) |
16 | 0 | { |
17 | 0 | if(buf.size() < 3) |
18 | 0 | throw Decoding_Error("Hello verify request too small"); |
19 | 0 | |
20 | 0 | Protocol_Version version(buf[0], buf[1]); |
21 | 0 |
|
22 | 0 | if(version != Protocol_Version::DTLS_V10 && |
23 | 0 | version != Protocol_Version::DTLS_V12) |
24 | 0 | { |
25 | 0 | throw Decoding_Error("Unknown version from server in hello verify request"); |
26 | 0 | } |
27 | 0 | |
28 | 0 | if(static_cast<size_t>(buf[2]) + 3 != buf.size()) |
29 | 0 | throw Decoding_Error("Bad length in hello verify request"); |
30 | 0 | |
31 | 0 | m_cookie.assign(buf.begin() + 3, buf.end()); |
32 | 0 | } |
33 | | |
34 | | Hello_Verify_Request::Hello_Verify_Request(const std::vector<uint8_t>& client_hello_bits, |
35 | | const std::string& client_identity, |
36 | | const SymmetricKey& secret_key) |
37 | 11.0k | { |
38 | 11.0k | std::unique_ptr<MessageAuthenticationCode> hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)"); |
39 | 11.0k | hmac->set_key(secret_key); |
40 | 11.0k | |
41 | 11.0k | hmac->update_be(static_cast<uint64_t>(client_hello_bits.size())); |
42 | 11.0k | hmac->update(client_hello_bits); |
43 | 11.0k | hmac->update_be(static_cast<uint64_t>(client_identity.size())); |
44 | 11.0k | hmac->update(client_identity); |
45 | 11.0k | |
46 | 11.0k | m_cookie.resize(hmac->output_length()); |
47 | 11.0k | hmac->final(m_cookie.data()); |
48 | 11.0k | } |
49 | | |
50 | | std::vector<uint8_t> Hello_Verify_Request::serialize() const |
51 | 11.0k | { |
52 | 11.0k | /* DTLS 1.2 server implementations SHOULD use DTLS version 1.0 |
53 | 11.0k | regardless of the version of TLS that is expected to be |
54 | 11.0k | negotiated (RFC 6347, section 4.2.1) |
55 | 11.0k | */ |
56 | 11.0k | |
57 | 11.0k | Protocol_Version format_version(Protocol_Version::DTLS_V10); |
58 | 11.0k | |
59 | 11.0k | std::vector<uint8_t> bits; |
60 | 11.0k | bits.push_back(format_version.major_version()); |
61 | 11.0k | bits.push_back(format_version.minor_version()); |
62 | 11.0k | bits.push_back(static_cast<uint8_t>(m_cookie.size())); |
63 | 11.0k | bits += m_cookie; |
64 | 11.0k | return bits; |
65 | 11.0k | } |
66 | | |
67 | | } |
68 | | |
69 | | } |