/src/botan/src/lib/tls/msg_hello_verify.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * DTLS Hello Verify Request |
3 | | * (C) 2012 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #include <botan/tls_messages.h> |
9 | | #include <botan/mac.h> |
10 | | |
11 | | namespace Botan { |
12 | | |
13 | | namespace TLS { |
14 | | |
15 | | Hello_Verify_Request::Hello_Verify_Request(const std::vector<uint8_t>& buf) |
16 | 0 | { |
17 | 0 | if(buf.size() < 3) |
18 | 0 | throw Decoding_Error("Hello verify request too small"); |
19 | | |
20 | 0 | Protocol_Version version(buf[0], buf[1]); |
21 | |
|
22 | 0 | if(!version.is_datagram_protocol()) |
23 | 0 | { |
24 | 0 | throw Decoding_Error("Unknown version from server in hello verify request"); |
25 | 0 | } |
26 | | |
27 | 0 | if(static_cast<size_t>(buf[2]) + 3 != buf.size()) |
28 | 0 | throw Decoding_Error("Bad length in hello verify request"); |
29 | | |
30 | 0 | m_cookie.assign(buf.begin() + 3, buf.end()); |
31 | 0 | } |
32 | | |
33 | | Hello_Verify_Request::Hello_Verify_Request(const std::vector<uint8_t>& client_hello_bits, |
34 | | const std::string& client_identity, |
35 | | const SymmetricKey& secret_key) |
36 | 3.65k | { |
37 | 3.65k | std::unique_ptr<MessageAuthenticationCode> hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)"); |
38 | 3.65k | hmac->set_key(secret_key); |
39 | | |
40 | 3.65k | hmac->update_be(static_cast<uint64_t>(client_hello_bits.size())); |
41 | 3.65k | hmac->update(client_hello_bits); |
42 | 3.65k | hmac->update_be(static_cast<uint64_t>(client_identity.size())); |
43 | 3.65k | hmac->update(client_identity); |
44 | | |
45 | 3.65k | m_cookie.resize(hmac->output_length()); |
46 | 3.65k | hmac->final(m_cookie.data()); |
47 | 3.65k | } |
48 | | |
49 | | std::vector<uint8_t> Hello_Verify_Request::serialize() const |
50 | 3.65k | { |
51 | | /* DTLS 1.2 server implementations SHOULD use DTLS version 1.0 |
52 | | regardless of the version of TLS that is expected to be |
53 | | negotiated (RFC 6347, section 4.2.1) |
54 | | */ |
55 | | |
56 | 3.65k | Protocol_Version format_version(254, 255); // DTLS 1.0 |
57 | | |
58 | 3.65k | std::vector<uint8_t> bits; |
59 | 3.65k | bits.push_back(format_version.major_version()); |
60 | 3.65k | bits.push_back(format_version.minor_version()); |
61 | 3.65k | bits.push_back(static_cast<uint8_t>(m_cookie.size())); |
62 | 3.65k | bits += m_cookie; |
63 | 3.65k | return bits; |
64 | 3.65k | } |
65 | | |
66 | | } |
67 | | |
68 | | } |