Detect when truncated_hmac has been negotiated and apply truncation in

TlsMac
author: Peter Dettman <peter.dettman@bouncycastle.org> 2013-06-20 12:04:48 +0400
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2013-06-20 12:04:48 +0400
commit: 364a39d62d3b3b9871997d68c82a4a4f6481a92d (patch)
tree: 5dbadd31d70aafa60c2f5c8e7c195769d23719fa /core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
parent: 67b110b7322e7056ac86cab9f8d289c82b76c758 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
index 077ee56d..018ec6d5 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
@@ -314,6 +314,8 @@ public class DTLSServerProtocol
     protected byte[] generateServerHello(ServerHandshakeState state)
         throws IOException
     {
+        SecurityParameters securityParameters = state.serverContext.getSecurityParameters();
+
         ByteArrayOutputStream buf = new ByteArrayOutputStream();
 
         ProtocolVersion server_version = state.server.getServerVersion();
@@ -330,7 +332,7 @@ public class DTLSServerProtocol
 
         TlsUtils.writeVersion(state.serverContext.getServerVersion(), buf);
 
-        buf.write(state.serverContext.getSecurityParameters().serverRandom);
+        buf.write(securityParameters.serverRandom);
 
         /*
          * The server may return an empty session_id to indicate that the session will not be cached
@@ -392,8 +394,11 @@ public class DTLSServerProtocol
 
         if (state.serverExtensions != null)
         {
+            securityParameters.truncatedHMac = TlsExtensionsUtils.hasTruncatedHMacExtension(state.serverExtensions);
+
             // TODO[RFC 3546] Should this code check that the 'extension_data' is empty?
             state.allowCertificateStatus = state.serverExtensions.containsKey(TlsExtensionsUtils.EXT_status_request);
+
             state.expectSessionTicket = state.serverExtensions.containsKey(TlsProtocol.EXT_SessionTicket);
 
             TlsProtocol.writeExtensions(buf, state.serverExtensions);
author	Peter Dettman <peter.dettman@bouncycastle.org>	2013-06-20 12:04:48 +0400
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2013-06-20 12:04:48 +0400
commit	364a39d62d3b3b9871997d68c82a4a4f6481a92d (patch)
tree	5dbadd31d70aafa60c2f5c8e7c195769d23719fa /core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
parent	67b110b7322e7056ac86cab9f8d289c82b76c758 (diff)