Detect when truncated_hmac has been negotiated and apply truncation in

TlsMac
author: Peter Dettman <peter.dettman@bouncycastle.org> 2013-06-20 12:04:48 +0400
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2013-06-20 12:04:48 +0400
commit: 364a39d62d3b3b9871997d68c82a4a4f6481a92d (patch)
tree: 5dbadd31d70aafa60c2f5c8e7c195769d23719fa /core/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java
parent: 67b110b7322e7056ac86cab9f8d289c82b76c758 (diff)
1 files changed, 22 insertions, 5 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java
index acea0cea..f9a90698 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java
@@ -17,13 +17,14 @@ public class TlsMac
     protected Mac mac;
     protected int digestBlockSize;
     protected int digestOverhead;
+    protected int macLength;
 
     /**
      * Generate a new instance of an TlsMac.
      *
      * @param context the TLS client context
      * @param digest  The digest to use.
-     * @param key     A byte-array where the key for this mac is located.
+     * @param key     A byte-array where the key for this MAC is located.
      * @param keyOff  The number of bytes to skip, before the key starts in the buffer.
      * @param len     The length of the key.
      */
@@ -69,6 +70,12 @@ public class TlsMac
         }
 
         this.mac.init(keyParameter);
+
+        this.macLength = mac.getMacSize();
+        if (context.getSecurityParameters().truncatedHMac)
+        {
+            this.macLength = Math.min(this.macLength, 10);
+        }
     }
 
     /**
@@ -80,11 +87,11 @@ public class TlsMac
     }
 
     /**
-     * @return The Keysize of the mac.
+     * @return The output length of this MAC.
      */
     public int getSize()
     {
-        return mac.getMacSize();
+        return macLength;
     }
 
     /**
@@ -115,7 +122,7 @@ public class TlsMac
 
         byte[] result = new byte[mac.getMacSize()];
         mac.doFinal(result, 0);
-        return result;
+        return truncate(result);
     }
 
     public byte[] calculateMacConstantTime(long seqNo, short type, byte[] message, int offset, int length,
@@ -147,9 +154,19 @@ public class TlsMac
         return result;
     }
 
-    private int getDigestBlockCount(int inputLength)
+    protected int getDigestBlockCount(int inputLength)
     {
         // NOTE: This calculation assumes a minimum of 1 pad byte
         return (inputLength + digestOverhead) / digestBlockSize;
     }
+
+    protected byte[] truncate(byte[] bs)
+    {
+        if (bs.length <= macLength)
+        {
+            return bs;
+        }
+
+        return Arrays.copyOf(bs, macLength);
+    }
 }
author	Peter Dettman <peter.dettman@bouncycastle.org>	2013-06-20 12:04:48 +0400
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2013-06-20 12:04:48 +0400
commit	364a39d62d3b3b9871997d68c82a4a4f6481a92d (patch)
tree	5dbadd31d70aafa60c2f5c8e7c195769d23719fa /core/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java
parent	67b110b7322e7056ac86cab9f8d289c82b76c758 (diff)