diff options
Diffstat (limited to 'crypto/src')
| -rw-r--r-- | crypto/src/crypto/tls/ExporterLabel.cs | 5 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/TlsUtilities.cs | 18 |
2 files changed, 13 insertions, 10 deletions
diff --git a/crypto/src/crypto/tls/ExporterLabel.cs b/crypto/src/crypto/tls/ExporterLabel.cs index f301ea3c0..280321e2a 100644 --- a/crypto/src/crypto/tls/ExporterLabel.cs +++ b/crypto/src/crypto/tls/ExporterLabel.cs @@ -28,5 +28,10 @@ namespace Org.BouncyCastle.Crypto.Tls * RFC 5764 */ public const string dtls_srtp = "EXTRACTOR-dtls_srtp"; + + /* + * draft-ietf-tls-session-hash-01 + */ + public static readonly string extended_master_secret = "extended master secret"; } } diff --git a/crypto/src/crypto/tls/TlsUtilities.cs b/crypto/src/crypto/tls/TlsUtilities.cs index bbd3e880d..29310100a 100644 --- a/crypto/src/crypto/tls/TlsUtilities.cs +++ b/crypto/src/crypto/tls/TlsUtilities.cs @@ -871,22 +871,20 @@ namespace Org.BouncyCastle.Crypto.Tls { SecurityParameters securityParameters = context.SecurityParameters; - byte[] seed; - if (securityParameters.extendedMasterSecret) - { - seed = securityParameters.SessionHash; - } - else - { - seed = Concat(securityParameters.ClientRandom, securityParameters.ServerRandom); - } + byte[] seed = securityParameters.extendedMasterSecret + ? securityParameters.SessionHash + : Concat(securityParameters.ClientRandom, securityParameters.ServerRandom); if (IsSsl(context)) { return CalculateMasterSecret_Ssl(pre_master_secret, seed); } - return PRF(context, pre_master_secret, ExporterLabel.master_secret, seed, 48); + string asciiLabel = securityParameters.extendedMasterSecret + ? ExporterLabel.extended_master_secret + : ExporterLabel.master_secret; + + return PRF(context, pre_master_secret, asciiLabel, seed, 48); } internal static byte[] CalculateMasterSecret_Ssl(byte[] pre_master_secret, byte[] random) |