return TRUE;
}
+METHOD(tls_crypto_t, hash_handshake, bool,
+ private_tls_crypto_t *this, chunk_t *out)
+{
+ chunk_t hash;
+
+ if (!hash_data(this, this->handshake, &hash))
+ {
+ return FALSE;
+ }
+
+ chunk_free(&this->handshake);
+ append_handshake(this, TLS_MESSAGE_HASH, hash);
+
+ if (out)
+ {
+ *out = hash;
+ }
+ else
+ {
+ free(hash.ptr);
+ }
+ return TRUE;
+}
+
/**
* TLS 1.3 static part of the data the server signs (64 spaces followed by the
* context string "TLS 1.3, server CertificateVerify" and a 0 byte).
.create_ec_enumerator = _create_ec_enumerator,
.set_protection = _set_protection,
.append_handshake = _append_handshake,
+ .hash_handshake = _hash_handshake,
.sign = _sign,
.verify = _verify,
.sign_handshake = _sign_handshake,
void (*append_handshake)(tls_crypto_t *this,
tls_handshake_type_t type, chunk_t data);
+ /**
+ * Hash the stored handshake data and store it. It is optionally returned
+ * so it could be sent in a cookie extension.
+ *
+ * @param hash optionally returned hash (allocated)
+ */
+ bool (*hash_handshake)(tls_crypto_t *this, chunk_t *hash);
+
/**
* Sign a blob of data, append signature to writer.
*
projects / thirdparty / strongswan.git / commitdiff
