Support for getting channel binding data

2011-09-09 20:01:44 +02:00 · 2011-09-09 20:01:44 +02:00 · ace7324c7f
commit ace7324c7f
parent 2c6ef4d969
2 changed files with 31 additions and 0 deletions
--- a/src/SSLSocket.h
+++ b/src/SSLSocket.h
@ -43,4 +43,5 @@
 - (OFString*)privateKeyFile;
 - (void)setCertificateFile: (OFString*)file;
 - (OFString*)certificateFile;
+- (OFDataArray*)channelBindingDataWithType: (OFString*)type;
@end
--- a/src/SSLSocket.m
+++ b/src/SSLSocket.m
@ -25,12 +25,14 @@
 #include <assert.h>

 #import <ObjFW/OFHTTPRequest.h>
+#import <ObjFW/OFDataArray.h>

 #import "SSLSocket.h"

 #import <ObjFW/OFAcceptFailedException.h>
 #import <ObjFW/OFConnectionFailedException.h>
 #import <ObjFW/OFInitializationFailedException.h>
+#import <ObjFW/OFInvalidArgumentException.h>
 #import <ObjFW/OFNotConnectedException.h>
 #import <ObjFW/OFOutOfRangeException.h>
 #import <ObjFW/OFReadFailedException.h>
@ -277,4 +279,32 @@ static SSL_CTX *ctx;
 {
 	OF_GETTER(certificateFile, YES)
 }
+
+- (OFDataArray*)channelBindingDataWithType: (OFString*)type
+{
+	int length;
+	char buffer[64];
+	OFDataArray *data;
+
+	if (![type isEqual: @"tls-unique"])
+		@throw [OFInvalidArgumentException newWithClass: isa
+						       selector: _cmd];
+
+	if (SSL_session_reused(ssl) ^ !isListening) {
+		/*
+		 * We are either client or the session has been resumed
+		 * => we have sent the finished message
+		 */
+		length = SSL_get_finished(ssl, buffer, 64);
+	} else {
+		/* peer sent the finished message */
+		length = SSL_get_peer_finished(ssl, buffer, 64);
+	}
+
+	data = [OFDataArray dataArray];
+	[data addNItems: length
+	     fromCArray: buffer];
+
+	return data;
+}
@end