From 384cc9d3daa9ccedb05262c6ee181460f621d752 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mois=C3=A9s=20Guimar=C3=A3es?= <moisesguimaraesm@gmail.com>
Date: Mon, 2 Dec 2013 16:01:55 -0300
Subject: [PATCH 1/2] adding truncated_hmac to tlsx

---
 configure.ac | 3 ++-
 src/tls.c    | 3 ---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index 34d37f647..d851731cf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1191,7 +1191,8 @@ if test "x$ENABLED_TLSX" = "xyes"
 then
 	ENABLED_SNI=yes
 	ENABLED_MAX_FRAGMENT=yes
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT"
+	ENABLED_TRUNCATED_HMAC=yes
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC"
 fi
 
 #valgrind
diff --git a/src/tls.c b/src/tls.c
index 3c07255e7..3d9a83a20 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1141,9 +1141,6 @@ static int TLSX_THM_Parse(CYASSL* ssl, byte* input, word16 length,
 
     ssl->truncated_hmac = 1;
 
-#error "TRUNCATED HMAC IS NOT FINISHED YET \
-(contact moises@wolfssl.com for more info)"
-
     return 0;
 }
 

From 0c1e02ddd04c1585c89b71919c0d5e1370e69c3e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mois=C3=A9s=20Guimar=C3=A3es?= <moisesguimaraesm@gmail.com>
Date: Mon, 2 Dec 2013 16:08:17 -0300
Subject: [PATCH 2/2] added truncated_hmac handing on SanityCheckCipherText,
 VerifyMac and BuildMessage

---
 cyassl/internal.h |  1 +
 src/internal.c    | 39 ++++++++++++++++++++++++++++++++-------
 2 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/cyassl/internal.h b/cyassl/internal.h
index 4d25bda6a..1d81f043a 100644
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@@ -608,6 +608,7 @@ enum Misc {
     CERT_HEADER_SZ        = 3,  /* always 3 bytes          */
     REQ_HEADER_SZ         = 2,  /* cert request header sz  */
     HINT_LEN_SZ           = 2,  /* length of hint size field */
+    TRUNCATED_HMAC_SZ     = 10, /* length of hmac w/ truncated hmac extension */
     HELLO_EXT_TYPE_SZ     = 2,  /* length of a hello extension type */
     HELLO_EXT_SZ          = 8,  /* total length of the lazy hello extensions */
     HELLO_EXT_LEN         = 6,  /* length of the lazy hello extensions */
diff --git a/src/internal.c b/src/internal.c
index 1c334794a..85e64f962 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -4267,23 +4267,27 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
 /* check cipher text size for sanity */
 static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz)
 {
-    word32 minLength = 0;
+#ifdef HAVE_TRUNCATED_HMAC
+    word32 minLength = ssl->truncated_hmac ? TRUNCATED_HMAC_SIZE
+                                           : ssl->specs.hash_size;
+#else
+    word32 minLength = ssl->specs.hash_size; /* covers stream */
+#endif
 
     if (ssl->specs.cipher_type == block) {
         if (encryptSz % ssl->specs.block_size) {
             CYASSL_MSG("Block ciphertext not block size");
             return SANITY_CIPHER_E;
         }
-        minLength = ssl->specs.hash_size + 1;  /* pad byte */
+
+        minLength++;  /* pad byte */
+
         if (ssl->specs.block_size > minLength)
             minLength = ssl->specs.block_size;
 
         if (ssl->options.tls1_1)
             minLength += ssl->specs.block_size;  /* explicit IV */
     }
-    else if (ssl->specs.cipher_type == stream) {
-        minLength = ssl->specs.hash_size;
-    }
     else if (ssl->specs.cipher_type == aead) {
         minLength = ssl->specs.block_size; /* explicit IV + implicit IV + CTR */
     }
@@ -4727,7 +4731,12 @@ static INLINE int VerifyMac(CYASSL* ssl, const byte* input, word32 msgSz,
     int    ret;
     word32 pad     = 0;
     word32 padByte = 0;
+#ifdef HAVE_TRUNCATED_HMAC
+    word32 digestSz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ
+                                          : ssl->specs.hash_size;
+#else
     word32 digestSz = ssl->specs.hash_size;
+#endif
     byte   verify[MAX_DIGEST_SIZE];
 
     if (ssl->specs.cipher_type == block) {
@@ -5312,7 +5321,12 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes)
 static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
                         int type)
 {
+#ifdef HAVE_TRUNCATED_HMAC
+    word32 digestSz = min(ssl->specs.hash_size,
+                ssl->truncated_hmac ? TRUNCATED_HMAC_SZ : ssl->specs.hash_size);
+#else
     word32 digestSz = ssl->specs.hash_size;
+#endif
     word32 sz = RECORD_HEADER_SZ + inSz + digestSz;                
     word32 pad  = 0, i;
     word32 idx  = RECORD_HEADER_SZ;
@@ -5388,8 +5402,19 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
 #endif
     }
     else {  
-        if (ssl->specs.cipher_type != aead)
-            ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz, type, 0);
+        if (ssl->specs.cipher_type != aead) {
+#ifdef HAVE_TRUNCATED_HMAC
+            if (ssl->truncated_hmac && ssl->specs.hash_size > digestSz) {
+                byte hmac[MAX_DIGEST_SIZE];
+
+                ssl->hmac(ssl, hmac, output + headerSz + ivSz, inSz, type, 0);
+
+                XMEMCPY(output + idx, hmac, digestSz);
+            } else
+#endif
+                ssl->hmac(ssl, output+idx, output + headerSz + ivSz, inSz,
+                                                                       type, 0);
+        }
 
         if ( (ret = Encrypt(ssl, output + headerSz, output+headerSz,size)) != 0)
             return ret;