From 5deccd7833344b2ec11add8af4910c17eb834016 Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Thu, 19 Feb 2015 11:26:37 -0500
Subject: [PATCH] calculate MAC

---
 Reseed.cpp | 19 ++++++++++++++++---
 Reseed.h   |  2 ++
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/Reseed.cpp b/Reseed.cpp
index 00a3d99e..43a32ba2 100644
--- a/Reseed.cpp
+++ b/Reseed.cpp
@@ -3,7 +3,6 @@
 #include <sstream>
 #include <boost/regex.hpp>
 #include <boost/filesystem.hpp>
-#include <cryptopp/hmac.h>
 #include <cryptopp/asn.h>
 #include <cryptopp/base64.h>
 #include <cryptopp/crc.h>
@@ -648,12 +647,14 @@ namespace data
 			finishedPayload[1] = 0; finishedPayload[2] = 0; finishedPayload[3] = 0x0C; // 12 bytes
 			finishedHash.Final (finishedHashDigest);
 			PRF (masterSecret, "client finished", finishedHashDigest, 32, 12, finishedPayload + 4);
-			Encrypt (finishedPayload, 16, finishedHashDigest/*TODO*/, encryptedPayload);
+			uint8_t mac[32];
+			CalculateMACKey (0x16, 0, finishedPayload, 16, mac);
+			Encrypt (finishedPayload, 16, mac, encryptedPayload);
 			site.write ((char *)finished, sizeof (finished));
 			site.write ((char *)encryptedPayload, 80);
 			// read ChangeCipherSpecs
 			uint8_t changeCipherSpecs1[6];
-			site.read ((char *)changeCipherSpecs1, 6);	
+			site.read ((char *)changeCipherSpecs1, 6);
 			// read finished
 			site.read ((char *)&type, 1); 
 			site.read ((char *)&version, 2); 
@@ -718,6 +719,18 @@ namespace data
 		return len - 48 - in[len -1] - 1;
 	}
 
+	void TlsSession::CalculateMACKey (uint8_t type, uint64_t seqn, const uint8_t * buf, size_t len, uint8_t * mac)
+	{
+		uint8_t header[13]; // seqn (8) + type (1) + version (2) + length (2)
+		htobuf64 (header, seqn);
+		header[8] = type; header[9] = 3; header[10] = 3; // 3,3 means TLS 1.2 
+		htobuf16 (header + 11, len);
+		CryptoPP::HMAC<CryptoPP::SHA256> hmac (m_MacKey, 32);	
+		hmac.Update (header, 13);
+		hmac.Update (buf, len);
+		hmac.Final (mac);	
+	}
+
 	CryptoPP::RSA::PublicKey TlsSession::ExtractPublicKey (const uint8_t * certificate, size_t len)
 	{
 		CryptoPP::ByteQueue queue;
diff --git a/Reseed.h b/Reseed.h
index 3c67ff22..46d21b51 100644
--- a/Reseed.h
+++ b/Reseed.h
@@ -7,6 +7,7 @@
 #include <map>
 #include <cryptopp/osrng.h>
 #include <cryptopp/rsa.h>
+#include <cryptopp/hmac.h>
 #include "Identity.h"
 #include "aes.h"
 
@@ -57,6 +58,7 @@ namespace data
 			CryptoPP::RSA::PublicKey ExtractPublicKey (const uint8_t * certificate, size_t len);
 			void PRF (const uint8_t * secret, const char * label, const uint8_t * random, size_t randomLen,
 				size_t len, uint8_t * buf);
+			void CalculateMACKey (uint8_t type, uint64_t seqn, const uint8_t * buf, size_t len, uint8_t * mac);
 			size_t Encrypt (const uint8_t * in, size_t len, const uint8_t * mac, uint8_t * out);
 			size_t Decrypt (uint8_t * in, size_t len, uint8_t * out);