tls13: add get_handshake_transcript

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-09 14:21:07 +08:00 · 2021-09-09 14:21:07 +08:00 · 24c0ec31f9
commit 24c0ec31f9
parent aafb21f320
2 changed files with 150 additions and 0 deletions
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -1493,6 +1493,13 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
                                               unsigned hs_type,
                                               size_t total_hs_len );

+/* Get handshake transcript */
+int mbedtls_ssl_tls13_get_handshake_transcript( mbedtls_ssl_context *ssl,
+                                                const mbedtls_md_type_t md,
+                                                unsigned char *dst,
+                                                size_t dst_len,
+                                                size_t *olen );
+
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /*
 * Write TLS 1.3 Signature Algorithm extension
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -6978,4 +6978,147 @@ exit:

 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */

+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+#if defined(MBEDTLS_SHA384_C)
+static int ssl_tls13_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl,
+                                                      unsigned char *dst,
+                                                      size_t dst_len,
+                                                      size_t *olen )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status;
+    psa_hash_operation_t sha384_psa = psa_hash_operation_init();
+
+    if( dst_len < 48 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
+    status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    }
+
+    status = psa_hash_finish( &sha384_psa, dst, dst_len, olen );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    }
+
+    *olen = 48;
+    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", dst, *olen );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+    return( 0 );
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+    int ret;
+    mbedtls_sha512_context sha512;
+
+    if( dst_len < 48 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    mbedtls_sha512_init( &sha512 );
+    mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
+
+    if( ( ret = mbedtls_sha512_finish( &sha512, dst ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha512_finish", ret );
+        goto exit;
+    }
+
+    *olen = 48;
+
+exit:
+
+    mbedtls_sha512_free( &sha512 );
+    return( ret );
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+}
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA256_C)
+static int ssl_tls13_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl,
+                                                      unsigned char *dst,
+                                                      size_t dst_len,
+                                                      size_t *olen )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status;
+    psa_hash_operation_t sha256_psa = psa_hash_operation_init();
+
+    if( dst_len < 32 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
+    status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    }
+
+    status = psa_hash_finish( &sha256_psa, dst, dst_len, olen );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    }
+
+    *olen = 32;
+    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", dst, *olen );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+    return( 0 );
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+    int ret;
+    mbedtls_sha256_context sha256;
+
+    if( dst_len < 32 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    mbedtls_sha256_init( &sha256 );
+    mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
+
+    if( ( ret = mbedtls_sha256_finish( &sha256, dst ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha256_finish", ret );
+        goto exit;
+    }
+
+    *olen = 32;
+
+exit:
+
+    mbedtls_sha256_free( &sha256 );
+    return( ret );
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+}
+#endif /* MBEDTLS_SHA256_C */
+
+int mbedtls_ssl_tls13_get_handshake_transcript( mbedtls_ssl_context *ssl,
+                                                const mbedtls_md_type_t md,
+                                                unsigned char *dst,
+                                                size_t dst_len,
+                                                size_t *olen )
+{
+#if defined(MBEDTLS_SHA384_C)
+    if( md == MBEDTLS_MD_SHA384 )
+    {
+        return( ssl_tls13_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) );
+    }
+    else
+#endif /* MBEDTLS_SHA512_C */
+#if defined(MBEDTLS_SHA256_C)
+    if( md == MBEDTLS_MD_SHA256 )
+    {
+        return( ssl_tls13_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) );
+    }
+    else
+#endif /* MBEDTLS_SHA256_C */
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 #endif /* MBEDTLS_SSL_TLS_C */