tls13: add generate handshake keys
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu
parent
f7946a6210
commit
61e35e0047
@ -508,6 +508,27 @@ struct mbedtls_ssl_key_set
|
||||
};
|
||||
typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned char binder_key [ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ];
|
||||
} mbedtls_ssl_tls1_3_early_secrets;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
|
||||
} mbedtls_ssl_tls1_3_handshake_secrets;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char exporter_master_secret [ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char resumption_master_secret [ MBEDTLS_MD_MAX_SIZE ];
|
||||
} mbedtls_ssl_tls1_3_application_secrets;
|
||||
|
||||
/*
|
||||
* This structure contains the parameters only needed during handshake.
|
||||
*/
|
||||
@ -715,6 +736,8 @@ struct mbedtls_ssl_handshake_params
|
||||
unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE];
|
||||
unsigned char app [MBEDTLS_TLS1_3_MD_MAX_SIZE];
|
||||
} tls1_3_master_secrets;
|
||||
|
||||
mbedtls_ssl_tls1_3_handshake_secrets tls1_3_hs_secrets;
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
|
||||
@ -846,4 +846,121 @@ int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/* mbedtls_ssl_tls1_3_generate_handshake_keys() generates keys necessary for
|
||||
* protecting the handshake messages, as described in Section 7 of TLS 1.3. */
|
||||
int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl,
|
||||
mbedtls_ssl_key_set *traffic_keys )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
mbedtls_md_type_t md_type;
|
||||
mbedtls_md_info_t const *md_info;
|
||||
size_t md_size;
|
||||
|
||||
unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
|
||||
size_t transcript_len;
|
||||
|
||||
mbedtls_cipher_info_t const *cipher_info;
|
||||
size_t keylen, ivlen;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls1_3_generate_handshake_keys" ) );
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_type(
|
||||
ssl->handshake->ciphersuite_info->cipher );
|
||||
keylen = cipher_info->key_bitlen >> 3;
|
||||
ivlen = cipher_info->iv_size;
|
||||
|
||||
md_type = ssl->handshake->ciphersuite_info->mac;
|
||||
md_info = mbedtls_md_info_from_type( md_type );
|
||||
md_size = mbedtls_md_get_size( md_info );
|
||||
|
||||
ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
|
||||
transcript,
|
||||
sizeof( transcript ),
|
||||
&transcript_len );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1,
|
||||
"mbedtls_ssl_get_handshake_transcript",
|
||||
ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ret = mbedtls_ssl_tls1_3_derive_handshake_secrets( md_type,
|
||||
ssl->handshake->tls1_3_master_secrets.handshake,
|
||||
transcript, transcript_len,
|
||||
&ssl->handshake->tls1_3_hs_secrets );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets",
|
||||
ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret",
|
||||
ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret,
|
||||
md_size );
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret",
|
||||
ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret,
|
||||
md_size );
|
||||
|
||||
/*
|
||||
* Export client handshake traffic secret
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||
if( ssl->f_export_keys != NULL )
|
||||
{
|
||||
ssl->f_export_keys( ssl->p_export_keys,
|
||||
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
|
||||
ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret,
|
||||
md_size,
|
||||
ssl->handshake->randbytes + 32,
|
||||
ssl->handshake->randbytes,
|
||||
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
|
||||
|
||||
ssl->f_export_keys( ssl->p_export_keys,
|
||||
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
|
||||
ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret,
|
||||
md_size,
|
||||
ssl->handshake->randbytes + 32,
|
||||
ssl->handshake->randbytes,
|
||||
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
|
||||
|
||||
ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
|
||||
ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret,
|
||||
ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret,
|
||||
md_size,
|
||||
keylen, ivlen, traffic_keys );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_key",
|
||||
traffic_keys->client_write_key,
|
||||
traffic_keys->key_len);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_key",
|
||||
traffic_keys->server_write_key,
|
||||
traffic_keys->key_len);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_iv",
|
||||
traffic_keys->client_write_iv,
|
||||
traffic_keys->iv_len);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_iv",
|
||||
traffic_keys->server_write_iv,
|
||||
traffic_keys->iv_len);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_generate_handshake_keys" ) );
|
||||
|
||||
exit:
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
|
||||
@ -70,27 +70,6 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels;
|
||||
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN \
|
||||
MBEDTLS_MD_MAX_SIZE
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned char binder_key [ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ];
|
||||
} mbedtls_ssl_tls1_3_early_secrets;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ];
|
||||
} mbedtls_ssl_tls1_3_handshake_secrets;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char exporter_master_secret [ MBEDTLS_MD_MAX_SIZE ];
|
||||
unsigned char resumption_master_secret [ MBEDTLS_MD_MAX_SIZE ];
|
||||
} mbedtls_ssl_tls1_3_application_secrets;
|
||||
|
||||
/* Maximum desired length for expanded key material generated
|
||||
* by HKDF-Expand-Label.
|
||||
*
|
||||
@ -553,4 +532,19 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
|
||||
*/
|
||||
int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief Compute TLS 1.3 handshake traffic keys.
|
||||
*
|
||||
* \param ssl The SSL context to operate on. This must be in
|
||||
* key schedule stage \c Handshake, see
|
||||
* mbedtls_ssl_tls13_key_schedule_stage_handshake().
|
||||
* \param traffic_keys The address at which to store the handshake traffic key
|
||||
* keys. This must be writable but may be uninitialized.
|
||||
*
|
||||
* \returns \c 0 on success.
|
||||
* \returns A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_ssl_tls1_3_generate_handshake_keys( mbedtls_ssl_context *ssl,
|
||||
mbedtls_ssl_key_set *traffic_keys );
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */
|
||||
|
||||
Loading…
Reference in New Issue
Block a user