Change code based on comments

Move set_state function into client Add back export_key callback function in generate application keys Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-03 06:40:11 +00:00 · 2021-11-03 06:40:11 +00:00 · ac0385c08f
commit ac0385c08f
parent 8903bd97b0
3 changed files with 28 additions and 3 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -1605,7 +1605,14 @@ static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
 */
 static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
 {
-    return ( mbedtls_ssl_tls13_process_finished_in( ssl ) );
+    int ret;
+
+    ret = mbedtls_ssl_tls13_process_finished_in( ssl );
+    if( ret != 0 )
+        return( ret );
+
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+    return( 0 );
 }

 /*
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -983,8 +983,6 @@ static int ssl_tls13_postprocess_finished_in_cli( mbedtls_ssl_context *ssl )

    ssl->transform_application = transform_application;

-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
-
 cleanup:

    mbedtls_platform_zeroize( &traffic_keys, sizeof(mbedtls_ssl_key_set) );
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@ -1189,6 +1189,26 @@ int mbedtls_ssl_tls1_3_generate_application_keys(
                           app_secrets->server_application_traffic_secret_N,
                           md_size );

+    /*
+     * Export client/server application traffic secret 0
+     */
+    if( ssl->f_export_keys != NULL )
+    {
+        ssl->f_export_keys( ssl->p_export_keys,
+                MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
+                app_secrets->client_application_traffic_secret_N, md_size,
+                ssl->handshake->randbytes + 32,
+                ssl->handshake->randbytes,
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+
+        ssl->f_export_keys( ssl->p_export_keys,
+                MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
+                app_secrets->server_application_traffic_secret_N, md_size,
+                ssl->handshake->randbytes + 32,
+                ssl->handshake->randbytes,
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+    }
+
    MBEDTLS_SSL_DEBUG_BUF( 4, "client application_write_key:",
                              traffic_keys->client_write_key, keylen );
    MBEDTLS_SSL_DEBUG_BUF( 4, "server application write key",