Implement extended master secret

2014-10-20 20:33:10 +02:00 · 2014-10-20 20:33:10 +02:00 · ada3030485
commit ada3030485
parent 367381fddd
2 changed files with 46 additions and 7 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -2326,12 +2326,6 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
        return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
    }

-    if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
-    {
-        SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
-        return( ret );
-    }
-
    ssl->out_msglen  = i + n;
    ssl->out_msgtype = SSL_MSG_HANDSHAKE;
    ssl->out_msg[0]  = SSL_HS_CLIENT_KEY_EXCHANGE;
@ -2356,9 +2350,16 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
 static int ssl_write_certificate_verify( ssl_context *ssl )
 {
    const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+    int ret;

    SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );

+    if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
+    {
+        SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
+        return( ret );
+    }
+
    if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
        ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
        ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
@ -2385,6 +2386,12 @@ static int ssl_write_certificate_verify( ssl_context *ssl )

    SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );

+    if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
+    {
+        SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
+        return( ret );
+    }
+
    if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
        ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
        ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -472,13 +472,45 @@ int ssl_derive_keys( ssl_context *ssl )

 #if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
        if( ssl->handshake->extended_ms == SSL_EXTENDED_MS_ENABLED )
+        {
+            unsigned char session_hash[48];
+            size_t hash_len;
+
            SSL_DEBUG_MSG( 3, ( "using extended master secret" ) );
-        // XXX to be continued, WIP
+
+            ssl->handshake->calc_verify( ssl, session_hash );
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+            if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+            {
+#if defined(POLARSSL_SHA512_C)
+                if( ssl->transform_negotiate->ciphersuite_info->mac ==
+                    POLARSSL_MD_SHA384 )
+                {
+                    hash_len = 48;
+                }
+                else
+#endif
+                    hash_len = 32;
+            }
+            else
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+                hash_len = 36;
+
+            SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len );
+
+            handshake->tls_prf( handshake->premaster, handshake->pmslen,
+                                "extended master secret",
+                                session_hash, hash_len, session->master, 48 );
+
+        }
+        else
 #endif
        handshake->tls_prf( handshake->premaster, handshake->pmslen,
                            "master secret",
                            handshake->randbytes, 64, session->master, 48 );

+
        polarssl_zeroize( handshake->premaster, sizeof(handshake->premaster) );
    }
    else