diff options
| author | Ander Juaristi <a@juaristi.eus> | 2017-12-16 13:37:48 +0100 |
|---|---|---|
| committer | Ander Juaristi <a@juaristi.eus> | 2017-12-16 17:12:34 +0100 |
| commit | 031c1028eadff8e604f4951ce40bd989b558e3d7 (patch) | |
| tree | b8017dea19a3bf07115769115570f6d15628be58 | |
| parent | cdb1d028a4aaf61531e6e7d9d9a8759d5956daa9 (diff) | |
| download | gnutls-031c1028eadff8e604f4951ce40bd989b558e3d7.tar.gz | |
secrets: Introduce _tls13_init_secret2()
Signed-off-by: Ander Juaristi <a@juaristi.eus>
| -rw-r--r-- | lib/ext/pre_shared_key.c | 6 | ||||
| -rw-r--r-- | lib/secrets.c | 27 | ||||
| -rw-r--r-- | lib/secrets.h | 4 |
3 files changed, 25 insertions, 12 deletions
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c index 8056882af1..8044dd6981 100644 --- a/lib/ext/pre_shared_key.c +++ b/lib/ext/pre_shared_key.c @@ -42,11 +42,7 @@ compute_binder_key(const mac_entry_st *prf, uint8_t tmp_key[MAX_HASH_SIZE]; /* Compute HKDF-Extract(0, psk) */ - /* TODO try to use the existing functions here */ - ret = gnutls_hmac_fast(prf->id, - "", 0, - key, keylen, - tmp_key); + ret = _tls13_init_secret2(prf, key, keylen, tmp_key); if (ret < 0) return ret; diff --git a/lib/secrets.c b/lib/secrets.c index 374e1bf1eb..f5f7307c06 100644 --- a/lib/secrets.c +++ b/lib/secrets.c @@ -32,24 +32,37 @@ /* HKDF-Extract(0,0) or HKDF-Extract(0, PSK) */ int _tls13_init_secret(gnutls_session_t session, const uint8_t *psk, size_t psk_size) { + session->key.proto.tls13.temp_secret_size = session->security_parameters.prf->output_size; + + return _tls13_init_secret2(session->security_parameters.prf, + psk, psk_size, + session->key.proto.tls13.temp_secret); +} + +int _tls13_init_secret2(const mac_entry_st *prf, + const uint8_t *psk, size_t psk_size, + void *out) +{ char buf[128]; - session->key.proto.tls13.temp_secret_size = session->security_parameters.prf->output_size; + if (unlikely(prf == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); /* when no PSK, use the zero-value */ if (psk == NULL) { - psk_size = session->key.proto.tls13.temp_secret_size; + psk_size = prf->output_size; + if (unlikely(psk_size >= sizeof(buf))) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); memset(buf, 0, psk_size); - psk = (uint8_t*)buf; + psk = (uint8_t*) buf; } - return gnutls_hmac_fast(session->security_parameters.prf->id, - "", 0, - psk, psk_size, - session->key.proto.tls13.temp_secret); + return gnutls_hmac_fast(prf->id, + "", 0, + psk, psk_size, + out); } /* HKDF-Extract(Prev-Secret, key) */ diff --git a/lib/secrets.h b/lib/secrets.h index 8177e1dc5f..92255ceaa6 100644 --- a/lib/secrets.h +++ b/lib/secrets.h @@ -27,6 +27,10 @@ int _tls13_init_secret(gnutls_session_t session, const uint8_t *psk, size_t psk_size); int _tls13_update_secret(gnutls_session_t session, const uint8_t *key, size_t key_size); +int _tls13_init_secret2(const mac_entry_st *prf, + const uint8_t *psk, size_t psk_size, + void *out); + int _tls13_derive_secret(gnutls_session_t session, const char *label, unsigned label_size, const uint8_t *msg, size_t msg_size, |