diff options
| author | Daiki Ueno <dueno@redhat.com> | 2017-11-24 10:34:26 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 15:29:35 +0100 |
| commit | fab15d705a024e780493b9c8907a577e7cef838a (patch) | |
| tree | 74cabb4932628769f1bbe3fd02e86c9c22ffb6da /lib/secrets.c | |
| parent | 0d850655c92e5d52a531c8a958cc5a0c3e125609 (diff) | |
| download | gnutls-fab15d705a024e780493b9c8907a577e7cef838a.tar.gz | |
_tls13_derive_secret: define secret argument
TLS 1.3 exporters need to derive a secret from exporter_master_secret
or early_exporter_master_secret, not the handshake or application
secret stored in temp_secret. Add a new argument @secret to
_tls13_derive_secret to specify any secret.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/secrets.c')
| -rw-r--r-- | lib/secrets.c | 23 |
1 files changed, 5 insertions, 18 deletions
diff --git a/lib/secrets.c b/lib/secrets.c index 2f0750dc92..1042fba2c5 100644 --- a/lib/secrets.c +++ b/lib/secrets.c @@ -61,12 +61,11 @@ int _tls13_update_secret(gnutls_session_t session, const uint8_t *key, size_t ke session->key.temp_secret); } -static -int _tls13_expand_hash_secret(gnutls_session_t session, +/* Derive-Secret(Secret, Label, Messages) */ +int _tls13_derive_secret(gnutls_session_t session, const char *label, unsigned label_size, const uint8_t *tbh, size_t tbh_size, - const uint8_t secret[MAX_CIPHER_KEY_SIZE], - unsigned out_size, + const uint8_t secret[MAX_HASH_SIZE], void *out) { uint8_t digest[MAX_HASH_SIZE]; @@ -81,14 +80,14 @@ int _tls13_expand_hash_secret(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); - return _tls13_expand_secret(session, label, label_size, digest, digest_size, secret, out_size, out); + return _tls13_expand_secret(session, label, label_size, digest, digest_size, secret, digest_size, out); } /* HKDF-Expand-Label(Secret, Label, HashValue, Length) */ int _tls13_expand_secret(gnutls_session_t session, const char *label, unsigned label_size, const uint8_t *msg, size_t msg_size, - const uint8_t secret[MAX_CIPHER_KEY_SIZE], + const uint8_t secret[MAX_HASH_SIZE], unsigned out_size, void *out) { @@ -161,15 +160,3 @@ int _tls13_expand_secret(gnutls_session_t session, _gnutls_buffer_clear(&str); return ret; } - -/* Derive-Secret(Secret, Label, Messages) */ -int _tls13_derive_secret(gnutls_session_t session, - const char *label, unsigned label_size, - const uint8_t *msg, size_t msg_size, - void *out) -{ - return _tls13_expand_hash_secret(session, label, label_size, msg, msg_size, - session->key.temp_secret, - session->key.temp_secret_size, - out); -} |