summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaiki Ueno <dueno@redhat.com>2017-11-24 10:34:26 +0100
committerNikos Mavrogiannopoulos <nmav@redhat.com>2018-02-19 15:29:35 +0100
commitfab15d705a024e780493b9c8907a577e7cef838a (patch)
tree74cabb4932628769f1bbe3fd02e86c9c22ffb6da /lib
parent0d850655c92e5d52a531c8a958cc5a0c3e125609 (diff)
downloadgnutls-fab15d705a024e780493b9c8907a577e7cef838a.tar.gz
_tls13_derive_secret: define secret argument
TLS 1.3 exporters need to derive a secret from exporter_master_secret or early_exporter_master_secret, not the handshake or application secret stored in temp_secret. Add a new argument @secret to _tls13_derive_secret to specify any secret. Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/constate.c2
-rw-r--r--lib/handshake-tls13.c3
-rw-r--r--lib/handshake.c6
-rw-r--r--lib/secrets.c23
-rw-r--r--lib/secrets.h9
5 files changed, 18 insertions, 25 deletions
diff --git a/lib/constate.c b/lib/constate.c
index db4aa6561a..c0967f7f0a 100644
--- a/lib/constate.c
+++ b/lib/constate.c
@@ -226,6 +226,7 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, record_parameters_st
ret = _tls13_derive_secret(session, label, label_size,
session->internals.handshake_hash_buffer.data,
hsk_len,
+ session->key.temp_secret,
session->key.hs_ckey);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -251,6 +252,7 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, record_parameters_st
ret = _tls13_derive_secret(session, label, label_size,
session->internals.handshake_hash_buffer.data,
hsk_len,
+ session->key.temp_secret,
session->key.hs_skey);
if (ret < 0)
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c
index 5776d310c4..2c03d7bb71 100644
--- a/lib/handshake-tls13.c
+++ b/lib/handshake-tls13.c
@@ -144,7 +144,8 @@ static int generate_ap_traffic_keys(gnutls_session_t session)
uint8_t zero[MAX_HASH_SIZE];
ret = _tls13_derive_secret(session, DERIVED_LABEL, sizeof(DERIVED_LABEL)-1,
- NULL, 0, session->key.temp_secret);
+ NULL, 0, session->key.temp_secret,
+ session->key.temp_secret);
if (ret < 0)
return gnutls_assert_val(ret);
diff --git a/lib/handshake.c b/lib/handshake.c
index 79713b65e1..8470c439b5 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -1704,7 +1704,8 @@ read_server_hello(gnutls_session_t session,
return gnutls_assert_val(ret);
ret = _tls13_derive_secret(session, DERIVED_LABEL, sizeof(DERIVED_LABEL)-1,
- NULL, 0, session->key.temp_secret);
+ NULL, 0, session->key.temp_secret,
+ session->key.temp_secret);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -2065,7 +2066,8 @@ int _gnutls_send_server_hello(gnutls_session_t session, int again)
if (vers->tls13_sem) {
ret = _tls13_derive_secret(session, DERIVED_LABEL, sizeof(DERIVED_LABEL)-1,
- NULL, 0, session->key.temp_secret);
+ NULL, 0, session->key.temp_secret,
+ session->key.temp_secret);
if (ret < 0) {
gnutls_assert();
goto fail;
diff --git a/lib/secrets.c b/lib/secrets.c
index 2f0750dc92..1042fba2c5 100644
--- a/lib/secrets.c
+++ b/lib/secrets.c
@@ -61,12 +61,11 @@ int _tls13_update_secret(gnutls_session_t session, const uint8_t *key, size_t ke
session->key.temp_secret);
}
-static
-int _tls13_expand_hash_secret(gnutls_session_t session,
+/* Derive-Secret(Secret, Label, Messages) */
+int _tls13_derive_secret(gnutls_session_t session,
const char *label, unsigned label_size,
const uint8_t *tbh, size_t tbh_size,
- const uint8_t secret[MAX_CIPHER_KEY_SIZE],
- unsigned out_size,
+ const uint8_t secret[MAX_HASH_SIZE],
void *out)
{
uint8_t digest[MAX_HASH_SIZE];
@@ -81,14 +80,14 @@ int _tls13_expand_hash_secret(gnutls_session_t session,
if (ret < 0)
return gnutls_assert_val(ret);
- return _tls13_expand_secret(session, label, label_size, digest, digest_size, secret, out_size, out);
+ return _tls13_expand_secret(session, label, label_size, digest, digest_size, secret, digest_size, out);
}
/* HKDF-Expand-Label(Secret, Label, HashValue, Length) */
int _tls13_expand_secret(gnutls_session_t session,
const char *label, unsigned label_size,
const uint8_t *msg, size_t msg_size,
- const uint8_t secret[MAX_CIPHER_KEY_SIZE],
+ const uint8_t secret[MAX_HASH_SIZE],
unsigned out_size,
void *out)
{
@@ -161,15 +160,3 @@ int _tls13_expand_secret(gnutls_session_t session,
_gnutls_buffer_clear(&str);
return ret;
}
-
-/* Derive-Secret(Secret, Label, Messages) */
-int _tls13_derive_secret(gnutls_session_t session,
- const char *label, unsigned label_size,
- const uint8_t *msg, size_t msg_size,
- void *out)
-{
- return _tls13_expand_hash_secret(session, label, label_size, msg, msg_size,
- session->key.temp_secret,
- session->key.temp_secret_size,
- out);
-}
diff --git a/lib/secrets.h b/lib/secrets.h
index b80af974a6..0dcdcf7c9c 100644
--- a/lib/secrets.h
+++ b/lib/secrets.h
@@ -26,14 +26,15 @@
int _tls13_init_secret(gnutls_session_t session, const uint8_t *psk, size_t psk_size);
int _tls13_update_secret(gnutls_session_t session, const uint8_t *key, size_t key_size);
int _tls13_derive_secret(gnutls_session_t session,
- const char *label, unsigned label_size,
- const uint8_t *msg, size_t msg_size,
- void *out /* of enough length to hold PRF MAC */);
+ const char *label, unsigned label_size,
+ const uint8_t *msg, size_t msg_size,
+ const uint8_t secret[MAX_HASH_SIZE],
+ void *out /* of enough length to hold PRF MAC */);
int _tls13_expand_secret(gnutls_session_t session,
const char *label, unsigned label_size,
const uint8_t *msg, size_t msg_size,
- const uint8_t secret[MAX_CIPHER_KEY_SIZE],
+ const uint8_t secret[MAX_HASH_SIZE],
unsigned out_size,
void *out);