From 031c1028eadff8e604f4951ce40bd989b558e3d7 Mon Sep 17 00:00:00 2001
From: Ander Juaristi
Date: Sat, 16 Dec 2017 13:37:48 +0100
Subject: secrets: Introduce _tls13_init_secret2()
Signed-off-by: Ander Juaristi
---
lib/ext/pre_shared_key.c | 6 +-----
lib/secrets.c | 27 ++++++++++++++++++++-------
lib/secrets.h | 4 ++++
3 files changed, 25 insertions(+), 12 deletions(-)
diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
index 8056882af1..8044dd6981 100644
--- a/lib/ext/pre_shared_key.c
+++ b/lib/ext/pre_shared_key.c
@@ -42,11 +42,7 @@ compute_binder_key(const mac_entry_st *prf,
uint8_t tmp_key[MAX_HASH_SIZE];
/* Compute HKDF-Extract(0, psk) */
- /* TODO try to use the existing functions here */
- ret = gnutls_hmac_fast(prf->id,
- "", 0,
- key, keylen,
- tmp_key);
+ ret = _tls13_init_secret2(prf, key, keylen, tmp_key);
if (ret < 0)
return ret;
diff --git a/lib/secrets.c b/lib/secrets.c
index 374e1bf1eb..f5f7307c06 100644
--- a/lib/secrets.c
+++ b/lib/secrets.c
@@ -31,25 +31,38 @@
/* HKDF-Extract(0,0) or HKDF-Extract(0, PSK) */
int _tls13_init_secret(gnutls_session_t session, const uint8_t *psk, size_t psk_size)
+{
+ session->key.proto.tls13.temp_secret_size = session->security_parameters.prf->output_size;
+
+ return _tls13_init_secret2(session->security_parameters.prf,
+ psk, psk_size,
+ session->key.proto.tls13.temp_secret);
+}
+
+int _tls13_init_secret2(const mac_entry_st *prf,
+ const uint8_t *psk, size_t psk_size,
+ void *out)
{
char buf[128];
- session->key.proto.tls13.temp_secret_size = session->security_parameters.prf->output_size;
+ if (unlikely(prf == NULL))
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
/* when no PSK, use the zero-value */
if (psk == NULL) {
- psk_size = session->key.proto.tls13.temp_secret_size;
+ psk_size = prf->output_size;
+
if (unlikely(psk_size >= sizeof(buf)))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
memset(buf, 0, psk_size);
- psk = (uint8_t*)buf;
+ psk = (uint8_t*) buf;
}
- return gnutls_hmac_fast(session->security_parameters.prf->id,
- "", 0,
- psk, psk_size,
- session->key.proto.tls13.temp_secret);
+ return gnutls_hmac_fast(prf->id,
+ "", 0,
+ psk, psk_size,
+ out);
}
/* HKDF-Extract(Prev-Secret, key) */
diff --git a/lib/secrets.h b/lib/secrets.h
index 8177e1dc5f..92255ceaa6 100644
--- a/lib/secrets.h
+++ b/lib/secrets.h
@@ -27,6 +27,10 @@
int _tls13_init_secret(gnutls_session_t session, const uint8_t *psk, size_t psk_size);
int _tls13_update_secret(gnutls_session_t session, const uint8_t *key, size_t key_size);
+int _tls13_init_secret2(const mac_entry_st *prf,
+ const uint8_t *psk, size_t psk_size,
+ void *out);
+
int _tls13_derive_secret(gnutls_session_t session,
const char *label, unsigned label_size,
const uint8_t *msg, size_t msg_size,
--
cgit v1.2.1