From 8944fb994b3a779544b016bd03a9c20d96cf9eac Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 14 Sep 2017 14:03:43 +0200 Subject: handshake: simplify by storing a pointer to PRF mac entry That way, we avoid multiple function calls to obtain information such as hash size, and other MAC properties. Signed-off-by: Nikos Mavrogiannopoulos --- lib/constate.c | 4 ++-- lib/gnutls_int.h | 5 +++-- lib/handshake.c | 13 ++++--------- lib/prf.c | 4 ++-- lib/secrets.c | 12 ++++++------ lib/state.h | 2 +- 6 files changed, 18 insertions(+), 22 deletions(-) diff --git a/lib/constate.c b/lib/constate.c index 58367a737f..2d2d91ff82 100644 --- a/lib/constate.c +++ b/lib/constate.c @@ -248,9 +248,9 @@ _gnutls_set_cipher_suite2(gnutls_session_t session, if (cs->prf == GNUTLS_MAC_UNKNOWN || _gnutls_mac_is_ok(mac_to_entry(cs->prf)) == 0) return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); - session->security_parameters.prf_mac = cs->prf; + session->security_parameters.prf = mac_to_entry(cs->prf); } else { - session->security_parameters.prf_mac = GNUTLS_MAC_MD5_SHA1; + session->security_parameters.prf = mac_to_entry(GNUTLS_MAC_MD5_SHA1); } session->security_parameters.cs = cs; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index ae2e7cba08..52c1c72e65 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -598,7 +598,8 @@ typedef struct { /* This is kept outside the ciphersuite entry as on certain * TLS versions we need a separate PRF MAC, i.e., MD5_SHA1. */ - gnutls_mac_algorithm_t prf_mac; + const mac_entry_st *prf; + uint8_t master_secret[GNUTLS_MASTER_SIZE]; uint8_t client_random[GNUTLS_RANDOM_SIZE]; uint8_t server_random[GNUTLS_RANDOM_SIZE]; @@ -636,7 +637,7 @@ typedef struct { uint8_t etm; /* Note: if you add anything in Security_Parameters struct, then - * also modify CPY_COMMON in gnutls_constate.c, and gnutls_session_pack.c, + * also modify CPY_COMMON in constate.c, and session_pack.c, * in order to save it in the session storage. */ diff --git a/lib/handshake.c b/lib/handshake.c index f75980585f..46540e1ebe 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -334,7 +334,7 @@ _gnutls_finished(gnutls_session_t session, int type, void *ret, else len = session->internals.handshake_hash_buffer_prev_len; - algorithm = session->security_parameters.prf_mac; + algorithm = session->security_parameters.prf->id; rc = _gnutls_hash_fast(algorithm, session->internals. handshake_hash_buffer.data, len, @@ -342,7 +342,7 @@ _gnutls_finished(gnutls_session_t session, int type, void *ret, if (rc < 0) return gnutls_assert_val(rc); - hash_len = _gnutls_hash_get_algo_len(mac_to_entry(algorithm)); + hash_len = session->security_parameters.prf->output_size; if (type == GNUTLS_SERVER) { mesg = SERVER_MSG; @@ -3135,7 +3135,6 @@ int _gnutls_handshake_get_session_hash(gnutls_session_t session, gnutls_datum_t { const version_entry_st *ver = get_version(session); int ret; - const mac_entry_st *me; uint8_t concat[2*MAX_HASH_SIZE]; if (unlikely(ver == NULL)) @@ -3147,12 +3146,8 @@ int _gnutls_handshake_get_session_hash(gnutls_session_t session, gnutls_datum_t return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); } - me = mac_to_entry(session->security_parameters.prf_mac); - if (me == NULL) - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - ret = - _gnutls_hash_fast((gnutls_digest_algorithm_t)me->id, + _gnutls_hash_fast((gnutls_digest_algorithm_t)session->security_parameters.prf->id, session->internals.handshake_hash_buffer. data, session->internals.handshake_hash_buffer_client_kx_len, @@ -3160,5 +3155,5 @@ int _gnutls_handshake_get_session_hash(gnutls_session_t session, gnutls_datum_t if (ret < 0) return gnutls_assert_val(ret); - return _gnutls_set_datum(shash, concat, me->output_size); + return _gnutls_set_datum(shash, concat, session->security_parameters.prf->output_size); } diff --git a/lib/prf.c b/lib/prf.c index d73e3402f1..7ac1090d92 100644 --- a/lib/prf.c +++ b/lib/prf.c @@ -69,7 +69,7 @@ gnutls_prf_raw(gnutls_session_t session, { int ret; - ret = _gnutls_prf_raw(session->security_parameters.prf_mac, + ret = _gnutls_prf_raw(session->security_parameters.prf->id, GNUTLS_MASTER_SIZE, session->security_parameters.master_secret, label_size, label, seed_size, (uint8_t *) seed, @@ -210,7 +210,7 @@ gnutls_prf(gnutls_session_t session, } ret = - _gnutls_prf_raw(session->security_parameters.prf_mac, + _gnutls_prf_raw(session->security_parameters.prf->id, GNUTLS_MASTER_SIZE, session->security_parameters.master_secret, label_size, label, seedsize, seed, diff --git a/lib/secrets.c b/lib/secrets.c index adffd8b6bb..f5a3433695 100644 --- a/lib/secrets.c +++ b/lib/secrets.c @@ -34,7 +34,7 @@ int _tls13_init_secret(gnutls_session_t session, const uint8_t *psk, size_t psk_ { char buf[128]; - session->key.temp_secret_size = gnutls_hmac_get_len(session->security_parameters.prf_mac); + session->key.temp_secret_size = session->security_parameters.prf->output_size; /* when no PSK, use the zero-value */ if (psk == NULL) { @@ -46,7 +46,7 @@ int _tls13_init_secret(gnutls_session_t session, const uint8_t *psk, size_t psk_ psk = (uint8_t*)buf; } - return gnutls_hmac_fast(session->security_parameters.prf_mac, + return gnutls_hmac_fast(session->security_parameters.prf->id, "", 0, psk, psk_size, session->key.temp_secret); @@ -55,7 +55,7 @@ int _tls13_init_secret(gnutls_session_t session, const uint8_t *psk, size_t psk_ /* HKDF-Extract(Prev-Secret, key) */ int _tls13_update_secret(gnutls_session_t session, const uint8_t *key, size_t key_size) { - return gnutls_hmac_fast(session->security_parameters.prf_mac, + return gnutls_hmac_fast(session->security_parameters.prf->id, session->key.temp_secret, session->key.temp_secret_size, key, key_size, session->key.temp_secret); @@ -71,12 +71,12 @@ int _tls13_expand_hash_secret(gnutls_session_t session, { uint8_t digest[MAX_HASH_SIZE]; int ret; - unsigned digest_size = gnutls_hmac_get_len(session->security_parameters.prf_mac); + unsigned digest_size = session->security_parameters.prf->output_size; if (unlikely(label_size >= sizeof(digest))) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - ret = gnutls_hash_fast((gnutls_digest_algorithm_t)session->security_parameters.prf_mac, + ret = gnutls_hash_fast((gnutls_digest_algorithm_t)session->security_parameters.prf->id, tbh, tbh_size, digest); if (ret < 0) return gnutls_assert_val(ret); @@ -120,7 +120,7 @@ int _tls13_expand_secret(gnutls_session_t session, goto cleanup; } - switch(session->security_parameters.prf_mac) { + switch(session->security_parameters.prf->id) { case GNUTLS_MAC_SHA256:{ struct hmac_sha256_ctx ctx; diff --git a/lib/state.h b/lib/state.h index 253af0e17c..712b5d747f 100644 --- a/lib/state.h +++ b/lib/state.h @@ -92,7 +92,7 @@ _gnutls_PRF(gnutls_session_t session, const char *label, int label_size, const uint8_t * seed, int seed_size, int total_bytes, void *ret) { - return _gnutls_prf_raw(session->security_parameters.prf_mac, + return _gnutls_prf_raw(session->security_parameters.prf->id, secret_size, secret, label_size, label, seed_size, seed, -- cgit v1.2.1