lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Add public API for tls_prf

Browse Source 
Add a public API for key derivation, introducing an enum for `tls_prf`
type.
This commit is contained in:
Ron Eldor
2019-05-12 14:54:30 +03:00
parent b7fd64ce2b
commit 51d3ab544f
5 changed files with 164 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
library/ssl_tls.c
View File

@ -751,6 +751,43 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
const unsigned char *secret, size_t slen,
const char *label,
const unsigned char *random, size_t rlen,
unsigned char *dstbuf, size_t dlen )
{
mbedtls_ssl_tls_prf_cb *tls_prf = NULL;
switch( prf )
{
#if defined(MBEDTLS_SSL_PROTO_SSL3)
case MBEDTLS_SSL_TLS_PRF_SSL3:
tls_prf = ssl3_prf;
break;
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
case MBEDTLS_SSL_TLS_PRF_TLS1:
tls_prf = tls1_prf;
break;
#endif
#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_SSL_TLS_PRF_SHA384:
tls_prf = tls_prf_sha384;
break;
#endif
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_SSL_TLS_PRF_SHA256:
tls_prf = tls_prf_sha256;
break;
#endif
default:
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) );
}
int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
{
int ret = 0;
@ -774,6 +811,10 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
* "The master secret is always exactly 48 bytes in length." */
size_t const master_secret_len = 48;
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
mbedtls_tls_prf_types tls_prf_type = MBEDTLS_SSL_TLS_PRF_NONE;
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
unsigned char session_hash[48];
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
@ -815,6 +856,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
handshake->tls_prf = ssl3_prf;
handshake->calc_verify = ssl_calc_verify_ssl;
handshake->calc_finished = ssl_calc_finished_ssl;
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
tls_prf_type = MBEDTLS_SSL_TLS_PRF_SSL3;
#endif
}
else
#endif
@ -824,6 +868,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
handshake->tls_prf = tls1_prf;
handshake->calc_verify = ssl_calc_verify_tls;
handshake->calc_finished = ssl_calc_finished_tls;
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
tls_prf_type = MBEDTLS_SSL_TLS_PRF_TLS1;
#endif
}
else
#endif
@ -835,6 +882,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
handshake->tls_prf = tls_prf_sha384;
handshake->calc_verify = ssl_calc_verify_tls_sha384;
handshake->calc_finished = ssl_calc_finished_tls_sha384;
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
tls_prf_type = MBEDTLS_SSL_TLS_PRF_SHA384;
#endif
}
else
#endif
@ -844,6 +894,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
handshake->tls_prf = tls_prf_sha256;
handshake->calc_verify = ssl_calc_verify_tls_sha256;
handshake->calc_finished = ssl_calc_finished_tls_sha256;
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
tls_prf_type = MBEDTLS_SSL_TLS_PRF_SHA256;
#endif
}
else
#endif
@ -1271,9 +1324,10 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
ssl->conf->f_export_keys_ext( ssl->conf->p_export_keys,
session->master, keyblk,
mac_key_len, keylen,
iv_copy_len, handshake->tls_prf,
iv_copy_len,
handshake->randbytes + 32,
handshake->randbytes );
handshake->randbytes,
tls_prf_type);
}
#endif