move calc_finished_tls_sha256

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-08-08 17:42:09 +03:00 · 2022-02-17 14:25:15 +08:00
parent d952669ad8
commit 615bd6f5b9
1 changed files with 77 additions and 76 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1009,82 +1009,6 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #if defined(MBEDTLS_SHA256_C)
 static void ssl_calc_finished_tls_sha256(
                mbedtls_ssl_context *ssl, unsigned char *buf, int from )
 {
    int len = 12;
    const char *sender;
    unsigned char padbuf[32];
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    size_t hash_size;
    psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT;
    psa_status_t status;
 #else
    mbedtls_sha256_context sha256;
 #endif
    mbedtls_ssl_session *session = ssl->session_negotiate;
    if( !session )
        session = ssl->session;
    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
             ? "client finished"
             : "server finished";
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    sha256_psa = psa_hash_operation_init();
    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) );
    status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
    if( status != PSA_SUCCESS )
    {
        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
        return;
    }
    status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size );
    if( status != PSA_SUCCESS )
    {
        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
        return;
    }
    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 );
 #else
    mbedtls_sha256_init( &sha256 );
    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished tls sha256" ) );
    mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
    /*
     * TLSv1.2:
     *   hash = PRF( master, finished_label,
     *               Hash( handshake ) )[0.11]
     */
 #if !defined(MBEDTLS_SHA256_ALT)
    MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
                   sha256.state, sizeof( sha256.state ) );
 #endif
    mbedtls_sha256_finish( &sha256, padbuf );
    mbedtls_sha256_free( &sha256 );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
    ssl->handshake->tls_prf( session->master, 48, sender,
                             padbuf, 32, buf, len );
    MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
    mbedtls_platform_zeroize(  padbuf, sizeof(  padbuf ) );
    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
 }
 #endif /* MBEDTLS_SHA256_C */
 #if defined(MBEDTLS_SHA384_C)
 static void ssl_calc_finished_tls_sha384(
@@ -7967,6 +7891,83 @@ exit:
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 #if defined(MBEDTLS_SHA256_C)
 static void ssl_calc_finished_tls_sha256(
                mbedtls_ssl_context *ssl, unsigned char *buf, int from )
 {
    int len = 12;
    const char *sender;
    unsigned char padbuf[32];
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    size_t hash_size;
    psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT;
    psa_status_t status;
 #else
    mbedtls_sha256_context sha256;
 #endif
    mbedtls_ssl_session *session = ssl->session_negotiate;
    if( !session )
        session = ssl->session;
    sender = ( from == MBEDTLS_SSL_IS_CLIENT )
             ? "client finished"
             : "server finished";
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    sha256_psa = psa_hash_operation_init();
    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) );
    status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
    if( status != PSA_SUCCESS )
    {
        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
        return;
    }
    status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size );
    if( status != PSA_SUCCESS )
    {
        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
        return;
    }
    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 );
 #else
    mbedtls_sha256_init( &sha256 );
    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc  finished tls sha256" ) );
    mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
    /*
     * TLSv1.2:
     *   hash = PRF( master, finished_label,
     *               Hash( handshake ) )[0.11]
     */
 #if !defined(MBEDTLS_SHA256_ALT)
    MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *)
                   sha256.state, sizeof( sha256.state ) );
 #endif
    mbedtls_sha256_finish( &sha256, padbuf );
    mbedtls_sha256_free( &sha256 );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
    ssl->handshake->tls_prf( session->master, 48, sender,
                             padbuf, 32, buf, len );
    MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
    mbedtls_platform_zeroize(  padbuf, sizeof(  padbuf ) );
    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc  finished" ) );
 }
 #endif /* MBEDTLS_SHA256_C */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 #endif /* MBEDTLS_SSL_TLS_C */