From 05402110786596529c0ee43d3784f341a5bd3ccd Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 13 Dec 2022 18:50:42 +0800 Subject: [PATCH 1/3] Enhancement: change some functions to static in ssl_tls13_keys.c Since some functions are only used in ssl_tls13_keys.c not by any other modules, those functions are changed to static. Signed-off-by: Yanray Wang --- library/ssl_tls13_keys.c | 81 +++++++++++++++++++++++++++++++++++----- library/ssl_tls13_keys.h | 70 ---------------------------------- 2 files changed, 72 insertions(+), 79 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index ecfdab318d..733a7509bd 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -644,7 +644,24 @@ int mbedtls_ssl_tls13_derive_resumption_master_secret( return 0; } -int mbedtls_ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl) +/** + * \brief Transition into application stage of TLS 1.3 key schedule. + * + * The TLS 1.3 key schedule can be viewed as a simple state machine + * with states Initial -> Early -> Handshake -> Application, and + * this function represents the Handshake -> Application transition. + * + * In the handshake stage, mbedtls_ssl_tls13_generate_application_keys() + * can be used to derive the handshake traffic keys. + * + * \param ssl The SSL context to operate on. This must be in key schedule + * stage \c Handshake. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int mbedtls_ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -1282,10 +1299,25 @@ int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl) return 0; } -/* mbedtls_ssl_tls13_generate_handshake_keys() generates keys necessary for - * protecting the handshake messages, as described in Section 7 of TLS 1.3. */ -int mbedtls_ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, - mbedtls_ssl_key_set *traffic_keys) +/** + * \brief Compute TLS 1.3 handshake traffic keys. + * + * mbedtls_ssl_tls13_generate_handshake_keys() generates keys necessary + * for protecting the handshake messages, as described in Section 7 + * of TLS 1.3. + * + * \param ssl The SSL context to operate on. This must be in + * key schedule stage \c Handshake, see + * mbedtls_ssl_tls13_key_schedule_stage_handshake(). + * \param traffic_keys The address at which to store the handshake traffic key + * keys. This must be writable but may be uninitialized. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int mbedtls_ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, + mbedtls_ssl_key_set *traffic_keys) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_type; @@ -1393,7 +1425,24 @@ exit: return ret; } -int mbedtls_ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) +/** + * \brief Transition into handshake stage of TLS 1.3 key schedule. + * + * The TLS 1.3 key schedule can be viewed as a simple state machine + * with states Initial -> Early -> Handshake -> Application, and + * this function represents the Early -> Handshake transition. + * + * In the handshake stage, mbedtls_ssl_tls13_generate_handshake_keys() + * can be used to derive the handshake traffic keys. + * + * \param ssl The SSL context to operate on. This must be in key schedule + * stage \c Early. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int mbedtls_ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -1479,10 +1528,24 @@ cleanup: return ret; } -/* Generate application traffic keys since any records following a 1-RTT Finished message - * MUST be encrypted under the application traffic key. +/** + * \brief Compute TLS 1.3 application traffic keys. + * + * mbedtls_ssl_tls13_generate_application_keys() generates application + * traffic keys, since any records following a 1-RTT Finished message + * MUST be encrypted under the application traffic key. + * + * \param ssl The SSL context to operate on. This must be in + * key schedule stage \c Application, see + * mbedtls_ssl_tls13_key_schedule_stage_application(). + * \param traffic_keys The address at which to store the application traffic key + * keys. This must be writable but may be uninitialized. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. */ -int mbedtls_ssl_tls13_generate_application_keys( +MBEDTLS_CHECK_RETURN_CRITICAL +static int mbedtls_ssl_tls13_generate_application_keys( mbedtls_ssl_context *ssl, mbedtls_ssl_key_set *traffic_keys) { diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index d4f2b40243..21e9b4d734 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -553,76 +553,6 @@ int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform, MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl); -/** - * \brief Transition into handshake stage of TLS 1.3 key schedule. - * - * The TLS 1.3 key schedule can be viewed as a simple state machine - * with states Initial -> Early -> Handshake -> Application, and - * this function represents the Early -> Handshake transition. - * - * In the handshake stage, mbedtls_ssl_tls13_generate_handshake_keys() - * can be used to derive the handshake traffic keys. - * - * \param ssl The SSL context to operate on. This must be in key schedule - * stage \c Early. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl); - -/** - * \brief Compute TLS 1.3 handshake traffic keys. - * - * \param ssl The SSL context to operate on. This must be in - * key schedule stage \c Handshake, see - * mbedtls_ssl_tls13_key_schedule_stage_handshake(). - * \param traffic_keys The address at which to store the handshake traffic key - * keys. This must be writable but may be uninitialized. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, - mbedtls_ssl_key_set *traffic_keys); - -/** - * \brief Transition into application stage of TLS 1.3 key schedule. - * - * The TLS 1.3 key schedule can be viewed as a simple state machine - * with states Initial -> Early -> Handshake -> Application, and - * this function represents the Handshake -> Application transition. - * - * In the handshake stage, mbedtls_ssl_tls13_generate_application_keys() - * can be used to derive the handshake traffic keys. - * - * \param ssl The SSL context to operate on. This must be in key schedule - * stage \c Handshake. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl); - -/** - * \brief Compute TLS 1.3 application traffic keys. - * - * \param ssl The SSL context to operate on. This must be in - * key schedule stage \c Application, see - * mbedtls_ssl_tls13_key_schedule_stage_application(). - * \param traffic_keys The address at which to store the application traffic key - * keys. This must be writable but may be uninitialized. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_tls13_generate_application_keys( - mbedtls_ssl_context *ssl, mbedtls_ssl_key_set *traffic_keys); - /** * \brief Compute TLS 1.3 resumption master secret. * From ef5ec8f5ba702547b06d98156b644f0f32bedaff Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 5 Jan 2023 17:36:12 +0800 Subject: [PATCH 2/3] Rename static functions in ssl_tls13_keys.c As some static functions are only used inside ssl_tls13_keys.c, the prefix mbedtls_ should be removed. Furthermore, code format is also maintained to fix code style. Signed-off-by: Yanray Wang --- library/ssl_tls13_keys.c | 48 ++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 733a7509bd..90a8618b22 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -651,7 +651,7 @@ int mbedtls_ssl_tls13_derive_resumption_master_secret( * with states Initial -> Early -> Handshake -> Application, and * this function represents the Handshake -> Application transition. * - * In the handshake stage, mbedtls_ssl_tls13_generate_application_keys() + * In the handshake stage, ssl_tls13_generate_application_keys() * can be used to derive the handshake traffic keys. * * \param ssl The SSL context to operate on. This must be in key schedule @@ -661,7 +661,7 @@ int mbedtls_ssl_tls13_derive_resumption_master_secret( * \returns A negative error code on failure. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int mbedtls_ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl) +static int ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -1302,13 +1302,13 @@ int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl) /** * \brief Compute TLS 1.3 handshake traffic keys. * - * mbedtls_ssl_tls13_generate_handshake_keys() generates keys necessary - * for protecting the handshake messages, as described in Section 7 - * of TLS 1.3. + * ssl_tls13_generate_handshake_keys() generates keys necessary for + * protecting the handshake messages, as described in Section 7 of + * TLS 1.3. * * \param ssl The SSL context to operate on. This must be in * key schedule stage \c Handshake, see - * mbedtls_ssl_tls13_key_schedule_stage_handshake(). + * ssl_tls13_key_schedule_stage_handshake(). * \param traffic_keys The address at which to store the handshake traffic key * keys. This must be writable but may be uninitialized. * @@ -1316,8 +1316,8 @@ int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl) * \returns A negative error code on failure. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int mbedtls_ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, - mbedtls_ssl_key_set *traffic_keys) +static int ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, + mbedtls_ssl_key_set *traffic_keys) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_type; @@ -1332,7 +1332,7 @@ static int mbedtls_ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info; mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = &handshake->tls13_hs_secrets; - MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_tls13_generate_handshake_keys")); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_tls13_generate_handshake_keys")); ret = ssl_tls13_get_cipher_key_info(ciphersuite_info, &key_len, &iv_len); if (ret != 0) { @@ -1418,7 +1418,7 @@ static int mbedtls_ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, traffic_keys->server_write_iv, traffic_keys->iv_len); - MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_tls13_generate_handshake_keys")); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_tls13_generate_handshake_keys")); exit: @@ -1432,7 +1432,7 @@ exit: * with states Initial -> Early -> Handshake -> Application, and * this function represents the Early -> Handshake transition. * - * In the handshake stage, mbedtls_ssl_tls13_generate_handshake_keys() + * In the handshake stage, ssl_tls13_generate_handshake_keys() * can be used to derive the handshake traffic keys. * * \param ssl The SSL context to operate on. This must be in key schedule @@ -1442,7 +1442,7 @@ exit: * \returns A negative error code on failure. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int mbedtls_ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) +static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; @@ -1531,13 +1531,13 @@ cleanup: /** * \brief Compute TLS 1.3 application traffic keys. * - * mbedtls_ssl_tls13_generate_application_keys() generates application - * traffic keys, since any records following a 1-RTT Finished message - * MUST be encrypted under the application traffic key. + * ssl_tls13_generate_application_keys() generates application traffic + * keys, since any records following a 1-RTT Finished message MUST be + * encrypted under the application traffic key. * * \param ssl The SSL context to operate on. This must be in * key schedule stage \c Application, see - * mbedtls_ssl_tls13_key_schedule_stage_application(). + * ssl_tls13_key_schedule_stage_application(). * \param traffic_keys The address at which to store the application traffic key * keys. This must be writable but may be uninitialized. * @@ -1545,7 +1545,7 @@ cleanup: * \returns A negative error code on failure. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int mbedtls_ssl_tls13_generate_application_keys( +static int ssl_tls13_generate_application_keys( mbedtls_ssl_context *ssl, mbedtls_ssl_key_set *traffic_keys) { @@ -1675,7 +1675,7 @@ int mbedtls_ssl_tls13_compute_handshake_transform(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_params *handshake = ssl->handshake; /* Compute handshake secret */ - ret = mbedtls_ssl_tls13_key_schedule_stage_handshake(ssl); + ret = ssl_tls13_key_schedule_stage_handshake(ssl); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_derive_master_secret", ret); goto cleanup; @@ -1683,9 +1683,9 @@ int mbedtls_ssl_tls13_compute_handshake_transform(mbedtls_ssl_context *ssl) /* Next evolution in key schedule: Establish handshake secret and * key material. */ - ret = mbedtls_ssl_tls13_generate_handshake_keys(ssl, &traffic_keys); + ret = ssl_tls13_generate_handshake_keys(ssl, &traffic_keys); if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_tls13_generate_handshake_keys", + MBEDTLS_SSL_DEBUG_RET(1, "ssl_tls13_generate_handshake_keys", ret); goto cleanup; } @@ -1765,17 +1765,17 @@ int mbedtls_ssl_tls13_compute_application_transform(mbedtls_ssl_context *ssl) mbedtls_ssl_key_set traffic_keys; mbedtls_ssl_transform *transform_application = NULL; - ret = mbedtls_ssl_tls13_key_schedule_stage_application(ssl); + ret = ssl_tls13_key_schedule_stage_application(ssl); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_tls13_key_schedule_stage_application", ret); + "ssl_tls13_key_schedule_stage_application", ret); goto cleanup; } - ret = mbedtls_ssl_tls13_generate_application_keys(ssl, &traffic_keys); + ret = ssl_tls13_generate_application_keys(ssl, &traffic_keys); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, - "mbedtls_ssl_tls13_generate_application_keys", ret); + "ssl_tls13_generate_application_keys", ret); goto cleanup; } From a12cecbe478e090a7bbc846b6c8f27109359366c Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 1 Feb 2023 14:29:47 +0800 Subject: [PATCH 3/3] Modify some comments in ssl_tls13_keys.c Signed-off-by: Yanray Wang --- library/ssl_tls13_keys.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 90a8618b22..b92f12e6df 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1304,12 +1304,12 @@ int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl) * * ssl_tls13_generate_handshake_keys() generates keys necessary for * protecting the handshake messages, as described in Section 7 of - * TLS 1.3. + * RFC 8446. * * \param ssl The SSL context to operate on. This must be in * key schedule stage \c Handshake, see * ssl_tls13_key_schedule_stage_handshake(). - * \param traffic_keys The address at which to store the handshake traffic key + * \param traffic_keys The address at which to store the handshake traffic * keys. This must be writable but may be uninitialized. * * \returns \c 0 on success. @@ -1532,13 +1532,13 @@ cleanup: * \brief Compute TLS 1.3 application traffic keys. * * ssl_tls13_generate_application_keys() generates application traffic - * keys, since any records following a 1-RTT Finished message MUST be + * keys, since any record following a 1-RTT Finished message MUST be * encrypted under the application traffic key. * * \param ssl The SSL context to operate on. This must be in * key schedule stage \c Application, see * ssl_tls13_key_schedule_stage_application(). - * \param traffic_keys The address at which to store the application traffic key + * \param traffic_keys The address at which to store the application traffic * keys. This must be writable but may be uninitialized. * * \returns \c 0 on success.