lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

TLS1.3: Add server finish processing in client side

Browse Source 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
XiaokangQian
2021-09-18 06:20:25 +00:00
parent 91fe315c69
commit aa5f5c1f5d
5 changed files with 522 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

194
library/ssl_tls13_keys.c
View File

@ -564,6 +564,36 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
return( 0 );
}
int mbedtls_ssl_tls1_3_key_schedule_stage_application(
mbedtls_ssl_context *ssl )
{
int ret = 0;
mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
#if defined(MBEDTLS_DEBUG_C)
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
size_t const md_size = mbedtls_md_get_size( md_info );
#endif /* MBEDTLS_DEBUG_C */
/*
* Compute MasterSecret
*/
ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
ssl->handshake->tls1_3_master_secrets.handshake,
NULL, 0,
ssl->handshake->tls1_3_master_secrets.app );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Master secret",
ssl->handshake->tls1_3_master_secrets.app, md_size );
return( 0 );
}
static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type,
unsigned char const *base_key,
unsigned char const *transcript,
@ -614,6 +644,54 @@ exit:
return( ret );
}
int mbedtls_ssl_tls1_3_calc_finished( mbedtls_ssl_context* ssl,
unsigned char* dst,
size_t dst_len,
size_t *actual_len,
int from )
{
int ret;
unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
size_t transcript_len;
unsigned char const *base_key = NULL;
mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
const mbedtls_md_info_t* const md = mbedtls_md_info_from_type( md_type );
size_t const md_size = mbedtls_md_get_size( md );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls1_3_calc_finished" ) );
if( dst_len < md_size )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
transcript, sizeof( transcript ),
&transcript_len );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_handshake_transcript", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "handshake hash", transcript, transcript_len );
if( from == MBEDTLS_SSL_IS_CLIENT )
base_key = ssl->handshake->tls1_3_hs_secrets.client_handshake_traffic_secret;
else
base_key = ssl->handshake->tls1_3_hs_secrets.server_handshake_traffic_secret;
ret = ssl_tls1_3_calc_finished_core( md_type, base_key, transcript, dst );
if( ret != 0 )
return( ret );
*actual_len = md_size;
MBEDTLS_SSL_DEBUG_BUF( 3, "verify_data for finished message", dst, md_size );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls1_3_calc_finished" ) );
return( 0 );
}
int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md_type,
unsigned char const *psk, size_t psk_len,
@ -1028,4 +1106,120 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
return( 0 );
}
/* Generate application traffic keys since any records following a 1-RTT Finished message
* MUST be encrypted under the application traffic key.
*/
int mbedtls_ssl_tls1_3_generate_application_keys(
mbedtls_ssl_context *ssl,
mbedtls_ssl_key_set *traffic_keys )
{
int ret = 0;
/* Address at which to store the application secrets */
mbedtls_ssl_tls1_3_application_secrets * const app_secrets =
&ssl->session_negotiate->app_secrets;
/* Holding the transcript up to and including the ServerFinished */
unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
size_t transcript_len;
/* Variables relating to the hash for the chosen ciphersuite. */
mbedtls_md_type_t md_type;
mbedtls_md_info_t const *md_info;
size_t md_size;
/* Variables relating to the cipher for the chosen ciphersuite. */
mbedtls_cipher_info_t const *cipher_info;
size_t keylen, ivlen;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive application traffic keys" ) );
/* Extract basic information about hash and ciphersuite */
cipher_info = mbedtls_cipher_info_from_type(
ssl->handshake->ciphersuite_info->cipher );
keylen = cipher_info->key_bitlen / 8;
ivlen = cipher_info->iv_size;
md_type = ssl->handshake->ciphersuite_info->mac;
md_info = mbedtls_md_info_from_type( md_type );
md_size = mbedtls_md_get_size( md_info );
/* Compute current handshake transcript. It's the caller's responsiblity
* to call this at the right time, that is, after the ServerFinished. */
ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
transcript, sizeof( transcript ),
&transcript_len );
if( ret != 0 )
return( ret );
/* Compute application secrets from master secret and transcript hash. */
ret = mbedtls_ssl_tls1_3_derive_application_secrets( md_type,
ssl->handshake->tls1_3_master_secrets.app,
transcript, transcript_len,
app_secrets );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
"mbedtls_ssl_tls1_3_derive_application_secrets", ret );
return( ret );
}
/* Derive first epoch of IV + Key for application traffic. */
ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
app_secrets->client_application_traffic_secret_N,
app_secrets->server_application_traffic_secret_N,
md_size, keylen, ivlen, traffic_keys );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );
return( ret );
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Client application traffic secret",
app_secrets->client_application_traffic_secret_N,
md_size );
MBEDTLS_SSL_DEBUG_BUF( 4, "Server application traffic secret",
app_secrets->server_application_traffic_secret_N,
md_size );
/*
* Export client/server application traffic secret 0
*/
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
if( ssl->f_export_keys != NULL )
{
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
app_secrets->client_application_traffic_secret_N, md_size,
ssl->handshake->randbytes + 32,
ssl->handshake->randbytes,
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
app_secrets->server_application_traffic_secret_N, md_size,
ssl->handshake->randbytes + 32,
ssl->handshake->randbytes,
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
}
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
MBEDTLS_SSL_DEBUG_BUF( 4, "client application_write_key:",
traffic_keys->client_write_key, keylen );
MBEDTLS_SSL_DEBUG_BUF( 4, "server application write key",
traffic_keys->server_write_key, keylen );
MBEDTLS_SSL_DEBUG_BUF( 4, "client application write IV",
traffic_keys->client_write_iv, ivlen );
MBEDTLS_SSL_DEBUG_BUF( 4, "server application write IV",
traffic_keys->server_write_iv, ivlen );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive application traffic keys" ) );
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */