lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Use PSA HKDF-Extrat/Expand algs instead mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_xpand()

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel
2022-05-13 12:10:08 +02:00
parent 88e7101d03
commit d5ae365b97
1 changed files with 44 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
library/ssl_tls13_keys.c
View File

@ -146,6 +146,9 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
{ {
unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ]; unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
size_t hkdf_label_len; size_t hkdf_label_len;
psa_status_t status = PSA_SUCCESS;
psa_key_derivation_operation_t operation =
PSA_KEY_DERIVATION_OPERATION_INIT;
if( label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN ) if( label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN )
{ {
@ -176,11 +179,25 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
hkdf_label, hkdf_label,
&hkdf_label_len ); &hkdf_label_len );
return( psa_ssl_status_to_mbedtls( status = psa_key_derivation_setup( &operation, PSA_ALG_HKDF_EXPAND( hash_alg ) );
mbedtls_psa_hkdf_expand( hash_alg, if (status == PSA_SUCCESS)
secret, secret_len, status |= psa_key_derivation_input_bytes( &operation,
hkdf_label, hkdf_label_len, PSA_KEY_DERIVATION_INPUT_SECRET,
buf, buf_len ) ) ); secret,
secret_len );
if (status == PSA_SUCCESS)
status |= psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_INFO,
hkdf_label,
hkdf_label_len );
if (status == PSA_SUCCESS)
status |= psa_key_derivation_output_bytes( &operation,
buf,
buf_len );
if (status == PSA_SUCCESS)
status |= psa_key_derivation_abort( &operation );
return( psa_ssl_status_to_mbedtls ( status ) );
} }
/* /*
@ -297,10 +314,12 @@ int mbedtls_ssl_tls13_evolve_secret(
unsigned char *secret_new ) unsigned char *secret_new )
{ {
int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
psa_status_t status = PSA_SUCCESS;
size_t hlen, ilen; size_t hlen, ilen;
unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 }; unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 };
unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 }; unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 };
size_t secret_len; psa_key_derivation_operation_t operation =
PSA_KEY_DERIVATION_OPERATION_INIT;
if( ! PSA_ALG_IS_HASH( hash_alg ) ) if( ! PSA_ALG_IS_HASH( hash_alg ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -332,15 +351,26 @@ int mbedtls_ssl_tls13_evolve_secret(
ilen = hlen; ilen = hlen;
} }
/* HKDF-Extract takes a salt and input key material. status = psa_key_derivation_setup( &operation,
* The salt is the old secret, and the input key material PSA_ALG_HKDF_EXTRACT( hash_alg ) );
* is the input secret (PSK / ECDHE). */ if (status == PSA_SUCCESS)
ret = psa_ssl_status_to_mbedtls( status |= psa_key_derivation_input_bytes( &operation,
mbedtls_psa_hkdf_extract( hash_alg, PSA_KEY_DERIVATION_INPUT_SALT,
tmp_secret, hlen, tmp_secret,
tmp_input, ilen, hlen );
secret_new, hlen, &secret_len ) ); if (status == PSA_SUCCESS)
status |= psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
tmp_input,
ilen );
if (status == PSA_SUCCESS)
status |= psa_key_derivation_output_bytes( &operation,
secret_new,
PSA_HASH_LENGTH( hash_alg ) );
if (status == PSA_SUCCESS)
status |= psa_key_derivation_abort( &operation );
ret = psa_ssl_status_to_mbedtls ( status );
cleanup: cleanup:
mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) ); mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) );