diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-06-21 15:05:40 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-06-27 20:54:34 +0200 |
| commit | 241d579382e939e893b238e5fd0604cc174ffd80 (patch) | |
| tree | 61a73240f9476c18d8687e7a35d58015cf6d33dc | |
| parent | f138ff85df69976badce44a5c46157cce091020f (diff) | |
| download | gnutls-241d579382e939e893b238e5fd0604cc174ffd80.tar.gz | |
key update: corrected generation of keys
Resolves #485
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/constate.c | 12 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 4 | ||||
| -rw-r--r-- | lib/state.c | 4 |
3 files changed, 10 insertions, 10 deletions
diff --git a/lib/constate.c b/lib/constate.c index cdf9ed6479..b1086fd838 100644 --- a/lib/constate.c +++ b/lib/constate.c @@ -248,13 +248,16 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage, buf, sizeof(buf), NULL)); } + if ((session->security_parameters.entity == GNUTLS_CLIENT && stage == STAGE_UPD_OURS) || (session->security_parameters.entity == GNUTLS_SERVER && stage == STAGE_UPD_PEERS)) { + /* client keys */ - ret = _tls13_derive_secret(session, APPLICATION_TRAFFIC_UPDATE, + ret = _tls13_expand_secret(session, APPLICATION_TRAFFIC_UPDATE, sizeof(APPLICATION_TRAFFIC_UPDATE)-1, NULL, 0, - session->key.proto.tls13.temp_secret, + session->key.proto.tls13.hs_ckey, + session->security_parameters.prf->output_size, session->key.proto.tls13.hs_ckey); if (ret < 0) return gnutls_assert_val(ret); @@ -267,10 +270,11 @@ _tls13_update_keys(gnutls_session_t session, hs_stage_t stage, if (ret < 0) return gnutls_assert_val(ret); } else { - ret = _tls13_derive_secret(session, APPLICATION_TRAFFIC_UPDATE, + ret = _tls13_expand_secret(session, APPLICATION_TRAFFIC_UPDATE, sizeof(APPLICATION_TRAFFIC_UPDATE)-1, NULL, 0, - session->key.proto.tls13.temp_secret, + session->key.proto.tls13.hs_skey, + session->security_parameters.prf->output_size, session->key.proto.tls13.hs_skey); if (ret < 0) return gnutls_assert_val(ret); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index b27fa01130..99287b3726 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -503,8 +503,8 @@ struct gnutls_key_st { * early_secret, client_early_traffic_secret, ... */ uint8_t temp_secret[MAX_HASH_SIZE]; unsigned temp_secret_size; /* depends on negotiated PRF size */ - uint8_t hs_ckey[MAX_HASH_SIZE]; /* client_handshake_traffic_secret */ - uint8_t hs_skey[MAX_HASH_SIZE]; /* server_handshake_traffic_secret */ + uint8_t hs_ckey[MAX_HASH_SIZE]; /* client_hs_traffic_secret/client_ap_traffic_secret */ + uint8_t hs_skey[MAX_HASH_SIZE]; /* server_hs_traffic_secret/server_ap_traffic_secret */ uint8_t ap_expkey[MAX_HASH_SIZE]; /* exporter_master_secret */ uint8_t ap_rms[MAX_HASH_SIZE]; /* resumption_master_secret */ } tls13; /* tls1.3 */ diff --git a/lib/state.c b/lib/state.c index 2c63001c2b..7276c2c43f 100644 --- a/lib/state.c +++ b/lib/state.c @@ -224,10 +224,6 @@ static void deinit_keys(gnutls_session_t session) } else { gnutls_memset(session->key.proto.tls13.temp_secret, 0, sizeof(session->key.proto.tls13.temp_secret)); - gnutls_memset(session->key.proto.tls13.hs_ckey, 0, - sizeof(session->key.proto.tls13.hs_ckey)); - gnutls_memset(session->key.proto.tls13.hs_skey, 0, - sizeof(session->key.proto.tls13.hs_skey)); } reset_binders(session); |