From 80cfa67a6459674466ee236accf2b0d1d9fb3167 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 24 Nov 2017 10:34:26 +0100 Subject: _tls13_derive_secret: define secret argument TLS 1.3 exporters need to derive a secret from exporter_master_secret or early_exporter_master_secret, not the handshake or application secret stored in temp_secret. Add a new argument @secret to _tls13_derive_secret to specify any secret. Signed-off-by: Daiki Ueno --- lib/constate.c | 2 ++ lib/handshake-tls13.c | 3 ++- lib/handshake.c | 6 ++++-- lib/secrets.c | 23 +++++------------------ lib/secrets.h | 9 +++++---- 5 files changed, 18 insertions(+), 25 deletions(-) diff --git a/lib/constate.c b/lib/constate.c index ae9279ca3e..9635e4b008 100644 --- a/lib/constate.c +++ b/lib/constate.c @@ -226,6 +226,7 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, record_parameters_st ret = _tls13_derive_secret(session, label, label_size, session->internals.handshake_hash_buffer.data, hsk_len, + session->key.temp_secret, session->key.hs_ckey); if (ret < 0) return gnutls_assert_val(ret); @@ -251,6 +252,7 @@ _tls13_set_keys(gnutls_session_t session, hs_stage_t stage, record_parameters_st ret = _tls13_derive_secret(session, label, label_size, session->internals.handshake_hash_buffer.data, hsk_len, + session->key.temp_secret, session->key.hs_skey); if (ret < 0) diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c index 5776d310c4..2c03d7bb71 100644 --- a/lib/handshake-tls13.c +++ b/lib/handshake-tls13.c @@ -144,7 +144,8 @@ static int generate_ap_traffic_keys(gnutls_session_t session) uint8_t zero[MAX_HASH_SIZE]; ret = _tls13_derive_secret(session, DERIVED_LABEL, sizeof(DERIVED_LABEL)-1, - NULL, 0, session->key.temp_secret); + NULL, 0, session->key.temp_secret, + session->key.temp_secret); if (ret < 0) return gnutls_assert_val(ret); diff --git a/lib/handshake.c b/lib/handshake.c index 79713b65e1..8470c439b5 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -1704,7 +1704,8 @@ read_server_hello(gnutls_session_t session, return gnutls_assert_val(ret); ret = _tls13_derive_secret(session, DERIVED_LABEL, sizeof(DERIVED_LABEL)-1, - NULL, 0, session->key.temp_secret); + NULL, 0, session->key.temp_secret, + session->key.temp_secret); if (ret < 0) return gnutls_assert_val(ret); @@ -2065,7 +2066,8 @@ int _gnutls_send_server_hello(gnutls_session_t session, int again) if (vers->tls13_sem) { ret = _tls13_derive_secret(session, DERIVED_LABEL, sizeof(DERIVED_LABEL)-1, - NULL, 0, session->key.temp_secret); + NULL, 0, session->key.temp_secret, + session->key.temp_secret); if (ret < 0) { gnutls_assert(); goto fail; diff --git a/lib/secrets.c b/lib/secrets.c index 2f0750dc92..1042fba2c5 100644 --- a/lib/secrets.c +++ b/lib/secrets.c @@ -61,12 +61,11 @@ int _tls13_update_secret(gnutls_session_t session, const uint8_t *key, size_t ke session->key.temp_secret); } -static -int _tls13_expand_hash_secret(gnutls_session_t session, +/* Derive-Secret(Secret, Label, Messages) */ +int _tls13_derive_secret(gnutls_session_t session, const char *label, unsigned label_size, const uint8_t *tbh, size_t tbh_size, - const uint8_t secret[MAX_CIPHER_KEY_SIZE], - unsigned out_size, + const uint8_t secret[MAX_HASH_SIZE], void *out) { uint8_t digest[MAX_HASH_SIZE]; @@ -81,14 +80,14 @@ int _tls13_expand_hash_secret(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); - return _tls13_expand_secret(session, label, label_size, digest, digest_size, secret, out_size, out); + return _tls13_expand_secret(session, label, label_size, digest, digest_size, secret, digest_size, out); } /* HKDF-Expand-Label(Secret, Label, HashValue, Length) */ int _tls13_expand_secret(gnutls_session_t session, const char *label, unsigned label_size, const uint8_t *msg, size_t msg_size, - const uint8_t secret[MAX_CIPHER_KEY_SIZE], + const uint8_t secret[MAX_HASH_SIZE], unsigned out_size, void *out) { @@ -161,15 +160,3 @@ int _tls13_expand_secret(gnutls_session_t session, _gnutls_buffer_clear(&str); return ret; } - -/* Derive-Secret(Secret, Label, Messages) */ -int _tls13_derive_secret(gnutls_session_t session, - const char *label, unsigned label_size, - const uint8_t *msg, size_t msg_size, - void *out) -{ - return _tls13_expand_hash_secret(session, label, label_size, msg, msg_size, - session->key.temp_secret, - session->key.temp_secret_size, - out); -} diff --git a/lib/secrets.h b/lib/secrets.h index b80af974a6..0dcdcf7c9c 100644 --- a/lib/secrets.h +++ b/lib/secrets.h @@ -26,14 +26,15 @@ int _tls13_init_secret(gnutls_session_t session, const uint8_t *psk, size_t psk_size); int _tls13_update_secret(gnutls_session_t session, const uint8_t *key, size_t key_size); int _tls13_derive_secret(gnutls_session_t session, - const char *label, unsigned label_size, - const uint8_t *msg, size_t msg_size, - void *out /* of enough length to hold PRF MAC */); + const char *label, unsigned label_size, + const uint8_t *msg, size_t msg_size, + const uint8_t secret[MAX_HASH_SIZE], + void *out /* of enough length to hold PRF MAC */); int _tls13_expand_secret(gnutls_session_t session, const char *label, unsigned label_size, const uint8_t *msg, size_t msg_size, - const uint8_t secret[MAX_CIPHER_KEY_SIZE], + const uint8_t secret[MAX_HASH_SIZE], unsigned out_size, void *out); -- cgit v1.2.1