From cfd4c0c7db76926567832dcb2b18c71335f3ad10 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Fri, 24 Nov 2017 10:55:43 +0100
Subject: handshake-tls13: derive and store exporter_master_secret

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 lib/gnutls_int.h      | 1 +
 lib/handshake-tls13.c | 8 ++++++++
 lib/handshake.h       | 4 ++--
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 9e50af67ce..bbd777c6b5 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -438,6 +438,7 @@ struct gnutls_key_st {
 	unsigned temp_secret_size; /* depends on negotiated PRF size */
 	uint8_t hs_ckey[MAX_HASH_SIZE]; /* client_handshake_traffic_secret */
 	uint8_t hs_skey[MAX_HASH_SIZE]; /* server_handshake_traffic_secret */
+	uint8_t ap_expkey[MAX_HASH_SIZE]; /* exporter_master_secret */
 
 	/* For ECDH KX */
 	gnutls_pk_params_st ecdh_params; /* private part */
diff --git a/lib/handshake-tls13.c b/lib/handshake-tls13.c
index 2c03d7bb71..02889dc90d 100644
--- a/lib/handshake-tls13.c
+++ b/lib/handshake-tls13.c
@@ -154,6 +154,14 @@ static int generate_ap_traffic_keys(gnutls_session_t session)
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
+	ret = _tls13_derive_secret(session, EXPORTER_MASTER_LABEL, sizeof(EXPORTER_MASTER_LABEL)-1,
+				   session->internals.handshake_hash_buffer.data,
+				   session->internals.handshake_hash_buffer_server_finished_len,
+				   session->key.temp_secret,
+				   session->key.ap_expkey);
+	if (ret < 0)
+		return gnutls_assert_val(ret);
+
 	_gnutls_epoch_bump(session);
 	ret = _gnutls_epoch_dup(session);
 	if (ret < 0)
diff --git a/lib/handshake.h b/lib/handshake.h
index fb944925e9..6c84631839 100644
--- a/lib/handshake.h
+++ b/lib/handshake.h
@@ -113,13 +113,13 @@ int _gnutls_check_if_cert_hash_is_same(gnutls_session_t session, gnutls_certific
 #define EARLY_TRAFFIC_LABEL "c e traffic"
 #define EXT_BINDER_LABEL "ext binder"
 #define RES_BINDER_LABEL "res binder"
-#define EARLY_EXPORTER_LABEL "e exp master"
+#define EARLY_EXPORTER_MASTER_LABEL "e exp master"
 #define HANDSHAKE_CLIENT_TRAFFIC_LABEL "c hs traffic"
 #define HANDSHAKE_SERVER_TRAFFIC_LABEL "s hs traffic"
 #define DERIVED_LABEL "derived"
 #define APPLICATION_CLIENT_TRAFFIC_LABEL "c ap traffic"
 #define APPLICATION_SERVER_TRAFFIC_LABEL "s ap traffic"
-#define EXPORTER_LABEL "exp master"
+#define EXPORTER_MASTER_LABEL "exp master"
 #define RES_LABEL "res master"
 
 int _gnutls_run_verify_callback(gnutls_session_t session, unsigned int side);
-- 
cgit v1.2.1