early-access version 2698
This commit is contained in:
pineappleEA
163
externals/libressl/ssl/tls13_key_schedule.c
vendored
163
externals/libressl/ssl/tls13_key_schedule.c
vendored
@@ -1,5 +1,6 @@
|
||||
/* $OpenBSD: tls13_key_schedule.c,v 1.8 2019/11/17 21:01:08 beck Exp $ */
|
||||
/* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
|
||||
/* $OpenBSD: tls13_key_schedule.c,v 1.14 2021/01/05 18:36:22 tb Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
@@ -22,46 +23,25 @@
|
||||
#include "bytestring.h"
|
||||
#include "tls13_internal.h"
|
||||
|
||||
void
|
||||
tls13_secrets_destroy(struct tls13_secrets *secrets)
|
||||
int
|
||||
tls13_secret_init(struct tls13_secret *secret, size_t len)
|
||||
{
|
||||
if (secrets == NULL)
|
||||
return;
|
||||
if (secret->data != NULL)
|
||||
return 0;
|
||||
|
||||
/* you can never be too sure :) */
|
||||
freezero(secrets->zeros.data, secrets->zeros.len);
|
||||
freezero(secrets->empty_hash.data, secrets->empty_hash.len);
|
||||
if ((secret->data = calloc(1, len)) == NULL)
|
||||
return 0;
|
||||
secret->len = len;
|
||||
|
||||
freezero(secrets->extracted_early.data,
|
||||
secrets->extracted_early.len);
|
||||
freezero(secrets->binder_key.data,
|
||||
secrets->binder_key.len);
|
||||
freezero(secrets->client_early_traffic.data,
|
||||
secrets->client_early_traffic.len);
|
||||
freezero(secrets->early_exporter_master.data,
|
||||
secrets->early_exporter_master.len);
|
||||
freezero(secrets->derived_early.data,
|
||||
secrets->derived_early.len);
|
||||
freezero(secrets->extracted_handshake.data,
|
||||
secrets->extracted_handshake.len);
|
||||
freezero(secrets->client_handshake_traffic.data,
|
||||
secrets->client_handshake_traffic.len);
|
||||
freezero(secrets->server_handshake_traffic.data,
|
||||
secrets->server_handshake_traffic.len);
|
||||
freezero(secrets->derived_handshake.data,
|
||||
secrets->derived_handshake.len);
|
||||
freezero(secrets->extracted_master.data,
|
||||
secrets->extracted_master.len);
|
||||
freezero(secrets->client_application_traffic.data,
|
||||
secrets->client_application_traffic.len);
|
||||
freezero(secrets->server_application_traffic.data,
|
||||
secrets->server_application_traffic.len);
|
||||
freezero(secrets->exporter_master.data,
|
||||
secrets->exporter_master.len);
|
||||
freezero(secrets->resumption_master.data,
|
||||
secrets->resumption_master.len);
|
||||
return 1;
|
||||
}
|
||||
|
||||
freezero(secrets, sizeof(struct tls13_secrets));
|
||||
void
|
||||
tls13_secret_cleanup(struct tls13_secret *secret)
|
||||
{
|
||||
freezero(secret->data, secret->len);
|
||||
secret->data = NULL;
|
||||
secret->len = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -81,62 +61,39 @@ tls13_secrets_create(const EVP_MD *digest, int resumption)
|
||||
if ((secrets = calloc(1, sizeof(struct tls13_secrets))) == NULL)
|
||||
goto err;
|
||||
|
||||
if ((secrets->zeros.data = calloc(hash_length, sizeof(uint8_t))) ==
|
||||
NULL)
|
||||
if (!tls13_secret_init(&secrets->zeros, hash_length))
|
||||
goto err;
|
||||
if (!tls13_secret_init(&secrets->empty_hash, hash_length))
|
||||
goto err;
|
||||
secrets->zeros.len = hash_length;
|
||||
|
||||
if ((secrets->empty_hash.data = malloc(hash_length)) == NULL)
|
||||
if (!tls13_secret_init(&secrets->extracted_early, hash_length))
|
||||
goto err;
|
||||
secrets->empty_hash.len = hash_length;
|
||||
|
||||
if ((secrets->extracted_early.data = malloc(hash_length)) == NULL)
|
||||
if (!tls13_secret_init(&secrets->binder_key, hash_length))
|
||||
goto err;
|
||||
secrets->extracted_early.len = hash_length;
|
||||
if ((secrets->binder_key.data = malloc(hash_length)) == NULL)
|
||||
if (!tls13_secret_init(&secrets->client_early_traffic, hash_length))
|
||||
goto err;
|
||||
secrets->binder_key.len = hash_length;
|
||||
if ((secrets->client_early_traffic.data = malloc(hash_length)) == NULL)
|
||||
if (!tls13_secret_init(&secrets->early_exporter_master, hash_length))
|
||||
goto err;
|
||||
secrets->client_early_traffic.len = hash_length;
|
||||
if ((secrets->early_exporter_master.data = malloc(hash_length)) ==
|
||||
NULL)
|
||||
if (!tls13_secret_init(&secrets->derived_early, hash_length))
|
||||
goto err;
|
||||
secrets->early_exporter_master.len = hash_length;
|
||||
if ((secrets->derived_early.data = malloc(hash_length)) == NULL)
|
||||
if (!tls13_secret_init(&secrets->extracted_handshake, hash_length))
|
||||
goto err;
|
||||
secrets->derived_early.len = hash_length;
|
||||
if ((secrets->extracted_handshake.data = malloc(hash_length)) == NULL)
|
||||
if (!tls13_secret_init(&secrets->client_handshake_traffic, hash_length))
|
||||
goto err;
|
||||
secrets->extracted_handshake.len = hash_length;
|
||||
if ((secrets->client_handshake_traffic.data = malloc(hash_length))
|
||||
== NULL)
|
||||
if (!tls13_secret_init(&secrets->server_handshake_traffic, hash_length))
|
||||
goto err;
|
||||
secrets->client_handshake_traffic.len = hash_length;
|
||||
if ((secrets->server_handshake_traffic.data = malloc(hash_length))
|
||||
== NULL)
|
||||
if (!tls13_secret_init(&secrets->derived_handshake, hash_length))
|
||||
goto err;
|
||||
secrets->server_handshake_traffic.len = hash_length;
|
||||
if ((secrets->derived_handshake.data = malloc(hash_length)) == NULL)
|
||||
if (!tls13_secret_init(&secrets->extracted_master, hash_length))
|
||||
goto err;
|
||||
secrets->derived_handshake.len = hash_length;
|
||||
if ((secrets->extracted_master.data = malloc(hash_length)) == NULL)
|
||||
if (!tls13_secret_init(&secrets->client_application_traffic, hash_length))
|
||||
goto err;
|
||||
secrets->extracted_master.len = hash_length;
|
||||
if ((secrets->client_application_traffic.data = malloc(hash_length)) ==
|
||||
NULL)
|
||||
if (!tls13_secret_init(&secrets->server_application_traffic, hash_length))
|
||||
goto err;
|
||||
secrets->client_application_traffic.len = hash_length;
|
||||
if ((secrets->server_application_traffic.data = malloc(hash_length)) ==
|
||||
NULL)
|
||||
if (!tls13_secret_init(&secrets->exporter_master, hash_length))
|
||||
goto err;
|
||||
secrets->server_application_traffic.len = hash_length;
|
||||
if ((secrets->exporter_master.data = malloc(hash_length)) == NULL)
|
||||
if (!tls13_secret_init(&secrets->resumption_master, hash_length))
|
||||
goto err;
|
||||
secrets->exporter_master.len = hash_length;
|
||||
if ((secrets->resumption_master.data = malloc(hash_length)) == NULL)
|
||||
goto err;
|
||||
secrets->resumption_master.len = hash_length;
|
||||
|
||||
/*
|
||||
* Calculate the hash of a zero-length string - this is needed during
|
||||
@@ -169,10 +126,47 @@ tls13_secrets_create(const EVP_MD *digest, int resumption)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void
|
||||
tls13_secrets_destroy(struct tls13_secrets *secrets)
|
||||
{
|
||||
if (secrets == NULL)
|
||||
return;
|
||||
|
||||
/* you can never be too sure :) */
|
||||
tls13_secret_cleanup(&secrets->zeros);
|
||||
tls13_secret_cleanup(&secrets->empty_hash);
|
||||
|
||||
tls13_secret_cleanup(&secrets->extracted_early);
|
||||
tls13_secret_cleanup(&secrets->binder_key);
|
||||
tls13_secret_cleanup(&secrets->client_early_traffic);
|
||||
tls13_secret_cleanup(&secrets->early_exporter_master);
|
||||
tls13_secret_cleanup(&secrets->derived_early);
|
||||
tls13_secret_cleanup(&secrets->extracted_handshake);
|
||||
tls13_secret_cleanup(&secrets->client_handshake_traffic);
|
||||
tls13_secret_cleanup(&secrets->server_handshake_traffic);
|
||||
tls13_secret_cleanup(&secrets->derived_handshake);
|
||||
tls13_secret_cleanup(&secrets->extracted_master);
|
||||
tls13_secret_cleanup(&secrets->client_application_traffic);
|
||||
tls13_secret_cleanup(&secrets->server_application_traffic);
|
||||
tls13_secret_cleanup(&secrets->exporter_master);
|
||||
tls13_secret_cleanup(&secrets->resumption_master);
|
||||
|
||||
freezero(secrets, sizeof(struct tls13_secrets));
|
||||
}
|
||||
|
||||
int
|
||||
tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
|
||||
const struct tls13_secret *secret, const char *label,
|
||||
const struct tls13_secret *context)
|
||||
{
|
||||
return tls13_hkdf_expand_label_with_length(out, digest, secret, label,
|
||||
strlen(label), context);
|
||||
}
|
||||
|
||||
int
|
||||
tls13_hkdf_expand_label_with_length(struct tls13_secret *out,
|
||||
const EVP_MD *digest, const struct tls13_secret *secret,
|
||||
const uint8_t *label, size_t label_len, const struct tls13_secret *context)
|
||||
{
|
||||
const char tls13_plabel[] = "tls13 ";
|
||||
uint8_t *hkdf_label;
|
||||
@@ -188,7 +182,7 @@ tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
|
||||
goto err;
|
||||
if (!CBB_add_bytes(&child, tls13_plabel, strlen(tls13_plabel)))
|
||||
goto err;
|
||||
if (!CBB_add_bytes(&child, label, strlen(label)))
|
||||
if (!CBB_add_bytes(&child, label, label_len))
|
||||
goto err;
|
||||
if (!CBB_add_u8_length_prefixed(&cbb, &child))
|
||||
goto err;
|
||||
@@ -207,7 +201,7 @@ tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
|
||||
return(0);
|
||||
}
|
||||
|
||||
static int
|
||||
int
|
||||
tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest,
|
||||
const struct tls13_secret *secret, const char *label,
|
||||
const struct tls13_secret *context)
|
||||
@@ -215,6 +209,15 @@ tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest,
|
||||
return tls13_hkdf_expand_label(out, digest, secret, label, context);
|
||||
}
|
||||
|
||||
int
|
||||
tls13_derive_secret_with_label_length(struct tls13_secret *out,
|
||||
const EVP_MD *digest, const struct tls13_secret *secret, const uint8_t *label,
|
||||
size_t label_len, const struct tls13_secret *context)
|
||||
{
|
||||
return tls13_hkdf_expand_label_with_length(out, digest, secret, label,
|
||||
label_len, context);
|
||||
}
|
||||
|
||||
int
|
||||
tls13_derive_early_secrets(struct tls13_secrets *secrets,
|
||||
uint8_t *psk, size_t psk_len, const struct tls13_secret *context)
|
||||
|
||||
Reference in New Issue
Block a user