From 24c0ec31f99500c8ce557b693f0eb988e5aa5ee8 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 9 Sep 2021 14:21:07 +0800 Subject: [PATCH] tls13: add get_handshake_transcript Signed-off-by: Jerry Yu --- library/ssl_misc.h | 7 +++ library/ssl_tls.c | 143 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 150 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index c338d79ee..604976f5f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1493,6 +1493,13 @@ void mbedtls_ssl_tls13_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl, unsigned hs_type, size_t total_hs_len ); +/* Get handshake transcript */ +int mbedtls_ssl_tls13_get_handshake_transcript( mbedtls_ssl_context *ssl, + const mbedtls_md_type_t md, + unsigned char *dst, + size_t dst_len, + size_t *olen ); + #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* * Write TLS 1.3 Signature Algorithm extension diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 360419240..dc7b1e85c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6978,4 +6978,147 @@ exit: #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +#if defined(MBEDTLS_SHA384_C) +static int ssl_tls13_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl, + unsigned char *dst, + size_t dst_len, + size_t *olen ) +{ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; + psa_hash_operation_t sha384_psa = psa_hash_operation_init(); + + if( dst_len < 48 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) ); + status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + } + + status = psa_hash_finish( &sha384_psa, dst, dst_len, olen ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + } + + *olen = 48; + MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", dst, *olen ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); + return( 0 ); +#else /* MBEDTLS_USE_PSA_CRYPTO */ + int ret; + mbedtls_sha512_context sha512; + + if( dst_len < 48 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + mbedtls_sha512_init( &sha512 ); + mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); + + if( ( ret = mbedtls_sha512_finish( &sha512, dst ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha512_finish", ret ); + goto exit; + } + + *olen = 48; + +exit: + + mbedtls_sha512_free( &sha512 ); + return( ret ); +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ +} +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA256_C) +static int ssl_tls13_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl, + unsigned char *dst, + size_t dst_len, + size_t *olen ) +{ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; + psa_hash_operation_t sha256_psa = psa_hash_operation_init(); + + if( dst_len < 32 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) ); + status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + } + + status = psa_hash_finish( &sha256_psa, dst, dst_len, olen ); + if( status != PSA_SUCCESS ) + { + MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + } + + *olen = 32; + MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", dst, *olen ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); + return( 0 ); +#else /* MBEDTLS_USE_PSA_CRYPTO */ + int ret; + mbedtls_sha256_context sha256; + + if( dst_len < 32 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + mbedtls_sha256_init( &sha256 ); + mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); + + if( ( ret = mbedtls_sha256_finish( &sha256, dst ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha256_finish", ret ); + goto exit; + } + + *olen = 32; + +exit: + + mbedtls_sha256_free( &sha256 ); + return( ret ); +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ +} +#endif /* MBEDTLS_SHA256_C */ + +int mbedtls_ssl_tls13_get_handshake_transcript( mbedtls_ssl_context *ssl, + const mbedtls_md_type_t md, + unsigned char *dst, + size_t dst_len, + size_t *olen ) +{ +#if defined(MBEDTLS_SHA384_C) + if( md == MBEDTLS_MD_SHA384 ) + { + return( ssl_tls13_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) ); + } + else +#endif /* MBEDTLS_SHA512_C */ +#if defined(MBEDTLS_SHA256_C) + if( md == MBEDTLS_MD_SHA256 ) + { + return( ssl_tls13_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) ); + } + else +#endif /* MBEDTLS_SHA256_C */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); +} + +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #endif /* MBEDTLS_SSL_TLS_C */