Add prepare function to switch transform to early keys

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-12-09 08:05:53 +00:00 · 2022-12-09 08:05:53 +00:00 · 34aab55aa7
commit 34aab55aa7
parent 125afcb060
1 changed files with 31 additions and 3 deletions
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@ -2149,6 +2149,34 @@ static int ssl_tls13_write_end_of_early_data_coordinate(
    return SSL_END_OF_EARLY_DATA_SKIP;
 }

+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_prepare_end_of_early_data(mbedtls_ssl_context *ssl)
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    /* Start the TLS 1.3 key schedule: Set the PSK and derive early secret. */
+    ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              "mbedtls_ssl_tls13_key_schedule_stage_early", ret);
+        return ret;
+    }
+
+    /* Derive 0-RTT key material */
+    ret = mbedtls_ssl_tls13_compute_early_transform(ssl);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1,
+                              "mbedtls_ssl_tls13_compute_early_transform", ret);
+        return ret;
+    }
+
+    /* Activate transform */
+    MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to early data keys for outbound traffic"));
+    mbedtls_ssl_set_outbound_transform(ssl, ssl->handshake->transform_earlydata);
+
+    return 0;
+}
+
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_finalize_write_end_of_early_data(
    mbedtls_ssl_context *ssl)
@ -2175,11 +2203,11 @@ static int ssl_tls13_write_end_of_early_data(mbedtls_ssl_context *ssl)
        unsigned char *buf = NULL;
        size_t buf_len;

+        MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_end_of_early_data(ssl));
        MBEDTLS_SSL_DEBUG_MSG(2, ("Client write EndOfEarlyData"));

-        MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl,
-                                                             MBEDTLS_SSL_HS_END_OF_EARLY_DATA, &buf,
-                                                             &buf_len));
+        MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
+                                 ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, &buf, &buf_len));

        mbedtls_ssl_add_hs_hdr_to_checksum(
            ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, 0);