yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add prepare function to switch transform to early keys

Browse source 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
This commit is contained in:
Xiaokang Qian 2022-12-09 08:05:53 +00:00
parent 125afcb060
commit 34aab55aa7
1 changed files with 31 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
library/ssl_tls13_client.c
View file

@ -2149,6 +2149,34 @@ static int ssl_tls13_write_end_of_early_data_coordinate(
return SSL_END_OF_EARLY_DATA_SKIP; return SSL_END_OF_EARLY_DATA_SKIP;
} }
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_prepare_end_of_early_data(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Start the TLS 1.3 key schedule: Set the PSK and derive early secret. */
ret = mbedtls_ssl_tls13_key_schedule_stage_early(ssl);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1,
"mbedtls_ssl_tls13_key_schedule_stage_early", ret);
return ret;
}
/* Derive 0-RTT key material */
ret = mbedtls_ssl_tls13_compute_early_transform(ssl);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1,
"mbedtls_ssl_tls13_compute_early_transform", ret);
return ret;
}
/* Activate transform */
MBEDTLS_SSL_DEBUG_MSG(1, ("Switch to early data keys for outbound traffic"));
mbedtls_ssl_set_outbound_transform(ssl, ssl->handshake->transform_earlydata);
return 0;
}
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_finalize_write_end_of_early_data( static int ssl_tls13_finalize_write_end_of_early_data(
mbedtls_ssl_context *ssl) mbedtls_ssl_context *ssl)
@ -2175,11 +2203,11 @@ static int ssl_tls13_write_end_of_early_data(mbedtls_ssl_context *ssl)
unsigned char *buf = NULL; unsigned char *buf = NULL;
size_t buf_len; size_t buf_len;
MBEDTLS_SSL_PROC_CHK(ssl_tls13_prepare_end_of_early_data(ssl));
MBEDTLS_SSL_DEBUG_MSG(2, ("Client write EndOfEarlyData")); MBEDTLS_SSL_DEBUG_MSG(2, ("Client write EndOfEarlyData"));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(ssl, MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_start_handshake_msg(
MBEDTLS_SSL_HS_END_OF_EARLY_DATA, &buf, ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, &buf, &buf_len));
&buf_len));
mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_add_hs_hdr_to_checksum(
ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, 0); ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, 0);