fix comments and function name issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
parent
b094e124f2
commit
3ce61ffca6
3 changed files with 25 additions and 15 deletions
|
@ -986,7 +986,7 @@ struct mbedtls_ssl_handshake_params
|
||||||
mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
|
mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
|
||||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||||
mbedtls_ssl_tls13_early_secrets tls13_early_secrets;
|
mbedtls_ssl_tls13_early_secrets tls13_early_secrets;
|
||||||
/** TLS 1.3 transform for 0-RTT application and handshake messages. */
|
/** TLS 1.3 transform for early data and handshake messages. */
|
||||||
mbedtls_ssl_transform *transform_earlydata;
|
mbedtls_ssl_transform *transform_earlydata;
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||||
|
|
|
@ -1082,11 +1082,18 @@ static int ssl_tls13_get_cipher_key_info(
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||||
/* ssl_tls13_generate_early_keys() generates keys necessary for protecting the
|
/*
|
||||||
early application and handshake messages described in section 7 RFC 8446. */
|
* ssl_tls13_generate_early_key() generates the key necessary for protecting
|
||||||
|
* the early application data and the EndOfEarlyData handshake message
|
||||||
|
* as described in section 7 of RFC 8446.
|
||||||
|
*
|
||||||
|
* NOTE: That only one key is generated, the key for the traffic from the
|
||||||
|
* client to the server. The TLS 1.3 specification does not define a secret
|
||||||
|
* and thus a key for server early traffic.
|
||||||
|
*/
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
static int ssl_tls13_generate_early_keys( mbedtls_ssl_context *ssl,
|
static int ssl_tls13_generate_early_key( mbedtls_ssl_context *ssl,
|
||||||
mbedtls_ssl_key_set *traffic_keys )
|
mbedtls_ssl_key_set *traffic_keys )
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
|
||||||
|
@ -1104,7 +1111,7 @@ static int ssl_tls13_generate_early_keys( mbedtls_ssl_context *ssl,
|
||||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
|
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
|
||||||
mbedtls_ssl_tls13_early_secrets *tls13_early_secrets = &handshake->tls13_early_secrets;
|
mbedtls_ssl_tls13_early_secrets *tls13_early_secrets = &handshake->tls13_early_secrets;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_tls13_generate_early_keys" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_tls13_generate_early_key" ) );
|
||||||
|
|
||||||
ret = ssl_tls13_get_cipher_key_info( ciphersuite_info, &key_len, &iv_len );
|
ret = ssl_tls13_get_cipher_key_info( ciphersuite_info, &key_len, &iv_len );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
|
@ -1170,16 +1177,15 @@ static int ssl_tls13_generate_early_keys( mbedtls_ssl_context *ssl,
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 5, "client_handshake write_key",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "client early write_key",
|
||||||
traffic_keys->client_write_key,
|
traffic_keys->client_write_key,
|
||||||
traffic_keys->key_len);
|
traffic_keys->key_len);
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 5, "client_handshake write_iv",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "client early write_iv",
|
||||||
traffic_keys->client_write_iv,
|
traffic_keys->client_write_iv,
|
||||||
traffic_keys->iv_len);
|
traffic_keys->iv_len);
|
||||||
|
|
||||||
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_tls13_generate_early_key" ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_tls13_generate_early_keys" ) );
|
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
|
|
||||||
|
@ -1195,10 +1201,10 @@ int mbedtls_ssl_tls13_compute_early_transform( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
/* Next evolution in key schedule: Establish early_data secret and
|
/* Next evolution in key schedule: Establish early_data secret and
|
||||||
* key material. */
|
* key material. */
|
||||||
ret = ssl_tls13_generate_early_keys( ssl, &traffic_keys );
|
ret = ssl_tls13_generate_early_key( ssl, &traffic_keys );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_generate_early_keys",
|
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_generate_early_key",
|
||||||
ret );
|
ret );
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
|
@ -676,9 +676,13 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl,
|
||||||
* \returns \c 0 on success.
|
* \returns \c 0 on success.
|
||||||
* \returns A negative error code on failure.
|
* \returns A negative error code on failure.
|
||||||
*
|
*
|
||||||
* \warning `early_secrets` is not computed before this function. Call
|
* \warning The function does not compute the early master secret. Call
|
||||||
* mbedtls_ssl_tls13_key_schedule_stage_early() to generate early
|
* mbedtls_ssl_tls13_key_schedule_stage_early() before to
|
||||||
* secrets.
|
* call this function to generate the early master secret.
|
||||||
|
* \note For a client/server endpoint, the function computes only the
|
||||||
|
* encryption/decryption part of the transform as the decryption/
|
||||||
|
* encryption part is not defined by the specification (no early
|
||||||
|
* traffic from the server to the client).
|
||||||
*/
|
*/
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
int mbedtls_ssl_tls13_compute_early_transform( mbedtls_ssl_context *ssl );
|
int mbedtls_ssl_tls13_compute_early_transform( mbedtls_ssl_context *ssl );
|
||||||
|
|
Loading…
Reference in a new issue