Added key export API
This commit is contained in:
parent
e8377d66b7
commit
4feb7ae8c2
3 changed files with 85 additions and 0 deletions
|
@ -1178,6 +1178,16 @@
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_SSL_SESSION_TICKETS
|
#define MBEDTLS_SSL_SESSION_TICKETS
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_SSL_EXPORT_KEYS
|
||||||
|
*
|
||||||
|
* Enable support for exporting key block and master key.
|
||||||
|
* This is required for certain users of TLS, e.g. EAP-TLS.
|
||||||
|
*
|
||||||
|
* Comment this macro to disable support for key export
|
||||||
|
*/
|
||||||
|
#define MBEDTLS_SSL_EXPORT_KEYS
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_SSL_SERVER_NAME_INDICATION
|
* \def MBEDTLS_SSL_SERVER_NAME_INDICATION
|
||||||
*
|
*
|
||||||
|
|
|
@ -544,6 +544,13 @@ struct mbedtls_ssl_config
|
||||||
void *p_ticket; /*!< context for the ticket callbacks */
|
void *p_ticket; /*!< context for the ticket callbacks */
|
||||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
|
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||||
|
/** Callback to export key block and master key */
|
||||||
|
int (*f_export_keys)( void *, const unsigned char *,
|
||||||
|
const unsigned char *, size_t, size_t, size_t );
|
||||||
|
void *p_export_keys; /*!< context for key export callback */
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
|
const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
|
||||||
mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
|
mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */
|
||||||
|
@ -1071,6 +1078,34 @@ typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
|
||||||
size_t *tlen,
|
size_t *tlen,
|
||||||
uint32_t *lifetime );
|
uint32_t *lifetime );
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||||
|
/**
|
||||||
|
* \brief Callback type: Export key block and master key
|
||||||
|
*
|
||||||
|
* \note This is required for certain uses of TLS, e.g. EAP-TLS
|
||||||
|
* (RFC 5216). The key pointers are ephemeral and therefore
|
||||||
|
* must not be stored. The keys should not be copied
|
||||||
|
* verbatim and should be used specifically for key
|
||||||
|
* derivation purposes
|
||||||
|
*
|
||||||
|
* \param p_expkey Context for the callback
|
||||||
|
* \param kb Pointer to key block
|
||||||
|
* \param mk Pointer to master key
|
||||||
|
* \param maclen MAC length
|
||||||
|
* \param keylen Key length
|
||||||
|
* \param ivlen IV length
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or
|
||||||
|
* a specific MBEDTLS_ERR_XXX code.
|
||||||
|
*/
|
||||||
|
typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
|
||||||
|
const unsigned char *kb,
|
||||||
|
const unsigned char *mk,
|
||||||
|
size_t maclen,
|
||||||
|
size_t keylen,
|
||||||
|
size_t ivlen );
|
||||||
|
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Callback type: parse and load session ticket
|
* \brief Callback type: parse and load session ticket
|
||||||
*
|
*
|
||||||
|
@ -1120,6 +1155,26 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
|
||||||
void *p_ticket );
|
void *p_ticket );
|
||||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
|
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||||
|
/**
|
||||||
|
* \brief Configure key export callback.
|
||||||
|
* (Default: none.)
|
||||||
|
*
|
||||||
|
* \note This is required for certain uses of TLS, e.g. EAP-TLS
|
||||||
|
* (RFC 5216). The key pointers are ephemeral and therefore
|
||||||
|
* must not be stored. The keys should not be copied
|
||||||
|
* verbatim and should be used specifically for key
|
||||||
|
* derivation purposes
|
||||||
|
*
|
||||||
|
* \param conf SSL configuration context
|
||||||
|
* \param f_export_keys Callback for exporting keys
|
||||||
|
* \param p_export_key Context shared by the callback
|
||||||
|
*/
|
||||||
|
void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
|
||||||
|
mbedtls_ssl_export_keys_t *f_export_keys,
|
||||||
|
void *p_export_keys );
|
||||||
|
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Callback type: generate a cookie
|
* \brief Callback type: generate a cookie
|
||||||
*
|
*
|
||||||
|
|
|
@ -862,6 +862,16 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
|
#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||||
|
if( ssl->conf->f_export_keys != NULL)
|
||||||
|
{
|
||||||
|
ssl->conf->f_export_keys( ssl->conf->p_export_keys,
|
||||||
|
keyblk, session->master,
|
||||||
|
transform->maclen, transform->keylen,
|
||||||
|
iv_copy_len );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
|
if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc,
|
||||||
cipher_info ) ) != 0 )
|
cipher_info ) ) != 0 )
|
||||||
{
|
{
|
||||||
|
@ -5807,6 +5817,16 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||||
|
void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
|
||||||
|
mbedtls_ssl_export_keys_t *f_export_keys,
|
||||||
|
void *p_export_keys )
|
||||||
|
{
|
||||||
|
conf->f_export_keys = f_export_keys;
|
||||||
|
conf->p_export_keys = p_export_keys;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* SSL get accessors
|
* SSL get accessors
|
||||||
*/
|
*/
|
||||||
|
|
Loading…
Reference in a new issue