Implement extended master secret
This commit is contained in:
parent
367381fddd
commit
ada3030485
2 changed files with 46 additions and 7 deletions
|
@ -2326,12 +2326,6 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
|||
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
ssl->out_msglen = i + n;
|
||||
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
|
||||
ssl->out_msg[0] = SSL_HS_CLIENT_KEY_EXCHANGE;
|
||||
|
@ -2356,9 +2350,16 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
|||
static int ssl_write_certificate_verify( ssl_context *ssl )
|
||||
{
|
||||
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
|
||||
int ret;
|
||||
|
||||
SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
|
||||
|
||||
if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
|
@ -2385,6 +2386,12 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
|
|||
|
||||
SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
|
||||
|
||||
if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
|
||||
|
|
|
@ -472,13 +472,45 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||
|
||||
#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
|
||||
if( ssl->handshake->extended_ms == SSL_EXTENDED_MS_ENABLED )
|
||||
{
|
||||
unsigned char session_hash[48];
|
||||
size_t hash_len;
|
||||
|
||||
SSL_DEBUG_MSG( 3, ( "using extended master secret" ) );
|
||||
// XXX to be continued, WIP
|
||||
|
||||
ssl->handshake->calc_verify( ssl, session_hash );
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
|
||||
if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
#if defined(POLARSSL_SHA512_C)
|
||||
if( ssl->transform_negotiate->ciphersuite_info->mac ==
|
||||
POLARSSL_MD_SHA384 )
|
||||
{
|
||||
hash_len = 48;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
hash_len = 32;
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
|
||||
hash_len = 36;
|
||||
|
||||
SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len );
|
||||
|
||||
handshake->tls_prf( handshake->premaster, handshake->pmslen,
|
||||
"extended master secret",
|
||||
session_hash, hash_len, session->master, 48 );
|
||||
|
||||
}
|
||||
else
|
||||
#endif
|
||||
handshake->tls_prf( handshake->premaster, handshake->pmslen,
|
||||
"master secret",
|
||||
handshake->randbytes, 64, session->master, 48 );
|
||||
|
||||
|
||||
polarssl_zeroize( handshake->premaster, sizeof(handshake->premaster) );
|
||||
}
|
||||
else
|
||||
|
|
Loading…
Reference in a new issue