diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 1b5861c63..fb261a0d6 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -478,27 +478,6 @@ struct mbedtls_ssl_key_set }; typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set; -typedef struct -{ - unsigned char binder_key [ MBEDTLS_MD_MAX_SIZE ]; - unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ]; - unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ]; -} mbedtls_ssl_tls1_3_early_secrets; - -typedef struct -{ - unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ]; - unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ]; -} mbedtls_ssl_tls1_3_handshake_secrets; - -typedef struct -{ - unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ]; - unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ]; - unsigned char exporter_master_secret [ MBEDTLS_MD_MAX_SIZE ]; - unsigned char resumption_master_secret [ MBEDTLS_MD_MAX_SIZE ]; -} mbedtls_ssl_tls1_3_application_secrets; - /* * This structure contains the parameters only needed during handshake. */ @@ -703,8 +682,6 @@ struct mbedtls_ssl_handshake_params unsigned char handshake[MBEDTLS_MD_MAX_SIZE]; unsigned char app [MBEDTLS_MD_MAX_SIZE]; } tls13_master_secrets; - - mbedtls_ssl_tls1_3_handshake_secrets tls13_hs_secrets; #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index bfc3103fc..32b68666b 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -850,121 +850,4 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ) return( 0 ); } -/* mbedtls_ssl_tls13_generate_handshake_keys() generates keys necessary for - * protecting the handshake messages, as described in Section 7 of TLS 1.3. */ -int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, - mbedtls_ssl_key_set *traffic_keys ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_md_type_t md_type; - mbedtls_md_info_t const *md_info; - size_t md_size; - - unsigned char transcript[MBEDTLS_MD_MAX_SIZE]; - size_t transcript_len; - - mbedtls_cipher_info_t const *cipher_info; - size_t keylen, ivlen; - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) ); - - cipher_info = mbedtls_cipher_info_from_type( - ssl->handshake->ciphersuite_info->cipher ); - keylen = cipher_info->key_bitlen >> 3; - ivlen = cipher_info->iv_size; - - md_type = ssl->handshake->ciphersuite_info->mac; - md_info = mbedtls_md_info_from_type( md_type ); - md_size = mbedtls_md_get_size( md_info ); - - ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type, - transcript, - sizeof( transcript ), - &transcript_len ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, - "mbedtls_ssl_get_handshake_transcript", - ret ); - return( ret ); - } - - ret = mbedtls_ssl_tls1_3_derive_handshake_secrets( md_type, - ssl->handshake->tls13_master_secrets.handshake, - transcript, transcript_len, - &ssl->handshake->tls13_hs_secrets ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets", - ret ); - return( ret ); - } - - MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret", - ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret, - md_size ); - - MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret", - ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret, - md_size ); - - /* - * Export client handshake traffic secret - */ -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - if( ssl->f_export_keys != NULL ) - { - ssl->f_export_keys( ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET, - ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret, - md_size, - ssl->handshake->randbytes + 32, - ssl->handshake->randbytes, - MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ ); - - ssl->f_export_keys( ssl->p_export_keys, - MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET, - ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret, - md_size, - ssl->handshake->randbytes + 32, - ssl->handshake->randbytes, - MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ ); - } -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ - - ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type, - ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret, - ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret, - md_size, - keylen, ivlen, traffic_keys ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret ); - goto exit; - } - - MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_key", - traffic_keys->client_write_key, - traffic_keys->key_len); - - MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_key", - traffic_keys->server_write_key, - traffic_keys->key_len); - - MBEDTLS_SSL_DEBUG_BUF( 4, "client_handshake write_iv", - traffic_keys->client_write_iv, - traffic_keys->iv_len); - - MBEDTLS_SSL_DEBUG_BUF( 4, "server_handshake write_iv", - traffic_keys->server_write_iv, - traffic_keys->iv_len); - - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_tls13_generate_handshake_keys" ) ); - -exit: - - return( ret ); -} - #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 407b5d613..7a41db13d 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -70,6 +70,27 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN \ MBEDTLS_MD_MAX_SIZE +typedef struct +{ + unsigned char binder_key [ MBEDTLS_MD_MAX_SIZE ]; + unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ]; + unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ]; +} mbedtls_ssl_tls1_3_early_secrets; + +typedef struct +{ + unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ]; + unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ]; +} mbedtls_ssl_tls1_3_handshake_secrets; + +typedef struct +{ + unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ]; + unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ]; + unsigned char exporter_master_secret [ MBEDTLS_MD_MAX_SIZE ]; + unsigned char resumption_master_secret [ MBEDTLS_MD_MAX_SIZE ]; +} mbedtls_ssl_tls1_3_application_secrets; + /* Maximum desired length for expanded key material generated * by HKDF-Expand-Label. * @@ -536,19 +557,4 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, */ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ); -/** - * \brief Compute TLS 1.3 handshake traffic keys. - * - * \param ssl The SSL context to operate on. This must be in - * key schedule stage \c Handshake, see - * mbedtls_ssl_tls13_key_schedule_stage_handshake(). - * \param traffic_keys The address at which to store the handshake traffic key - * keys. This must be writable but may be uninitialized. - * - * \returns \c 0 on success. - * \returns A negative error code on failure. - */ -int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, - mbedtls_ssl_key_set *traffic_keys ); - #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */