Make variable in ssl_write_client_key_exchange() more descriptive
This commit is contained in:
parent
4a63ed421c
commit
c14a3bb5a6
1 changed files with 58 additions and 46 deletions
|
@ -3018,7 +3018,9 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
|
|||
static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
int ret;
|
||||
size_t i, n;
|
||||
|
||||
size_t header_len;
|
||||
size_t content_len;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||
ssl->transform_negotiate->ciphersuite_info;
|
||||
|
||||
|
@ -3030,16 +3032,16 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* DHM key exchange -- send G^X mod P
|
||||
*/
|
||||
n = ssl->handshake->dhm_ctx.len;
|
||||
content_len = ssl->handshake->dhm_ctx.len;
|
||||
|
||||
ssl->out_msg[4] = (unsigned char)( n >> 8 );
|
||||
ssl->out_msg[5] = (unsigned char)( n );
|
||||
i = 6;
|
||||
ssl->out_msg[4] = (unsigned char)( content_len >> 8 );
|
||||
ssl->out_msg[5] = (unsigned char)( content_len );
|
||||
header_len = 6;
|
||||
|
||||
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||
&ssl->out_msg[i], n,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||
&ssl->out_msg[header_len], content_len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
|
||||
|
@ -3050,10 +3052,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
|
||||
|
||||
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
|
||||
ssl->handshake->premaster,
|
||||
MBEDTLS_PREMASTER_SIZE,
|
||||
&ssl->handshake->pmslen,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
ssl->handshake->premaster,
|
||||
MBEDTLS_PREMASTER_SIZE,
|
||||
&ssl->handshake->pmslen,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
|
||||
return( ret );
|
||||
|
@ -3081,7 +3083,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
|
||||
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
|
||||
|
||||
i = 4;
|
||||
header_len = 4;
|
||||
|
||||
/*
|
||||
* Generate EC private key for ECDHE exchange.
|
||||
|
@ -3133,9 +3135,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
}
|
||||
|
||||
/* Copy ECPoint structure to outgoing message buffer. */
|
||||
ssl->out_msg[i] = own_pubkey_ecpoint_len;
|
||||
memcpy( ssl->out_msg + i + 1, own_pubkey_ecpoint, own_pubkey_ecpoint_len );
|
||||
n = own_pubkey_ecpoint_len + 1;
|
||||
ssl->out_msg[header_len] = own_pubkey_ecpoint_len;
|
||||
memcpy( ssl->out_msg + header_len + 1,
|
||||
own_pubkey_ecpoint, own_pubkey_ecpoint_len );
|
||||
content_len = own_pubkey_ecpoint_len + 1;
|
||||
|
||||
/* Compute ECDH shared secret. */
|
||||
status = psa_key_agreement( &generator,
|
||||
|
@ -3185,7 +3188,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* ECDH key exchange -- send client public value
|
||||
*/
|
||||
i = 4;
|
||||
header_len = 4;
|
||||
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
if( ssl->handshake->ecrs_enabled )
|
||||
|
@ -3198,8 +3201,8 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
#endif
|
||||
|
||||
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
|
||||
&n,
|
||||
&ssl->out_msg[i], 1000,
|
||||
&content_len,
|
||||
&ssl->out_msg[header_len], 1000,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
|
@ -3217,19 +3220,19 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
if( ssl->handshake->ecrs_enabled )
|
||||
{
|
||||
ssl->handshake->ecrs_n = n;
|
||||
ssl->handshake->ecrs_n = content_len;
|
||||
ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret;
|
||||
}
|
||||
|
||||
ecdh_calc_secret:
|
||||
if( ssl->handshake->ecrs_enabled )
|
||||
n = ssl->handshake->ecrs_n;
|
||||
content_len = ssl->handshake->ecrs_n;
|
||||
#endif
|
||||
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
|
||||
&ssl->handshake->pmslen,
|
||||
ssl->handshake->premaster,
|
||||
MBEDTLS_MPI_MAX_SIZE,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
&ssl->handshake->pmslen,
|
||||
ssl->handshake->premaster,
|
||||
MBEDTLS_MPI_MAX_SIZE,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
|
||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||
|
@ -3261,26 +3264,28 @@ ecdh_calc_secret:
|
|||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
i = 4;
|
||||
n = ssl->conf->psk_identity_len;
|
||||
header_len = 4;
|
||||
content_len = ssl->conf->psk_identity_len;
|
||||
|
||||
if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
||||
if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
|
||||
"SSL buffer too short" ) );
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
||||
ssl->out_msg[i++] = (unsigned char)( n );
|
||||
ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
|
||||
ssl->out_msg[header_len++] = (unsigned char)( content_len );
|
||||
|
||||
memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
|
||||
i += ssl->conf->psk_identity_len;
|
||||
memcpy( ssl->out_msg + header_len,
|
||||
ssl->conf->psk_identity,
|
||||
ssl->conf->psk_identity_len );
|
||||
header_len += ssl->conf->psk_identity_len;
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
|
||||
{
|
||||
n = 0;
|
||||
content_len = 0;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
@ -3293,7 +3298,8 @@ ecdh_calc_secret:
|
|||
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 2 ) ) != 0 )
|
||||
if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
|
||||
&content_len, 2 ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
|
@ -3310,21 +3316,22 @@ ecdh_calc_secret:
|
|||
/*
|
||||
* ClientDiffieHellmanPublic public (DHM send G^X mod P)
|
||||
*/
|
||||
n = ssl->handshake->dhm_ctx.len;
|
||||
content_len = ssl->handshake->dhm_ctx.len;
|
||||
|
||||
if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
||||
if( header_len + 2 + content_len >
|
||||
MBEDTLS_SSL_OUT_CONTENT_LEN )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
|
||||
" or SSL buffer too short" ) );
|
||||
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
ssl->out_msg[i++] = (unsigned char)( n >> 8 );
|
||||
ssl->out_msg[i++] = (unsigned char)( n );
|
||||
ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 );
|
||||
ssl->out_msg[header_len++] = (unsigned char)( content_len );
|
||||
|
||||
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
|
||||
(int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
|
||||
&ssl->out_msg[i], n,
|
||||
&ssl->out_msg[header_len], content_len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
|
@ -3346,8 +3353,10 @@ ecdh_calc_secret:
|
|||
/*
|
||||
* ClientECDiffieHellmanPublic public;
|
||||
*/
|
||||
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
|
||||
&ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i,
|
||||
ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
|
||||
&content_len,
|
||||
&ssl->out_msg[header_len],
|
||||
MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
|
@ -3388,8 +3397,9 @@ ecdh_calc_secret:
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
|
||||
{
|
||||
i = 4;
|
||||
if( ( ret = ssl_write_encrypted_pms( ssl, i, &n, 0 ) ) != 0 )
|
||||
header_len = 4;
|
||||
if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
|
||||
&content_len, 0 ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
|
@ -3397,10 +3407,12 @@ ecdh_calc_secret:
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
|
||||
{
|
||||
i = 4;
|
||||
header_len = 4;
|
||||
|
||||
ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
|
||||
ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n,
|
||||
ssl->out_msg + header_len,
|
||||
MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
|
||||
&content_len,
|
||||
ssl->conf->f_rng, ssl->conf->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
|
@ -3425,7 +3437,7 @@ ecdh_calc_secret:
|
|||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
ssl->out_msglen = i + n;
|
||||
ssl->out_msglen = header_len + content_len;
|
||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
|
||||
ssl->out_msg[0] = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
|
||||
|
||||
|
|
Loading…
Reference in a new issue