mirror of
https://github.com/ARMmbed/mbedtls.git
synced 2025-05-12 09:54:38 +08:00
Fix coding style
Signed-off-by: Max Fillinger <max@max-fillinger.net>
This commit is contained in:
Max Fillinger
Max Fillinger
parent
15f9f5e562
commit
9359f4d703
@ -5767,26 +5767,26 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
|
||||
const unsigned char *random, size_t rlen,
|
||||
unsigned char *dstbuf, size_t dlen);
|
||||
|
||||
/**
|
||||
* \brief TLS-Exporter to derive shared symmetric keys between server and client.
|
||||
*
|
||||
* \param ssl SSL context from which to export keys. Must have finished the handshake.
|
||||
* \param out Output buffer of length at least key_len bytes.
|
||||
* \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3.
|
||||
* \param label Label for which to generate the key of length label_len.
|
||||
* \param label_len Length of label in bytes. Must be < 251 in TLS 1.3.
|
||||
* \param context Context of the key. Can be NULL if context_len or use_context is 0.
|
||||
* \param context_len Length of context. Must be < 2^16 in TLS 1.2.
|
||||
* \param use_context Indicates if a context should be used in deriving the key.
|
||||
*
|
||||
* \note TLS 1.2 makes a distinction between a 0-length context and no context.
|
||||
* This is why the use_context argument exists. TLS 1.3 does not make
|
||||
* this distinction. If use_context is 0 and TLS 1.3 is used, context and
|
||||
* context_len are ignored and a 0-length context is used.
|
||||
*
|
||||
* \return 0 on success. An SSL specific error on failure.
|
||||
*/
|
||||
int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl,
|
||||
/**
|
||||
* \brief TLS-Exporter to derive shared symmetric keys between server and client.
|
||||
*
|
||||
* \param ssl SSL context from which to export keys. Must have finished the handshake.
|
||||
* \param out Output buffer of length at least key_len bytes.
|
||||
* \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3.
|
||||
* \param label Label for which to generate the key of length label_len.
|
||||
* \param label_len Length of label in bytes. Must be < 251 in TLS 1.3.
|
||||
* \param context Context of the key. Can be NULL if context_len or use_context is 0.
|
||||
* \param context_len Length of context. Must be < 2^16 in TLS 1.2.
|
||||
* \param use_context Indicates if a context should be used in deriving the key.
|
||||
*
|
||||
* \note TLS 1.2 makes a distinction between a 0-length context and no context.
|
||||
* This is why the use_context argument exists. TLS 1.3 does not make
|
||||
* this distinction. If use_context is 0 and TLS 1.3 is used, context and
|
||||
* context_len are ignored and a 0-length context is used.
|
||||
*
|
||||
* \return 0 on success. An SSL specific error on failure.
|
||||
*/
|
||||
int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl,
|
||||
uint8_t *out, const size_t key_len,
|
||||
const char *label, const size_t label_len,
|
||||
const unsigned char *context, const size_t context_len,
|
||||
|
||||
@ -10056,9 +10056,12 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl,
|
||||
|
||||
static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl,
|
||||
const mbedtls_md_type_t hash_alg,
|
||||
uint8_t *out, const size_t key_len,
|
||||
const char *label, const size_t label_len,
|
||||
const unsigned char *context, const size_t context_len,
|
||||
uint8_t *out,
|
||||
const size_t key_len,
|
||||
const char *label,
|
||||
const size_t label_len,
|
||||
const unsigned char *context,
|
||||
const size_t context_len,
|
||||
const int use_context)
|
||||
{
|
||||
int ret = 0;
|
||||
@ -10087,8 +10090,8 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s
|
||||
memcpy(prf_input, ssl->transform->randbytes + 32, 32);
|
||||
memcpy(prf_input + 32, ssl->transform->randbytes, 32);
|
||||
if (use_context) {
|
||||
prf_input[64] = (unsigned char)((context_len >> 8) & 0xff);
|
||||
prf_input[65] = (unsigned char)(context_len & 0xff);
|
||||
prf_input[64] = (unsigned char) ((context_len >> 8) & 0xff);
|
||||
prf_input[65] = (unsigned char) (context_len & 0xff);
|
||||
memcpy(prf_input + 66, context, context_len);
|
||||
}
|
||||
ret = tls_prf_generic(hash_alg, ssl->session->master, 48, label_str,
|
||||
@ -10103,9 +10106,12 @@ exit:
|
||||
|
||||
static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl,
|
||||
const mbedtls_md_type_t hash_alg,
|
||||
uint8_t *out, const size_t key_len,
|
||||
const char *label, const size_t label_len,
|
||||
const unsigned char *context, const size_t context_len)
|
||||
uint8_t *out,
|
||||
const size_t key_len,
|
||||
const char *label,
|
||||
const size_t label_len,
|
||||
const unsigned char *context,
|
||||
const size_t context_len)
|
||||
{
|
||||
const psa_algorithm_t psa_hash_alg = mbedtls_md_psa_alg_from_type(hash_alg);
|
||||
const size_t hash_len = PSA_HASH_LENGTH(hash_alg);
|
||||
@ -10116,7 +10122,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl,
|
||||
}
|
||||
|
||||
return mbedtls_ssl_tls13_exporter(psa_hash_alg, secret, hash_len,
|
||||
(const unsigned char *)label, label_len,
|
||||
(const unsigned char *) label, label_len,
|
||||
context, context_len, out, key_len);
|
||||
}
|
||||
|
||||
@ -10140,7 +10146,12 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl,
|
||||
label, label_len,
|
||||
context, context_len, use_context);
|
||||
case MBEDTLS_SSL_VERSION_TLS1_3:
|
||||
return mbedtls_ssl_tls13_export_keying_material(ssl, hash_alg, out, key_len, label, label_len,
|
||||
return mbedtls_ssl_tls13_export_keying_material(ssl,
|
||||
hash_alg,
|
||||
out,
|
||||
key_len,
|
||||
label,
|
||||
label_len,
|
||||
use_context ? context : NULL,
|
||||
use_context ? context_len : 0);
|
||||
default:
|
||||
|
||||
@ -1893,14 +1893,20 @@ int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg,
|
||||
int ret = 0;
|
||||
|
||||
ret = mbedtls_ssl_tls13_derive_secret(hash_alg, secret, secret_len, label, label_len, NULL, 0,
|
||||
MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, hash_len);
|
||||
MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret,
|
||||
hash_len);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
ret = mbedtls_ssl_tls13_derive_secret(hash_alg, hkdf_secret, hash_len,
|
||||
ret = mbedtls_ssl_tls13_derive_secret(hash_alg,
|
||||
hkdf_secret,
|
||||
hash_len,
|
||||
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter),
|
||||
context_value, context_len, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
|
||||
out, out_len);
|
||||
context_value,
|
||||
context_len,
|
||||
MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
|
||||
out,
|
||||
out_len);
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize(hkdf_secret, sizeof(hkdf_secret));
|
||||
|
||||
@ -2575,19 +2575,21 @@ usage:
|
||||
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
|
||||
|
||||
if (opt.exp_label != NULL && opt.exp_len > 0) {
|
||||
unsigned char *exported_key = calloc((size_t)opt.exp_len, sizeof(unsigned int));
|
||||
unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int));
|
||||
if (exported_key == NULL) {
|
||||
mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len);
|
||||
ret = 3;
|
||||
goto exit;
|
||||
}
|
||||
ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t)opt.exp_len,
|
||||
ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t) opt.exp_len,
|
||||
opt.exp_label, strlen(opt.exp_label),
|
||||
NULL, 0, 0);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", opt.exp_len, opt.exp_label);
|
||||
mbedtls_printf("Exporting key of length %d with label \"%s\": 0x",
|
||||
opt.exp_len,
|
||||
opt.exp_label);
|
||||
for (i = 0; i < opt.exp_len; i++) {
|
||||
mbedtls_printf("%02X", exported_key[i]);
|
||||
}
|
||||
|
||||
@ -3657,19 +3657,21 @@ handshake:
|
||||
}
|
||||
|
||||
if (opt.exp_label != NULL && opt.exp_len > 0) {
|
||||
unsigned char *exported_key = calloc((size_t)opt.exp_len, sizeof(unsigned int));
|
||||
unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int));
|
||||
if (exported_key == NULL) {
|
||||
mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len);
|
||||
ret = 3;
|
||||
goto exit;
|
||||
}
|
||||
ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t)opt.exp_len,
|
||||
ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t) opt.exp_len,
|
||||
opt.exp_label, strlen(opt.exp_label),
|
||||
NULL, 0, 0);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", opt.exp_len, opt.exp_label);
|
||||
mbedtls_printf("Exporting key of length %d with label \"%s\": 0x",
|
||||
opt.exp_len,
|
||||
opt.exp_label);
|
||||
for (i = 0; i < opt.exp_len; i++) {
|
||||
mbedtls_printf("%02X", exported_key[i]);
|
||||
}
|
||||
|
||||
@ -1983,8 +1983,8 @@ void ssl_tls13_exporter(int hash_alg,
|
||||
TEST_ASSERT(mbedtls_ssl_tls13_exporter(
|
||||
(psa_algorithm_t) hash_alg,
|
||||
secret->x, secret->len,
|
||||
(unsigned char *)label, strlen(label),
|
||||
(unsigned char *)context_value, strlen(context_value),
|
||||
(unsigned char *) label, strlen(label),
|
||||
(unsigned char *) context_value, strlen(context_value),
|
||||
dst, desired_length) == 0);
|
||||
|
||||
TEST_MEMORY_COMPARE(dst, desired_length,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user