From 9359f4d70312adb1405d6611e25e1a4e1521c93c Mon Sep 17 00:00:00 2001 From: Max Fillinger Date: Sat, 21 Sep 2024 10:48:57 +0200 Subject: [PATCH] Fix coding style Signed-off-by: Max Fillinger --- include/mbedtls/ssl.h | 40 ++++++++++++++-------------- library/ssl_tls.c | 31 ++++++++++++++------- library/ssl_tls13_keys.c | 14 +++++++--- programs/ssl/ssl_client2.c | 8 +++--- programs/ssl/ssl_server2.c | 8 +++--- tests/suites/test_suite_ssl.function | 4 +-- 6 files changed, 63 insertions(+), 42 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5dc3d526e..ccc562ea6 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5767,26 +5767,26 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen); - /** - * \brief TLS-Exporter to derive shared symmetric keys between server and client. - * - * \param ssl SSL context from which to export keys. Must have finished the handshake. - * \param out Output buffer of length at least key_len bytes. - * \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3. - * \param label Label for which to generate the key of length label_len. - * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. - * \param context Context of the key. Can be NULL if context_len or use_context is 0. - * \param context_len Length of context. Must be < 2^16 in TLS 1.2. - * \param use_context Indicates if a context should be used in deriving the key. - * - * \note TLS 1.2 makes a distinction between a 0-length context and no context. - * This is why the use_context argument exists. TLS 1.3 does not make - * this distinction. If use_context is 0 and TLS 1.3 is used, context and - * context_len are ignored and a 0-length context is used. - * - * \return 0 on success. An SSL specific error on failure. - */ - int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, +/** + * \brief TLS-Exporter to derive shared symmetric keys between server and client. + * + * \param ssl SSL context from which to export keys. Must have finished the handshake. + * \param out Output buffer of length at least key_len bytes. + * \param key_len Length of the key to generate in bytes. Must be < 2^16 in TLS 1.3. + * \param label Label for which to generate the key of length label_len. + * \param label_len Length of label in bytes. Must be < 251 in TLS 1.3. + * \param context Context of the key. Can be NULL if context_len or use_context is 0. + * \param context_len Length of context. Must be < 2^16 in TLS 1.2. + * \param use_context Indicates if a context should be used in deriving the key. + * + * \note TLS 1.2 makes a distinction between a 0-length context and no context. + * This is why the use_context argument exists. TLS 1.3 does not make + * this distinction. If use_context is 0 and TLS 1.3 is used, context and + * context_len are ignored and a 0-length context is used. + * + * \return 0 on success. An SSL specific error on failure. + */ +int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, uint8_t *out, const size_t key_len, const char *label, const size_t label_len, const unsigned char *context, const size_t context_len, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9e4cf3ec9..a109cfc39 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -10056,9 +10056,12 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl, static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg, - uint8_t *out, const size_t key_len, - const char *label, const size_t label_len, - const unsigned char *context, const size_t context_len, + uint8_t *out, + const size_t key_len, + const char *label, + const size_t label_len, + const unsigned char *context, + const size_t context_len, const int use_context) { int ret = 0; @@ -10087,8 +10090,8 @@ static int mbedtls_ssl_tls12_export_keying_material(const mbedtls_ssl_context *s memcpy(prf_input, ssl->transform->randbytes + 32, 32); memcpy(prf_input + 32, ssl->transform->randbytes, 32); if (use_context) { - prf_input[64] = (unsigned char)((context_len >> 8) & 0xff); - prf_input[65] = (unsigned char)(context_len & 0xff); + prf_input[64] = (unsigned char) ((context_len >> 8) & 0xff); + prf_input[65] = (unsigned char) (context_len & 0xff); memcpy(prf_input + 66, context, context_len); } ret = tls_prf_generic(hash_alg, ssl->session->master, 48, label_str, @@ -10103,9 +10106,12 @@ exit: static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, const mbedtls_md_type_t hash_alg, - uint8_t *out, const size_t key_len, - const char *label, const size_t label_len, - const unsigned char *context, const size_t context_len) + uint8_t *out, + const size_t key_len, + const char *label, + const size_t label_len, + const unsigned char *context, + const size_t context_len) { const psa_algorithm_t psa_hash_alg = mbedtls_md_psa_alg_from_type(hash_alg); const size_t hash_len = PSA_HASH_LENGTH(hash_alg); @@ -10116,7 +10122,7 @@ static int mbedtls_ssl_tls13_export_keying_material(mbedtls_ssl_context *ssl, } return mbedtls_ssl_tls13_exporter(psa_hash_alg, secret, hash_len, - (const unsigned char *)label, label_len, + (const unsigned char *) label, label_len, context, context_len, out, key_len); } @@ -10140,7 +10146,12 @@ int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl, label, label_len, context, context_len, use_context); case MBEDTLS_SSL_VERSION_TLS1_3: - return mbedtls_ssl_tls13_export_keying_material(ssl, hash_alg, out, key_len, label, label_len, + return mbedtls_ssl_tls13_export_keying_material(ssl, + hash_alg, + out, + key_len, + label, + label_len, use_context ? context : NULL, use_context ? context_len : 0); default: diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 9098418af..e0a866944 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1893,14 +1893,20 @@ int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg, int ret = 0; ret = mbedtls_ssl_tls13_derive_secret(hash_alg, secret, secret_len, label, label_len, NULL, 0, - MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, hash_len); + MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, + hash_len); if (ret != 0) { goto exit; } - ret = mbedtls_ssl_tls13_derive_secret(hash_alg, hkdf_secret, hash_len, + ret = mbedtls_ssl_tls13_derive_secret(hash_alg, + hkdf_secret, + hash_len, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter), - context_value, context_len, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, - out, out_len); + context_value, + context_len, + MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, + out, + out_len); exit: mbedtls_platform_zeroize(hkdf_secret, sizeof(hkdf_secret)); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index c7655ca9e..d12d4477e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2575,19 +2575,21 @@ usage: #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ if (opt.exp_label != NULL && opt.exp_len > 0) { - unsigned char *exported_key = calloc((size_t)opt.exp_len, sizeof(unsigned int)); + unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); ret = 3; goto exit; } - ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t)opt.exp_len, + ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t) opt.exp_len, opt.exp_label, strlen(opt.exp_label), NULL, 0, 0); if (ret != 0) { goto exit; } - mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", opt.exp_len, opt.exp_label); + mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", + opt.exp_len, + opt.exp_label); for (i = 0; i < opt.exp_len; i++) { mbedtls_printf("%02X", exported_key[i]); } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 01be48ab7..1d6cc121d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3657,19 +3657,21 @@ handshake: } if (opt.exp_label != NULL && opt.exp_len > 0) { - unsigned char *exported_key = calloc((size_t)opt.exp_len, sizeof(unsigned int)); + unsigned char *exported_key = calloc((size_t) opt.exp_len, sizeof(unsigned int)); if (exported_key == NULL) { mbedtls_printf("Could not allocate %d bytes\n", opt.exp_len); ret = 3; goto exit; } - ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t)opt.exp_len, + ret = mbedtls_ssl_export_keying_material(&ssl, exported_key, (size_t) opt.exp_len, opt.exp_label, strlen(opt.exp_label), NULL, 0, 0); if (ret != 0) { goto exit; } - mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", opt.exp_len, opt.exp_label); + mbedtls_printf("Exporting key of length %d with label \"%s\": 0x", + opt.exp_len, + opt.exp_label); for (i = 0; i < opt.exp_len; i++) { mbedtls_printf("%02X", exported_key[i]); } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 85a6e5d7c..d2aec0685 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1983,8 +1983,8 @@ void ssl_tls13_exporter(int hash_alg, TEST_ASSERT(mbedtls_ssl_tls13_exporter( (psa_algorithm_t) hash_alg, secret->x, secret->len, - (unsigned char *)label, strlen(label), - (unsigned char *)context_value, strlen(context_value), + (unsigned char *) label, strlen(label), + (unsigned char *) context_value, strlen(context_value), dst, desired_length) == 0); TEST_MEMORY_COMPARE(dst, desired_length,