feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

dtls13: export functions

Browse Source 
They will be used by DTLSv1.3 code
This commit is contained in:
Marco Oliverio
2022-05-20 09:59:26 +02:00
committed by David Garske
parent d8ac35579c
commit 7586851734
3 changed files with 34 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/internal.c
View File

@ -189,7 +189,6 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
#endif
#endif
static int cipherExtraData(WOLFSSL* ssl);
#ifdef WOLFSSL_DTLS
static WC_INLINE int DtlsCheckWindow(WOLFSSL* ssl);
@ -9575,7 +9574,7 @@ static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif
#ifdef WOLFSSL_DTLS
static int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input,
int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input,
word32* inOutIdx, byte *type, word32 *size,
word32 *fragOffset, word32 *fragSz,
word32 totalSz)
@ -14960,7 +14959,7 @@ static WC_INLINE int DtlsUpdateWindow(WOLFSSL* ssl)
}
static int DtlsMsgDrain(WOLFSSL* ssl)
int DtlsMsgDrain(WOLFSSL* ssl)
{
DtlsMsg* item = ssl->dtls_rx_msg_list;
int ret = 0;
@ -19413,7 +19412,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
#endif
#endif /* !NO_WOLFSSL_SERVER */
static int cipherExtraData(WOLFSSL* ssl)
int cipherExtraData(WOLFSSL* ssl)
{
int cipherExtra;
/* Cipher data that may be added by BuildMessage */

28
src/tls13.c
View File

@ -261,7 +261,7 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
* includeMsgs Whether to include a hash of the handshake messages so far.
* returns 0 on success, otherwise failure.
*/
static int DeriveKey(WOLFSSL* ssl, byte* output, int outputLen,
int Tls13DeriveKey(WOLFSSL* ssl, byte* output, int outputLen,
const byte* secret, const byte* label, word32 labelLen,
int hashAlgo, int includeMsgs)
{
@ -441,7 +441,7 @@ static int DeriveEarlyTrafficSecret(WOLFSSL* ssl, byte* key)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
ret = DeriveKey(ssl, key, -1, ssl->arrays->secret,
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->secret,
earlyTrafficLabel, EARLY_TRAFFIC_LABEL_SZ,
ssl->specs.mac_algorithm, 1);
#ifdef HAVE_SECRET_CALLBACK
@ -486,7 +486,7 @@ static int DeriveClientHandshakeSecret(WOLFSSL* ssl, byte* key)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
ret = DeriveKey(ssl, key, -1, ssl->arrays->preMasterSecret,
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->preMasterSecret,
clientHandshakeLabel, CLIENT_HANDSHAKE_LABEL_SZ,
ssl->specs.mac_algorithm, 1);
#ifdef HAVE_SECRET_CALLBACK
@ -529,7 +529,7 @@ static int DeriveServerHandshakeSecret(WOLFSSL* ssl, byte* key)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
ret = DeriveKey(ssl, key, -1, ssl->arrays->preMasterSecret,
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->preMasterSecret,
serverHandshakeLabel, SERVER_HANDSHAKE_LABEL_SZ,
ssl->specs.mac_algorithm, 1);
#ifdef HAVE_SECRET_CALLBACK
@ -572,7 +572,7 @@ static int DeriveClientTrafficSecret(WOLFSSL* ssl, byte* key)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
ret = DeriveKey(ssl, key, -1, ssl->arrays->masterSecret,
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->masterSecret,
clientAppLabel, CLIENT_APP_LABEL_SZ,
ssl->specs.mac_algorithm, 1);
#ifdef HAVE_SECRET_CALLBACK
@ -615,7 +615,7 @@ static int DeriveServerTrafficSecret(WOLFSSL* ssl, byte* key)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
ret = DeriveKey(ssl, key, -1, ssl->arrays->masterSecret,
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->masterSecret,
serverAppLabel, SERVER_APP_LABEL_SZ,
ssl->specs.mac_algorithm, 1);
#ifdef HAVE_SECRET_CALLBACK
@ -659,7 +659,7 @@ static int DeriveExporterSecret(WOLFSSL* ssl, byte* key)
if (ssl == NULL || ssl->arrays == NULL) {
return BAD_FUNC_ARG;
}
ret = DeriveKey(ssl, key, -1, ssl->arrays->masterSecret,
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->masterSecret,
exporterMasterLabel, EXPORTER_MASTER_LABEL_SZ,
ssl->specs.mac_algorithm, 1);
#ifdef HAVE_SECRET_CALLBACK
@ -813,7 +813,7 @@ int DeriveResumptionSecret(WOLFSSL* ssl, byte* key)
else {
masterSecret = ssl->session->masterSecret;
}
return DeriveKey(ssl, key, -1, masterSecret, resumeMasterLabel,
return Tls13DeriveKey(ssl, key, -1, masterSecret, resumeMasterLabel,
RESUME_MASTER_LABEL_SZ, ssl->specs.mac_algorithm, 1);
}
#endif
@ -832,7 +832,7 @@ static const byte finishedLabel[FINISHED_LABEL_SZ+1] = "finished";
static int DeriveFinishedSecret(WOLFSSL* ssl, byte* key, byte* secret)
{
WOLFSSL_MSG("Derive Finished Secret");
return DeriveKey(ssl, secret, -1, key, finishedLabel, FINISHED_LABEL_SZ,
return Tls13DeriveKey(ssl, secret, -1, key, finishedLabel, FINISHED_LABEL_SZ,
ssl->specs.mac_algorithm, 0);
}
@ -851,7 +851,7 @@ static const byte appTrafficLabel[APP_TRAFFIC_LABEL_SZ + 1] =
static int DeriveTrafficSecret(WOLFSSL* ssl, byte* secret)
{
WOLFSSL_MSG("Derive New Application Traffic Secret");
return DeriveKey(ssl, secret, -1, secret,
return Tls13DeriveKey(ssl, secret, -1, secret,
appTrafficLabel, APP_TRAFFIC_LABEL_SZ,
ssl->specs.mac_algorithm, 0);
}
@ -1220,7 +1220,7 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
if (provision & PROVISION_CLIENT) {
/* Derive the client key. */
WOLFSSL_MSG("Derive Client Key");
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
ret = Tls13DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
ssl->clientSecret, writeKeyLabel,
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)
@ -1231,7 +1231,7 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
if (provision & PROVISION_SERVER) {
/* Derive the server key. */
WOLFSSL_MSG("Derive Server Key");
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
ret = Tls13DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
ssl->serverSecret, writeKeyLabel,
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)
@ -1242,7 +1242,7 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
if (provision & PROVISION_CLIENT) {
/* Derive the client IV. */
WOLFSSL_MSG("Derive Client IV");
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
ret = Tls13DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
ssl->clientSecret, writeIVLabel,
WRITE_IV_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)
@ -1253,7 +1253,7 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
if (provision & PROVISION_SERVER) {
/* Derive the server IV. */
WOLFSSL_MSG("Derive Server IV");
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
ret = Tls13DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
ssl->serverSecret, writeIVLabel,
WRITE_IV_LABEL_SZ, ssl->specs.mac_algorithm, 0);
if (ret != 0)

10
wolfssl/internal.h
View File

@ -1799,6 +1799,10 @@ WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
word32* inOutIdx, word32 helloSz,
byte* extMsgType);
WOLFSSL_LOCAL int RestartHandshakeHash(WOLFSSL* ssl);
WOLFSSL_LOCAL int Tls13DeriveKey(WOLFSSL *ssl, byte *output, int outputLen,
const byte *secret, const byte *label, word32 labelLen, int hashAlgo,
int includeMsgs);
#endif
int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
int pLen, int content);
@ -4989,6 +4993,8 @@ WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret);
#endif
#endif
WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
#ifndef NO_WOLFSSL_CLIENT
WOLFSSL_LOCAL int SendClientHello(WOLFSSL* ssl);
#ifdef WOLFSSL_TLS13
@ -5027,6 +5033,10 @@ WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret);
WOLFSSL_LOCAL int VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* item);
WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL* ssl);
WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket);
WOLFSSL_LOCAL int GetDtlsHandShakeHeader(WOLFSSL *ssl, const byte *input,
word32 *inOutIdx, byte *type, word32 *size, word32 *fragOffset,
word32 *fragSz, word32 totalSz);
WOLFSSL_LOCAL int DtlsMsgDrain(WOLFSSL *ssl);
#endif /* WOLFSSL_DTLS */
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)