Fixes for TLS v1.3 with crypto callbacks not offloading DeriveKeyMsg, KDF HMAC and ECH.

This commit is contained in:
David Garske
2023-12-18 17:16:54 -08:00
parent 90748b5f61
commit 2001d1c74b
5 changed files with 136 additions and 31 deletions
+21 -6
View File
@@ -1195,8 +1195,8 @@ int wolfSSL_GetHmacMaxSize(void)
* out The pseudorandom key with the length that of the hash.
* returns 0 on success, otherwise failure.
*/
int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
const byte* inKey, word32 inKeySz, byte* out)
int wc_HKDF_Extract_ex(int type, const byte* salt, word32 saltSz,
const byte* inKey, word32 inKeySz, byte* out, void* heap, int devId)
{
byte tmp[WC_MAX_DIGEST_SIZE]; /* localSalt helper */
#ifdef WOLFSSL_SMALL_STACK
@@ -1228,7 +1228,7 @@ int wolfSSL_GetHmacMaxSize(void)
saltSz = hashSz;
}
ret = wc_HmacInit(myHmac, NULL, INVALID_DEVID);
ret = wc_HmacInit(myHmac, heap, devId);
if (ret == 0) {
ret = wc_HmacSetKey(myHmac, type, localSalt, saltSz);
if (ret == 0)
@@ -1244,6 +1244,13 @@ int wolfSSL_GetHmacMaxSize(void)
return ret;
}
int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
const byte* inKey, word32 inKeySz, byte* out)
{
return wc_HKDF_Extract_ex(type, salt, saltSz, inKey, inKeySz, out, NULL,
INVALID_DEVID);
}
/* HMAC-KDF-Expand.
* RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
*
@@ -1255,8 +1262,9 @@ int wolfSSL_GetHmacMaxSize(void)
* out The output keying material.
* returns 0 on success, otherwise failure.
*/
int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
const byte* info, word32 infoSz, byte* out, word32 outSz)
int wc_HKDF_Expand_ex(int type, const byte* inKey, word32 inKeySz,
const byte* info, word32 infoSz, byte* out, word32 outSz,
void* heap, int devId)
{
byte tmp[WC_MAX_DIGEST_SIZE];
#ifdef WOLFSSL_SMALL_STACK
@@ -1289,7 +1297,7 @@ int wolfSSL_GetHmacMaxSize(void)
}
#endif
ret = wc_HmacInit(myHmac, NULL, INVALID_DEVID);
ret = wc_HmacInit(myHmac, heap, devId);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC);
@@ -1334,6 +1342,13 @@ int wolfSSL_GetHmacMaxSize(void)
return ret;
}
int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
const byte* info, word32 infoSz, byte* out, word32 outSz)
{
return wc_HKDF_Expand_ex(type, inKey, inKeySz, info, infoSz, out, outSz,
NULL, INVALID_DEVID);
}
/* HMAC-KDF.
* RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
*
+39 -4
View File
@@ -362,8 +362,8 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
* digest The type of digest to use.
* returns 0 on success, otherwise failure.
*/
int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt, word32 saltLen,
byte* ikm, word32 ikmLen, int digest)
int wc_Tls13_HKDF_Extract_ex(byte* prk, const byte* salt, word32 saltLen,
byte* ikm, word32 ikmLen, int digest, void* heap, int devId)
{
int ret;
word32 len = 0;
@@ -410,7 +410,15 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
WOLFSSL_BUFFER(ikm, ikmLen);
#endif
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
ret = wc_HKDF_Extract_ex(digest, salt, saltLen, ikm, ikmLen, prk, heap,
devId);
#else
ret = wc_HKDF_Extract(digest, salt, saltLen, ikm, ikmLen, prk);
(void)heap;
(void)devId;
#endif
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG(" PRK");
@@ -420,6 +428,13 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
return ret;
}
int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt, word32 saltLen,
byte* ikm, word32 ikmLen, int digest)
{
return wc_Tls13_HKDF_Extract_ex(prk, salt, saltLen, ikm, ikmLen, digest,
NULL, INVALID_DEVID);
}
/* Expand data using HMAC, salt and label and info.
* TLS v1.3 defines this function.
*
@@ -435,12 +450,12 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
* digest The type of digest to use.
* returns 0 on success, otherwise failure.
*/
int wc_Tls13_HKDF_Expand_Label(byte* okm, word32 okmLen,
int wc_Tls13_HKDF_Expand_Label_ex(byte* okm, word32 okmLen,
const byte* prk, word32 prkLen,
const byte* protocol, word32 protocolLen,
const byte* label, word32 labelLen,
const byte* info, word32 infoLen,
int digest)
int digest, void* heap, int devId)
{
int ret = 0;
word32 idx = 0;
@@ -494,7 +509,15 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
WOLFSSL_MSG_EX(" Digest %d", digest);
#endif
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
ret = wc_HKDF_Expand_ex(digest, prk, prkLen, data, idx, okm, okmLen,
heap, devId);
#else
ret = wc_HKDF_Expand(digest, prk, prkLen, data, idx, okm, okmLen);
(void)heap;
(void)devId;
#endif
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG(" OKM");
@@ -512,6 +535,18 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
return ret;
}
int wc_Tls13_HKDF_Expand_Label(byte* okm, word32 okmLen,
const byte* prk, word32 prkLen,
const byte* protocol, word32 protocolLen,
const byte* label, word32 labelLen,
const byte* info, word32 infoLen,
int digest)
{
return wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen, protocol,
protocolLen, label, labelLen, info, infoLen, digest,
NULL, INVALID_DEVID);
}
#if defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
/* Expand data using HMAC, salt and label and info.