mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-30 18:57:27 +02:00
dtls13: export functions
They will be used by DTLSv1.3 code
This commit is contained in:
Marco Oliverio
committed by
David Garske
David Garske
parent
d8ac35579c
commit
7586851734
@ -189,7 +189,6 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
|
||||
#endif
|
||||
#endif
|
||||
|
||||
static int cipherExtraData(WOLFSSL* ssl);
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
static WC_INLINE int DtlsCheckWindow(WOLFSSL* ssl);
|
||||
@ -9575,10 +9574,10 @@ static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_DTLS
|
||||
static int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input,
|
||||
word32* inOutIdx, byte *type, word32 *size,
|
||||
word32 *fragOffset, word32 *fragSz,
|
||||
word32 totalSz)
|
||||
int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input,
|
||||
word32* inOutIdx, byte *type, word32 *size,
|
||||
word32 *fragOffset, word32 *fragSz,
|
||||
word32 totalSz)
|
||||
{
|
||||
word32 idx = *inOutIdx;
|
||||
|
||||
@ -14960,7 +14959,7 @@ static WC_INLINE int DtlsUpdateWindow(WOLFSSL* ssl)
|
||||
}
|
||||
|
||||
|
||||
static int DtlsMsgDrain(WOLFSSL* ssl)
|
||||
int DtlsMsgDrain(WOLFSSL* ssl)
|
||||
{
|
||||
DtlsMsg* item = ssl->dtls_rx_msg_list;
|
||||
int ret = 0;
|
||||
@ -19413,7 +19412,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest,
|
||||
#endif
|
||||
#endif /* !NO_WOLFSSL_SERVER */
|
||||
|
||||
static int cipherExtraData(WOLFSSL* ssl)
|
||||
int cipherExtraData(WOLFSSL* ssl)
|
||||
{
|
||||
int cipherExtra;
|
||||
/* Cipher data that may be added by BuildMessage */
|
||||
|
||||
36
src/tls13.c
36
src/tls13.c
@ -261,9 +261,9 @@ static int DeriveKeyMsg(WOLFSSL* ssl, byte* output, int outputLen,
|
||||
* includeMsgs Whether to include a hash of the handshake messages so far.
|
||||
* returns 0 on success, otherwise failure.
|
||||
*/
|
||||
static int DeriveKey(WOLFSSL* ssl, byte* output, int outputLen,
|
||||
const byte* secret, const byte* label, word32 labelLen,
|
||||
int hashAlgo, int includeMsgs)
|
||||
int Tls13DeriveKey(WOLFSSL* ssl, byte* output, int outputLen,
|
||||
const byte* secret, const byte* label, word32 labelLen,
|
||||
int hashAlgo, int includeMsgs)
|
||||
{
|
||||
int ret = 0;
|
||||
byte hash[WC_MAX_DIGEST_SIZE];
|
||||
@ -441,7 +441,7 @@ static int DeriveEarlyTrafficSecret(WOLFSSL* ssl, byte* key)
|
||||
if (ssl == NULL || ssl->arrays == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
ret = DeriveKey(ssl, key, -1, ssl->arrays->secret,
|
||||
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->secret,
|
||||
earlyTrafficLabel, EARLY_TRAFFIC_LABEL_SZ,
|
||||
ssl->specs.mac_algorithm, 1);
|
||||
#ifdef HAVE_SECRET_CALLBACK
|
||||
@ -486,7 +486,7 @@ static int DeriveClientHandshakeSecret(WOLFSSL* ssl, byte* key)
|
||||
if (ssl == NULL || ssl->arrays == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
ret = DeriveKey(ssl, key, -1, ssl->arrays->preMasterSecret,
|
||||
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->preMasterSecret,
|
||||
clientHandshakeLabel, CLIENT_HANDSHAKE_LABEL_SZ,
|
||||
ssl->specs.mac_algorithm, 1);
|
||||
#ifdef HAVE_SECRET_CALLBACK
|
||||
@ -529,7 +529,7 @@ static int DeriveServerHandshakeSecret(WOLFSSL* ssl, byte* key)
|
||||
if (ssl == NULL || ssl->arrays == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
ret = DeriveKey(ssl, key, -1, ssl->arrays->preMasterSecret,
|
||||
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->preMasterSecret,
|
||||
serverHandshakeLabel, SERVER_HANDSHAKE_LABEL_SZ,
|
||||
ssl->specs.mac_algorithm, 1);
|
||||
#ifdef HAVE_SECRET_CALLBACK
|
||||
@ -572,7 +572,7 @@ static int DeriveClientTrafficSecret(WOLFSSL* ssl, byte* key)
|
||||
if (ssl == NULL || ssl->arrays == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
ret = DeriveKey(ssl, key, -1, ssl->arrays->masterSecret,
|
||||
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->masterSecret,
|
||||
clientAppLabel, CLIENT_APP_LABEL_SZ,
|
||||
ssl->specs.mac_algorithm, 1);
|
||||
#ifdef HAVE_SECRET_CALLBACK
|
||||
@ -615,7 +615,7 @@ static int DeriveServerTrafficSecret(WOLFSSL* ssl, byte* key)
|
||||
if (ssl == NULL || ssl->arrays == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
ret = DeriveKey(ssl, key, -1, ssl->arrays->masterSecret,
|
||||
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->masterSecret,
|
||||
serverAppLabel, SERVER_APP_LABEL_SZ,
|
||||
ssl->specs.mac_algorithm, 1);
|
||||
#ifdef HAVE_SECRET_CALLBACK
|
||||
@ -659,9 +659,9 @@ static int DeriveExporterSecret(WOLFSSL* ssl, byte* key)
|
||||
if (ssl == NULL || ssl->arrays == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
ret = DeriveKey(ssl, key, -1, ssl->arrays->masterSecret,
|
||||
exporterMasterLabel, EXPORTER_MASTER_LABEL_SZ,
|
||||
ssl->specs.mac_algorithm, 1);
|
||||
ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->masterSecret,
|
||||
exporterMasterLabel, EXPORTER_MASTER_LABEL_SZ,
|
||||
ssl->specs.mac_algorithm, 1);
|
||||
#ifdef HAVE_SECRET_CALLBACK
|
||||
if (ret == 0 && ssl->tls13SecretCb != NULL) {
|
||||
ret = ssl->tls13SecretCb(ssl, EXPORTER_SECRET, key,
|
||||
@ -813,7 +813,7 @@ int DeriveResumptionSecret(WOLFSSL* ssl, byte* key)
|
||||
else {
|
||||
masterSecret = ssl->session->masterSecret;
|
||||
}
|
||||
return DeriveKey(ssl, key, -1, masterSecret, resumeMasterLabel,
|
||||
return Tls13DeriveKey(ssl, key, -1, masterSecret, resumeMasterLabel,
|
||||
RESUME_MASTER_LABEL_SZ, ssl->specs.mac_algorithm, 1);
|
||||
}
|
||||
#endif
|
||||
@ -832,7 +832,7 @@ static const byte finishedLabel[FINISHED_LABEL_SZ+1] = "finished";
|
||||
static int DeriveFinishedSecret(WOLFSSL* ssl, byte* key, byte* secret)
|
||||
{
|
||||
WOLFSSL_MSG("Derive Finished Secret");
|
||||
return DeriveKey(ssl, secret, -1, key, finishedLabel, FINISHED_LABEL_SZ,
|
||||
return Tls13DeriveKey(ssl, secret, -1, key, finishedLabel, FINISHED_LABEL_SZ,
|
||||
ssl->specs.mac_algorithm, 0);
|
||||
}
|
||||
|
||||
@ -851,7 +851,7 @@ static const byte appTrafficLabel[APP_TRAFFIC_LABEL_SZ + 1] =
|
||||
static int DeriveTrafficSecret(WOLFSSL* ssl, byte* secret)
|
||||
{
|
||||
WOLFSSL_MSG("Derive New Application Traffic Secret");
|
||||
return DeriveKey(ssl, secret, -1, secret,
|
||||
return Tls13DeriveKey(ssl, secret, -1, secret,
|
||||
appTrafficLabel, APP_TRAFFIC_LABEL_SZ,
|
||||
ssl->specs.mac_algorithm, 0);
|
||||
}
|
||||
@ -1220,7 +1220,7 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
|
||||
if (provision & PROVISION_CLIENT) {
|
||||
/* Derive the client key. */
|
||||
WOLFSSL_MSG("Derive Client Key");
|
||||
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
|
||||
ret = Tls13DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
|
||||
ssl->clientSecret, writeKeyLabel,
|
||||
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
|
||||
if (ret != 0)
|
||||
@ -1231,7 +1231,7 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
|
||||
if (provision & PROVISION_SERVER) {
|
||||
/* Derive the server key. */
|
||||
WOLFSSL_MSG("Derive Server Key");
|
||||
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
|
||||
ret = Tls13DeriveKey(ssl, &key_dig[i], ssl->specs.key_size,
|
||||
ssl->serverSecret, writeKeyLabel,
|
||||
WRITE_KEY_LABEL_SZ, ssl->specs.mac_algorithm, 0);
|
||||
if (ret != 0)
|
||||
@ -1242,7 +1242,7 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
|
||||
if (provision & PROVISION_CLIENT) {
|
||||
/* Derive the client IV. */
|
||||
WOLFSSL_MSG("Derive Client IV");
|
||||
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
|
||||
ret = Tls13DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
|
||||
ssl->clientSecret, writeIVLabel,
|
||||
WRITE_IV_LABEL_SZ, ssl->specs.mac_algorithm, 0);
|
||||
if (ret != 0)
|
||||
@ -1253,7 +1253,7 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
|
||||
if (provision & PROVISION_SERVER) {
|
||||
/* Derive the server IV. */
|
||||
WOLFSSL_MSG("Derive Server IV");
|
||||
ret = DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
|
||||
ret = Tls13DeriveKey(ssl, &key_dig[i], ssl->specs.iv_size,
|
||||
ssl->serverSecret, writeIVLabel,
|
||||
WRITE_IV_LABEL_SZ, ssl->specs.mac_algorithm, 0);
|
||||
if (ret != 0)
|
||||
|
||||
@ -1799,6 +1799,10 @@ WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
|
||||
word32* inOutIdx, word32 helloSz,
|
||||
byte* extMsgType);
|
||||
WOLFSSL_LOCAL int RestartHandshakeHash(WOLFSSL* ssl);
|
||||
|
||||
WOLFSSL_LOCAL int Tls13DeriveKey(WOLFSSL *ssl, byte *output, int outputLen,
|
||||
const byte *secret, const byte *label, word32 labelLen, int hashAlgo,
|
||||
int includeMsgs);
|
||||
#endif
|
||||
int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz,
|
||||
int pLen, int content);
|
||||
@ -4989,6 +4993,8 @@ WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl);
|
||||
|
||||
#ifndef NO_WOLFSSL_CLIENT
|
||||
WOLFSSL_LOCAL int SendClientHello(WOLFSSL* ssl);
|
||||
#ifdef WOLFSSL_TLS13
|
||||
@ -5027,6 +5033,10 @@ WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret);
|
||||
WOLFSSL_LOCAL int VerifyForTxDtlsMsgDelete(WOLFSSL* ssl, DtlsMsg* item);
|
||||
WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL* ssl);
|
||||
WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket);
|
||||
WOLFSSL_LOCAL int GetDtlsHandShakeHeader(WOLFSSL *ssl, const byte *input,
|
||||
word32 *inOutIdx, byte *type, word32 *size, word32 *fragOffset,
|
||||
word32 *fragSz, word32 totalSz);
|
||||
WOLFSSL_LOCAL int DtlsMsgDrain(WOLFSSL *ssl);
|
||||
#endif /* WOLFSSL_DTLS */
|
||||
|
||||
#if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS)
|
||||
|
||||
Reference in New Issue
Block a user