mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-13 08:23:50 +08:00
Update TLS 1.3 Key Schedule
This commit is contained in:
Zhi Guan
@@ -1040,7 +1040,10 @@ typedef struct {
|
||||
|
||||
uint8_t key_block[96];
|
||||
|
||||
|
||||
uint8_t early_secret[32];
|
||||
uint8_t client_early_traffic_secret[32];
|
||||
|
||||
uint8_t handshake_secret[32];
|
||||
uint8_t client_handshake_traffic_secret[32];
|
||||
uint8_t server_handshake_traffic_secret[32];
|
||||
@@ -1048,6 +1051,7 @@ typedef struct {
|
||||
uint8_t server_application_traffic_secret[32];
|
||||
|
||||
|
||||
|
||||
SM2_SIGN_CTX sign_ctx;
|
||||
TLS_CLIENT_VERIFY_CTX client_verify_ctx;
|
||||
|
||||
@@ -1483,10 +1487,7 @@ int tls13_record_print(FILE *fp, int format, int indent, const uint8_t *record,
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#define TLS13_IV_SIZE 12
|
||||
|
||||
|
||||
|
||||
@@ -1637,8 +1638,10 @@ int tls13_verify_certificate_verify(int tls_mode, int sig_alg,
|
||||
int tls13_compute_verify_data(const uint8_t *handshake_traffic_secret,
|
||||
const DIGEST_CTX *dgst_ctx, uint8_t *verify_data, size_t *verify_data_len);
|
||||
|
||||
int tls13_generate_early_data_keys(TLS_CONNECT *conn);
|
||||
int tls13_generate_early_secrets(TLS_CONNECT *conn);
|
||||
|
||||
int tls13_update_client_handshake_keys(TLS_CONNECT *conn);
|
||||
int tls13_update_server_handshake_keys(TLS_CONNECT *conn);
|
||||
|
||||
|
||||
|
||||
|
||||
1494
src/tls13.c
1494
src/tls13.c
File diff suppressed because it is too large
Load Diff
@@ -1758,59 +1758,6 @@ int tls13_set_max_early_data_size(TLS_CONNECT *conn, size_t max_early_data_size)
|
||||
}
|
||||
|
||||
|
||||
// 不应该弄一个独立的函数
|
||||
int tls13_psk_keys_get_first(const uint8_t *keys, size_t keyslen, const uint8_t **key, size_t *keylen)
|
||||
{
|
||||
if (tls_uint8array_from_bytes(key, keylen, &keys, &keyslen) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
// 这个函数和密码计算有关,应该放到外面
|
||||
int tls13_generate_early_data_keys(TLS_CONNECT *conn)
|
||||
{
|
||||
uint8_t zeros[32] = {0};
|
||||
const uint8_t *first_psk;
|
||||
size_t first_psk_len;
|
||||
uint8_t early_secret[32];
|
||||
uint8_t client_early_traffic_secret[32];
|
||||
uint8_t client_write_key[16];
|
||||
|
||||
if (tls13_cipher_suite_get(conn->psk_cipher_suites[0], &conn->cipher, &conn->digest) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (digest_init(&conn->dgst_ctx, conn->digest) != 1
|
||||
|| digest_update(&conn->dgst_ctx, conn->record + 5, conn->recordlen - 5) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
|
||||
// early_data always encrypted with the first psk
|
||||
if (tls13_psk_keys_get_first(conn->psk_keys, conn->psk_keys_len, &first_psk, &first_psk_len) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
|
||||
// psk => client_early_traffic_secret
|
||||
tls13_hkdf_extract(conn->digest, zeros, first_psk, early_secret);
|
||||
tls13_derive_secret(early_secret, "c e traffic", &conn->dgst_ctx, client_early_traffic_secret);
|
||||
tls13_hkdf_expand_label(conn->digest, client_early_traffic_secret, "key", NULL, 0, 16, client_write_key);
|
||||
block_cipher_set_encrypt_key(&conn->client_write_key, conn->cipher, client_write_key);
|
||||
tls13_hkdf_expand_label(conn->digest, client_early_traffic_secret, "iv", NULL, 0, 12, conn->client_write_iv);
|
||||
tls_seq_num_reset(conn->client_seq_num);
|
||||
|
||||
format_print(stderr, 0, 0, "client_write_key/iv <= client_early_traffic_secret\n");
|
||||
format_bytes(stderr, 0, 4, "client_early_traffic_secret", client_early_traffic_secret, 32);
|
||||
format_bytes(stderr, 0, 4, "client_write_key", client_write_key, 16);
|
||||
format_bytes(stderr, 0, 4, "client_write_iv", conn->client_write_iv, 12);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -624,8 +624,6 @@ bad:
|
||||
fflush(stdout);
|
||||
|
||||
|
||||
format_bytes(stderr, 0, 0, "tls13_recv return", buf, len);
|
||||
|
||||
|
||||
// FIXME: change tls13_recv API
|
||||
/*
|
||||
@@ -654,11 +652,6 @@ bad:
|
||||
sent_len = strlen(send_buf) + 1;
|
||||
sent_offset = 0;
|
||||
|
||||
fprintf(stderr, "###############################\n");
|
||||
fprintf(stderr, "sentlen = %zu\n", sentlen);
|
||||
format_bytes(stderr, 0, 0, "send hex", send_buf, sent_len);
|
||||
fprintf(stderr, "sent_len = %zu\n", sent_len);
|
||||
fprintf(stderr, "sent_offset = %zu\n", sent_offset);
|
||||
}
|
||||
|
||||
if (sent_len > 0 && FD_ISSET(conn.sock, &fds_send)) {
|
||||
@@ -677,14 +670,9 @@ bad:
|
||||
|
||||
sent_offset += sentlen;
|
||||
sent_len -= sentlen;
|
||||
fprintf(stderr, "###############################\n");
|
||||
fprintf(stderr, "sentlen = %zu\n", sentlen);
|
||||
fprintf(stderr, "sent_len = %zu\n", sent_len);
|
||||
fprintf(stderr, "sent_offset = %zu\n", sent_offset);
|
||||
}
|
||||
|
||||
fprintf(stderr, "\n\n\n\n");
|
||||
|
||||
fprintf(stderr, "\n");
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -785,7 +785,7 @@ restart:
|
||||
|
||||
|
||||
|
||||
fprintf(stderr, "\n\n\n\n");
|
||||
fprintf(stderr, "\n");
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user