Implement extended master secret

parent 367381fd
......@@ -2326,12 +2326,6 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
}
if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
return( ret );
}
ssl->out_msglen = i + n;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = SSL_HS_CLIENT_KEY_EXCHANGE;
......@@ -2356,9 +2350,16 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
static int ssl_write_certificate_verify( ssl_context *ssl )
{
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
int ret;
SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
return( ret );
}
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
......@@ -2385,6 +2386,12 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
{
SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
return( ret );
}
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
......
......@@ -472,13 +472,45 @@ int ssl_derive_keys( ssl_context *ssl )
#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
if( ssl->handshake->extended_ms == SSL_EXTENDED_MS_ENABLED )
{
unsigned char session_hash[48];
size_t hash_len;
SSL_DEBUG_MSG( 3, ( "using extended master secret" ) );
// XXX to be continued, WIP
ssl->handshake->calc_verify( ssl, session_hash );
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
{
#if defined(POLARSSL_SHA512_C)
if( ssl->transform_negotiate->ciphersuite_info->mac ==
POLARSSL_MD_SHA384 )
{
hash_len = 48;
}
else
#endif
hash_len = 32;
}
else
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
hash_len = 36;
SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len );
handshake->tls_prf( handshake->premaster, handshake->pmslen,
"extended master secret",
session_hash, hash_len, session->master, 48 );
}
else
#endif
handshake->tls_prf( handshake->premaster, handshake->pmslen,
"master secret",
handshake->randbytes, 64, session->master, 48 );
polarssl_zeroize( handshake->premaster, sizeof(handshake->premaster) );
}
else
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment