Lines Matching refs:handshake
141 if (ssl->handshake->psa_pake_ctx_is_ok != 1) {
145 if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) {
163 if (ssl->handshake->ecjpake_cache == NULL ||
164 ssl->handshake->ecjpake_cache_len == 0) {
168 ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
172 psa_destroy_key(ssl->handshake->psa_pake_password);
173 psa_pake_abort(&ssl->handshake->psa_pake_ctx);
178 ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx,
188 ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len);
189 if (ssl->handshake->ecjpake_cache == NULL) {
194 memcpy(ssl->handshake->ecjpake_cache, p + 2, kkpp_len);
195 ssl->handshake->ecjpake_cache_len = kkpp_len;
199 kkpp_len = ssl->handshake->ecjpake_cache_len;
202 memcpy(p + 2, ssl->handshake->ecjpake_cache, kkpp_len);
723 ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
724 ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
725 memcpy(ssl->handshake->peer_cid, buf, peer_cid_len);
778 ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
803 ssl->handshake->new_session_ticket = 1;
834 ssl->handshake->ecdh_ctx.point_format = p[0];
838 mbedtls_ecjpake_set_point_format(&ssl->handshake->ecjpake_ctx,
866 if (ssl->handshake->ciphersuite_info->key_exchange !=
873 mbedtls_free(ssl->handshake->ecjpake_cache);
874 ssl->handshake->ecjpake_cache = NULL;
875 ssl->handshake->ecjpake_cache_len = 0;
879 &ssl->handshake->psa_pake_ctx, buf, len,
881 psa_destroy_key(ssl->handshake->psa_pake_password);
882 psa_pake_abort(&ssl->handshake->psa_pake_ctx);
894 if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx,
1069 * MUST abort the handshake and SHOULD send an invalid_parameter alert.
1152 mbedtls_free(ssl->handshake->cookie);
1154 ssl->handshake->cookie = mbedtls_calloc(1, cookie_len);
1155 if (ssl->handshake->cookie == NULL) {
1160 memcpy(ssl->handshake->cookie, p, cookie_len);
1161 ssl->handshake->cookie_len = cookie_len;
1216 ("non-handshake message during renegotiation"));
1239 mbedtls_free(ssl->handshake->cookie);
1240 ssl->handshake->cookie = NULL;
1241 ssl->handshake->cookie_len = 0;
1294 memcpy(ssl->handshake->randbytes + 32, buf + 2, 32);
1349 ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(i);
1350 if (ssl->handshake->ciphersuite_info == NULL) {
1358 mbedtls_ssl_optimize_checksum(ssl, ssl->handshake->ciphersuite_info);
1366 if (ssl->handshake->resume == 0 || n == 0 ||
1374 ssl->handshake->resume = 0;
1386 ssl->handshake->resume ? "a" : "no"));
1430 ssl->handshake->ecrs_enabled = 1;
1608 if (ssl->handshake->resume) {
1626 ("legacy renegotiation, breaking off handshake"));
1683 if ((ret = mbedtls_dhm_read_params(&ssl->handshake->dhm_ctx,
1689 dhm_actual_bitlen = mbedtls_dhm_get_bitlen(&ssl->handshake->dhm_ctx);
1697 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P);
1698 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G);
1699 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY);
1717 mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1758 handshake->xxdh_psa_type = key_type;
1759 handshake->xxdh_psa_bits = ec_bits;
1767 if (ecpoint_len > sizeof(handshake->xxdh_psa_peerkey)) {
1771 memcpy(handshake->xxdh_psa_peerkey, *p, ecpoint_len);
1772 handshake->xxdh_psa_peerkey_len = ecpoint_len;
1792 grp_id = ssl->handshake->ecdh_ctx.grp.id;
1794 grp_id = ssl->handshake->ecdh_ctx.grp_id;
1810 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
1840 if ((ret = mbedtls_ecdh_read_params(&ssl->handshake->ecdh_ctx,
1916 unsigned char *p = ssl->handshake->premaster + pms_offset;
1939 ssl->handshake->pmslen = 48;
1942 peer_pk = &ssl->handshake->peer_pubkey;
1961 p, ssl->handshake->pmslen,
1992 peer_pk = &ssl->handshake->peer_pubkey;
2033 &ssl->handshake->xxdh_psa_bits);
2035 ssl->handshake->xxdh_psa_type = key_type;
2039 memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len);
2040 ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len;
2046 ssl->handshake->xxdh_psa_peerkey,
2047 sizeof(ssl->handshake->xxdh_psa_peerkey));
2053 ssl->handshake->xxdh_psa_peerkey_len = olen;
2056 if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key,
2084 ssl->handshake->ciphersuite_info;
2122 if (ssl->handshake->ecrs_enabled &&
2123 ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) {
2166 if (ssl->handshake->ecrs_enabled) {
2167 ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing;
2260 &ssl->handshake->psa_pake_ctx, p, end - p,
2262 psa_destroy_key(ssl->handshake->psa_pake_password);
2263 psa_pake_abort(&ssl->handshake->psa_pake_ctx);
2273 ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx,
2306 peer_pk = &ssl->handshake->peer_pubkey;
2401 if (ssl->handshake->ecrs_enabled) {
2402 rs_ctx = &ssl->handshake->ecrs_ctx.pk;
2467 ssl->handshake->ciphersuite_info;
2489 ssl->handshake->ciphersuite_info;
2519 ssl->handshake->client_auth =
2523 ssl->handshake->client_auth ? "a" : "no"));
2525 if (ssl->handshake->client_auth == 0) {
2710 ssl->handshake->ciphersuite_info;
2719 content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx);
2724 ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx,
2725 (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx),
2733 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X);
2734 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX);
2736 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
2737 ssl->handshake->premaster,
2739 &ssl->handshake->pmslen,
2745 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
2761 mbedtls_ssl_handshake_params *handshake = ssl->handshake;
2781 psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
2782 psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits);
2786 &handshake->xxdh_psa_privkey);
2799 status = psa_export_public_key(handshake->xxdh_psa_privkey,
2803 psa_destroy_key(handshake->xxdh_psa_privkey);
2804 handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
2815 handshake->xxdh_psa_privkey,
2816 handshake->xxdh_psa_peerkey,
2817 handshake->xxdh_psa_peerkey_len,
2818 ssl->handshake->premaster,
2819 sizeof(ssl->handshake->premaster),
2820 &ssl->handshake->pmslen);
2822 destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey);
2823 handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
2835 if (ssl->handshake->ecrs_enabled) {
2836 if (ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret) {
2840 mbedtls_ecdh_enable_restart(&ssl->handshake->ecdh_ctx);
2844 ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx,
2858 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
2862 if (ssl->handshake->ecrs_enabled) {
2863 ssl->handshake->ecrs_n = content_len;
2864 ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret;
2868 if (ssl->handshake->ecrs_enabled) {
2869 content_len = ssl->handshake->ecrs_n;
2872 if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx,
2873 &ssl->handshake->pmslen,
2874 ssl->handshake->premaster,
2886 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
2901 mbedtls_ssl_handshake_params *handshake = ssl->handshake;
2953 psa_set_key_type(&key_attributes, handshake->xxdh_psa_type);
2954 psa_set_key_bits(&key_attributes, handshake->xxdh_psa_bits);
2958 &handshake->xxdh_psa_privkey);
2971 status = psa_export_public_key(handshake->xxdh_psa_privkey,
2975 psa_destroy_key(handshake->xxdh_psa_privkey);
2976 handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
2989 unsigned char *pms = ssl->handshake->premaster;
2991 sizeof(ssl->handshake->premaster);
2998 handshake->xxdh_psa_privkey,
2999 handshake->xxdh_psa_peerkey,
3000 handshake->xxdh_psa_peerkey_len,
3005 destruction_status = psa_destroy_key(handshake->xxdh_psa_privkey);
3006 handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
3067 content_len = mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx);
3079 ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx,
3080 (int) mbedtls_dhm_get_len(&ssl->handshake->dhm_ctx),
3089 unsigned char *pms = ssl->handshake->premaster;
3090 unsigned char *pms_end = pms + sizeof(ssl->handshake->premaster);
3094 if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx,
3103 MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K);
3113 ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx,
3123 MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx,
3160 ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx,
3164 psa_destroy_key(ssl->handshake->psa_pake_password);
3165 psa_pake_abort(&ssl->handshake->psa_pake_ctx);
3170 ret = mbedtls_ecjpake_write_round_two(&ssl->handshake->ecjpake_ctx,
3180 ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx,
3181 ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
3217 ssl->handshake->ciphersuite_info;
3242 ssl->handshake->ciphersuite_info;
3258 if (ssl->handshake->ecrs_enabled &&
3259 ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign) {
3275 if (ssl->handshake->client_auth == 0 ||
3288 * Make a signature of the handshake digests
3291 if (ssl->handshake->ecrs_enabled) {
3292 ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign;
3298 ret = ssl->handshake->calc_verify(ssl, hash, &hashlen);
3320 if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
3334 if (ssl->handshake->ecrs_enabled) {
3335 rs_ctx = &ssl->handshake->ecrs_ctx.pk;
3433 ssl->handshake->new_session_ticket = 0;
3484 * SSL handshake -- client side -- single step
3494 ssl->handshake->new_session_ticket != 0) {
3585 MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));