xref: /third_party/mbedtls/library/ssl_tls13_keys.c

661  *        In the handshake stage, ssl_tls13_generate_application_keys()
662  *        can be used to derive the handshake traffic keys.
674     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
676         (mbedtls_md_type_t) handshake->ciphersuite_info->mac);
683         handshake->tls13_master_secrets.handshake,
685         handshake->tls13_master_secrets.app);
693         handshake->tls13_master_secrets.app, PSA_HASH_LENGTH(hash_alg));
786         &ssl->handshake->tls13_hs_secrets;
788     mbedtls_md_type_t const md_type = (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac;
791         (mbedtls_md_type_t) ssl->handshake->ciphersuite_info->mac);
816     MBEDTLS_SSL_DEBUG_BUF(4, "handshake hash", transcript, transcript_len);
828     /* Erase handshake secrets */
1126  * the early application data and handshake messages as described in section 7
1147     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1149         handshake->ciphersuite_info;
1176         hash_alg, handshake->tls13_master_secrets.early,
1189      * Export client handshake traffic secret
1197             handshake->randbytes,
1198             handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
1237     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1257         handshake->ciphersuite_info->id,
1264     handshake->transform_earlydata = transform_earlydata;
1280     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1284     if (handshake->ciphersuite_info == NULL) {
1289     hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac);
1302                                           handshake->tls13_master_secrets.early);
1313                           handshake->tls13_master_secrets.early,
1319  * \brief Compute TLS 1.3 handshake traffic keys.
1322  *        protecting the handshake messages, as described in Section 7 of
1328  * \param traffic_keys The address at which to store the handshake traffic
1347     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1349         handshake->ciphersuite_info;
1351         &handshake->tls13_hs_secrets;
1378         hash_alg, handshake->tls13_master_secrets.handshake,
1386     MBEDTLS_SSL_DEBUG_BUF(4, "Client handshake traffic secret",
1389     MBEDTLS_SSL_DEBUG_BUF(4, "Server handshake traffic secret",
1394      * Export client handshake traffic secret
1402             handshake->randbytes,
1403             handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
1411             handshake->randbytes,
1412             handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
1450  * \brief Transition into handshake stage of TLS 1.3 key schedule.
1456  *        In the handshake stage, ssl_tls13_generate_handshake_keys()
1457  *        can be used to derive the handshake traffic keys.
1469     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1471         (mbedtls_md_type_t) handshake->ciphersuite_info->mac);
1477      * Compute ECDHE secret used to compute the handshake secret from which
1479      * are derived in the handshake secret derivation stage.
1482         if (mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ||
1483             mbedtls_ssl_tls13_named_group_is_ffdh(handshake->offered_group_id)) {
1486                 mbedtls_ssl_tls13_named_group_is_ecdhe(handshake->offered_group_id) ?
1493             status = psa_get_key_attributes(handshake->xxdh_psa_privkey,
1507                 alg, handshake->xxdh_psa_privkey,
1508                 handshake->xxdh_psa_peerkey, handshake->xxdh_psa_peerkey_len,
1516             status = psa_destroy_key(handshake->xxdh_psa_privkey);
1523             handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
1536         hash_alg, handshake->tls13_master_secrets.early,
1538         handshake->tls13_master_secrets.handshake);
1545                           handshake->tls13_master_secrets.handshake,
1578     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1601     ret = ssl_tls13_get_cipher_key_info(handshake->ciphersuite_info,
1608     md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac;
1610     hash_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) handshake->ciphersuite_info->mac);
1613     /* Compute current handshake transcript. It's the caller's responsibility
1626         hash_alg, handshake->tls13_master_secrets.app,
1662             handshake->randbytes,
1663             handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
1671             handshake->randbytes,
1672             handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN,
1690     mbedtls_platform_zeroize(ssl->handshake->randbytes,
1691                              sizeof(ssl->handshake->randbytes));
1702     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1704     /* Compute handshake secret */
1711     /* Next evolution in key schedule: Establish handshake secret and
1729         handshake->ciphersuite_info->id,
1736     handshake->transform_handshake = transform_handshake;
1751     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
1758     md_type = (mbedtls_md_type_t) handshake->ciphersuite_info->mac;
1769         handshake->tls13_master_secrets.app,
1777     mbedtls_platform_zeroize(&handshake->tls13_master_secrets,
1778                              sizeof(handshake->tls13_master_secrets));
1820         ssl->handshake->ciphersuite_info->id,
1851     if (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) {
1855     status = psa_get_key_attributes(ssl->handshake->psk_opaque, &key_attributes);
1866     status = psa_export_key(ssl->handshake->psk_opaque,
1875     *psk = ssl->handshake->psk;
1876     *psk_len = ssl->handshake->psk_len;

Indexes created Thu Nov 07 10:32:03 CST 2024