diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2020-04-27 20:15:18 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2020-04-27 20:15:18 +0000 |
commit | 10a1e97204b3e5c9ebdd46f1cc4788f5afbe6db9 (patch) | |
tree | 150bd4d89cb1985c71e6dae4e04dcdf44a36755a /lib/libssl/tls13_client.c | |
parent | 4d34ee7cb6eb38049cce8ceb4a112eafe74120fe (diff) |
Shuffle some functions around.
Move functions so that they are in the order that the TLSv1.3 messages are
processed. While here, also move tls13_client_end_of_early_data_send() from
tls13_client.c to tls13_server.c.
No functional change.
ok beck@ tb@
Diffstat (limited to 'lib/libssl/tls13_client.c')
-rw-r--r-- | lib/libssl/tls13_client.c | 208 |
1 files changed, 107 insertions, 101 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index dffabf17539..70a33b7131e 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.51 2020/04/22 17:05:07 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.52 2020/04/27 20:15:17 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -25,15 +25,6 @@ #include "tls13_internal.h" static int -tls13_connect(struct tls13_ctx *ctx) -{ - if (ctx->mode != TLS13_HS_CLIENT) - return TLS13_IO_FAILURE; - - return tls13_handshake_perform(ctx); -} - -static int tls13_client_init(struct tls13_ctx *ctx) { const uint16_t *groups; @@ -80,6 +71,15 @@ tls13_client_init(struct tls13_ctx *ctx) return 1; } +static int +tls13_connect(struct tls13_ctx *ctx) +{ + if (ctx->mode != TLS13_HS_CLIENT) + return TLS13_IO_FAILURE; + + return tls13_handshake_perform(ctx); +} + int tls13_legacy_connect(SSL *ssl) { @@ -570,6 +570,33 @@ tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs) } int +tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb) +{ + /* + * Ensure that the server supported group is one that we listed in our + * supported groups and is not the same as the key share we previously + * offered. + */ + if (!tls1_check_curve(ctx->ssl, ctx->hs->server_group)) + return 0; /* XXX alert */ + if (ctx->hs->server_group == tls13_key_share_group(ctx->hs->key_share)) + return 0; /* XXX alert */ + + /* Switch to new key share. */ + tls13_key_share_free(ctx->hs->key_share); + if ((ctx->hs->key_share = + tls13_key_share_new(ctx->hs->server_group)) == NULL) + return 0; + if (!tls13_key_share_generate(ctx->hs->key_share)) + return 0; + + if (!tls13_client_hello_build(ctx, cbb)) + return 0; + + return 1; +} + +int tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) { SSL *s = ctx->ssl; @@ -608,33 +635,6 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) } int -tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb) -{ - /* - * Ensure that the server supported group is one that we listed in our - * supported groups and is not the same as the key share we previously - * offered. - */ - if (!tls1_check_curve(ctx->ssl, ctx->hs->server_group)) - return 0; /* XXX alert */ - if (ctx->hs->server_group == tls13_key_share_group(ctx->hs->key_share)) - return 0; /* XXX alert */ - - /* Switch to new key share. */ - tls13_key_share_free(ctx->hs->key_share); - if ((ctx->hs->key_share = - tls13_key_share_new(ctx->hs->server_group)) == NULL) - return 0; - if (!tls13_key_share_generate(ctx->hs->key_share)) - return 0; - - if (!tls13_client_hello_build(ctx, cbb)) - return 0; - - return 1; -} - -int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs) { int alert_desc; @@ -945,70 +945,6 @@ tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs) } int -tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) -{ - struct tls13_secrets *secrets = ctx->hs->secrets; - struct tls13_secret context = { .data = "", .len = 0 }; - struct tls13_secret finished_key; - uint8_t transcript_hash[EVP_MAX_MD_SIZE]; - size_t transcript_hash_len; - uint8_t key[EVP_MAX_MD_SIZE]; - uint8_t *verify_data; - size_t hmac_len; - unsigned int hlen; - HMAC_CTX *hmac_ctx = NULL; - int ret = 0; - - finished_key.data = key; - finished_key.len = EVP_MD_size(ctx->hash); - - if (!tls13_hkdf_expand_label(&finished_key, ctx->hash, - &secrets->client_handshake_traffic, "finished", - &context)) - goto err; - - if (!tls1_transcript_hash_value(ctx->ssl, transcript_hash, - sizeof(transcript_hash), &transcript_hash_len)) - goto err; - - if ((hmac_ctx = HMAC_CTX_new()) == NULL) - goto err; - if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len, - ctx->hash, NULL)) - goto err; - if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len)) - goto err; - - hmac_len = HMAC_size(hmac_ctx); - if (!CBB_add_space(cbb, &verify_data, hmac_len)) - goto err; - if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) - goto err; - if (hlen != hmac_len) - goto err; - - ret = 1; - - err: - HMAC_CTX_free(hmac_ctx); - - return ret; -} - -int -tls13_client_finished_sent(struct tls13_ctx *ctx) -{ - struct tls13_secrets *secrets = ctx->hs->secrets; - - /* - * Any records following the client finished message must be encrypted - * using the client application traffic keys. - */ - return tls13_record_layer_set_write_traffic_key(ctx->rl, - &secrets->client_application_traffic); -} - -int tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb) { SSL *s = ctx->ssl; @@ -1135,3 +1071,73 @@ tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb) return ret; } + +int +tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb) +{ + return 0; +} + +int +tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb) +{ + struct tls13_secrets *secrets = ctx->hs->secrets; + struct tls13_secret context = { .data = "", .len = 0 }; + struct tls13_secret finished_key; + uint8_t transcript_hash[EVP_MAX_MD_SIZE]; + size_t transcript_hash_len; + uint8_t key[EVP_MAX_MD_SIZE]; + uint8_t *verify_data; + size_t hmac_len; + unsigned int hlen; + HMAC_CTX *hmac_ctx = NULL; + int ret = 0; + + finished_key.data = key; + finished_key.len = EVP_MD_size(ctx->hash); + + if (!tls13_hkdf_expand_label(&finished_key, ctx->hash, + &secrets->client_handshake_traffic, "finished", + &context)) + goto err; + + if (!tls1_transcript_hash_value(ctx->ssl, transcript_hash, + sizeof(transcript_hash), &transcript_hash_len)) + goto err; + + if ((hmac_ctx = HMAC_CTX_new()) == NULL) + goto err; + if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len, + ctx->hash, NULL)) + goto err; + if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len)) + goto err; + + hmac_len = HMAC_size(hmac_ctx); + if (!CBB_add_space(cbb, &verify_data, hmac_len)) + goto err; + if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) + goto err; + if (hlen != hmac_len) + goto err; + + ret = 1; + + err: + HMAC_CTX_free(hmac_ctx); + + return ret; +} + +int +tls13_client_finished_sent(struct tls13_ctx *ctx) +{ + struct tls13_secrets *secrets = ctx->hs->secrets; + + /* + * Any records following the client finished message must be encrypted + * using the client application traffic keys. + */ + return tls13_record_layer_set_write_traffic_key(ctx->rl, + &secrets->client_application_traffic); +} |