tls-hkdf: Implement resumption key generation
This commit is contained in:
parent
9ef46cfaf9
commit
3e535c31b4
|
@ -586,6 +586,46 @@ METHOD(tls_hkdf_t, export, bool,
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
METHOD(tls_hkdf_t, resume, bool,
|
||||||
|
private_tls_hkdf_t *this, chunk_t messages, chunk_t nonce, chunk_t *key)
|
||||||
|
{
|
||||||
|
chunk_t resumption_master;
|
||||||
|
|
||||||
|
if (this->phase != HKDF_PHASE_3)
|
||||||
|
{
|
||||||
|
DBG1(DBG_TLS, "unable to generate resumption key material");
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
if (!nonce.len)
|
||||||
|
{
|
||||||
|
DBG1(DBG_TLS, "no nonce provided");
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* PSK associated with the ticket according to RFC 8446, section 4.6.1
|
||||||
|
*
|
||||||
|
* HKDF-Expand-Label(resumption_master_secret,
|
||||||
|
* "resumption", ticket_nonce, Hash.length)
|
||||||
|
*/
|
||||||
|
if (!generate_secret(this, TLS_HKDF_RES_MASTER, messages,
|
||||||
|
&resumption_master))
|
||||||
|
{
|
||||||
|
DBG1(DBG_TLS, "unable to derive resumption master secret");
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!expand_label(this, resumption_master, chunk_from_str("resumption"),
|
||||||
|
nonce, this->hasher->get_hash_size(this->hasher), key))
|
||||||
|
{
|
||||||
|
chunk_clear(&resumption_master);
|
||||||
|
DBG1(DBG_TLS, "unable to expand key material");
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
chunk_clear(&resumption_master);
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
METHOD(tls_hkdf_t, allocate_bytes, bool,
|
METHOD(tls_hkdf_t, allocate_bytes, bool,
|
||||||
private_tls_hkdf_t *this, chunk_t key, chunk_t seed,
|
private_tls_hkdf_t *this, chunk_t key, chunk_t seed,
|
||||||
chunk_t *out)
|
chunk_t *out)
|
||||||
|
@ -643,6 +683,7 @@ tls_hkdf_t *tls_hkdf_create(hash_algorithm_t hash_algorithm, chunk_t psk)
|
||||||
.derive_iv = _derive_iv,
|
.derive_iv = _derive_iv,
|
||||||
.derive_finished = _derive_finished,
|
.derive_finished = _derive_finished,
|
||||||
.export = _export,
|
.export = _export,
|
||||||
|
.resume = _resume,
|
||||||
.allocate_bytes = _allocate_bytes,
|
.allocate_bytes = _allocate_bytes,
|
||||||
.destroy = _destroy,
|
.destroy = _destroy,
|
||||||
},
|
},
|
||||||
|
|
|
@ -126,6 +126,17 @@ struct tls_hkdf_t {
|
||||||
bool (*export)(tls_hkdf_t *this, char *label, chunk_t context,
|
bool (*export)(tls_hkdf_t *this, char *label, chunk_t context,
|
||||||
chunk_t messages, size_t length, chunk_t *key);
|
chunk_t messages, size_t length, chunk_t *key);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generate resumption PSKs.
|
||||||
|
*
|
||||||
|
* @param messages handshake messages
|
||||||
|
* @param nonce nonce to use for this PSK
|
||||||
|
* @param psk generated PSK
|
||||||
|
* @return TRUE if PSK successfully generated
|
||||||
|
*/
|
||||||
|
bool (*resume)(tls_hkdf_t *this, chunk_t messages, chunk_t nonce,
|
||||||
|
chunk_t *psk);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Use the internal PRF to allocate data (mainly for the finished message
|
* Use the internal PRF to allocate data (mainly for the finished message
|
||||||
* where the key is from derive_finished() and the seed is the transcript
|
* where the key is from derive_finished() and the seed is the transcript
|
||||||
|
|
Loading…
Reference in New Issue