tls-hkdf: Implement binder PSK generation
This commit is contained in:
parent
3e535c31b4
commit
7797c058d9
|
@ -626,6 +626,35 @@ METHOD(tls_hkdf_t, resume, bool,
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
METHOD(tls_hkdf_t, binder, bool,
|
||||||
|
private_tls_hkdf_t *this, chunk_t seed, chunk_t *out)
|
||||||
|
{
|
||||||
|
chunk_t binder_key, finished_key;
|
||||||
|
|
||||||
|
if (!generate_secret(this, TLS_HKDF_RES_BINDER, chunk_empty, &binder_key))
|
||||||
|
{
|
||||||
|
DBG1(DBG_TLS, "unable to derive binder key");
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!expand_label(this, binder_key, chunk_from_str("finished"), chunk_empty,
|
||||||
|
this->hasher->get_hash_size(this->hasher), &finished_key))
|
||||||
|
{
|
||||||
|
chunk_clear(&binder_key);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
chunk_clear(&binder_key);
|
||||||
|
|
||||||
|
if (!this->prf->set_key(this->prf, finished_key) ||
|
||||||
|
!this->prf->allocate_bytes(this->prf, seed, out))
|
||||||
|
{
|
||||||
|
chunk_clear(&finished_key);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
chunk_clear(&finished_key);
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
METHOD(tls_hkdf_t, allocate_bytes, bool,
|
METHOD(tls_hkdf_t, allocate_bytes, bool,
|
||||||
private_tls_hkdf_t *this, chunk_t key, chunk_t seed,
|
private_tls_hkdf_t *this, chunk_t key, chunk_t seed,
|
||||||
chunk_t *out)
|
chunk_t *out)
|
||||||
|
@ -684,6 +713,7 @@ tls_hkdf_t *tls_hkdf_create(hash_algorithm_t hash_algorithm, chunk_t psk)
|
||||||
.derive_finished = _derive_finished,
|
.derive_finished = _derive_finished,
|
||||||
.export = _export,
|
.export = _export,
|
||||||
.resume = _resume,
|
.resume = _resume,
|
||||||
|
.binder = _binder,
|
||||||
.allocate_bytes = _allocate_bytes,
|
.allocate_bytes = _allocate_bytes,
|
||||||
.destroy = _destroy,
|
.destroy = _destroy,
|
||||||
},
|
},
|
||||||
|
|
|
@ -137,6 +137,20 @@ struct tls_hkdf_t {
|
||||||
bool (*resume)(tls_hkdf_t *this, chunk_t messages, chunk_t nonce,
|
bool (*resume)(tls_hkdf_t *this, chunk_t messages, chunk_t nonce,
|
||||||
chunk_t *psk);
|
chunk_t *psk);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generate a PSK binder.
|
||||||
|
*
|
||||||
|
* @note The transcript hash is built of the partial ClientHello message up
|
||||||
|
* to and including the PreSharedKey extension's identities field, excluding
|
||||||
|
* the actual binders (their length is included in that of the extension(s)
|
||||||
|
* and message, though), as per RFC 8446, section 4.2.11.2.
|
||||||
|
*
|
||||||
|
* @param seed transcript-hash of client_hello to seed the PRF
|
||||||
|
* @param psk_binder generated psk binder
|
||||||
|
* @return TRUE if output was generated
|
||||||
|
*/
|
||||||
|
bool (*binder)(tls_hkdf_t *this, chunk_t seed, chunk_t *psk_binder);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Use the internal PRF to allocate data (mainly for the finished message
|
* Use the internal PRF to allocate data (mainly for the finished message
|
||||||
* where the key is from derive_finished() and the seed is the transcript
|
* where the key is from derive_finished() and the seed is the transcript
|
||||||
|
|
Loading…
Reference in New Issue