Refactor make_traffic_keys

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-04-01 13:20:30 +00:00 · 2022-11-21 23:16:54 +08:00 · 2022-11-21 23:16:54 +08:00 · a8771839e8
commit a8771839e8
parent 3ce61ffca6
1 changed files with 37 additions and 29 deletions
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@ -215,6 +215,30 @@ cleanup:
    return( psa_ssl_status_to_mbedtls ( status ) );
 }
 static int ssl_tls13_make_traffic_key(
                    psa_algorithm_t hash_alg,
                    const unsigned char *secret, size_t secret_len,
                    unsigned char *key, size_t key_len,
                    unsigned char *iv, size_t iv_len )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
                    secret, secret_len,
                    MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ),
                    NULL, 0,
                    key, key_len );
    if( ret != 0 )
        return( ret );
    ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
                    secret, secret_len,
                    MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ),
                    NULL, 0,
                    iv, iv_len );
    return( ret );
 }
 /*
 * The traffic keying material is generated from the following inputs:
 *
@ -240,35 +264,17 @@ int mbedtls_ssl_tls13_make_traffic_keys(
 {
    int ret = 0;
-    ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
+    ret = ssl_tls13_make_traffic_key(
-                    client_secret, secret_len,
+            hash_alg, client_secret, secret_len,
-                    MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ),
+            keys->client_write_key, key_len,
-                    NULL, 0,
+            keys->client_write_iv, iv_len );
                    keys->client_write_key, key_len );
    if( ret != 0 )
        return( ret );
-    ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
+    ret = ssl_tls13_make_traffic_key(
-                    server_secret, secret_len,
+            hash_alg, server_secret, secret_len,
-                    MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ),
+            keys->server_write_key, key_len,
-                    NULL, 0,
+            keys->server_write_iv, iv_len );
                    keys->server_write_key, key_len );
    if( ret != 0 )
        return( ret );
    ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
                    client_secret, secret_len,
                    MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ),
                    NULL, 0,
                    keys->client_write_iv, iv_len );
    if( ret != 0 )
        return( ret );
    ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
                    server_secret, secret_len,
                    MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ),
                    NULL, 0,
                    keys->server_write_iv, iv_len );
    if( ret != 0 )
        return( ret );
@ -1166,16 +1172,18 @@ static int ssl_tls13_generate_early_key( mbedtls_ssl_context *ssl,
            MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
    }
-    ret = mbedtls_ssl_tls13_make_traffic_keys(
+    ret = ssl_tls13_make_traffic_key(
              hash_alg,
              tls13_early_secrets->client_early_traffic_secret,
-              tls13_early_secrets->client_early_traffic_secret,
+              hash_len, traffic_keys->client_write_key, key_len,
-              hash_len, key_len, iv_len, traffic_keys );
+              traffic_keys->client_write_iv, iv_len );
    if( ret != 0 )
    {
        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_make_traffic_keys", ret );
        goto exit;
    }
    traffic_keys->key_len = key_len;
    traffic_keys->iv_len = iv_len;
    MBEDTLS_SSL_DEBUG_BUF( 4, "client early write_key",
                           traffic_keys->client_write_key,