void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) { const byte* side; byte handshake_hash[HSHASH_SZ]; word32 hashSz = FINISHED_SZ; #ifndef NO_OLD_TLS Md5Final(&ssl->hashMd5, handshake_hash); ShaFinal(&ssl->hashSha, &handshake_hash[MD5_DIGEST_SIZE]); #endif if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 if (ssl->specs.mac_algorithm <= sha256_mac) { Sha256Final(&ssl->hashSha256, handshake_hash); hashSz = SHA256_DIGEST_SIZE; } #endif #ifdef CYASSL_SHA384 if (ssl->specs.mac_algorithm == sha384_mac) { Sha384Final(&ssl->hashSha384, handshake_hash); hashSz = SHA384_DIGEST_SIZE; } #endif } if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0) side = tls_client; else side = tls_server; PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); }
int MakeTlsMasterSecret(CYASSL* ssl) { int ret; byte seed[SEED_LEN]; XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN); ret = PRF(ssl->arrays->masterSecret, SECRET_LEN, ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, master_label, MASTER_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); if (ret != 0) return ret; #ifdef SHOW_SECRETS { int i; printf("master secret: "); for (i = 0; i < SECRET_LEN; i++) printf("%02x", ssl->arrays->masterSecret[i]); printf("\n"); } #endif return DeriveTlsKeys(ssl); }
void BuildTlsFinished(SSL* ssl, Hashes* hashes, const byte* sender) { const byte* side; byte handshake_hash[FINISHED_SZ]; word32 hashSz = FINISHED_SZ; Md5Final(&ssl->hashMd5, handshake_hash); ShaFinal(&ssl->hashSha, &handshake_hash[MD5_DIGEST_SIZE]); #ifndef NO_SHA256 if (IsAtLeastTLSv1_2(ssl)) { Sha256Final(&ssl->hashSha256, handshake_hash); hashSz = SHA256_DIGEST_SIZE; } #endif if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0) side = tls_client; else side = tls_server; PRF(hashes->md5, TLS_FINISHED_SZ, ssl->arrays.masterSecret, SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl)); }
int DeriveTlsKeys(SSL* ssl) { int length = 2 * ssl->specs.hash_size + 2 * ssl->specs.key_size + 2 * ssl->specs.iv_size; byte seed[SEED_LEN]; byte key_data[MAX_PRF_DIG]; XMEMCPY(seed, ssl->arrays.serverRandom, RAN_LEN); XMEMCPY(&seed[RAN_LEN], ssl->arrays.clientRandom, RAN_LEN); PRF(key_data, length, ssl->arrays.masterSecret, SECRET_LEN, key_label, KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl)); return StoreKeys(ssl, key_data); }
/* Used by EAP-TLS and EAP-TTLS to derive keying material from * the master_secret. */ int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len, const char* label) { byte seed[SEED_LEN]; /* * As per RFC-5281, the order of the client and server randoms is reversed * from that used by the TLS protocol to derive keys. */ XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN); return PRF((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN, (const byte *)label, (word32)strlen(label), seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); }
int MakeTlsMasterSecret(SSL* ssl) { byte seed[SEED_LEN]; XMEMCPY(seed, ssl->arrays.clientRandom, RAN_LEN); XMEMCPY(&seed[RAN_LEN], ssl->arrays.serverRandom, RAN_LEN); PRF(ssl->arrays.masterSecret, SECRET_LEN, ssl->arrays.preMasterSecret, ssl->arrays.preMasterSz, master_label, MASTER_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl)); #ifdef SHOW_SECRETS { int i; printf("master secret: "); for (i = 0; i < SECRET_LEN; i++) printf("%02x", ssl->arrays.masterSecret[i]); printf("\n"); } #endif return DeriveTlsKeys(ssl); }