1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
/*
* Copyright (c) 2017 Thomas Pornin <pornin@bolet.org>
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include "inner.h"
/*
* Supported cipher suites that use SHA-384 for the PRF when selected
* for TLS 1.2. All other cipher suites are deemed to use SHA-256.
*/
static const uint16_t suites_sha384[] = {
BR_TLS_RSA_WITH_AES_256_GCM_SHA384,
BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
BR_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
BR_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
BR_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
BR_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
};
/* see bearssl_ssl.h */
int
br_ssl_key_export(br_ssl_engine_context *cc,
void *dst, size_t len, const char *label,
const void *context, size_t context_len)
{
br_tls_prf_seed_chunk chunks[4];
br_tls_prf_impl iprf;
size_t num_chunks, u;
unsigned char tmp[2];
int prf_id;
if (cc->application_data != 1) {
return 0;
}
chunks[0].data = cc->client_random;
chunks[0].len = sizeof cc->client_random;
chunks[1].data = cc->server_random;
chunks[1].len = sizeof cc->server_random;
if (context != NULL) {
br_enc16be(tmp, (unsigned)context_len);
chunks[2].data = tmp;
chunks[2].len = 2;
chunks[3].data = context;
chunks[3].len = context_len;
num_chunks = 4;
} else {
num_chunks = 2;
}
prf_id = BR_SSLPRF_SHA256;
for (u = 0; u < (sizeof suites_sha384) / sizeof(uint16_t); u ++) {
if (suites_sha384[u] == cc->session.cipher_suite) {
prf_id = BR_SSLPRF_SHA384;
}
}
iprf = br_ssl_engine_get_PRF(cc, prf_id);
iprf(dst, len,
cc->session.master_secret, sizeof cc->session.master_secret,
label, num_chunks, chunks);
return 1;
}
|
