if (data_size != 0)
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- if (_gnutls_mpi_init_scan_nz(&session->key.client_Y, &data[2], _n_Y)) {
+ if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.client_Y, &data[2], _n_Y)) {
gnutls_assert();
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; /* most likely zero or illegal size */
}
- _gnutls_dh_set_peer_public(session, session->key.client_Y);
+ _gnutls_dh_set_peer_public(session, session->key.proto.tls12.dh.client_Y);
- peer_pub.params[DH_Y] = session->key.client_Y;
+ peer_pub.params[DH_Y] = session->key.proto.tls12.dh.client_Y;
/* calculate the key after calculating the message */
- ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, &session->key.dh_params, &peer_pub);
+ ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, &session->key.proto.tls12.dh.params, &peer_pub);
if (ret < 0) {
gnutls_assert();
goto error;
ret = 0;
error:
- _gnutls_mpi_release(&session->key.client_Y);
- gnutls_pk_params_clear(&session->key.dh_params);
+ _gnutls_mpi_release(&session->key.proto.tls12.dh.client_Y);
+ gnutls_pk_params_clear(&session->key.proto.tls12.dh.params);
return ret;
}
ret =
_gnutls_pk_generate_keys(GNUTLS_PK_DH, 0,
- &session->key.dh_params, 1);
+ &session->key.proto.tls12.dh.params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
- _gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(session->key.dh_params.params[DH_X]));
+ _gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(session->key.proto.tls12.dh.params.params[DH_X]));
- ret = _gnutls_buffer_append_mpi(data, 16, session->key.dh_params.params[DH_Y], 0);
+ ret = _gnutls_buffer_append_mpi(data, 16, session->key.proto.tls12.dh.params.params[DH_Y], 0);
if (ret < 0) {
gnutls_assert();
goto error;
}
- peer_pub.params[DH_Y] = session->key.client_Y;
+ peer_pub.params[DH_Y] = session->key.proto.tls12.dh.client_Y;
/* calculate the key after calculating the message */
- ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, &session->key.dh_params, &peer_pub);
+ ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, &session->key.proto.tls12.dh.params, &peer_pub);
if (ret < 0) {
gnutls_assert();
goto error;
ret = data->length - init_pos;
error:
- gnutls_pk_params_clear(&session->key.dh_params);
+ gnutls_pk_params_clear(&session->key.proto.tls12.dh.params);
return ret;
}
ssize_t data_size = _data_size;
/* just in case we are resuming a session */
- gnutls_pk_params_release(&session->key.dh_params);
+ gnutls_pk_params_release(&session->key.proto.tls12.dh.params);
- gnutls_pk_params_init(&session->key.dh_params);
+ gnutls_pk_params_init(&session->key.proto.tls12.dh.params);
i = 0;
_n_g = n_g;
_n_p = n_p;
- if (_gnutls_mpi_init_scan_nz(&session->key.client_Y, data_Y, _n_Y) != 0) {
+ if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.client_Y, data_Y, _n_Y) != 0) {
gnutls_assert();
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
session->internals.hsk_flags |= HSK_USED_FFDHE;
_gnutls_session_group_set(session, session->internals.priorities->groups.entry[j]);
- session->key.dh_params.qbits = *session->internals.priorities->groups.entry[j]->q_bits;
+ session->key.proto.tls12.dh.params.qbits = *session->internals.priorities->groups.entry[j]->q_bits;
break;
}
}
}
}
- if (_gnutls_mpi_init_scan_nz(&session->key.dh_params.params[DH_G], data_g, _n_g) != 0) {
+ if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.params.params[DH_G], data_g, _n_g) != 0) {
gnutls_assert();
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
- if (_gnutls_mpi_init_scan_nz(&session->key.dh_params.params[DH_P], data_p, _n_p) != 0) {
+ if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.params.params[DH_P], data_p, _n_p) != 0) {
gnutls_assert();
- /* we release now because session->key.dh_params.params_nr is not yet set */
- _gnutls_mpi_release(&session->key.dh_params.params[DH_G]);
+ /* we release now because session->key.proto.tls12.dh.params.params_nr is not yet set */
+ _gnutls_mpi_release(&session->key.proto.tls12.dh.params.params[DH_G]);
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
- session->key.dh_params.params_nr = 3; /* include empty q */
- session->key.dh_params.algo = GNUTLS_PK_DH;
+ session->key.proto.tls12.dh.params.params_nr = 3; /* include empty q */
+ session->key.proto.tls12.dh.params.algo = GNUTLS_PK_DH;
if (!(session->internals.hsk_flags & HSK_USED_FFDHE)) {
bits = _gnutls_dh_get_min_prime_bits(session);
return bits;
}
- p_bits = _gnutls_mpi_get_nbits(session->key.dh_params.params[DH_P]);
+ p_bits = _gnutls_mpi_get_nbits(session->key.proto.tls12.dh.params.params[DH_P]);
if (p_bits < bits) {
/* the prime used by the peer is not acceptable
*/
gnutls_assert();
_gnutls_debug_log
("Received a prime of %u bits, limit is %u\n",
- (unsigned) _gnutls_mpi_get_nbits(session->key.dh_params.params[DH_P]),
+ (unsigned) _gnutls_mpi_get_nbits(session->key.proto.tls12.dh.params.params[DH_P]),
(unsigned) bits);
return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
}
}
}
- _gnutls_dh_save_group(session, session->key.dh_params.params[DH_G],
- session->key.dh_params.params[DH_P]);
- _gnutls_dh_set_peer_public(session, session->key.client_Y);
+ _gnutls_dh_save_group(session, session->key.proto.tls12.dh.params.params[DH_G],
+ session->key.proto.tls12.dh.params.params[DH_P]);
+ _gnutls_dh_set_peer_public(session, session->key.proto.tls12.dh.client_Y);
ret = n_Y + n_p + n_g + 6;
gnutls_buffer_st * data)
{
int ret;
- unsigned q_bits = session->key.dh_params.qbits;
+ unsigned q_bits = session->key.proto.tls12.dh.params.qbits;
unsigned init_pos = data->length;
if (q_bits < 192 && q_bits != 0) {
/* Y=g^x mod p */
ret =
_gnutls_pk_generate_keys(GNUTLS_PK_DH, q_bits,
- &session->key.dh_params, 1);
+ &session->key.proto.tls12.dh.params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
- _gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(session->key.dh_params.params[DH_X]));
+ _gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(session->key.proto.tls12.dh.params.params[DH_X]));
- ret = _gnutls_buffer_append_mpi(data, 16, session->key.dh_params.params[DH_P], 0);
+ ret = _gnutls_buffer_append_mpi(data, 16, session->key.proto.tls12.dh.params.params[DH_P], 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = _gnutls_buffer_append_mpi(data, 16, session->key.dh_params.params[DH_G], 0);
+ ret = _gnutls_buffer_append_mpi(data, 16, session->key.proto.tls12.dh.params.params[DH_G], 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = _gnutls_buffer_append_mpi(data, 16, session->key.dh_params.params[DH_Y], 0);
+ ret = _gnutls_buffer_append_mpi(data, 16, session->key.proto.tls12.dh.params.params[DH_Y], 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
gnutls_datum_t tmp_dh_key;
gnutls_pk_params_init(&pub);
- pub.params[ECC_X] = session->key.ecdh_x;
- pub.params[ECC_Y] = session->key.ecdh_y;
- pub.raw_pub.data = session->key.ecdhx.data;
- pub.raw_pub.size = session->key.ecdhx.size;
+ pub.params[ECC_X] = session->key.proto.tls12.ecdh.x;
+ pub.params[ECC_Y] = session->key.proto.tls12.ecdh.y;
+ pub.raw_pub.data = session->key.proto.tls12.ecdh.raw.data;
+ pub.raw_pub.size = session->key.proto.tls12.ecdh.raw.size;
pub.curve = ecurve->id;
ret =
_gnutls_pk_derive(ecurve->pk, &tmp_dh_key,
- &session->key.ecdh_params, &pub);
+ &session->key.proto.tls12.ecdh.params, &pub);
if (ret < 0) {
ret = gnutls_assert_val(ret);
goto cleanup;
cleanup:
/* no longer needed */
- _gnutls_mpi_release(&session->key.ecdh_x);
- _gnutls_mpi_release(&session->key.ecdh_y);
- _gnutls_free_datum(&session->key.ecdhx);
- gnutls_pk_params_release(&session->key.ecdh_params);
+ _gnutls_mpi_release(&session->key.proto.tls12.ecdh.x);
+ _gnutls_mpi_release(&session->key.proto.tls12.ecdh.y);
+ _gnutls_free_datum(&session->key.proto.tls12.ecdh.raw);
+ gnutls_pk_params_release(&session->key.proto.tls12.ecdh.params);
return ret;
}
if (ecurve->pk == GNUTLS_PK_EC) {
ret =
_gnutls_ecc_ansi_x962_import(&data[i], point_size,
- &session->key.ecdh_x,
- &session->key.ecdh_y);
+ &session->key.proto.tls12.ecdh.x,
+ &session->key.proto.tls12.ecdh.y);
if (ret < 0) {
gnutls_assert();
goto cleanup;
if (ecurve->size != point_size)
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- ret = _gnutls_set_datum(&session->key.ecdhx,
+ ret = _gnutls_set_datum(&session->key.proto.tls12.ecdh.raw,
&data[i], point_size);
if (ret < 0) {
gnutls_assert();
/* RFC7748 requires to mask the MSB in the final byte */
if (ecurve->id == GNUTLS_ECC_CURVE_X25519) {
- session->key.ecdhx.data[point_size-1] &= 0x7f;
+ session->key.proto.tls12.ecdh.raw.data[point_size-1] &= 0x7f;
}
} else {
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
}
cleanup:
- gnutls_pk_params_clear(&session->key.ecdh_params);
+ gnutls_pk_params_clear(&session->key.proto.tls12.ecdh.params);
return ret;
}
/* generate temporal key */
ret =
_gnutls_pk_generate_keys(pk, ecurve->id,
- &session->key.ecdh_params, 1);
+ &session->key.proto.tls12.ecdh.params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
if (pk == GNUTLS_PK_EC) {
ret =
_gnutls_ecc_ansi_x962_export(ecurve->id,
- session->key.ecdh_params.
+ session->key.proto.tls12.ecdh.params.
params[ECC_X] /* x */ ,
- session->key.ecdh_params.
+ session->key.proto.tls12.ecdh.params.
params[ECC_Y] /* y */ , &out);
if (ret < 0) {
} else if (pk == GNUTLS_PK_ECDH_X25519) {
ret =
_gnutls_buffer_append_data_prefix(data, 8,
- session->key.ecdh_params.raw_pub.data,
- session->key.ecdh_params.raw_pub.size);
+ session->key.proto.tls12.ecdh.params.raw_pub.data,
+ session->key.proto.tls12.ecdh.params.raw_pub.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
ret = data->length - init_pos;
cleanup:
- gnutls_pk_params_clear(&session->key.ecdh_params);
+ gnutls_pk_params_clear(&session->key.proto.tls12.ecdh.params);
return ret;
}
const gnutls_ecc_curve_entry_st *ecurve;
/* just in case we are resuming a session */
- gnutls_pk_params_release(&session->key.ecdh_params);
+ gnutls_pk_params_release(&session->key.proto.tls12.ecdh.params);
- gnutls_pk_params_init(&session->key.ecdh_params);
+ gnutls_pk_params_init(&session->key.proto.tls12.ecdh.params);
i = 0;
DECR_LEN(data_size, 1);
if (ecurve->pk == GNUTLS_PK_EC) {
ret =
_gnutls_ecc_ansi_x962_import(&data[i], point_size,
- &session->key.ecdh_x,
- &session->key.ecdh_y);
+ &session->key.proto.tls12.ecdh.x,
+ &session->key.proto.tls12.ecdh.y);
if (ret < 0)
return gnutls_assert_val(ret);
if (ecurve->size != point_size)
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- ret = _gnutls_set_datum(&session->key.ecdhx,
+ ret = _gnutls_set_datum(&session->key.proto.tls12.ecdh.raw,
&data[i], point_size);
if (ret < 0)
return gnutls_assert_val(ret);
/* RFC7748 requires to mask the MSB in the final byte */
if (ecurve->id == GNUTLS_ECC_CURVE_X25519) {
- session->key.ecdhx.data[point_size-1] &= 0x7f;
+ session->key.proto.tls12.ecdh.raw.data[point_size-1] &= 0x7f;
}
} else {
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
/* just in case we are resuming a session */
- gnutls_pk_params_release(&session->key.ecdh_params);
+ gnutls_pk_params_release(&session->key.proto.tls12.ecdh.params);
- gnutls_pk_params_init(&session->key.ecdh_params);
+ gnutls_pk_params_init(&session->key.proto.tls12.ecdh.params);
/* curve type */
p = 3;
/* generate temporal key */
ret =
_gnutls_pk_generate_keys(group->pk, group->curve,
- &session->key.ecdh_params, 1);
+ &session->key.proto.tls12.ecdh.params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
if (group->pk == GNUTLS_PK_EC) {
ret =
_gnutls_ecc_ansi_x962_export(group->curve,
- session->key.ecdh_params.
+ session->key.proto.tls12.ecdh.params.
params[ECC_X] /* x */ ,
- session->key.ecdh_params.
+ session->key.proto.tls12.ecdh.params.
params[ECC_Y] /* y */ , &out);
if (ret < 0)
return gnutls_assert_val(ret);
} else if (group->pk == GNUTLS_PK_ECDH_X25519) {
ret =
_gnutls_buffer_append_data_prefix(data, 8,
- session->key.ecdh_params.raw_pub.data,
- session->key.ecdh_params.raw_pub.size);
+ session->key.proto.tls12.ecdh.params.raw_pub.data,
+ session->key.proto.tls12.ecdh.params.raw_pub.size);
if (ret < 0)
return gnutls_assert_val(ret);
} else {
};
-#define _b session->key.b
-#define B session->key.B
-#define _a session->key.a
-#define A session->key.A
-#define N session->key.srp_p
-#define G session->key.srp_g
-#define V session->key.x
-#define S session->key.srp_key
+#define _b session->key.proto.tls12.srp.b
+#define B session->key.proto.tls12.srp.B
+#define _a session->key.proto.tls12.srp.a
+#define A session->key.proto.tls12.srp.A
+#define N session->key.proto.tls12.srp.srp_p
+#define G session->key.proto.tls12.srp.srp_g
+#define V session->key.proto.tls12.srp.x
+#define S session->key.proto.tls12.srp.srp_key
/* Checks if a%n==0,+1,-1%n which is a fatal srp error.
* Returns a proper error code in that case, and 0 when
*/
/* calculate u */
- session->key.u = _gnutls_calc_srp_u(A, B, N);
- if (session->key.u == NULL) {
+ session->key.proto.tls12.srp.u = _gnutls_calc_srp_u(A, B, N);
+ if (session->key.proto.tls12.srp.u == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
- _gnutls_mpi_log("SRP U: ", session->key.u);
+ _gnutls_mpi_log("SRP U: ", session->key.proto.tls12.srp.u);
/* S = (B - g^x) ^ (a + u * x) % N */
- S = _gnutls_calc_srp_S2(B, G, session->key.x, _a, session->key.u,
+ S = _gnutls_calc_srp_S2(B, G, session->key.proto.tls12.srp.x, _a, session->key.proto.tls12.srp.u,
N);
if (S == NULL) {
gnutls_assert();
zrelease_temp_mpi_key(&_b);
zrelease_temp_mpi_key(&V);
- zrelease_temp_mpi_key(&session->key.u);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u);
zrelease_temp_mpi_key(&B);
- ret = _gnutls_mpi_dprint(session->key.srp_key, &session->key.key);
+ ret = _gnutls_mpi_dprint(session->key.proto.tls12.srp.srp_key, &session->key.key);
zrelease_temp_mpi_key(&S);
if (ret < 0) {
/* Start the SRP calculations.
* - Calculate u
*/
- session->key.u = _gnutls_calc_srp_u(A, B, N);
- if (session->key.u == NULL) {
+ session->key.proto.tls12.srp.u = _gnutls_calc_srp_u(A, B, N);
+ if (session->key.proto.tls12.srp.u == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
- _gnutls_mpi_log("SRP U: ", session->key.u);
+ _gnutls_mpi_log("SRP U: ", session->key.proto.tls12.srp.u);
/* S = (A * v^u) ^ b % N
*/
- S = _gnutls_calc_srp_S1(A, _b, session->key.u, V, N);
+ S = _gnutls_calc_srp_S1(A, _b, session->key.proto.tls12.srp.u, V, N);
if (S == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
_gnutls_mpi_release(&A);
zrelease_temp_mpi_key(&_b);
zrelease_temp_mpi_key(&V);
- zrelease_temp_mpi_key(&session->key.u);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u);
zrelease_temp_mpi_key(&B);
- ret = _gnutls_mpi_dprint(session->key.srp_key, &session->key.key);
+ ret = _gnutls_mpi_dprint(session->key.proto.tls12.srp.srp_key, &session->key.key);
zrelease_temp_mpi_key(&S);
if (ret < 0) {
return ret;
}
- if (_gnutls_mpi_init_scan_nz(&session->key.x, hd, _n_g) != 0) {
+ if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.srp.x, hd, _n_g) != 0) {
gnutls_assert();
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
ret = _tls13_derive_secret(session, APPLICATION_TRAFFIC_UPDATE,
sizeof(APPLICATION_TRAFFIC_UPDATE)-1,
NULL, 0,
- session->key.temp_secret,
- session->key.hs_ckey);
+ session->key.proto.kshare.temp_secret,
+ session->key.proto.kshare.hs_ckey);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.hs_ckey, key_size, key_block);
+ ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.proto.kshare.hs_ckey, key_size, key_block);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.hs_ckey, iv_size, iv_block);
+ ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.kshare.hs_ckey, iv_size, iv_block);
if (ret < 0)
return gnutls_assert_val(ret);
} else {
ret = _tls13_derive_secret(session, APPLICATION_TRAFFIC_UPDATE,
sizeof(APPLICATION_TRAFFIC_UPDATE)-1,
NULL, 0,
- session->key.temp_secret,
- session->key.hs_skey);
+ session->key.proto.kshare.temp_secret,
+ session->key.proto.kshare.hs_skey);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.hs_skey, key_size, key_block);
+ ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.proto.kshare.hs_skey, key_size, key_block);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.hs_skey, iv_size, iv_block);
+ ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.kshare.hs_skey, iv_size, iv_block);
if (ret < 0)
return gnutls_assert_val(ret);
}
ret = _tls13_derive_secret(session, label, label_size,
session->internals.handshake_hash_buffer.data,
hsk_len,
- session->key.temp_secret,
- session->key.hs_ckey);
+ session->key.proto.kshare.temp_secret,
+ session->key.proto.kshare.hs_ckey);
if (ret < 0)
return gnutls_assert_val(ret);
_gnutls_nss_keylog_write(session, keylog_label,
- session->key.hs_ckey,
+ session->key.proto.kshare.hs_ckey,
session->security_parameters.prf->output_size);
/* client keys */
- ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.hs_ckey, key_size, ckey_block);
+ ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.proto.kshare.hs_ckey, key_size, ckey_block);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.hs_ckey, iv_size, civ_block);
+ ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.kshare.hs_ckey, iv_size, civ_block);
if (ret < 0)
return gnutls_assert_val(ret);
ret = _tls13_derive_secret(session, label, label_size,
session->internals.handshake_hash_buffer.data,
hsk_len,
- session->key.temp_secret,
- session->key.hs_skey);
+ session->key.proto.kshare.temp_secret,
+ session->key.proto.kshare.hs_skey);
if (ret < 0)
return gnutls_assert_val(ret);
_gnutls_nss_keylog_write(session, keylog_label,
- session->key.hs_skey,
+ session->key.proto.kshare.hs_skey,
session->security_parameters.prf->output_size);
- ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.hs_skey, key_size, skey_block);
+ ret = _tls13_expand_secret(session, "key", 3, NULL, 0, session->key.proto.kshare.hs_skey, key_size, skey_block);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.hs_skey, iv_size, siv_block);
+ ret = _tls13_expand_secret(session, "iv", 2, NULL, 0, session->key.proto.kshare.hs_skey, iv_size, siv_block);
if (ret < 0)
return gnutls_assert_val(ret);
unsigned q_bits)
{
/* just in case we are resuming a session */
- gnutls_pk_params_release(&session->key.dh_params);
+ gnutls_pk_params_release(&session->key.proto.tls12.dh.params);
- gnutls_pk_params_init(&session->key.dh_params);
+ gnutls_pk_params_init(&session->key.proto.tls12.dh.params);
- session->key.dh_params.params[DH_G] = _gnutls_mpi_copy(g);
- if (session->key.dh_params.params[DH_G] == NULL)
+ session->key.proto.tls12.dh.params.params[DH_G] = _gnutls_mpi_copy(g);
+ if (session->key.proto.tls12.dh.params.params[DH_G] == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- session->key.dh_params.params[DH_P] = _gnutls_mpi_copy(p);
- if (session->key.dh_params.params[DH_P] == NULL) {
- _gnutls_mpi_release(&session->key.dh_params.params[DH_G]);
+ session->key.proto.tls12.dh.params.params[DH_P] = _gnutls_mpi_copy(p);
+ if (session->key.proto.tls12.dh.params.params[DH_P] == NULL) {
+ _gnutls_mpi_release(&session->key.proto.tls12.dh.params.params[DH_G]);
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
}
- session->key.dh_params.params_nr = 3; /* include empty q */
- session->key.dh_params.algo = GNUTLS_PK_DH;
- session->key.dh_params.qbits = q_bits;
+ session->key.proto.tls12.dh.params.params_nr = 3; /* include empty q */
+ session->key.proto.tls12.dh.params.algo = GNUTLS_PK_DH;
+ session->key.proto.tls12.dh.params.qbits = q_bits;
return 0;
}
return gnutls_assert_val(ret);
if (group->pk == GNUTLS_PK_EC) {
- gnutls_pk_params_release(&session->key.kshare_ecdh_params);
- gnutls_pk_params_init(&session->key.kshare_ecdh_params);
+ gnutls_pk_params_release(&session->key.proto.kshare.ecdh_params);
+ gnutls_pk_params_init(&session->key.proto.kshare.ecdh_params);
ret = _gnutls_pk_generate_keys(group->pk, group->curve,
- &session->key.kshare_ecdh_params, 1);
+ &session->key.proto.kshare.ecdh_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
ret = _gnutls_ecc_ansi_x962_export(group->curve,
- session->key.kshare_ecdh_params.params[ECC_X],
- session->key.kshare_ecdh_params.params[ECC_Y],
+ session->key.proto.kshare.ecdh_params.params[ECC_X],
+ session->key.proto.kshare.ecdh_params.params[ECC_Y],
&tmp);
if (ret < 0)
return gnutls_assert_val(ret);
goto cleanup;
}
- session->key.kshare_ecdh_params.algo = group->pk;
- session->key.kshare_ecdh_params.curve = group->curve;
+ session->key.proto.kshare.ecdh_params.algo = group->pk;
+ session->key.proto.kshare.ecdh_params.curve = group->curve;
ret = 0;
} else if (group->pk == GNUTLS_PK_ECDH_X25519) {
- gnutls_pk_params_release(&session->key.kshare_ecdhx_params);
- gnutls_pk_params_init(&session->key.kshare_ecdhx_params);
+ gnutls_pk_params_release(&session->key.proto.kshare.ecdhx_params);
+ gnutls_pk_params_init(&session->key.proto.kshare.ecdhx_params);
ret = _gnutls_pk_generate_keys(group->pk, group->curve,
- &session->key.kshare_ecdhx_params, 1);
+ &session->key.proto.kshare.ecdhx_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
_gnutls_buffer_append_data_prefix(extdata, 16,
- session->key.kshare_ecdhx_params.raw_pub.data,
- session->key.kshare_ecdhx_params.raw_pub.size);
+ session->key.proto.kshare.ecdhx_params.raw_pub.data,
+ session->key.proto.kshare.ecdhx_params.raw_pub.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- session->key.kshare_ecdhx_params.algo = group->pk;
- session->key.kshare_ecdhx_params.curve = group->curve;
+ session->key.proto.kshare.ecdhx_params.algo = group->pk;
+ session->key.proto.kshare.ecdhx_params.curve = group->curve;
ret = 0;
} else if (group->pk == GNUTLS_PK_DH) {
/* we need to initialize the group parameters first */
- gnutls_pk_params_release(&session->key.kshare_dh_params);
- gnutls_pk_params_init(&session->key.kshare_dh_params);
+ gnutls_pk_params_release(&session->key.proto.kshare.dh_params);
+ gnutls_pk_params_init(&session->key.proto.kshare.dh_params);
- ret = _gnutls_mpi_init_scan_nz(&session->key.kshare_dh_params.params[DH_G],
+ ret = _gnutls_mpi_init_scan_nz(&session->key.proto.kshare.dh_params.params[DH_G],
group->generator->data, group->generator->size);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_mpi_init_scan_nz(&session->key.kshare_dh_params.params[DH_P],
+ ret = _gnutls_mpi_init_scan_nz(&session->key.proto.kshare.dh_params.params[DH_P],
group->prime->data, group->prime->size);
if (ret < 0)
return gnutls_assert_val(ret);
- session->key.kshare_dh_params.algo = group->pk;
- session->key.kshare_dh_params.qbits = *group->q_bits;
- session->key.kshare_dh_params.params_nr = 3; /* empty q */
+ session->key.proto.kshare.dh_params.algo = group->pk;
+ session->key.proto.kshare.dh_params.qbits = *group->q_bits;
+ session->key.proto.kshare.dh_params.params_nr = 3; /* empty q */
- ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.kshare_dh_params, 1);
+ ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.proto.kshare.dh_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_buffer_append_fixed_mpi(extdata, session->key.kshare_dh_params.params[DH_Y],
+ ret = _gnutls_buffer_append_fixed_mpi(extdata, session->key.proto.kshare.dh_params.params[DH_Y],
group->prime->size);
if (ret < 0)
return gnutls_assert_val(ret);
if (group->pk == GNUTLS_PK_EC) {
ret = _gnutls_ecc_ansi_x962_export(group->curve,
- session->key.kshare_ecdh_params.params[ECC_X],
- session->key.kshare_ecdh_params.params[ECC_Y],
+ session->key.proto.kshare.ecdh_params.params[ECC_X],
+ session->key.proto.kshare.ecdh_params.params[ECC_Y],
&tmp);
if (ret < 0)
return gnutls_assert_val(ret);
} else if (group->pk == GNUTLS_PK_ECDH_X25519) {
ret =
_gnutls_buffer_append_data_prefix(extdata, 16,
- session->key.kshare_ecdhx_params.raw_pub.data,
- session->key.kshare_ecdhx_params.raw_pub.size);
+ session->key.proto.kshare.ecdhx_params.raw_pub.data,
+ session->key.proto.kshare.ecdhx_params.raw_pub.size);
if (ret < 0)
return gnutls_assert_val(ret);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_buffer_append_fixed_mpi(extdata, session->key.kshare_dh_params.params[DH_Y],
+ ret = _gnutls_buffer_append_fixed_mpi(extdata, session->key.proto.kshare.dh_params.params[DH_Y],
group->prime->size);
if (ret < 0)
return gnutls_assert_val(ret);
if (group->pk == GNUTLS_PK_EC) {
gnutls_pk_params_st pub;
- gnutls_pk_params_release(&session->key.kshare_ecdh_params);
- gnutls_pk_params_init(&session->key.kshare_ecdh_params);
+ gnutls_pk_params_release(&session->key.proto.kshare.ecdh_params);
+ gnutls_pk_params_init(&session->key.proto.kshare.ecdh_params);
curve = _gnutls_ecc_curve_get_params(group->curve);
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
/* generate our key */
- ret = _gnutls_pk_generate_keys(curve->pk, curve->id, &session->key.kshare_ecdh_params, 1);
+ ret = _gnutls_pk_generate_keys(curve->pk, curve->id, &session->key.proto.kshare.ecdh_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
pub.params_nr = 2;
/* generate shared */
- ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.kshare_ecdh_params, &pub);
+ ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.proto.kshare.ecdh_params, &pub);
gnutls_pk_params_release(&pub);
if (ret < 0) {
return gnutls_assert_val(ret);
} else if (group->pk == GNUTLS_PK_ECDH_X25519) {
gnutls_pk_params_st pub;
- gnutls_pk_params_release(&session->key.kshare_ecdhx_params);
- gnutls_pk_params_init(&session->key.kshare_ecdhx_params);
+ gnutls_pk_params_release(&session->key.proto.kshare.ecdhx_params);
+ gnutls_pk_params_init(&session->key.proto.kshare.ecdhx_params);
curve = _gnutls_ecc_curve_get_params(group->curve);
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
/* generate our key */
- ret = _gnutls_pk_generate_keys(curve->pk, curve->id, &session->key.kshare_ecdhx_params, 1);
+ ret = _gnutls_pk_generate_keys(curve->pk, curve->id, &session->key.proto.kshare.ecdhx_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
/* We don't mask the MSB in the final byte as required
* by RFC7748. This will be done internally by nettle 3.3 or later.
*/
- ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.kshare_ecdhx_params, &pub);
+ ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.proto.kshare.ecdhx_params, &pub);
if (ret < 0) {
return gnutls_assert_val(ret);
}
gnutls_pk_params_st pub;
/* we need to initialize the group parameters first */
- gnutls_pk_params_release(&session->key.kshare_dh_params);
- gnutls_pk_params_init(&session->key.kshare_dh_params);
+ gnutls_pk_params_release(&session->key.proto.kshare.dh_params);
+ gnutls_pk_params_init(&session->key.proto.kshare.dh_params);
if (data_size != group->prime->size)
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
/* set group params */
- ret = _gnutls_mpi_init_scan_nz(&session->key.kshare_dh_params.params[DH_G],
+ ret = _gnutls_mpi_init_scan_nz(&session->key.proto.kshare.dh_params.params[DH_G],
group->generator->data, group->generator->size);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_mpi_init_scan_nz(&session->key.kshare_dh_params.params[DH_P],
+ ret = _gnutls_mpi_init_scan_nz(&session->key.proto.kshare.dh_params.params[DH_P],
group->prime->data, group->prime->size);
if (ret < 0)
return gnutls_assert_val(ret);
- session->key.kshare_dh_params.algo = GNUTLS_PK_DH;
- session->key.kshare_dh_params.qbits = *group->q_bits;
- session->key.kshare_dh_params.params_nr = 3; /* empty q */
+ session->key.proto.kshare.dh_params.algo = GNUTLS_PK_DH;
+ session->key.proto.kshare.dh_params.qbits = *group->q_bits;
+ session->key.proto.kshare.dh_params.params_nr = 3; /* empty q */
/* generate our keys */
- ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.kshare_dh_params, 1);
+ ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.proto.kshare.dh_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
pub.algo = group->pk;
/* generate shared key */
- ret = _gnutls_pk_derive_tls13(GNUTLS_PK_DH, &session->key.key, &session->key.kshare_dh_params, &pub);
+ ret = _gnutls_pk_derive_tls13(GNUTLS_PK_DH, &session->key.key, &session->key.proto.kshare.dh_params, &pub);
_gnutls_mpi_release(&pub.params[DH_Y]);
if (ret < 0)
return gnutls_assert_val(ret);
pub.params_nr = 2;
/* generate shared key */
- ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.kshare_ecdh_params, &pub);
+ ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.proto.kshare.ecdh_params, &pub);
gnutls_pk_params_release(&pub);
if (ret < 0) {
return gnutls_assert_val(ret);
/* We don't mask the MSB in the final byte as required
* by RFC7748. This will be done internally by nettle 3.3 or later.
*/
- ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.kshare_ecdhx_params, &pub);
+ ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.proto.kshare.ecdhx_params, &pub);
if (ret < 0) {
return gnutls_assert_val(ret);
}
pub.algo = group->pk;
/* generate shared key */
- ret = _gnutls_pk_derive_tls13(GNUTLS_PK_DH, &session->key.key, &session->key.kshare_dh_params, &pub);
+ ret = _gnutls_pk_derive_tls13(GNUTLS_PK_DH, &session->key.key, &session->key.proto.kshare.dh_params, &pub);
_gnutls_mpi_release(&pub.params[DH_Y]);
if (ret < 0)
return gnutls_assert_val(ret);
*/
#define MAX_FILENAME 512
#define MAX_HASH_SIZE 64
+
#define MAX_CIPHER_BLOCK_SIZE 16
#define MAX_CIPHER_KEY_SIZE 32
} auth_cred_st;
struct gnutls_key_st {
- /* TLS 1.3 key share exchange */
- gnutls_pk_params_st kshare_ecdh_params;
- gnutls_pk_params_st kshare_ecdhx_params;
- gnutls_pk_params_st kshare_dh_params;
-
- /* the current (depending on state) secret, can be
- * early_secret, client_early_traffic_secret, ... */
- uint8_t temp_secret[MAX_HASH_SIZE];
- unsigned temp_secret_size; /* depends on negotiated PRF size */
- uint8_t hs_ckey[MAX_HASH_SIZE]; /* client_handshake_traffic_secret */
- uint8_t hs_skey[MAX_HASH_SIZE]; /* server_handshake_traffic_secret */
- uint8_t ap_expkey[MAX_HASH_SIZE]; /* exporter_master_secret */
-
- /* For ECDH KX */
- gnutls_pk_params_st ecdh_params; /* private part */
-
- /* public part */
- bigint_t ecdh_x;
- bigint_t ecdh_y;
- gnutls_datum_t ecdhx; /* public key used in ECDHX (point) */
-
- /* For DH KX */
+ struct {
+ /* TLS 1.3 key share exchange */
+ struct {
+ gnutls_pk_params_st ecdh_params;
+ gnutls_pk_params_st ecdhx_params;
+ gnutls_pk_params_st dh_params;
+
+ /* the current (depending on state) secret, can be
+ * early_secret, client_early_traffic_secret, ... */
+ uint8_t temp_secret[MAX_HASH_SIZE];
+ unsigned temp_secret_size; /* depends on negotiated PRF size */
+ uint8_t hs_ckey[MAX_HASH_SIZE]; /* client_handshake_traffic_secret */
+ uint8_t hs_skey[MAX_HASH_SIZE]; /* server_handshake_traffic_secret */
+ uint8_t ap_expkey[MAX_HASH_SIZE]; /* exporter_master_secret */
+ } kshare; /* tls1.3 */
+
+ /* Folow the SSL3.0 and TLS1.2 key exchanges */
+
+ struct {
+ /* For ECDH KX */
+ struct {
+ gnutls_pk_params_st params; /* private part */
+ /* public part */
+ bigint_t x;
+ bigint_t y;
+ gnutls_datum_t raw; /* public key used in ECDHX (point) */
+ } ecdh;
+
+ /* For DH KX */
+ struct {
+ gnutls_pk_params_st params;
+ bigint_t client_Y;
+ } dh;
+
+ /* for SRP KX */
+ struct {
+ bigint_t srp_key;
+ bigint_t srp_g;
+ bigint_t srp_p;
+ bigint_t A;
+ bigint_t B;
+ bigint_t u;
+ bigint_t b;
+ bigint_t a;
+ bigint_t x;
+ } srp;
+ } tls12; /* from ssl3.0 to tls12 */
+ } proto;
+
+ /* TLS pre-master key; applies to 1.2 and 1.3 */
gnutls_datum_t key;
-
- /* For DH KX */
- gnutls_pk_params_st dh_params;
- bigint_t client_Y;
- /* for SRP */
-
- bigint_t srp_key;
- bigint_t srp_g;
- bigint_t srp_p;
- bigint_t A;
- bigint_t B;
- bigint_t u;
- bigint_t b;
- bigint_t a;
- bigint_t x;
/* this is used to hold the peers authentication data
*/
gnutls_credentials_type_t auth_info_type;
int auth_info_size; /* needed in order to store to db for restoring
*/
- uint8_t crypt_algo;
-
auth_cred_st *cred; /* used to specify keys/certificates etc */
};
} api_aead_cipher_hd_st;
struct record_state_st {
- uint8_t mac_key[MAX_CIPHER_KEY_SIZE];
+ /* mac keys can be as long as the hash size */
+ uint8_t mac_key[MAX_HASH_SIZE];
unsigned mac_key_size;
uint8_t iv[MAX_CIPHER_IV_SIZE];
uint8_t zero[MAX_HASH_SIZE];
ret = _tls13_derive_secret(session, DERIVED_LABEL, sizeof(DERIVED_LABEL)-1,
- NULL, 0, session->key.temp_secret,
- session->key.temp_secret);
+ NULL, 0, session->key.proto.kshare.temp_secret,
+ session->key.proto.kshare.temp_secret);
if (ret < 0)
return gnutls_assert_val(ret);
ret = _tls13_derive_secret(session, EXPORTER_MASTER_LABEL, sizeof(EXPORTER_MASTER_LABEL)-1,
session->internals.handshake_hash_buffer.data,
session->internals.handshake_hash_buffer_server_finished_len,
- session->key.temp_secret,
- session->key.ap_expkey);
+ session->key.proto.kshare.temp_secret,
+ session->key.proto.kshare.ap_expkey);
if (ret < 0)
return gnutls_assert_val(ret);
_gnutls_nss_keylog_write(session, "EXPORTER_SECRET",
- session->key.ap_expkey,
+ session->key.proto.kshare.ap_expkey,
session->security_parameters.prf->output_size);
_gnutls_epoch_bump(session);
{
int ret;
- if (unlikely(session->key.key.size == 0 || session->key.temp_secret_size == 0))
+ if (unlikely(session->key.key.size == 0 || session->key.proto.kshare.temp_secret_size == 0))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
ret = _tls13_update_secret(session, session->key.key.data, session->key.key.size);
return gnutls_assert_val(ret);
ret = _tls13_derive_secret(session, DERIVED_LABEL, sizeof(DERIVED_LABEL)-1,
- NULL, 0, session->key.temp_secret,
- session->key.temp_secret);
+ NULL, 0, session->key.proto.kshare.temp_secret,
+ session->key.proto.kshare.temp_secret);
if (ret < 0)
return gnutls_assert_val(ret);
if (vers->tls13_sem) {
ret = _tls13_derive_secret(session, DERIVED_LABEL, sizeof(DERIVED_LABEL)-1,
- NULL, 0, session->key.temp_secret,
- session->key.temp_secret);
+ NULL, 0, session->key.proto.kshare.temp_secret,
+ session->key.proto.kshare.temp_secret);
if (ret < 0) {
gnutls_assert();
goto fail;
}
ret = _tls13_derive_secret(session, label, label_size, NULL, 0,
- session->key.ap_expkey, secret);
+ session->key.proto.kshare.ap_expkey, secret);
if (ret < 0)
return gnutls_assert_val(ret);
{
char buf[128];
- session->key.temp_secret_size = session->security_parameters.prf->output_size;
+ session->key.proto.kshare.temp_secret_size = session->security_parameters.prf->output_size;
/* when no PSK, use the zero-value */
if (psk == NULL) {
- psk_size = session->key.temp_secret_size;
+ psk_size = session->key.proto.kshare.temp_secret_size;
if (unlikely(psk_size >= sizeof(buf)))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
return gnutls_hmac_fast(session->security_parameters.prf->id,
"", 0,
psk, psk_size,
- session->key.temp_secret);
+ session->key.proto.kshare.temp_secret);
}
/* HKDF-Extract(Prev-Secret, key) */
int _tls13_update_secret(gnutls_session_t session, const uint8_t *key, size_t key_size)
{
return gnutls_hmac_fast(session->security_parameters.prf->id,
- session->key.temp_secret, session->key.temp_secret_size,
+ session->key.proto.kshare.temp_secret, session->key.proto.kshare.temp_secret_size,
key, key_size,
- session->key.temp_secret);
+ session->key.proto.kshare.temp_secret);
}
/* Derive-Secret(Secret, Label, Messages) */
static void deinit_keys(gnutls_session_t session)
{
- gnutls_pk_params_release(&session->key.ecdh_params);
- gnutls_pk_params_release(&session->key.dh_params);
+ gnutls_pk_params_release(&session->key.proto.tls12.ecdh.params);
+ gnutls_pk_params_release(&session->key.proto.tls12.dh.params);
- gnutls_pk_params_release(&session->key.kshare_ecdhx_params);
- gnutls_pk_params_release(&session->key.kshare_ecdh_params);
- gnutls_pk_params_release(&session->key.kshare_dh_params);
+ gnutls_pk_params_release(&session->key.proto.kshare.ecdhx_params);
+ gnutls_pk_params_release(&session->key.proto.kshare.ecdh_params);
+ gnutls_pk_params_release(&session->key.proto.kshare.dh_params);
- zrelease_temp_mpi_key(&session->key.ecdh_x);
- zrelease_temp_mpi_key(&session->key.ecdh_y);
- _gnutls_free_temp_key_datum(&session->key.ecdhx);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.x);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.y);
+ _gnutls_free_temp_key_datum(&session->key.proto.tls12.ecdh.raw);
- zrelease_temp_mpi_key(&session->key.client_Y);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.dh.client_Y);
/* SRP */
- zrelease_temp_mpi_key(&session->key.srp_p);
- zrelease_temp_mpi_key(&session->key.srp_g);
- zrelease_temp_mpi_key(&session->key.srp_key);
-
- zrelease_temp_mpi_key(&session->key.u);
- zrelease_temp_mpi_key(&session->key.a);
- zrelease_temp_mpi_key(&session->key.x);
- zrelease_temp_mpi_key(&session->key.A);
- zrelease_temp_mpi_key(&session->key.B);
- zrelease_temp_mpi_key(&session->key.b);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_p);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_g);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_key);
+
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.a);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.x);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.A);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.B);
+ zrelease_temp_mpi_key(&session->key.proto.tls12.srp.b);
_gnutls_free_temp_key_datum(&session->key.key);
_gnutls_free_temp_key_datum(&session->key.key);
unsigned hash_size = session->security_parameters.prf->output_size;
if (session->security_parameters.entity == GNUTLS_CLIENT)
- base_key = session->key.hs_skey;
+ base_key = session->key.proto.kshare.hs_skey;
else
- base_key = session->key.hs_ckey;
+ base_key = session->key.proto.kshare.hs_ckey;
ret = _tls13_expand_secret(session, "finished", 8, NULL, 0, base_key,
hash_size, fkey);
if (again == 0) {
if (session->security_parameters.entity == GNUTLS_CLIENT)
- base_key = session->key.hs_ckey;
+ base_key = session->key.proto.kshare.hs_ckey;
else
- base_key = session->key.hs_skey;
+ base_key = session->key.proto.kshare.hs_skey;
ret = _tls13_expand_secret(session, "finished", 8, NULL, 0, base_key,
hash_size, fkey);
{
int ret;
- ret = _tls13_update_secret(session, session->key.temp_secret,
- session->key.temp_secret_size);
+ ret = _tls13_update_secret(session, session->key.proto.kshare.temp_secret,
+ session->key.proto.kshare.temp_secret_size);
if (ret < 0)
return gnutls_assert_val(ret);
projects / thirdparty / gnutls.git / commitdiff
