Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/contrib/bearssl/src/ssl/ssl_keyexport.c
39488 views
1
/*

2
 * Copyright (c) 2017 Thomas Pornin <[email protected]>

3
 *

4
 * Permission is hereby granted, free of charge, to any person obtaining 

5
 * a copy of this software and associated documentation files (the

6
 * "Software"), to deal in the Software without restriction, including

7
 * without limitation the rights to use, copy, modify, merge, publish,

8
 * distribute, sublicense, and/or sell copies of the Software, and to

9
 * permit persons to whom the Software is furnished to do so, subject to

10
 * the following conditions:

11
 *

12
 * The above copyright notice and this permission notice shall be 

13
 * included in all copies or substantial portions of the Software.

14
 *

15
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 

16
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

17
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 

18
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS

19
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

20
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN

21
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

22
 * SOFTWARE.

23
 */

24


25
#include "inner.h"

26


27
/*

28
 * Supported cipher suites that use SHA-384 for the PRF when selected

29
 * for TLS 1.2. All other cipher suites are deemed to use SHA-256.

30
 */

31
static const uint16_t suites_sha384[] = {

32
	BR_TLS_RSA_WITH_AES_256_GCM_SHA384,

33
	BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,

34
	BR_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,

35
	BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,

36
	BR_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,

37
	BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,

38
	BR_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,

39
	BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,

40
	BR_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384

41
};

42


43
/* see bearssl_ssl.h */

44
int

45
br_ssl_key_export(br_ssl_engine_context *cc,

46
	void *dst, size_t len, const char *label,

47
	const void *context, size_t context_len)

48
{

49
	br_tls_prf_seed_chunk chunks[4];

50
	br_tls_prf_impl iprf;

51
	size_t num_chunks, u;

52
	unsigned char tmp[2];

53
	int prf_id;

54


55
	if (cc->application_data != 1) {

56
		return 0;

57
	}

58
	chunks[0].data = cc->client_random;

59
	chunks[0].len = sizeof cc->client_random;

60
	chunks[1].data = cc->server_random;

61
	chunks[1].len = sizeof cc->server_random;

62
	if (context != NULL) {

63
		br_enc16be(tmp, (unsigned)context_len);

64
		chunks[2].data = tmp;

65
		chunks[2].len = 2;

66
		chunks[3].data = context;

67
		chunks[3].len = context_len;

68
		num_chunks = 4;

69
	} else {

70
		num_chunks = 2;

71
	}

72
	prf_id = BR_SSLPRF_SHA256;

73
	for (u = 0; u < (sizeof suites_sha384) / sizeof(uint16_t); u ++) {

74
		if (suites_sha384[u] == cc->session.cipher_suite) {

75
			prf_id = BR_SSLPRF_SHA384;

76
		}

77
	}

78
	iprf = br_ssl_engine_get_PRF(cc, prf_id);

79
	iprf(dst, len,

80
		cc->session.master_secret, sizeof cc->session.master_secret,

81
		label, num_chunks, chunks);

82
	return 1;

83
}

84


85