aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/kdf/hkdf/hkdf.cpp3
-rw-r--r--src/lib/kdf/kdf1/kdf1.cpp3
-rw-r--r--src/lib/kdf/kdf2/kdf2.cpp3
-rw-r--r--src/lib/kdf/prf_tls/prf_tls.cpp21
-rw-r--r--src/lib/kdf/prf_x942/prf_x942.cpp9
-rw-r--r--src/lib/tls/msg_finished.cpp7
-rw-r--r--src/lib/tls/tls_channel.cpp3
-rw-r--r--src/lib/tls/tls_session_key.cpp12
8 files changed, 41 insertions, 20 deletions
diff --git a/src/lib/kdf/hkdf/hkdf.cpp b/src/lib/kdf/hkdf/hkdf.cpp
index b7e6db020..56dc72f09 100644
--- a/src/lib/kdf/hkdf/hkdf.cpp
+++ b/src/lib/kdf/hkdf/hkdf.cpp
@@ -23,7 +23,7 @@ HKDF* HKDF::make(const Spec& spec)
size_t HKDF::kdf(byte out[], size_t out_len,
const byte secret[], size_t secret_len,
const byte salt[], size_t salt_len,
- const byte[], size_t) const
+ const byte label[], size_t label_len) const
{
m_prf->set_key(secret, secret_len);
@@ -34,6 +34,7 @@ size_t HKDF::kdf(byte out[], size_t out_len,
while(offset != out_len && counter != 0)
{
m_prf->update(h);
+ m_prf->update(label, label_len);
m_prf->update(salt, salt_len);
m_prf->update(counter++);
m_prf->final(h);
diff --git a/src/lib/kdf/kdf1/kdf1.cpp b/src/lib/kdf/kdf1/kdf1.cpp
index 7d9ab7e3a..14dddc5f4 100644
--- a/src/lib/kdf/kdf1/kdf1.cpp
+++ b/src/lib/kdf/kdf1/kdf1.cpp
@@ -12,9 +12,10 @@ namespace Botan {
size_t KDF1::kdf(byte key[], size_t key_len,
const byte secret[], size_t secret_len,
const byte salt[], size_t salt_len,
- const byte[], size_t) const
+ const byte label[], size_t label_len) const
{
m_hash->update(secret, secret_len);
+ m_hash->update(label, label_len);
m_hash->update(salt, salt_len);
if(key_len < m_hash->output_length())
diff --git a/src/lib/kdf/kdf2/kdf2.cpp b/src/lib/kdf/kdf2/kdf2.cpp
index 32bf678f7..760ebfc83 100644
--- a/src/lib/kdf/kdf2/kdf2.cpp
+++ b/src/lib/kdf/kdf2/kdf2.cpp
@@ -12,7 +12,7 @@ namespace Botan {
size_t KDF2::kdf(byte key[], size_t key_len,
const byte secret[], size_t secret_len,
const byte salt[], size_t salt_len,
- const byte[], size_t) const
+ const byte label[], size_t label_len) const
{
u32bit counter = 1;
secure_vector<byte> h;
@@ -22,6 +22,7 @@ size_t KDF2::kdf(byte key[], size_t key_len,
{
m_hash->update(secret, secret_len);
m_hash->update_be(counter++);
+ m_hash->update(label, label_len);
m_hash->update(salt, salt_len);
m_hash->final(h);
diff --git a/src/lib/kdf/prf_tls/prf_tls.cpp b/src/lib/kdf/prf_tls/prf_tls.cpp
index f15688eba..14b330901 100644
--- a/src/lib/kdf/prf_tls/prf_tls.cpp
+++ b/src/lib/kdf/prf_tls/prf_tls.cpp
@@ -74,24 +74,35 @@ void P_hash(byte out[], size_t out_len,
size_t TLS_PRF::kdf(byte key[], size_t key_len,
const byte secret[], size_t secret_len,
const byte salt[], size_t salt_len,
- const byte[], size_t) const
+ const byte label[], size_t label_len) const
{
const size_t S1_len = (secret_len + 1) / 2,
S2_len = (secret_len + 1) / 2;
const byte* S1 = secret;
const byte* S2 = secret + (secret_len - S2_len);
+ secure_vector<byte> msg;
- P_hash(key, key_len, *m_hmac_md5, S1, S1_len, salt, salt_len);
- P_hash(key, key_len, *m_hmac_sha1, S2, S2_len, salt, salt_len);
+ msg.reserve(label_len + salt_len);
+ msg += std::make_pair(label, label_len);
+ msg += std::make_pair(salt, salt_len);
+
+ P_hash(key, key_len, *m_hmac_md5, S1, S1_len, msg.data(), msg.size());
+ P_hash(key, key_len, *m_hmac_sha1, S2, S2_len, msg.data(), msg.size());
return key_len;
}
size_t TLS_12_PRF::kdf(byte key[], size_t key_len,
const byte secret[], size_t secret_len,
const byte salt[], size_t salt_len,
- const byte[], size_t) const
+ const byte label[], size_t label_len) const
{
- P_hash(key, key_len, *m_mac, secret, secret_len, salt, salt_len);
+ secure_vector<byte> msg;
+
+ msg.reserve(label_len + salt_len);
+ msg += std::make_pair(label, label_len);
+ msg += std::make_pair(salt, salt_len);
+
+ P_hash(key, key_len, *m_mac, secret, secret_len, msg.data(), msg.size());
return key_len;
}
diff --git a/src/lib/kdf/prf_x942/prf_x942.cpp b/src/lib/kdf/prf_x942/prf_x942.cpp
index 3830c5775..206cf6ce6 100644
--- a/src/lib/kdf/prf_x942/prf_x942.cpp
+++ b/src/lib/kdf/prf_x942/prf_x942.cpp
@@ -31,15 +31,20 @@ std::vector<byte> encode_x942_int(u32bit n)
size_t X942_PRF::kdf(byte key[], size_t key_len,
const byte secret[], size_t secret_len,
const byte salt[], size_t salt_len,
- const byte[], size_t) const
+ const byte label[], size_t label_len) const
{
std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-160"));
const OID kek_algo(m_key_wrap_oid);
secure_vector<byte> h;
+ secure_vector<byte> in;
size_t offset = 0;
u32bit counter = 1;
+ in.reserve(salt_len + label_len);
+ in += std::make_pair(label,label_len);
+ in += std::make_pair(salt,salt_len);
+
while(offset != key_len && counter)
{
hash->update(secret, secret_len);
@@ -55,7 +60,7 @@ size_t X942_PRF::kdf(byte key[], size_t key_len,
.encode_if(salt_len != 0,
DER_Encoder()
.start_explicit(0)
- .encode(salt, salt_len, OCTET_STRING)
+ .encode(in, OCTET_STRING)
.end_explicit()
)
diff --git a/src/lib/tls/msg_finished.cpp b/src/lib/tls/msg_finished.cpp
index 7c61ed98e..3a2c88fb1 100644
--- a/src/lib/tls/msg_finished.cpp
+++ b/src/lib/tls/msg_finished.cpp
@@ -31,14 +31,15 @@ std::vector<byte> finished_compute_verify(const Handshake_State& state,
std::unique_ptr<KDF> prf(state.protocol_specific_prf());
std::vector<byte> input;
+ std::vector<byte> label;
if(side == CLIENT)
- input += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL));
+ label += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL));
else
- input += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
+ label += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
input += state.hash().final(state.version(), state.ciphersuite().prf_algo());
- return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, secure_vector<byte>()));
+ return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, label));
}
}
diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp
index 03e99c24f..f445eef99 100644
--- a/src/lib/tls/tls_channel.cpp
+++ b/src/lib/tls/tls_channel.cpp
@@ -621,7 +621,6 @@ SymmetricKey Channel::key_material_export(const std::string& label,
active->session_keys().master_secret();
std::vector<byte> salt;
- salt += to_byte_vector(label);
salt += active->client_hello()->random();
salt += active->server_hello()->random();
@@ -635,7 +634,7 @@ SymmetricKey Channel::key_material_export(const std::string& label,
salt += to_byte_vector(context);
}
- return prf->derive_key(length, master_secret, salt, secure_vector<byte>());
+ return prf->derive_key(length, master_secret, salt, to_byte_vector(label));
}
else
throw Exception("Channel::key_material_export connection not active");
diff --git a/src/lib/tls/tls_session_key.cpp b/src/lib/tls/tls_session_key.cpp
index 7890813c3..193af8d9f 100644
--- a/src/lib/tls/tls_session_key.cpp
+++ b/src/lib/tls/tls_session_key.cpp
@@ -48,28 +48,30 @@ Session_Keys::Session_Keys(const Handshake_State* state,
else
{
secure_vector<byte> salt;
+ secure_vector<byte> label;
if(extended_master_secret)
{
- salt += std::make_pair(EXT_MASTER_SECRET_MAGIC, sizeof(EXT_MASTER_SECRET_MAGIC));
+ label += std::make_pair(EXT_MASTER_SECRET_MAGIC, sizeof(EXT_MASTER_SECRET_MAGIC));
salt += state->hash().final(state->version(),
state->ciphersuite().prf_algo());
}
else
{
- salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC));
+ label += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC));
salt += state->client_hello()->random();
salt += state->server_hello()->random();
}
- m_master_sec = prf->derive_key(48, pre_master_secret, salt, secure_vector<byte>());
+ m_master_sec = prf->derive_key(48, pre_master_secret, salt, label);
}
secure_vector<byte> salt;
- salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC));
+ secure_vector<byte> label;
+ label += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC));
salt += state->server_hello()->random();
salt += state->client_hello()->random();
- SymmetricKey keyblock = prf->derive_key(prf_gen, m_master_sec, salt, secure_vector<byte>());
+ SymmetricKey keyblock = prf->derive_key(prf_gen, m_master_sec, salt, label);
const byte* key_data = keyblock.begin();
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 14:47:32 +0000