Changeset 464 for azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/src/keys.c
- Timestamp:
- Jun 22, 2021, 9:00:19 PM (3 years ago)
- Location:
- azure_iot_hub_f767zi/trunk/wolfssl-4.7.0
- Files:
-
- 1 edited
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/src/keys.c
r457 r464 1075 1075 ssl->specs.pad_size = PAD_SHA; 1076 1076 ssl->specs.static_ecdh = 0; 1077 ssl->specs.key_size = WC_SHA256_DIGEST_SIZE / 2;1077 ssl->specs.key_size = WC_SHA256_DIGEST_SIZE; 1078 1078 ssl->specs.block_size = 0; 1079 1079 ssl->specs.iv_size = HMAC_NONCE_SZ; … … 1093 1093 ssl->specs.pad_size = PAD_SHA; 1094 1094 ssl->specs.static_ecdh = 0; 1095 ssl->specs.key_size = WC_SHA384_DIGEST_SIZE / 2;1095 ssl->specs.key_size = WC_SHA384_DIGEST_SIZE; 1096 1096 ssl->specs.block_size = 0; 1097 1097 ssl->specs.iv_size = HMAC_NONCE_SZ; … … 2910 2910 } 2911 2911 2912 if (enc) { 2913 if (wc_HmacInit(enc->hmac, heap, devId) != 0) { 2914 WOLFSSL_MSG("HmacInit failed in SetKeys"); 2915 XFREE(enc->hmac, heap, DYNAMIC_TYPE_CIPHER); 2916 enc->hmac = NULL; 2917 return ASYNC_INIT_E; 2918 } 2919 } 2920 2912 2921 if (dec && dec->hmac == NULL) { 2913 2922 dec->hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, … … 2917 2926 } 2918 2927 2919 if (enc) {2920 if (wc_HmacInit(enc->hmac, heap, devId) != 0) {2921 WOLFSSL_MSG("HmacInit failed in SetKeys");2922 return ASYNC_INIT_E;2923 }2924 }2925 2928 if (dec) { 2926 2929 if (wc_HmacInit(dec->hmac, heap, devId) != 0) { 2927 2930 WOLFSSL_MSG("HmacInit failed in SetKeys"); 2931 XFREE(dec->hmac, heap, DYNAMIC_TYPE_CIPHER); 2932 dec->hmac = NULL; 2928 2933 return ASYNC_INIT_E; 2929 2934 } … … 2932 2937 if (side == WOLFSSL_CLIENT_END) { 2933 2938 if (enc) { 2939 XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, 2940 HMAC_NONCE_SZ); 2934 2941 hmacRet = wc_HmacSetKey(enc->hmac, hashType, 2935 2942 keys->client_write_key, specs->key_size); … … 2937 2944 } 2938 2945 if (dec) { 2946 XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, 2947 HMAC_NONCE_SZ); 2939 2948 hmacRet = wc_HmacSetKey(dec->hmac, hashType, 2940 2949 keys->server_write_key, specs->key_size); … … 2944 2953 else { 2945 2954 if (enc) { 2955 XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, 2956 HMAC_NONCE_SZ); 2946 2957 hmacRet = wc_HmacSetKey(enc->hmac, hashType, 2947 2958 keys->server_write_key, specs->key_size); … … 2949 2960 } 2950 2961 if (dec) { 2962 XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, 2963 HMAC_NONCE_SZ); 2951 2964 hmacRet = wc_HmacSetKey(dec->hmac, hashType, 2952 2965 keys->client_write_key, specs->key_size); … … 3059 3072 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status) { 3060 3073 keys = &ssl->secure_renegotiation->tmp_keys; 3061 copy = 1; 3074 #ifdef WOLFSSL_DTLS 3075 /* For DTLS, copy is done in StoreKeys */ 3076 if (!ssl->options.dtls) 3077 #endif 3078 copy = 1; 3062 3079 } 3063 3080 #endif /* HAVE_SECURE_RENEGOTIATION */ … … 3134 3151 3135 3152 #ifdef HAVE_SECURE_RENEGOTIATION 3153 #ifdef WOLFSSL_DTLS 3154 if (ret == 0 && ssl->options.dtls) { 3155 if (wc_encrypt) 3156 wc_encrypt->src = keys == &ssl->keys ? KEYS : SCR; 3157 if (wc_decrypt) 3158 wc_decrypt->src = keys == &ssl->keys ? KEYS : SCR; 3159 } 3160 #endif 3161 3136 3162 if (copy) { 3137 3163 int clientCopy = 0; … … 3210 3236 int sz, i = 0; 3211 3237 Keys* keys = &ssl->keys; 3238 #ifdef WOLFSSL_DTLS 3239 /* In case of DTLS, ssl->keys is updated here */ 3240 int scr_copy = 0; 3241 #endif 3212 3242 3213 3243 #ifdef HAVE_SECURE_RENEGOTIATION 3214 if (ssl->secure_renegotiation && ssl->secure_renegotiation->cache_status ==3215 3244 if (ssl->secure_renegotiation && 3245 ssl->secure_renegotiation->cache_status == SCR_CACHE_NEEDED) { 3216 3246 keys = &ssl->secure_renegotiation->tmp_keys; 3247 #ifdef WOLFSSL_DTLS 3248 if (ssl->options.dtls) { 3249 /* epoch is incremented after StoreKeys is called */ 3250 ssl->secure_renegotiation->tmp_keys.dtls_epoch = ssl->keys.dtls_epoch + 1; 3251 /* we only need to copy keys on second and future renegotiations */ 3252 if (ssl->keys.dtls_epoch > 1) 3253 scr_copy = 1; 3254 ssl->encrypt.src = KEYS_NOT_SET; 3255 ssl->decrypt.src = KEYS_NOT_SET; 3256 } 3257 #endif 3217 3258 CacheStatusPP(ssl->secure_renegotiation); 3218 3259 } … … 3225 3266 sz = ssl->specs.hash_size; 3226 3267 #ifndef WOLFSSL_AEAD_ONLY 3268 3269 #ifdef WOLFSSL_DTLS 3270 if (scr_copy) { 3271 XMEMCPY(ssl->keys.client_write_MAC_secret, 3272 keys->client_write_MAC_secret, sz); 3273 XMEMCPY(ssl->keys.server_write_MAC_secret, 3274 keys->server_write_MAC_secret, sz); 3275 } 3276 #endif 3227 3277 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz); 3228 3278 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz); … … 3231 3281 } 3232 3282 sz = ssl->specs.key_size; 3283 #ifdef WOLFSSL_DTLS 3284 if (scr_copy) { 3285 XMEMCPY(ssl->keys.client_write_key, 3286 keys->client_write_key, sz); 3287 XMEMCPY(ssl->keys.server_write_key, 3288 keys->server_write_key, sz); 3289 } 3290 #endif 3233 3291 XMEMCPY(keys->client_write_key, &keyData[i], sz); 3234 3292 XMEMCPY(keys->server_write_key, &keyData[i], sz); … … 3236 3294 3237 3295 sz = ssl->specs.iv_size; 3296 #ifdef WOLFSSL_DTLS 3297 if (scr_copy) { 3298 XMEMCPY(ssl->keys.client_write_IV, 3299 keys->client_write_IV, sz); 3300 XMEMCPY(ssl->keys.server_write_IV, 3301 keys->server_write_IV, sz); 3302 } 3303 #endif 3238 3304 XMEMCPY(keys->client_write_IV, &keyData[i], sz); 3239 3305 XMEMCPY(keys->server_write_IV, &keyData[i], sz); … … 3242 3308 if (ssl->specs.cipher_type == aead) { 3243 3309 /* Initialize the AES-GCM/CCM explicit IV to a zero. */ 3310 #ifdef WOLFSSL_DTLS 3311 if (scr_copy) { 3312 XMEMCPY(ssl->keys.aead_exp_IV, 3313 keys->aead_exp_IV, AEAD_MAX_EXP_SZ); 3314 } 3315 #endif 3244 3316 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ); 3245 3317 } … … 3254 3326 if (side & PROVISION_CLIENT) { 3255 3327 #ifndef WOLFSSL_AEAD_ONLY 3328 #ifdef WOLFSSL_DTLS 3329 if (scr_copy) 3330 XMEMCPY(ssl->keys.client_write_MAC_secret, 3331 keys->client_write_MAC_secret, sz); 3332 #endif 3256 3333 XMEMCPY(keys->client_write_MAC_secret,&keyData[i], sz); 3257 3334 #endif … … 3260 3337 if (side & PROVISION_SERVER) { 3261 3338 #ifndef WOLFSSL_AEAD_ONLY 3339 #ifdef WOLFSSL_DTLS 3340 if (scr_copy) 3341 XMEMCPY(ssl->keys.server_write_MAC_secret, 3342 keys->server_write_MAC_secret, sz); 3343 #endif 3262 3344 XMEMCPY(keys->server_write_MAC_secret,&keyData[i], sz); 3263 3345 #endif … … 3267 3349 sz = ssl->specs.key_size; 3268 3350 if (side & PROVISION_CLIENT) { 3351 #ifdef WOLFSSL_DTLS 3352 if (scr_copy) 3353 XMEMCPY(ssl->keys.client_write_key, 3354 keys->client_write_key, sz); 3355 #endif 3269 3356 XMEMCPY(keys->client_write_key, &keyData[i], sz); 3270 3357 i += sz; 3271 3358 } 3272 3359 if (side & PROVISION_SERVER) { 3360 #ifdef WOLFSSL_DTLS 3361 if (scr_copy) 3362 XMEMCPY(ssl->keys.server_write_key, 3363 keys->server_write_key, sz); 3364 #endif 3273 3365 XMEMCPY(keys->server_write_key, &keyData[i], sz); 3274 3366 i += sz; … … 3277 3369 sz = ssl->specs.iv_size; 3278 3370 if (side & PROVISION_CLIENT) { 3371 #ifdef WOLFSSL_DTLS 3372 if (scr_copy) 3373 XMEMCPY(ssl->keys.client_write_IV, 3374 keys->client_write_IV, sz); 3375 #endif 3279 3376 XMEMCPY(keys->client_write_IV, &keyData[i], sz); 3280 3377 i += sz; 3281 3378 } 3282 if (side & PROVISION_SERVER) 3379 if (side & PROVISION_SERVER) { 3380 #ifdef WOLFSSL_DTLS 3381 if (scr_copy) 3382 XMEMCPY(ssl->keys.server_write_IV, 3383 keys->server_write_IV, sz); 3384 #endif 3283 3385 XMEMCPY(keys->server_write_IV, &keyData[i], sz); 3386 } 3284 3387 3285 3388 #ifdef HAVE_AEAD 3286 3389 if (ssl->specs.cipher_type == aead) { 3287 3390 /* Initialize the AES-GCM/CCM explicit IV to a zero. */ 3391 #ifdef WOLFSSL_DTLS 3392 if (scr_copy) 3393 XMEMMOVE(ssl->keys.aead_exp_IV, 3394 keys->aead_exp_IV, AEAD_MAX_EXP_SZ); 3395 #endif 3288 3396 XMEMSET(keys->aead_exp_IV, 0, AEAD_MAX_EXP_SZ); 3289 3397 } … … 3342 3450 } 3343 3451 #endif 3344 3452 XMEMSET(shaOutput, 0, WC_SHA_DIGEST_SIZE); 3345 3453 ret = wc_InitMd5(md5); 3346 3454 if (ret == 0) { … … 3472 3580 } 3473 3581 #endif 3582 XMEMSET(shaOutput, 0, WC_SHA_DIGEST_SIZE); 3474 3583 3475 3584 ret = wc_InitMd5(md5);
Note:
See TracChangeset
for help on using the changeset viewer.