mirror of https://github.com/ctz/rustls
Rename `KeySchedule::derive` to `KeySchedule::derive_bytes`.
This commit is contained in:
Brian Smith
ctz
parent
e702e4c87c
commit
c41a04a666
|
|
@ -330,7 +330,7 @@ fn emit_client_hello_for_retry(sess: &mut ClientSessionImpl,
|
|||
let client_hello_hash = handshake.transcript.get_hash_given(resuming_suite.get_hash(), &[]);
|
||||
let client_early_traffic_secret = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ClientEarlyTrafficSecret, &client_hello_hash);
|
||||
.derive_bytes(SecretKind::ClientEarlyTrafficSecret, &client_hello_hash);
|
||||
// Set early data encryption key
|
||||
sess.common
|
||||
.set_message_encrypter(cipher::new_tls13_write(resuming_suite, &client_early_traffic_secret));
|
||||
|
|
|
|||
|
|
@ -142,7 +142,7 @@ pub fn fill_in_psk_binder(sess: &mut ClientSessionImpl,
|
|||
// Run a fake key_schedule to simulate what the server will do if it choses
|
||||
// to resume.
|
||||
let key_schedule = KeySchedule::new(hkdf_alg, &resuming.master_secret.0);
|
||||
let base_key = key_schedule.derive(SecretKind::ResumptionPSKBinderKey, &empty_hash);
|
||||
let base_key = key_schedule.derive_bytes(SecretKind::ResumptionPSKBinderKey, &empty_hash);
|
||||
let real_binder = key_schedule.sign_verify_data(&base_key, &handshake_hash);
|
||||
|
||||
if let HandshakePayload::ClientHello(ref mut ch) = hmp.payload {
|
||||
|
|
@ -211,8 +211,8 @@ pub fn start_handshake_traffic(sess: &mut ClientSessionImpl,
|
|||
if !sess.early_data.is_enabled() {
|
||||
// Set the client encryption key for handshakes if early data is not used
|
||||
let write_key = sess.common.get_key_schedule()
|
||||
.derive(SecretKind::ClientHandshakeTrafficSecret,
|
||||
&handshake.hash_at_client_recvd_server_hello);
|
||||
.derive_bytes(SecretKind::ClientHandshakeTrafficSecret,
|
||||
&handshake.hash_at_client_recvd_server_hello);
|
||||
sess.common.set_message_encrypter(cipher::new_tls13_write(suite, &write_key));
|
||||
sess.config.key_log.log(sess.common.protocol.labels().client_handshake_traffic_secret,
|
||||
&handshake.randoms.client,
|
||||
|
|
@ -221,8 +221,8 @@ pub fn start_handshake_traffic(sess: &mut ClientSessionImpl,
|
|||
}
|
||||
|
||||
let read_key = sess.common.get_key_schedule()
|
||||
.derive(SecretKind::ServerHandshakeTrafficSecret,
|
||||
&handshake.hash_at_client_recvd_server_hello);
|
||||
.derive_bytes(SecretKind::ServerHandshakeTrafficSecret,
|
||||
&handshake.hash_at_client_recvd_server_hello);
|
||||
sess.common.set_message_decrypter(cipher::new_tls13_read(suite, &read_key));
|
||||
sess.config.key_log.log(sess.common.protocol.labels().server_handshake_traffic_secret,
|
||||
&handshake.randoms.client,
|
||||
|
|
@ -234,8 +234,8 @@ pub fn start_handshake_traffic(sess: &mut ClientSessionImpl,
|
|||
let client = if sess.early_data.is_enabled() {
|
||||
// Traffic secret wasn't computed and stored above, so do it here.
|
||||
sess.common.get_key_schedule()
|
||||
.derive(SecretKind::ClientHandshakeTrafficSecret,
|
||||
&handshake.hash_at_client_recvd_server_hello)
|
||||
.derive_bytes(SecretKind::ClientHandshakeTrafficSecret,
|
||||
&handshake.hash_at_client_recvd_server_hello)
|
||||
} else {
|
||||
key_schedule.current_client_traffic_secret.clone()
|
||||
};
|
||||
|
|
@ -399,8 +399,8 @@ impl hs::State for ExpectEncryptedExtensions {
|
|||
// If no early traffic, set the encryption key for handshakes
|
||||
let suite = sess.common.get_suite_assert();
|
||||
let write_key = sess.common.get_key_schedule()
|
||||
.derive(SecretKind::ClientHandshakeTrafficSecret,
|
||||
&self.handshake.hash_at_client_recvd_server_hello);
|
||||
.derive_bytes(SecretKind::ClientHandshakeTrafficSecret,
|
||||
&self.handshake.hash_at_client_recvd_server_hello);
|
||||
sess.common.set_message_encrypter(cipher::new_tls13_write(suite, &write_key));
|
||||
sess.config.key_log.log(sess.common.protocol.labels().client_handshake_traffic_secret,
|
||||
&self.handshake.randoms.client,
|
||||
|
|
@ -826,8 +826,8 @@ impl hs::State for ExpectFinished {
|
|||
/* Derive the client-to-server encryption key before key schedule update */
|
||||
let key = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ClientHandshakeTrafficSecret,
|
||||
&st.handshake.hash_at_client_recvd_server_hello);
|
||||
.derive_bytes(SecretKind::ClientHandshakeTrafficSecret,
|
||||
&st.handshake.hash_at_client_recvd_server_hello);
|
||||
Some(key)
|
||||
} else {
|
||||
None
|
||||
|
|
@ -842,7 +842,7 @@ impl hs::State for ExpectFinished {
|
|||
let handshake_hash = st.handshake.transcript.get_current_hash();
|
||||
let read_key = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ServerApplicationTrafficSecret, &handshake_hash);
|
||||
.derive_bytes(SecretKind::ServerApplicationTrafficSecret, &handshake_hash);
|
||||
sess.config.key_log.log(sess.common.protocol.labels().server_traffic_secret_0,
|
||||
&st.handshake.randoms.client,
|
||||
&read_key);
|
||||
|
|
@ -853,7 +853,7 @@ impl hs::State for ExpectFinished {
|
|||
|
||||
let exporter_secret = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ExporterMasterSecret, &handshake_hash);
|
||||
.derive_bytes(SecretKind::ExporterMasterSecret, &handshake_hash);
|
||||
sess.config.key_log.log(sess.common.protocol.labels().exporter_secret,
|
||||
&st.handshake.randoms.client,
|
||||
&exporter_secret);
|
||||
|
|
@ -891,7 +891,7 @@ impl hs::State for ExpectFinished {
|
|||
hs::check_aligned_handshake(sess)?;
|
||||
let write_key = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ClientApplicationTrafficSecret, &handshake_hash);
|
||||
.derive_bytes(SecretKind::ClientApplicationTrafficSecret, &handshake_hash);
|
||||
sess.config.key_log.log(sess.common.protocol.labels().client_traffic_secret_0,
|
||||
&st.handshake.randoms.client,
|
||||
&write_key);
|
||||
|
|
@ -935,7 +935,7 @@ impl ExpectTraffic {
|
|||
let handshake_hash = self.handshake.transcript.get_current_hash();
|
||||
let resumption_master_secret = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ResumptionMasterSecret, &handshake_hash);
|
||||
.derive_bytes(SecretKind::ResumptionMasterSecret, &handshake_hash);
|
||||
let secret = sess.common
|
||||
.get_key_schedule()
|
||||
.derive_ticket_psk(&resumption_master_secret, &nst.nonce.0);
|
||||
|
|
|
|||
|
|
@ -113,7 +113,7 @@ impl KeySchedule {
|
|||
}
|
||||
|
||||
/// Derive a secret of given `kind`, using current handshake hash `hs_hash`.
|
||||
pub fn derive(&self, kind: SecretKind, hs_hash: &[u8]) -> Vec<u8> {
|
||||
pub fn derive_bytes(&self, kind: SecretKind, hs_hash: &[u8]) -> Vec<u8> {
|
||||
debug_assert_eq!(hs_hash.len(), self.algorithm.hmac_algorithm().digest_algorithm().output_len);
|
||||
|
||||
_hkdf_expand_label_vec(&self.current,
|
||||
|
|
@ -129,7 +129,7 @@ impl KeySchedule {
|
|||
pub fn derive_for_empty_hash(&self, kind: SecretKind) -> Vec<u8> {
|
||||
let digest_alg = self.algorithm.hmac_algorithm().digest_algorithm();
|
||||
let empty_hash = digest::digest(digest_alg, &[]);
|
||||
self.derive(kind, empty_hash.as_ref())
|
||||
self.derive_bytes(kind, empty_hash.as_ref())
|
||||
}
|
||||
|
||||
/// Return the current traffic secret, of given `kind`.
|
||||
|
|
@ -273,18 +273,18 @@ mod test {
|
|||
let fake_handshake_hash = [0u8; 32];
|
||||
|
||||
let mut ks = KeySchedule::new_with_empty_secret(hkdf::HKDF_SHA256);
|
||||
ks.derive(SecretKind::ResumptionPSKBinderKey, &fake_handshake_hash);
|
||||
ks.derive_bytes(SecretKind::ResumptionPSKBinderKey, &fake_handshake_hash);
|
||||
ks.input_secret(&[1u8, 2u8, 3u8, 4u8]);
|
||||
ks.derive(SecretKind::ClientHandshakeTrafficSecret,
|
||||
&fake_handshake_hash);
|
||||
ks.derive(SecretKind::ServerHandshakeTrafficSecret,
|
||||
&fake_handshake_hash);
|
||||
ks.derive_bytes(SecretKind::ClientHandshakeTrafficSecret,
|
||||
&fake_handshake_hash);
|
||||
ks.derive_bytes(SecretKind::ServerHandshakeTrafficSecret,
|
||||
&fake_handshake_hash);
|
||||
ks.input_empty();
|
||||
ks.derive(SecretKind::ClientApplicationTrafficSecret,
|
||||
&fake_handshake_hash);
|
||||
ks.derive(SecretKind::ServerApplicationTrafficSecret,
|
||||
&fake_handshake_hash);
|
||||
ks.derive(SecretKind::ResumptionMasterSecret, &fake_handshake_hash);
|
||||
ks.derive_bytes(SecretKind::ClientApplicationTrafficSecret,
|
||||
&fake_handshake_hash);
|
||||
ks.derive_bytes(SecretKind::ServerApplicationTrafficSecret,
|
||||
&fake_handshake_hash);
|
||||
ks.derive_bytes(SecretKind::ResumptionMasterSecret, &fake_handshake_hash);
|
||||
}
|
||||
|
||||
#[test]
|
||||
|
|
@ -372,16 +372,16 @@ mod test {
|
|||
let mut ks = KeySchedule::new_with_empty_secret(hkdf);
|
||||
ks.input_secret(&ecdhe_secret);
|
||||
|
||||
let got_client_hts = ks.derive(SecretKind::ClientHandshakeTrafficSecret,
|
||||
&hs_start_hash);
|
||||
let got_client_hts = ks.derive_bytes(SecretKind::ClientHandshakeTrafficSecret,
|
||||
&hs_start_hash);
|
||||
assert_eq!(got_client_hts,
|
||||
client_hts.to_vec());
|
||||
assert_eq!(derive_traffic_key(hkdf, &got_client_hts, client_hts_key.len()),
|
||||
client_hts_key.to_vec());
|
||||
assert_eq!(derive_traffic_iv(hkdf, &got_client_hts).value(), &client_hts_iv);
|
||||
|
||||
let got_server_hts = ks.derive(SecretKind::ServerHandshakeTrafficSecret,
|
||||
&hs_start_hash);
|
||||
let got_server_hts = ks.derive_bytes(SecretKind::ServerHandshakeTrafficSecret,
|
||||
&hs_start_hash);
|
||||
assert_eq!(got_server_hts,
|
||||
server_hts.to_vec());
|
||||
assert_eq!(derive_traffic_key(hkdf, &got_server_hts, server_hts_key.len()),
|
||||
|
|
@ -390,16 +390,16 @@ mod test {
|
|||
|
||||
ks.input_empty();
|
||||
|
||||
let got_client_ats = ks.derive(SecretKind::ClientApplicationTrafficSecret,
|
||||
&hs_full_hash);
|
||||
let got_client_ats = ks.derive_bytes(SecretKind::ClientApplicationTrafficSecret,
|
||||
&hs_full_hash);
|
||||
assert_eq!(got_client_ats,
|
||||
client_ats.to_vec());
|
||||
assert_eq!(derive_traffic_key(hkdf, &got_client_ats, client_ats_key.len()),
|
||||
client_ats_key.to_vec());
|
||||
assert_eq!(derive_traffic_iv(hkdf, &got_client_ats).value(), &client_ats_iv);
|
||||
|
||||
let got_server_ats = ks.derive(SecretKind::ServerApplicationTrafficSecret,
|
||||
&hs_full_hash);
|
||||
let got_server_ats = ks.derive_bytes(SecretKind::ServerApplicationTrafficSecret,
|
||||
&hs_full_hash);
|
||||
assert_eq!(got_server_ats,
|
||||
server_ats.to_vec());
|
||||
assert_eq!(derive_traffic_key(hkdf, &got_server_ats, server_ats_key.len()),
|
||||
|
|
|
|||
|
|
@ -161,7 +161,7 @@ impl CompleteClientHelloHandling {
|
|||
#[cfg(feature = "quic")] {
|
||||
if sess.common.protocol == Protocol::Quic {
|
||||
let client_early_traffic_secret = key_schedule
|
||||
.derive(SecretKind::ClientEarlyTrafficSecret, &client_hello_hash);
|
||||
.derive_bytes(SecretKind::ClientEarlyTrafficSecret, &client_hello_hash);
|
||||
sess.config.key_log.log(sess.common.protocol.labels().client_early_traffic_secret,
|
||||
&self.handshake.randoms.client,
|
||||
&client_early_traffic_secret);
|
||||
|
|
@ -176,8 +176,8 @@ impl CompleteClientHelloHandling {
|
|||
key_schedule.input_secret(&kxr.premaster_secret);
|
||||
|
||||
let handshake_hash = self.handshake.transcript.get_current_hash();
|
||||
let write_key = key_schedule.derive(SecretKind::ServerHandshakeTrafficSecret, &handshake_hash);
|
||||
let read_key = key_schedule.derive(SecretKind::ClientHandshakeTrafficSecret, &handshake_hash);
|
||||
let write_key = key_schedule.derive_bytes(SecretKind::ServerHandshakeTrafficSecret, &handshake_hash);
|
||||
let read_key = key_schedule.derive_bytes(SecretKind::ClientHandshakeTrafficSecret, &handshake_hash);
|
||||
sess.common.set_message_encrypter(cipher::new_tls13_write(suite, &write_key));
|
||||
sess.common.set_message_decrypter(cipher::new_tls13_read(suite, &read_key));
|
||||
sess.config.key_log.log(sess.common.protocol.labels().server_handshake_traffic_secret,
|
||||
|
|
@ -407,8 +407,8 @@ impl CompleteClientHelloHandling {
|
|||
sess.common.get_mut_key_schedule().input_empty();
|
||||
let write_key = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ServerApplicationTrafficSecret,
|
||||
&self.handshake.hash_at_server_fin);
|
||||
.derive_bytes(SecretKind::ServerApplicationTrafficSecret,
|
||||
&self.handshake.hash_at_server_fin);
|
||||
let suite = sess.common.get_suite_assert();
|
||||
sess.common.set_message_encrypter(cipher::new_tls13_write(suite, &write_key));
|
||||
sess.config.key_log.log(sess.common.protocol.labels().server_traffic_secret_0,
|
||||
|
|
@ -418,8 +418,8 @@ impl CompleteClientHelloHandling {
|
|||
#[cfg(feature = "quic")] {
|
||||
let read_key = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ClientApplicationTrafficSecret,
|
||||
&self.handshake.hash_at_server_fin);
|
||||
.derive_bytes(SecretKind::ClientApplicationTrafficSecret,
|
||||
&self.handshake.hash_at_server_fin);
|
||||
sess.common.quic.traffic_secrets = Some(quic::Secrets {
|
||||
client: read_key,
|
||||
server: write_key.clone(),
|
||||
|
|
@ -433,8 +433,8 @@ impl CompleteClientHelloHandling {
|
|||
|
||||
let exporter_secret = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ExporterMasterSecret,
|
||||
&self.handshake.hash_at_server_fin);
|
||||
.derive_bytes(SecretKind::ExporterMasterSecret,
|
||||
&self.handshake.hash_at_server_fin);
|
||||
sess.config.key_log.log(sess.common.protocol.labels().exporter_secret,
|
||||
&self.handshake.randoms.client,
|
||||
&exporter_secret);
|
||||
|
|
@ -714,7 +714,7 @@ fn get_server_session_value(handshake: &mut HandshakeDetails,
|
|||
.get_current_hash();
|
||||
let resumption_master_secret = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ResumptionMasterSecret, &handshake_hash);
|
||||
.derive_bytes(SecretKind::ResumptionMasterSecret, &handshake_hash);
|
||||
let secret = sess.common
|
||||
.get_key_schedule()
|
||||
.derive_ticket_psk(&resumption_master_secret, nonce);
|
||||
|
|
@ -841,8 +841,8 @@ impl hs::State for ExpectFinished {
|
|||
// Server traffic is already done.
|
||||
let read_key = sess.common
|
||||
.get_key_schedule()
|
||||
.derive(SecretKind::ClientApplicationTrafficSecret,
|
||||
&self.handshake.hash_at_server_fin);
|
||||
.derive_bytes(SecretKind::ClientApplicationTrafficSecret,
|
||||
&self.handshake.hash_at_server_fin);
|
||||
sess.config.key_log.log(sess.common.protocol.labels().client_traffic_secret_0,
|
||||
&self.handshake.randoms.client,
|
||||
&read_key);
|
||||
|
|
|
|||
Loading…
Reference in New Issue