Add support for an optional context parameter to TLS exporter

Allow an additional context value to be passed to TLS exporter as specified in RFC 5705 section 4. This does not yet implement it for the internal TLS implementation. However, as currently nothing uses context yet, this will not break anything right now. WolfSSL maintainers also stated that they are not going to add context support yet, but would look into it if/when this is required by a published draft or a standard. Signed-off-by: Ervin Oro <ervin.oro@aalto.fi>
2019-03-11 13:21:36 +02:00 · 2019-03-11 13:21:36 +02:00 · a916ff5cd8
commit a916ff5cd8
parent fab49f6145
16 changed files with 62 additions and 24 deletions
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@ -370,15 +370,21 @@ int __must_check tls_connection_get_random(void *tls_ctx,
 * @tls_ctx: TLS context data from tls_init()
 * @conn: Connection context data from tls_connection_init()
 * @label: Label (e.g., description of the key) for PRF
+ * @context: Optional extra upper-layer context (max len 2^16)
+ * @context_len: The length of the context value
 * @out: Buffer for output data from TLS-PRF
 * @out_len: Length of the output buffer
 * Returns: 0 on success, -1 on failure
 *
- * Exports keying material using the mechanism described in RFC 5705.
+ * Exports keying material using the mechanism described in RFC 5705. If
+ * context is %NULL, context is not provided; otherwise, context is provided
+ * (including the case of empty context with context_len == 0).
 */
 int __must_check tls_connection_export_key(void *tls_ctx,
 					   struct tls_connection *conn,
 					   const char *label,
+					   const u8 *context,
+					   size_t context_len,
 					   u8 *out, size_t out_len);

 /**
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@ -898,14 +898,23 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,


 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
-			      const char *label, u8 *out, size_t out_len)
+			      const char *label, const u8 *context,
+			      size_t context_len, u8 *out, size_t out_len)
 {
 	if (conn == NULL || conn->session == NULL)
 		return -1;

+#if GNUTLS_VERSION_NUMBER >= 0x030404
+	return gnutls_prf_rfc5705(conn->session, os_strlen(label), label,
+				  context_len, (const char *) context,
+				  out_len, (char *) out);
+#else /* 3.4.4 */
+	if (context)
+		return -1;
 	return gnutls_prf(conn->session, os_strlen(label), label,
 			  0 /* client_random first */, 0, NULL, out_len,
 			  (char *) out);
+#endif /* 3.4.4 */
 }


--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@ -452,8 +452,11 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,


 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
-			      const char *label, u8 *out, size_t out_len)
+			      const char *label, const u8 *context,
+			      size_t context_len, u8 *out, size_t out_len)
 {
+	if (context)
+		return -1;
 	return tls_connection_prf(tls_ctx, conn, label, 0, 0, out, out_len);
 }

--- a/src/crypto/tls_none.c
+++ b/src/crypto/tls_none.c
@ -94,7 +94,8 @@ int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn,


 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
-			      const char *label, u8 *out, size_t out_len)
+			      const char *label, const u8 *context,
+			      size_t context_len, u8 *out, size_t out_len)
 {
 	return -1;
 }
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@ -3908,11 +3908,13 @@ static int openssl_get_keyblock_size(SSL *ssl)


 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
-			      const char *label, u8 *out, size_t out_len)
+			      const char *label, const u8 *context,
+			      size_t context_len, u8 *out, size_t out_len)
 {
 	if (!conn ||
 	    SSL_export_keying_material(conn->ssl, out, out_len, label,
-				       os_strlen(label), NULL, 0, 0) != 1)
+				       os_strlen(label), context, context_len,
+				       context != NULL) != 1)
 		return -1;
 	return 0;
 }
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@ -1973,8 +1973,11 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,


 int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn,
-			      const char *label, u8 *out, size_t out_len)
+			      const char *label, const u8 *context,
+			      size_t context_len, u8 *out, size_t out_len)
 {
+	if (context)
+		return -1;
 	if (!conn || wolfSSL_make_eap_keys(conn->ssl, out, out_len, label) != 0)
 		return -1;
 	return 0;