Improve generate_handshake_keys
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index b568f3f..4fe1d5c 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -858,20 +858,23 @@
mbedtls_md_info_t const *md_info;
size_t md_size;
- unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
+ unsigned char transcript[MBEDTLS_TLS1_3_MD_MAX_SIZE];
size_t transcript_len;
mbedtls_cipher_info_t const *cipher_info;
size_t keylen, ivlen;
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
+ mbedtls_ssl_tls1_3_handshake_secrets *tls13_hs_secrets = &handshake->tls13_hs_secrets;
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) );
- cipher_info = mbedtls_cipher_info_from_type(
- ssl->handshake->ciphersuite_info->cipher );
+ cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
keylen = cipher_info->key_bitlen >> 3;
ivlen = cipher_info->iv_size;
- md_type = ssl->handshake->ciphersuite_info->mac;
+ md_type = ciphersuite_info->mac;
md_info = mbedtls_md_info_from_type( md_type );
md_size = mbedtls_md_get_size( md_info );
@@ -888,9 +891,8 @@
}
ret = mbedtls_ssl_tls1_3_derive_handshake_secrets( md_type,
- ssl->handshake->tls1_3_master_secrets.handshake,
- transcript, transcript_len,
- &ssl->handshake->tls13_hs_secrets );
+ handshake->tls1_3_master_secrets.handshake,
+ transcript, transcript_len, tls13_hs_secrets );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets",
@@ -899,11 +901,10 @@
}
MBEDTLS_SSL_DEBUG_BUF( 4, "Client handshake traffic secret",
- ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
+ tls13_hs_secrets->client_handshake_traffic_secret,
md_size );
-
MBEDTLS_SSL_DEBUG_BUF( 4, "Server handshake traffic secret",
- ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
+ tls13_hs_secrets->server_handshake_traffic_secret,
md_size );
/*
@@ -914,27 +915,26 @@
{
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
- ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
+ tls13_hs_secrets->client_handshake_traffic_secret,
md_size,
- ssl->handshake->randbytes + 32,
- ssl->handshake->randbytes,
+ handshake->randbytes + 32,
+ handshake->randbytes,
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
ssl->f_export_keys( ssl->p_export_keys,
MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
- ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
+ tls13_hs_secrets->server_handshake_traffic_secret,
md_size,
- ssl->handshake->randbytes + 32,
- ssl->handshake->randbytes,
+ handshake->randbytes + 32,
+ handshake->randbytes,
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
}
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
- ssl->handshake->tls13_hs_secrets.client_handshake_traffic_secret,
- ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret,
- md_size,
- keylen, ivlen, traffic_keys );
+ tls13_hs_secrets->client_handshake_traffic_secret,
+ tls13_hs_secrets->server_handshake_traffic_secret,
+ md_size, keylen, ivlen, traffic_keys );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );