commit 24c0ec31f99500c8ce557b693f0eb988e5aa5ee8
author Jerry Yu <jerry.h.yu@arm.com> Thu Sep 09 14:21:07 2021 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Mon Sep 27 16:34:58 2021 +0800
tree 6970de67d5cd2e24257d0b3059e1bf7799007f5a
parent aafb21f320bd1d12a3365b7a79c8fde1b30d674e

tls13: add get_handshake_transcript

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_misc.h

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index c338d79..604976f 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1493,6 +1493,13 @@
                                                unsigned hs_type,
                                                size_t total_hs_len );
 
+/* Get handshake transcript */
+int mbedtls_ssl_tls13_get_handshake_transcript( mbedtls_ssl_context *ssl,
+                                                const mbedtls_md_type_t md,
+                                                unsigned char *dst,
+                                                size_t dst_len,
+                                                size_t *olen );
+
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /*
  * Write TLS 1.3 Signature Algorithm extension

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3604192..dc7b1e8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6978,4 +6978,147 @@
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+
+#if defined(MBEDTLS_SHA384_C)
+static int ssl_tls13_get_handshake_transcript_sha384( mbedtls_ssl_context *ssl,
+                                                      unsigned char *dst,
+                                                      size_t dst_len,
+                                                      size_t *olen )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status;
+    psa_hash_operation_t sha384_psa = psa_hash_operation_init();
+
+    if( dst_len < 48 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
+    status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    }
+
+    status = psa_hash_finish( &sha384_psa, dst, dst_len, olen );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    }
+
+    *olen = 48;
+    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", dst, *olen );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+    return( 0 );
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+    int ret;
+    mbedtls_sha512_context sha512;
+
+    if( dst_len < 48 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    mbedtls_sha512_init( &sha512 );
+    mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
+
+    if( ( ret = mbedtls_sha512_finish( &sha512, dst ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha512_finish", ret );
+        goto exit;
+    }
+
+    *olen = 48;
+
+exit:
+
+    mbedtls_sha512_free( &sha512 );
+    return( ret );
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+}
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA256_C)
+static int ssl_tls13_get_handshake_transcript_sha256( mbedtls_ssl_context *ssl,
+                                                      unsigned char *dst,
+                                                      size_t dst_len,
+                                                      size_t *olen )
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_status_t status;
+    psa_hash_operation_t sha256_psa = psa_hash_operation_init();
+
+    if( dst_len < 32 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) );
+    status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) );
+        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    }
+
+    status = psa_hash_finish( &sha256_psa, dst, dst_len, olen );
+    if( status != PSA_SUCCESS )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) );
+        return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+    }
+
+    *olen = 32;
+    MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", dst, *olen );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) );
+    return( 0 );
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+    int ret;
+    mbedtls_sha256_context sha256;
+
+    if( dst_len < 32 )
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+
+    mbedtls_sha256_init( &sha256 );
+    mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
+
+    if( ( ret = mbedtls_sha256_finish( &sha256, dst ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha256_finish", ret );
+        goto exit;
+    }
+
+    *olen = 32;
+
+exit:
+
+    mbedtls_sha256_free( &sha256 );
+    return( ret );
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+}
+#endif /* MBEDTLS_SHA256_C */
+
+int mbedtls_ssl_tls13_get_handshake_transcript( mbedtls_ssl_context *ssl,
+                                                const mbedtls_md_type_t md,
+                                                unsigned char *dst,
+                                                size_t dst_len,
+                                                size_t *olen )
+{
+#if defined(MBEDTLS_SHA384_C)
+    if( md == MBEDTLS_MD_SHA384 )
+    {
+        return( ssl_tls13_get_handshake_transcript_sha384( ssl, dst, dst_len, olen ) );
+    }
+    else
+#endif /* MBEDTLS_SHA512_C */
+#if defined(MBEDTLS_SHA256_C)
+    if( md == MBEDTLS_MD_SHA256 )
+    {
+        return( ssl_tls13_get_handshake_transcript_sha256( ssl, dst, dst_len, olen ) );
+    }
+    else
+#endif /* MBEDTLS_SHA256_C */
+    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+
 #endif /* MBEDTLS_SSL_TLS_C */