Fix 1_3/13 usages in macros and function names
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 36a0712..31a5636 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -512,13 +512,13 @@
unsigned char binder_key [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
unsigned char client_early_traffic_secret [ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
unsigned char early_exporter_master_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_early_secrets;
+} mbedtls_ssl_tls13_early_secrets;
typedef struct
{
unsigned char client_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
unsigned char server_handshake_traffic_secret[ MBEDTLS_TLS1_3_MD_MAX_SIZE ];
-} mbedtls_ssl_tls1_3_handshake_secrets;
+} mbedtls_ssl_tls13_handshake_secrets;
/*
* This structure contains the parameters only needed during handshake.
@@ -767,7 +767,7 @@
unsigned char app [MBEDTLS_TLS1_3_MD_MAX_SIZE];
} tls1_3_master_secrets;
- mbedtls_ssl_tls1_3_handshake_secrets tls13_hs_secrets;
+ mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
@@ -1528,31 +1528,31 @@
static inline int mbedtls_ssl_conf_tls13_psk_enabled( mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) );
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ) );
}
static inline int mbedtls_ssl_conf_tls13_psk_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
}
static inline int mbedtls_ssl_conf_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) );
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ) );
}
static inline int mbedtls_ssl_conf_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
}
static inline int mbedtls_ssl_conf_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
{
return( mbedtls_ssl_conf_tls13_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
/**
@@ -1565,41 +1565,41 @@
* \return 0 if at least one of the key exchange modes is supported,
* !=0 otherwise.
*/
-static inline unsigned mbedtls_ssl_tls1_3_check_kex_modes( mbedtls_ssl_context *ssl,
- int kex_modes_mask )
+static inline unsigned mbedtls_ssl_tls13_check_kex_modes( mbedtls_ssl_context *ssl,
+ int kex_modes_mask )
{
return( ( ssl->handshake->tls1_3_kex_modes & kex_modes_mask ) == 0 );
}
-static inline int mbedtls_ssl_tls1_3_psk_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_tls13_psk_enabled( mbedtls_ssl_context *ssl )
{
- return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK ) );
+ return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK ) );
}
-static inline int mbedtls_ssl_tls1_3_psk_ephemeral_enabled(
+static inline int mbedtls_ssl_tls13_psk_ephemeral_enabled(
mbedtls_ssl_context *ssl )
{
- return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
+ return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL ) );
}
-static inline int mbedtls_ssl_tls1_3_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_tls13_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
- return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL ) );
+ return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL ) );
}
-static inline int mbedtls_ssl_tls1_3_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_tls13_some_ephemeral_enabled( mbedtls_ssl_context *ssl )
{
- return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
+ return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL ) );
}
-static inline int mbedtls_ssl_tls1_3_some_psk_enabled( mbedtls_ssl_context *ssl )
+static inline int mbedtls_ssl_tls13_some_psk_enabled( mbedtls_ssl_context *ssl )
{
- return( ! mbedtls_ssl_tls1_3_check_kex_modes( ssl,
- MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_ALL ) );
+ return( ! mbedtls_ssl_tls13_check_kex_modes( ssl,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL ) );
}
/*
@@ -1629,10 +1629,10 @@
/*
* Fetch TLS 1.3 handshake message header
*/
-int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char **buf,
- size_t *buf_len );
+int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char **buf,
+ size_t *buf_len );
/*
* Write TLS 1.3 handshake message header
@@ -1666,10 +1666,10 @@
/*
* Update checksum of handshake messages.
*/
-void mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char const *msg,
- size_t msg_len );
+void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char const *msg,
+ size_t msg_len );
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0d54ae9..b7e73c9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3574,7 +3574,7 @@
void mbedtls_ssl_conf_tls13_key_exchange_modes( mbedtls_ssl_config *conf,
const int kex_modes )
{
- conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL;
+ conf->tls13_kex_modes = kex_modes & MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
@@ -6362,13 +6362,13 @@
/* ECDSA algorithms */
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
- MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256,
+ MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
- MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384,
+ MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
- MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512,
+ MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512,
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#endif /* MBEDTLS_ECDSA_C */
@@ -6385,10 +6385,10 @@
/* ECDSA algorithms */
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
- MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256,
+ MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256,
#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
- MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384,
+ MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#endif /* MBEDTLS_ECDSA_C */
@@ -6495,7 +6495,7 @@
/*
* Allow all TLS 1.3 key exchange modes by default.
*/
- conf->tls13_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_ALL;
+ conf->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/*
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index d848415..67a94c4 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1257,17 +1257,17 @@
{
/* Only the pre_shared_key extension was received */
case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
- handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK;
+ handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
break;
/* Only the key_share extension was received */
case MBEDTLS_SSL_EXT_KEY_SHARE:
- handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_EPHEMERAL;
+ handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
break;
/* Both the pre_shared_key and key_share extensions were received */
case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
- handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS13_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+ handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
break;
/* Neither pre_shared_key nor key_share extension was received */
@@ -1282,10 +1282,10 @@
* TODO: We don't have to do this in case we offered 0-RTT and the
* server accepted it. In this case, we could skip generating
* the early secret. */
- ret = mbedtls_ssl_tls1_3_key_schedule_stage_early( ssl );
+ ret = mbedtls_ssl_tls13_key_schedule_stage_early( ssl );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_key_schedule_stage_early_data",
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_key_schedule_stage_early_data",
ret );
goto cleanup;
}
@@ -1294,7 +1294,7 @@
ret = mbedtls_ssl_tls13_key_schedule_stage_handshake( ssl );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_master_secret", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_master_secret", ret );
goto cleanup;
}
@@ -1355,7 +1355,7 @@
* Wait and parse ServerHello handshake message.
* Handler for MBEDTLS_SSL_SERVER_HELLO
*/
-static int ssl_tls1_3_process_server_hello( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_server_hello( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *buf;
@@ -1381,9 +1381,9 @@
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_server_hello( ssl, buf,
buf + buf_len ) );
- mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl,
- MBEDTLS_SSL_HS_SERVER_HELLO,
- buf, buf_len );
+ mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl,
+ MBEDTLS_SSL_HS_SERVER_HELLO,
+ buf, buf_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_server_hello( ssl ) );
}
@@ -1432,7 +1432,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse encrypted extensions" ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
&buf, &buf_len ) );
@@ -1440,7 +1440,7 @@
MBEDTLS_SSL_PROC_CHK(
ssl_tls13_parse_encrypted_extensions( ssl, buf, buf + buf_len ) );
- mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
+ mbedtls_ssl_tls13_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, buf_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_encrypted_extensions( ssl ) );
@@ -1530,7 +1530,7 @@
static int ssl_tls13_postprocess_encrypted_extensions( mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- if( mbedtls_ssl_tls1_3_some_psk_enabled( ssl ) )
+ if( mbedtls_ssl_tls13_some_psk_enabled( ssl ) )
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_FINISHED );
else
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_REQUEST );
@@ -1573,7 +1573,7 @@
/*
* Handler for MBEDTLS_SSL_SERVER_CERTIFICATE
*/
-static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_server_certificate( mbedtls_ssl_context *ssl )
{
int ret;
@@ -1588,7 +1588,7 @@
/*
* Handler for MBEDTLS_SSL_CERTIFICATE_VERIFY
*/
-static int ssl_tls1_3_process_certificate_verify( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_certificate_verify( mbedtls_ssl_context *ssl )
{
int ret;
@@ -1603,7 +1603,7 @@
/*
* Handler for MBEDTLS_SSL_SERVER_FINISHED
*/
-static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
+static int ssl_tls13_process_server_finished( mbedtls_ssl_context *ssl )
{
int ret;
@@ -1634,7 +1634,7 @@
/*
* Handler for MBEDTLS_SSL_FLUSH_BUFFERS
*/
-static int ssl_tls1_3_flush_buffers( mbedtls_ssl_context *ssl )
+static int ssl_tls13_flush_buffers( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP );
@@ -1644,7 +1644,7 @@
/*
* Handler for MBEDTLS_SSL_HANDSHAKE_WRAPUP
*/
-static int ssl_tls1_3_handshake_wrapup( mbedtls_ssl_context *ssl )
+static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Switch to application keys for inbound traffic" ) );
mbedtls_ssl_set_inbound_transform ( ssl, ssl->transform_application );
@@ -1676,7 +1676,7 @@
break;
case MBEDTLS_SSL_SERVER_HELLO:
- ret = ssl_tls1_3_process_server_hello( ssl );
+ ret = ssl_tls13_process_server_hello( ssl );
break;
case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
@@ -1689,16 +1689,16 @@
break;
case MBEDTLS_SSL_SERVER_CERTIFICATE:
- ret = ssl_tls1_3_process_server_certificate( ssl );
+ ret = ssl_tls13_process_server_certificate( ssl );
break;
case MBEDTLS_SSL_CERTIFICATE_VERIFY:
- ret = ssl_tls1_3_process_certificate_verify( ssl );
+ ret = ssl_tls13_process_certificate_verify( ssl );
break;
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
case MBEDTLS_SSL_SERVER_FINISHED:
- ret = ssl_tls1_3_process_server_finished( ssl );
+ ret = ssl_tls13_process_server_finished( ssl );
break;
case MBEDTLS_SSL_CLIENT_FINISHED:
@@ -1706,11 +1706,11 @@
break;
case MBEDTLS_SSL_FLUSH_BUFFERS:
- ret = ssl_tls1_3_flush_buffers( ssl );
+ ret = ssl_tls13_flush_buffers( ssl );
break;
case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
- ret = ssl_tls1_3_handshake_wrapup( ssl );
+ ret = ssl_tls13_handshake_wrapup( ssl );
break;
default:
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index f9ad5da..96f76d6 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -35,10 +35,10 @@
#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
-int mbedtls_ssl_tls1_3_fetch_handshake_msg( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char **buf,
- size_t *buflen )
+int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char **buf,
+ size_t *buflen )
{
int ret;
@@ -111,10 +111,10 @@
return( ret );
}
-void mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char const *msg,
- size_t msg_len )
+void mbedtls_ssl_tls13_add_hs_msg_to_checksum( mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char const *msg,
+ size_t msg_len )
{
mbedtls_ssl_tls13_add_hs_hdr_to_checksum( ssl, hs_type, msg_len );
ssl->handshake->update_checksum( ssl, msg, msg_len );
@@ -190,7 +190,7 @@
*/
supported_sig_alg_ptr = p;
for( const uint16_t *sig_alg = ssl->conf->tls13_sig_algs;
- *sig_alg != MBEDTLS_TLS13_SIG_NONE; sig_alg++ )
+ *sig_alg != MBEDTLS_TLS1_3_SIG_NONE; sig_alg++ )
{
MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
MBEDTLS_PUT_UINT16_BE( *sig_alg, p, 0 );
@@ -298,7 +298,7 @@
{
const uint16_t *tls13_sig_alg = ssl->conf->tls13_sig_algs;
- for( ; *tls13_sig_alg != MBEDTLS_TLS13_SIG_NONE ; tls13_sig_alg++ )
+ for( ; *tls13_sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; tls13_sig_alg++ )
{
if( *tls13_sig_alg == sig_alg )
return( 1 );
@@ -362,15 +362,15 @@
/* We currently only support ECDSA-based signatures */
switch( algorithm )
{
- case MBEDTLS_TLS13_SIG_ECDSA_SECP256R1_SHA256:
+ case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
md_alg = MBEDTLS_MD_SHA256;
sig_alg = MBEDTLS_PK_ECDSA;
break;
- case MBEDTLS_TLS13_SIG_ECDSA_SECP384R1_SHA384:
+ case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
md_alg = MBEDTLS_MD_SHA384;
sig_alg = MBEDTLS_PK_ECDSA;
break;
- case MBEDTLS_TLS13_SIG_ECDSA_SECP521R1_SHA512:
+ case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
md_alg = MBEDTLS_MD_SHA512;
sig_alg = MBEDTLS_PK_ECDSA;
break;
@@ -490,7 +490,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
MBEDTLS_SSL_PROC_CHK(
- mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
+ mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, &buf, &buf_len ) );
/* Need to calculate the hash of the transcript first
@@ -524,7 +524,7 @@
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_certificate_verify( ssl, buf,
buf + buf_len, verify_buffer, verify_buffer_len ) );
- mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl,
+ mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl,
MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, buf_len );
cleanup:
@@ -850,7 +850,7 @@
unsigned char *buf;
size_t buf_len;
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg(
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg(
ssl, MBEDTLS_SSL_HS_CERTIFICATE,
&buf, &buf_len ) );
@@ -859,8 +859,8 @@
/* Validate the certificate chain and set the verification results. */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_validate_certificate( ssl ) );
- mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
- buf, buf_len );
+ mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CERTIFICATE,
+ buf, buf_len );
cleanup:
@@ -1027,11 +1027,11 @@
/* Preprocessing step: Compute handshake digest */
MBEDTLS_SSL_PROC_CHK( ssl_tls13_preprocess_finished_message( ssl ) );
- MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls1_3_fetch_handshake_msg( ssl,
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg( ssl,
MBEDTLS_SSL_HS_FINISHED,
&buf, &buflen ) );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_finished_message( ssl, buf, buf + buflen ) );
- mbedtls_ssl_tls1_3_add_hs_msg_to_checksum(
+ mbedtls_ssl_tls13_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_FINISHED, buf, buflen );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_finished_message( ssl ) );
@@ -1115,8 +1115,8 @@
MBEDTLS_SSL_PROC_CHK( ssl_tls13_write_finished_message_body(
ssl, buf, buf + buf_len, &msg_len ) );
- mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
- buf, msg_len );
+ mbedtls_ssl_tls13_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
+ buf, msg_len );
MBEDTLS_SSL_PROC_CHK( ssl_tls13_finalize_finished_message( ssl ) );
MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 3ca28d5..555f907 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -34,7 +34,7 @@
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
.name = string,
-struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels =
+struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels =
{
/* This seems to work in C, despite the string literal being one
* character too long due to the 0-termination. */
@@ -93,7 +93,7 @@
MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \
MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN )
-static void ssl_tls1_3_hkdf_encode_label(
+static void ssl_tls13_hkdf_encode_label(
size_t desired_length,
const unsigned char *label, size_t llen,
const unsigned char *ctx, size_t clen,
@@ -110,7 +110,7 @@
* We're hardcoding the high byte to 0 here assuming that we never use
* TLS 1.3 HKDF key expansion to more than 255 Bytes. */
#if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255
-#error "The implementation of ssl_tls1_3_hkdf_encode_label() is not fit for the \
+#error "The implementation of ssl_tls13_hkdf_encode_label() is not fit for the \
value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN"
#endif
@@ -133,7 +133,7 @@
*dlen = total_hkdf_lbl_len;
}
-int mbedtls_ssl_tls1_3_hkdf_expand_label(
+int mbedtls_ssl_tls13_hkdf_expand_label(
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t slen,
const unsigned char *label, size_t llen,
@@ -168,11 +168,11 @@
if( md == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- ssl_tls1_3_hkdf_encode_label( blen,
- label, llen,
- ctx, clen,
- hkdf_label,
- &hkdf_label_len );
+ ssl_tls13_hkdf_encode_label( blen,
+ label, llen,
+ ctx, clen,
+ hkdf_label,
+ &hkdf_label_len );
return( mbedtls_hkdf_expand( md,
secret, slen,
@@ -196,7 +196,7 @@
* by the function caller. Note that we generate server and client side
* keys in a single function call.
*/
-int mbedtls_ssl_tls1_3_make_traffic_keys(
+int mbedtls_ssl_tls13_make_traffic_keys(
mbedtls_md_type_t hash_alg,
const unsigned char *client_secret,
const unsigned char *server_secret,
@@ -205,7 +205,7 @@
{
int ret = 0;
- ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
+ ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
client_secret, slen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ),
NULL, 0,
@@ -213,7 +213,7 @@
if( ret != 0 )
return( ret );
- ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
+ ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
server_secret, slen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ),
NULL, 0,
@@ -221,7 +221,7 @@
if( ret != 0 )
return( ret );
- ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
+ ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
client_secret, slen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ),
NULL, 0,
@@ -229,7 +229,7 @@
if( ret != 0 )
return( ret );
- ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
+ ret = mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
server_secret, slen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ),
NULL, 0,
@@ -243,7 +243,7 @@
return( 0 );
}
-int mbedtls_ssl_tls1_3_derive_secret(
+int mbedtls_ssl_tls13_derive_secret(
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t slen,
const unsigned char *label, size_t llen,
@@ -280,14 +280,14 @@
memcpy( hashed_context, ctx, clen );
}
- return( mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg,
- secret, slen,
- label, llen,
- hashed_context, clen,
- dstbuf, buflen ) );
+ return( mbedtls_ssl_tls13_hkdf_expand_label( hash_alg,
+ secret, slen,
+ label, llen,
+ hashed_context, clen,
+ dstbuf, buflen ) );
}
-int mbedtls_ssl_tls1_3_evolve_secret(
+int mbedtls_ssl_tls13_evolve_secret(
mbedtls_md_type_t hash_alg,
const unsigned char *secret_old,
const unsigned char *input, size_t input_len,
@@ -309,7 +309,7 @@
* on the old secret. */
if( secret_old != NULL )
{
- ret = mbedtls_ssl_tls1_3_derive_secret(
+ ret = mbedtls_ssl_tls13_derive_secret(
hash_alg,
secret_old, hlen,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( derived ),
@@ -349,11 +349,11 @@
return( ret );
}
-int mbedtls_ssl_tls1_3_derive_early_secrets(
+int mbedtls_ssl_tls13_derive_early_secrets(
mbedtls_md_type_t md_type,
unsigned char const *early_secret,
unsigned char const *transcript, size_t transcript_len,
- mbedtls_ssl_tls1_3_early_secrets *derived )
+ mbedtls_ssl_tls13_early_secrets *derived )
{
int ret;
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
@@ -379,7 +379,7 @@
*/
/* Create client_early_traffic_secret */
- ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ ret = mbedtls_ssl_tls13_derive_secret( md_type,
early_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_e_traffic ),
transcript, transcript_len,
@@ -390,7 +390,7 @@
return( ret );
/* Create early exporter */
- ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ ret = mbedtls_ssl_tls13_derive_secret( md_type,
early_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( e_exp_master ),
transcript, transcript_len,
@@ -403,11 +403,11 @@
return( 0 );
}
-int mbedtls_ssl_tls1_3_derive_handshake_secrets(
+int mbedtls_ssl_tls13_derive_handshake_secrets(
mbedtls_md_type_t md_type,
unsigned char const *handshake_secret,
unsigned char const *transcript, size_t transcript_len,
- mbedtls_ssl_tls1_3_handshake_secrets *derived )
+ mbedtls_ssl_tls13_handshake_secrets *derived )
{
int ret;
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
@@ -437,7 +437,7 @@
* Derive-Secret( ., "c hs traffic", ClientHello...ServerHello )
*/
- ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ ret = mbedtls_ssl_tls13_derive_secret( md_type,
handshake_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_hs_traffic ),
transcript, transcript_len,
@@ -452,7 +452,7 @@
* Derive-Secret( ., "s hs traffic", ClientHello...ServerHello )
*/
- ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ ret = mbedtls_ssl_tls13_derive_secret( md_type,
handshake_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_hs_traffic ),
transcript, transcript_len,
@@ -465,11 +465,11 @@
return( 0 );
}
-int mbedtls_ssl_tls1_3_derive_application_secrets(
+int mbedtls_ssl_tls13_derive_application_secrets(
mbedtls_md_type_t md_type,
unsigned char const *application_secret,
unsigned char const *transcript, size_t transcript_len,
- mbedtls_ssl_tls1_3_application_secrets *derived )
+ mbedtls_ssl_tls13_application_secrets *derived )
{
int ret;
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
@@ -498,7 +498,7 @@
*
*/
- ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ ret = mbedtls_ssl_tls13_derive_secret( md_type,
application_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_ap_traffic ),
transcript, transcript_len,
@@ -508,7 +508,7 @@
if( ret != 0 )
return( ret );
- ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ ret = mbedtls_ssl_tls13_derive_secret( md_type,
application_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_ap_traffic ),
transcript, transcript_len,
@@ -518,7 +518,7 @@
if( ret != 0 )
return( ret );
- ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ ret = mbedtls_ssl_tls13_derive_secret( md_type,
application_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( exp_master ),
transcript, transcript_len,
@@ -533,13 +533,13 @@
/* Generate resumption_master_secret for use with the ticket exchange.
*
- * This is not integrated with mbedtls_ssl_tls1_3_derive_application_secrets()
+ * This is not integrated with mbedtls_ssl_tls13_derive_application_secrets()
* because it uses the transcript hash up to and including ClientFinished. */
-int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
+int mbedtls_ssl_tls13_derive_resumption_master_secret(
mbedtls_md_type_t md_type,
unsigned char const *application_secret,
unsigned char const *transcript, size_t transcript_len,
- mbedtls_ssl_tls1_3_application_secrets *derived )
+ mbedtls_ssl_tls13_application_secrets *derived )
{
int ret;
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
@@ -550,7 +550,7 @@
if( md_info == 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
- ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ ret = mbedtls_ssl_tls13_derive_secret( md_type,
application_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_master ),
transcript, transcript_len,
@@ -577,13 +577,13 @@
/*
* Compute MasterSecret
*/
- ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
+ ret = mbedtls_ssl_tls13_evolve_secret( md_type,
handshake->tls1_3_master_secrets.handshake,
NULL, 0,
handshake->tls1_3_master_secrets.app );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
return( ret );
}
@@ -593,10 +593,10 @@
return( 0 );
}
-static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type,
- unsigned char const *base_key,
- unsigned char const *transcript,
- unsigned char *dst )
+static int ssl_tls13_calc_finished_core( mbedtls_md_type_t md_type,
+ unsigned char const *base_key,
+ unsigned char const *transcript,
+ unsigned char *dst )
{
const mbedtls_md_info_t* const md_info = mbedtls_md_info_from_type( md_type );
size_t const md_size = mbedtls_md_get_size( md_info );
@@ -625,7 +625,7 @@
* HKDF-Expand-Label( BaseKey, "finished", "", Hash.length )
*/
- ret = mbedtls_ssl_tls1_3_hkdf_expand_label(
+ ret = mbedtls_ssl_tls13_hkdf_expand_label(
md_type, base_key, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( finished ),
NULL, 0,
@@ -680,7 +680,7 @@
else
base_key = ssl->handshake->tls13_hs_secrets.server_handshake_traffic_secret;
- ret = ssl_tls1_3_calc_finished_core( md_type, base_key, transcript, dst );
+ ret = ssl_tls13_calc_finished_core( md_type, base_key, transcript, dst );
if( ret != 0 )
goto exit;
*actual_len = md_size;
@@ -694,7 +694,7 @@
return( ret );
}
-int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
+int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md_type,
unsigned char const *psk, size_t psk_len,
int psk_type,
@@ -728,19 +728,19 @@
* v
*/
- ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
- NULL, /* Old secret */
- psk, psk_len, /* Input */
- early_secret );
+ ret = mbedtls_ssl_tls13_evolve_secret( md_type,
+ NULL, /* Old secret */
+ psk, psk_len, /* Input */
+ early_secret );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
goto exit;
}
if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION )
{
- ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ ret = mbedtls_ssl_tls13_derive_secret( md_type,
early_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_binder ),
NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
@@ -749,7 +749,7 @@
}
else
{
- ret = mbedtls_ssl_tls1_3_derive_secret( md_type,
+ ret = mbedtls_ssl_tls13_derive_secret( md_type,
early_secret, md_size,
MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( ext_binder ),
NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED,
@@ -759,7 +759,7 @@
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_secret", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_secret", ret );
goto exit;
}
@@ -768,7 +768,7 @@
* but with the BaseKey being the binder_key.
*/
- ret = ssl_tls1_3_calc_finished_core( md_type, binder_key, transcript, result );
+ ret = ssl_tls13_calc_finished_core( md_type, binder_key, transcript, result );
if( ret != 0 )
goto exit;
@@ -902,7 +902,7 @@
return( 0 );
}
-int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_type;
@@ -916,11 +916,11 @@
md_type = handshake->ciphersuite_info->mac;
- ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, NULL, NULL, 0,
- handshake->tls1_3_master_secrets.early );
+ ret = mbedtls_ssl_tls13_evolve_secret( md_type, NULL, NULL, 0,
+ handshake->tls1_3_master_secrets.early );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
return( ret );
}
@@ -946,7 +946,7 @@
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = handshake->ciphersuite_info;
- mbedtls_ssl_tls1_3_handshake_secrets *tls13_hs_secrets = &handshake->tls13_hs_secrets;
+ mbedtls_ssl_tls13_handshake_secrets *tls13_hs_secrets = &handshake->tls13_hs_secrets;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_tls13_generate_handshake_keys" ) );
@@ -970,12 +970,12 @@
return( ret );
}
- ret = mbedtls_ssl_tls1_3_derive_handshake_secrets( md_type,
+ ret = mbedtls_ssl_tls13_derive_handshake_secrets( md_type,
handshake->tls1_3_master_secrets.handshake,
transcript, transcript_len, tls13_hs_secrets );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_handshake_secrets",
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_derive_handshake_secrets",
ret );
return( ret );
}
@@ -993,7 +993,7 @@
if( ssl->f_export_keys != NULL )
{
ssl->f_export_keys( ssl->p_export_keys,
- MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
+ MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
tls13_hs_secrets->client_handshake_traffic_secret,
md_size,
handshake->randbytes + 32,
@@ -1001,7 +1001,7 @@
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
ssl->f_export_keys( ssl->p_export_keys,
- MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
+ MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_HANDSHAKE_TRAFFIC_SECRET,
tls13_hs_secrets->server_handshake_traffic_secret,
md_size,
handshake->randbytes + 32,
@@ -1009,13 +1009,13 @@
MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
}
- ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
+ ret = mbedtls_ssl_tls13_make_traffic_keys( md_type,
tls13_hs_secrets->client_handshake_traffic_secret,
tls13_hs_secrets->server_handshake_traffic_secret,
md_size, keylen, ivlen, traffic_keys );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_make_traffic_keys", ret );
goto exit;
}
@@ -1060,7 +1060,7 @@
* client_handshake_traffic_secret and server_handshake_traffic_secret
* are derived in the handshake secret derivation stage.
*/
- if( mbedtls_ssl_tls1_3_ephemeral_enabled( ssl ) )
+ if( mbedtls_ssl_tls13_ephemeral_enabled( ssl ) )
{
if( mbedtls_ssl_tls13_named_group_is_ecdhe( handshake->offered_group_id ) )
{
@@ -1089,13 +1089,13 @@
/*
* Compute the Handshake Secret
*/
- ret = mbedtls_ssl_tls1_3_evolve_secret( md_type,
+ ret = mbedtls_ssl_tls13_evolve_secret( md_type,
handshake->tls1_3_master_secrets.early,
ecdhe, ephemeral_len,
handshake->tls1_3_master_secrets.handshake );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
return( ret );
}
@@ -1119,7 +1119,7 @@
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
/* Address at which to store the application secrets */
- mbedtls_ssl_tls1_3_application_secrets * const app_secrets =
+ mbedtls_ssl_tls13_application_secrets * const app_secrets =
&ssl->session_negotiate->app_secrets;
/* Holding the transcript up to and including the ServerFinished */
@@ -1159,26 +1159,26 @@
/* Compute application secrets from master secret and transcript hash. */
- ret = mbedtls_ssl_tls1_3_derive_application_secrets( md_type,
+ ret = mbedtls_ssl_tls13_derive_application_secrets( md_type,
handshake->tls1_3_master_secrets.app,
transcript, transcript_len,
app_secrets );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1,
- "mbedtls_ssl_tls1_3_derive_application_secrets", ret );
+ "mbedtls_ssl_tls13_derive_application_secrets", ret );
goto cleanup;
}
/* Derive first epoch of IV + Key for application traffic. */
- ret = mbedtls_ssl_tls1_3_make_traffic_keys( md_type,
+ ret = mbedtls_ssl_tls13_make_traffic_keys( md_type,
app_secrets->client_application_traffic_secret_N,
app_secrets->server_application_traffic_secret_N,
md_size, keylen, ivlen, traffic_keys );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_make_traffic_keys", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_make_traffic_keys", ret );
goto cleanup;
}
@@ -1196,7 +1196,7 @@
if( ssl->f_export_keys != NULL )
{
ssl->f_export_keys( ssl->p_export_keys,
- MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
+ MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_APPLICATION_TRAFFIC_SECRET,
app_secrets->client_application_traffic_secret_N, md_size,
handshake->randbytes + 32,
handshake->randbytes,
@@ -1204,7 +1204,7 @@
a new constant for TLS 1.3! */ );
ssl->f_export_keys( ssl->p_export_keys,
- MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
+ MBEDTLS_SSL_KEY_EXPORT_TLS1_3_SERVER_APPLICATION_TRAFFIC_SECRET,
app_secrets->server_application_traffic_secret_N, md_size,
handshake->randbytes + 32,
handshake->randbytes,
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index d598448..df73788 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -20,7 +20,7 @@
#define MBEDTLS_SSL_TLS1_3_KEYS_H
/* This requires MBEDTLS_SSL_TLS1_3_LABEL( idx, name, string ) to be defined at
- * the point of use. See e.g. the definition of mbedtls_ssl_tls1_3_labels_union
+ * the point of use. See e.g. the definition of mbedtls_ssl_tls13_labels_union
* below. */
#define MBEDTLS_SSL_TLS1_3_LABEL_LIST \
MBEDTLS_SSL_TLS1_3_LABEL( finished , "finished" ) \
@@ -47,27 +47,27 @@
#define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \
const unsigned char name [ sizeof(string) - 1 ];
-union mbedtls_ssl_tls1_3_labels_union
+union mbedtls_ssl_tls13_labels_union
{
MBEDTLS_SSL_TLS1_3_LABEL_LIST
};
-struct mbedtls_ssl_tls1_3_labels_struct
+struct mbedtls_ssl_tls13_labels_struct
{
MBEDTLS_SSL_TLS1_3_LABEL_LIST
};
#undef MBEDTLS_SSL_TLS1_3_LABEL
-extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels;
+extern const struct mbedtls_ssl_tls13_labels_struct mbedtls_ssl_tls13_labels;
#define MBEDTLS_SSL_TLS1_3_LBL_LEN( LABEL ) \
- sizeof(mbedtls_ssl_tls1_3_labels.LABEL)
+ sizeof(mbedtls_ssl_tls13_labels.LABEL)
#define MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( LABEL ) \
- mbedtls_ssl_tls1_3_labels.LABEL, \
+ mbedtls_ssl_tls13_labels.LABEL, \
MBEDTLS_SSL_TLS1_3_LBL_LEN( LABEL )
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN \
- sizeof( union mbedtls_ssl_tls1_3_labels_union )
+ sizeof( union mbedtls_ssl_tls13_labels_union )
/* The maximum length of HKDF contexts used in the TLS 1.3 standard.
* Since contexts are always hashes of message transcripts, this can
@@ -79,7 +79,7 @@
* by HKDF-Expand-Label.
*
* Warning: If this ever needs to be increased, the implementation
- * ssl_tls1_3_hkdf_encode_label() in ssl_tls13_keys.c needs to be
+ * ssl_tls13_hkdf_encode_label() in ssl_tls13_keys.c needs to be
* adjusted since it currently assumes that HKDF key expansion
* is never used with more than 255 Bytes of output. */
#define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN 255
@@ -111,7 +111,7 @@
* \return A negative error code on failure.
*/
-int mbedtls_ssl_tls1_3_hkdf_expand_label(
+int mbedtls_ssl_tls13_hkdf_expand_label(
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t slen,
const unsigned char *label, size_t llen,
@@ -147,7 +147,7 @@
* \returns A negative error code on failure.
*/
-int mbedtls_ssl_tls1_3_make_traffic_keys(
+int mbedtls_ssl_tls13_make_traffic_keys(
mbedtls_md_type_t hash_alg,
const unsigned char *client_secret,
const unsigned char *server_secret,
@@ -195,7 +195,7 @@
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
-int mbedtls_ssl_tls1_3_derive_secret(
+int mbedtls_ssl_tls13_derive_secret(
mbedtls_md_type_t hash_alg,
const unsigned char *secret, size_t slen,
const unsigned char *label, size_t llen,
@@ -206,7 +206,7 @@
/**
* \brief Derive TLS 1.3 early data key material from early secret.
*
- * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
+ * This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret()
* with the appropriate labels.
*
* <tt>
@@ -223,11 +223,11 @@
*
* \note To obtain the actual key and IV for the early data traffic,
* the client secret derived by this function need to be
- * further processed by mbedtls_ssl_tls1_3_make_traffic_keys().
+ * further processed by mbedtls_ssl_tls13_make_traffic_keys().
*
* \note The binder key, which is also generated from the early secret,
* is omitted here. Its calculation is part of the separate routine
- * mbedtls_ssl_tls1_3_create_psk_binder().
+ * mbedtls_ssl_tls13_create_psk_binder().
*
* \param md_type The hash algorithm associated with the PSK for which
* early data key material is being derived.
@@ -245,16 +245,16 @@
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
-int mbedtls_ssl_tls1_3_derive_early_secrets(
+int mbedtls_ssl_tls13_derive_early_secrets(
mbedtls_md_type_t md_type,
unsigned char const *early_secret,
unsigned char const *transcript, size_t transcript_len,
- mbedtls_ssl_tls1_3_early_secrets *derived );
+ mbedtls_ssl_tls13_early_secrets *derived );
/**
* \brief Derive TLS 1.3 handshake key material from the handshake secret.
*
- * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
+ * This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret()
* with the appropriate labels from the standard.
*
* <tt>
@@ -272,7 +272,7 @@
*
* \note To obtain the actual key and IV for the encrypted handshake traffic,
* the client and server secret derived by this function need to be
- * further processed by mbedtls_ssl_tls1_3_make_traffic_keys().
+ * further processed by mbedtls_ssl_tls13_make_traffic_keys().
*
* \param md_type The hash algorithm associated with the ciphersuite
* that's being used for the connection.
@@ -290,16 +290,16 @@
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
-int mbedtls_ssl_tls1_3_derive_handshake_secrets(
+int mbedtls_ssl_tls13_derive_handshake_secrets(
mbedtls_md_type_t md_type,
unsigned char const *handshake_secret,
unsigned char const *transcript, size_t transcript_len,
- mbedtls_ssl_tls1_3_handshake_secrets *derived );
+ mbedtls_ssl_tls13_handshake_secrets *derived );
/**
* \brief Derive TLS 1.3 application key material from the master secret.
*
- * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
+ * This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret()
* with the appropriate labels from the standard.
*
* <tt>
@@ -321,7 +321,7 @@
*
* \note To obtain the actual key and IV for the (0-th) application traffic,
* the client and server secret derived by this function need to be
- * further processed by mbedtls_ssl_tls1_3_make_traffic_keys().
+ * further processed by mbedtls_ssl_tls13_make_traffic_keys().
*
* \param md_type The hash algorithm associated with the ciphersuite
* that's being used for the connection.
@@ -340,16 +340,16 @@
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
-int mbedtls_ssl_tls1_3_derive_application_secrets(
+int mbedtls_ssl_tls13_derive_application_secrets(
mbedtls_md_type_t md_type,
unsigned char const *master_secret,
unsigned char const *transcript, size_t transcript_len,
- mbedtls_ssl_tls1_3_application_secrets *derived );
+ mbedtls_ssl_tls13_application_secrets *derived );
/**
* \brief Derive TLS 1.3 resumption master secret from the master secret.
*
- * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret()
+ * This is a small wrapper invoking mbedtls_ssl_tls13_derive_secret()
* with the appropriate labels from the standard.
*
* \param md_type The hash algorithm used in the application for which
@@ -370,11 +370,11 @@
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
-int mbedtls_ssl_tls1_3_derive_resumption_master_secret(
+int mbedtls_ssl_tls13_derive_resumption_master_secret(
mbedtls_md_type_t md_type,
unsigned char const *application_secret,
unsigned char const *transcript, size_t transcript_len,
- mbedtls_ssl_tls1_3_application_secrets *derived );
+ mbedtls_ssl_tls13_application_secrets *derived );
/**
* \brief Compute the next secret in the TLS 1.3 key schedule
@@ -406,7 +406,7 @@
*
* Each of the three secrets in turn is the basis for further
* key derivations, such as the derivation of traffic keys and IVs;
- * see e.g. mbedtls_ssl_tls1_3_make_traffic_keys().
+ * see e.g. mbedtls_ssl_tls13_make_traffic_keys().
*
* This function implements one step in this evolution of secrets:
*
@@ -443,7 +443,7 @@
* \returns A negative error code on failure.
*/
-int mbedtls_ssl_tls1_3_evolve_secret(
+int mbedtls_ssl_tls13_evolve_secret(
mbedtls_md_type_t hash_alg,
const unsigned char *secret_old,
const unsigned char *input, size_t input_len,
@@ -475,7 +475,7 @@
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
-int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl,
+int mbedtls_ssl_tls13_create_psk_binder( mbedtls_ssl_context *ssl,
const mbedtls_md_type_t md_type,
unsigned char const *psk, size_t psk_len,
int psk_type,
@@ -520,7 +520,7 @@
*
* Early -> Handshake -> Application
*
- * Small wrappers around mbedtls_ssl_tls1_3_evolve_secret().
+ * Small wrappers around mbedtls_ssl_tls13_evolve_secret().
*/
/**
@@ -535,7 +535,7 @@
* \returns \c 0 on success.
* \returns A negative error code on failure.
*/
-int mbedtls_ssl_tls1_3_key_schedule_stage_early( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl );
/**
* \brief Transition into handshake stage of TLS 1.3 key schedule.