commit ada303048534d90c23e711d9ec5cacf606400195
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Oct 20 20:33:10 2014 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Nov 05 16:00:49 2014 +0100
tree 389e761037b8becd8739b561bdb9ff1d2ae9ad11
parent 367381fdddb68e72c408fed763b955f620abf451

Implement extended master secret

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 065f3a8..d7b16b8 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2326,12 +2326,6 @@
         return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
     }
 
-    if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
-    {
-        SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
-        return( ret );
-    }
-
     ssl->out_msglen  = i + n;
     ssl->out_msgtype = SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = SSL_HS_CLIENT_KEY_EXCHANGE;
@@ -2356,9 +2350,16 @@
 static int ssl_write_certificate_verify( ssl_context *ssl )
 {
     const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+    int ret;
 
     SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
 
+    if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
+    {
+        SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
+        return( ret );
+    }
+
     if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
         ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
         ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||
@@ -2385,6 +2386,12 @@
 
     SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
 
+    if( ( ret = ssl_derive_keys( ssl ) ) != 0 )
+    {
+        SSL_DEBUG_RET( 1, "ssl_derive_keys", ret );
+        return( ret );
+    }
+
     if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK ||
         ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ||
         ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_PSK ||

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1fe3a95..c8b7fa2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -472,13 +472,45 @@
 
 #if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET)
         if( ssl->handshake->extended_ms == SSL_EXTENDED_MS_ENABLED )
+        {
+            unsigned char session_hash[48];
+            size_t hash_len;
+
             SSL_DEBUG_MSG( 3, ( "using extended master secret" ) );
-        // XXX to be continued, WIP
+
+            ssl->handshake->calc_verify( ssl, session_hash );
+
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+            if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+            {
+#if defined(POLARSSL_SHA512_C)
+                if( ssl->transform_negotiate->ciphersuite_info->mac ==
+                    POLARSSL_MD_SHA384 )
+                {
+                    hash_len = 48;
+                }
+                else
+#endif
+                    hash_len = 32;
+            }
+            else
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+                hash_len = 36;
+
+            SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len );
+
+            handshake->tls_prf( handshake->premaster, handshake->pmslen,
+                                "extended master secret",
+                                session_hash, hash_len, session->master, 48 );
+
+        }
+        else
 #endif
         handshake->tls_prf( handshake->premaster, handshake->pmslen,
                             "master secret",
                             handshake->randbytes, 64, session->master, 48 );
 
+
         polarssl_zeroize( handshake->premaster, sizeof(handshake->premaster) );
     }
     else