summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2021-07-25 01:59:33 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2021-07-25 01:59:33 +0700
commitf79b4569885ff0d6e2443a21706f3e95f1c7c9d7 (patch)
tree7ac2b74593a878feb0ff112ddfc35457d3a108b1
parentRefactoring around TLS HKDF (diff)
downloadBouncyCastle.NET-ed25519-f79b4569885ff0d6e2443a21706f3e95f1c7c9d7.tar.xz
Store the PRF CryptoHashAlgorithm
-rw-r--r--crypto/src/tls/AbstractTlsContext.cs9
-rw-r--r--crypto/src/tls/DeferredHash.cs6
-rw-r--r--crypto/src/tls/SecurityParameters.cs6
-rw-r--r--crypto/src/tls/TlsUtilities.cs22
-rw-r--r--crypto/src/tls/crypto/TlsCryptoUtilities.cs9
-rw-r--r--crypto/src/tls/crypto/impl/TlsAeadCipher.cs2
6 files changed, 28 insertions, 26 deletions
diff --git a/crypto/src/tls/AbstractTlsContext.cs b/crypto/src/tls/AbstractTlsContext.cs
index e8071bfab..c70312721 100644
--- a/crypto/src/tls/AbstractTlsContext.cs
+++ b/crypto/src/tls/AbstractTlsContext.cs
@@ -208,7 +208,7 @@ namespace Org.BouncyCastle.Tls
             SecurityParameters sp = SecurityParameters;
 
             return ExportKeyingMaterial13(CheckEarlyExportSecret(sp.EarlyExporterMasterSecret),
-                sp.PrfHashAlgorithm, asciiLabel, context, length);
+                sp.PrfCryptoHashAlgorithm, asciiLabel, context, length);
         }
 
         public virtual byte[] ExportKeyingMaterial(string asciiLabel, byte[] context, int length)
@@ -235,7 +235,7 @@ namespace Org.BouncyCastle.Tls
 
             if (TlsUtilities.IsTlsV13(sp.NegotiatedVersion))
             {
-                return ExportKeyingMaterial13(CheckExportSecret(sp.ExporterMasterSecret), sp.PrfHashAlgorithm,
+                return ExportKeyingMaterial13(CheckExportSecret(sp.ExporterMasterSecret), sp.PrfCryptoHashAlgorithm,
                     asciiLabel, context, length);
             }
 
@@ -244,7 +244,7 @@ namespace Org.BouncyCastle.Tls
             return TlsUtilities.Prf(sp, CheckExportSecret(sp.MasterSecret), asciiLabel, seed, length).Extract();
         }
 
-        protected virtual byte[] ExportKeyingMaterial13(TlsSecret secret, short hashAlgorithm, string asciiLabel,
+        protected virtual byte[] ExportKeyingMaterial13(TlsSecret secret, int cryptoHashAlgorithm, string asciiLabel,
             byte[] context, int length)
         {
             if (null == context)
@@ -256,7 +256,8 @@ namespace Org.BouncyCastle.Tls
                 throw new ArgumentException("must have length less than 2^16 (or be null)", "context");
             }
 
-            return TlsCryptoUtilities.HkdfExpandLabel(secret, hashAlgorithm, asciiLabel, context, length).Extract();
+            return TlsCryptoUtilities.HkdfExpandLabel(secret, cryptoHashAlgorithm, asciiLabel, context, length)
+                .Extract();
         }
 
         protected virtual TlsSecret CheckEarlyExportSecret(TlsSecret secret)
diff --git a/crypto/src/tls/DeferredHash.cs b/crypto/src/tls/DeferredHash.cs
index 43d60d07c..0532d523c 100644
--- a/crypto/src/tls/DeferredHash.cs
+++ b/crypto/src/tls/DeferredHash.cs
@@ -73,7 +73,7 @@ namespace Org.BouncyCastle.Tls
             }
             default:
             {
-                CheckTrackingHash(securityParameters.PrfHashAlgorithm);
+                CheckTrackingHash(securityParameters.PrfCryptoHashAlgorithm);
                 if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion))
                 {
                     SealHashAlgorithms();
@@ -116,7 +116,7 @@ namespace Org.BouncyCastle.Tls
             }
             default:
             {
-                CloneHash(newHashes, securityParameters.PrfHashAlgorithm);
+                CloneHash(newHashes, securityParameters.PrfCryptoHashAlgorithm);
                 break;
             }
             }
@@ -140,7 +140,7 @@ namespace Org.BouncyCastle.Tls
             }
             default:
             {
-                prfHash = CloneHash(securityParameters.PrfHashAlgorithm);
+                prfHash = CloneHash(securityParameters.PrfCryptoHashAlgorithm);
                 break;
             }
             }
diff --git a/crypto/src/tls/SecurityParameters.cs b/crypto/src/tls/SecurityParameters.cs
index f4aa1ac5a..a04c0af8c 100644
--- a/crypto/src/tls/SecurityParameters.cs
+++ b/crypto/src/tls/SecurityParameters.cs
@@ -12,6 +12,7 @@ namespace Org.BouncyCastle.Tls
         internal int m_cipherSuite = Tls.CipherSuite.TLS_NULL_WITH_NULL_NULL;
         internal short m_maxFragmentLength = -1;
         internal int m_prfAlgorithm = -1;
+        internal int m_prfCryptoHashAlgorithm = -1;
         internal short m_prfHashAlgorithm = -1;
         internal int m_prfHashLength = -1;
         internal int m_verifyDataLength = -1;
@@ -238,6 +239,11 @@ namespace Org.BouncyCastle.Tls
             get { return m_prfAlgorithm; }
         }
 
+        public int PrfCryptoHashAlgorithm
+        {
+            get { return m_prfCryptoHashAlgorithm; }
+        }
+
         public short PrfHashAlgorithm
         {
             get { return m_prfHashAlgorithm; }
diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs
index adead624b..9a8665cf5 100644
--- a/crypto/src/tls/TlsUtilities.cs
+++ b/crypto/src/tls/TlsUtilities.cs
@@ -1462,7 +1462,7 @@ namespace Org.BouncyCastle.Tls
         private static byte[] CalculateFinishedHmac(SecurityParameters securityParameters, TlsSecret baseKey,
             byte[] transcriptHash)
         {
-            int cryptoHashAlgorithm = TlsCryptoUtilities.GetHash(securityParameters.PrfHashAlgorithm);
+            int cryptoHashAlgorithm = securityParameters.PrfCryptoHashAlgorithm;
             TlsSecret finishedKey = TlsCryptoUtilities.HkdfExpandLabel(baseKey, cryptoHashAlgorithm, "finished",
                 EmptyBytes, securityParameters.PrfHashLength);
 
@@ -1501,20 +1501,20 @@ namespace Org.BouncyCastle.Tls
         {
             TlsCrypto crypto = context.Crypto;
             SecurityParameters securityParameters = context.SecurityParameters;
-            int cryptoHashAlgorithm = TlsCryptoUtilities.GetHash(securityParameters.PrfHashAlgorithm);
+            int cryptoHashAlgorithm = securityParameters.PrfCryptoHashAlgorithm;
 
             string label = isExternalPsk ? "ext binder" : "res binder";
             byte[] emptyTranscriptHash = crypto.CreateHash(cryptoHashAlgorithm).CalculateHash();
 
-            TlsSecret baseKey = DeriveSecret(securityParameters, earlySecret, label, emptyTranscriptHash);
+            TlsSecret binderKey = DeriveSecret(securityParameters, earlySecret, label, emptyTranscriptHash);
 
             try
             {
-                return CalculateFinishedHmac(securityParameters, baseKey, transcriptHash);
+                return CalculateFinishedHmac(securityParameters, binderKey, transcriptHash);
             }
             finally
             {
-                baseKey.Destroy();
+                binderKey.Destroy();
             }
         }
 
@@ -1551,7 +1551,7 @@ namespace Org.BouncyCastle.Tls
         {
             TlsCrypto crypto = context.Crypto;
             SecurityParameters securityParameters = context.SecurityParameters;
-            int cryptoHashAlgorithm = TlsCryptoUtilities.GetHash(securityParameters.PrfHashAlgorithm);
+            int cryptoHashAlgorithm = securityParameters.PrfCryptoHashAlgorithm;
             TlsSecret zeros = crypto.HkdfInit(cryptoHashAlgorithm);
             byte[] emptyTranscriptHash = crypto.CreateHash(cryptoHashAlgorithm).CalculateHash();
 
@@ -1686,7 +1686,7 @@ namespace Org.BouncyCastle.Tls
 
         private static TlsSecret Update13TrafficSecret(SecurityParameters securityParameters, TlsSecret secret)
         {
-            return TlsCryptoUtilities.HkdfExpandLabel(secret, securityParameters.PrfHashAlgorithm, "traffic upd",
+            return TlsCryptoUtilities.HkdfExpandLabel(secret, securityParameters.PrfCryptoHashAlgorithm, "traffic upd",
                 EmptyBytes, securityParameters.PrfHashLength);
         }
 
@@ -5106,6 +5106,7 @@ namespace Org.BouncyCastle.Tls
             case PrfAlgorithm.ssl_prf_legacy:
             case PrfAlgorithm.tls_prf_legacy:
             {
+                securityParameters.m_prfCryptoHashAlgorithm = -1;
                 securityParameters.m_prfHashAlgorithm = -1;
                 securityParameters.m_prfHashLength = -1;
                 break;
@@ -5113,7 +5114,9 @@ namespace Org.BouncyCastle.Tls
             default:
             {
                 short prfHashAlgorithm = GetHashAlgorithmForPrfAlgorithm(prfAlgorithm);
+                int prfCryptoHashAlgorithm = TlsCryptoUtilities.GetHash(prfHashAlgorithm);
 
+                securityParameters.m_prfCryptoHashAlgorithm = prfCryptoHashAlgorithm;
                 securityParameters.m_prfHashAlgorithm = prfHashAlgorithm;
                 securityParameters.m_prfHashLength = HashAlgorithm.GetOutputSize(prfHashAlgorithm);
                 break;
@@ -5206,13 +5209,14 @@ namespace Org.BouncyCastle.Tls
         internal static TlsSecret DeriveSecret(SecurityParameters securityParameters, TlsSecret secret, string label,
             byte[] transcriptHash)
         {
-            short prfHashAlgorithm = securityParameters.PrfHashAlgorithm;
+            int prfCryptoHashAlgorithm = securityParameters.PrfCryptoHashAlgorithm;
             int prfHashLength = securityParameters.PrfHashLength;
 
             if (transcriptHash.Length != prfHashLength)
                 throw new TlsFatalAlert(AlertDescription.internal_error);
 
-            return TlsCryptoUtilities.HkdfExpandLabel(secret, prfHashAlgorithm, label, transcriptHash, prfHashLength);
+            return TlsCryptoUtilities.HkdfExpandLabel(secret, prfCryptoHashAlgorithm, label, transcriptHash,
+                prfHashLength);
         }
 
         internal static TlsSecret GetSessionMasterSecret(TlsCrypto crypto, TlsSecret masterSecret)
diff --git a/crypto/src/tls/crypto/TlsCryptoUtilities.cs b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
index adea49017..a22049e5d 100644
--- a/crypto/src/tls/crypto/TlsCryptoUtilities.cs
+++ b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
@@ -127,15 +127,6 @@ namespace Org.BouncyCastle.Tls.Crypto
         }
 
         /// <exception cref="IOException"/>
-        public static TlsSecret HkdfExpandLabel(TlsSecret secret, short hashAlgorithm, string label, byte[] context,
-            int length)
-        {
-            int cryptoHashAlgorithm = GetHash(hashAlgorithm);
-
-            return HkdfExpandLabel(secret, cryptoHashAlgorithm, label, context, length);
-        }
-
-        /// <exception cref="IOException"/>
         public static TlsSecret HkdfExpandLabel(TlsSecret secret, int cryptoHashAlgorithm, string label,
             byte[] context, int length)
         {
diff --git a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
index 80851e440..ec76e98c1 100644
--- a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
@@ -339,7 +339,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             if (null == secret)
                 throw new TlsFatalAlert(AlertDescription.internal_error);
 
-            Setup13Cipher(cipher, nonce, secret, TlsCryptoUtilities.GetHash(securityParameters.PrfHashAlgorithm));
+            Setup13Cipher(cipher, nonce, secret, securityParameters.PrfCryptoHashAlgorithm);
         }
 
         protected virtual void Setup13Cipher(TlsAeadCipherImpl cipher, byte[] nonce, TlsSecret secret,