diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-03-28 18:32:09 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-03-28 18:32:09 +0700 |
| commit | 62e20a26b09241bde55034d329fc2393a5f208fe (patch) | |
| tree | dbff91b17092aed93e6dd353303c37be1b7c5377 /crypto/src/tls | |
| parent | minor corrections, updated ECPointTest (diff) | |
| download | BouncyCastle.NET-ed25519-62e20a26b09241bde55034d329fc2393a5f208fe.tar.xz | |
Fix TLS 1.3 Export Keying Material
- see https://github.com/bcgit/bc-java/issues/1133
Diffstat (limited to 'crypto/src/tls')
| -rw-r--r-- | crypto/src/tls/AbstractTlsContext.cs | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/crypto/src/tls/AbstractTlsContext.cs b/crypto/src/tls/AbstractTlsContext.cs index 75e46d993..0317b1430 100644 --- a/crypto/src/tls/AbstractTlsContext.cs +++ b/crypto/src/tls/AbstractTlsContext.cs @@ -261,8 +261,21 @@ namespace Org.BouncyCastle.Tls throw new ArgumentException("must have length less than 2^16 (or be null)", "context"); } - return TlsCryptoUtilities.HkdfExpandLabel(secret, cryptoHashAlgorithm, asciiLabel, context, length) - .Extract(); + TlsHash exporterHash = Crypto.CreateHash(cryptoHashAlgorithm); + byte[] emptyTranscriptHash = exporterHash.CalculateHash(); + + TlsSecret exporterSecret = TlsUtilities.DeriveSecret(SecurityParameters, secret, asciiLabel, + emptyTranscriptHash); + + byte[] exporterContext = emptyTranscriptHash; + if (context.Length > 0) + { + exporterHash.Update(context, 0, context.Length); + exporterContext = exporterHash.CalculateHash(); + } + + return TlsCryptoUtilities + .HkdfExpandLabel(exporterSecret, cryptoHashAlgorithm, "exporter", exporterContext, length).Extract(); } protected virtual TlsSecret CheckEarlyExportSecret(TlsSecret secret) |