commit 44042f0a57aafd3e9d2fd80354114eb66c5dae97
author Max Fillinger <maximilian.fillinger@foxcrypto.com> Mon Jul 22 14:43:56 2024 +0200
committer Max Fillinger <maximilian.fillinger@foxcrypto.com> Wed Apr 16 11:20:49 2025 +0200
tree b3138d7ae356676bc5c41519bec28816e1dc120d
parent 5da6b498acfc4fb2ef77e69c7a26e02981cc4af8

Implement TLS-Exporter feature

The TLS-Exporter is a function to derive shared symmetric keys for the
server and client from the secrets generated during the handshake.
It is defined in RFC 8446, Section 7.5 for TLS 1.3 and in RFC 5705 for
TLS 1.2.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>

library/ssl_tls13_keys.c

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 739414e..bbaa7c4 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1882,4 +1882,38 @@
 }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
 
+int mbedtls_ssl_tls13_exporter(const psa_algorithm_t hash_alg,
+                               const unsigned char *secret, const size_t secret_len,
+                               const unsigned char *label, const size_t label_len,
+                               const unsigned char *context_value, const size_t context_len,
+                               unsigned char *out, const size_t out_len)
+{
+    size_t hash_len = PSA_HASH_LENGTH(hash_alg);
+    unsigned char hkdf_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE];
+    unsigned char hashed_context[PSA_HASH_MAX_SIZE];
+    size_t hashed_context_len = 0;
+    int ret = 0;
+    psa_status_t status = 0;
+
+    ret = mbedtls_ssl_tls13_derive_secret(hash_alg, secret, secret_len, label, label_len, NULL, 0,
+                                          MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, hkdf_secret, hash_len);
+    if (ret != 0) {
+        goto exit;
+    }
+
+    status = psa_hash_compute(hash_alg, context_value, context_len, hashed_context, hash_len, &hashed_context_len);
+    if (status != PSA_SUCCESS) {
+        ret = PSA_TO_MBEDTLS_ERR(status);
+        goto exit;
+    }
+    ret = mbedtls_ssl_tls13_hkdf_expand_label(hash_alg, hkdf_secret, hash_len,
+                                              MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(exporter),
+                                              hashed_context, hashed_context_len,
+                                              out, out_len);
+
+exit:
+    mbedtls_platform_zeroize(hkdf_secret, sizeof(hkdf_secret));
+    return ret;
+}
+
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */