commit ac0385c08f76108c733b8677af8473e51a2f8648
author XiaokangQian <xiaokang.qian@arm.com> Wed Nov 03 06:40:11 2021 +0000
committer XiaokangQian <xiaokang.qian@arm.com> Wed Nov 10 01:47:23 2021 +0000
tree e41e83df62a2ca36d576348e21170f4082eb8726
parent 8903bd97b0eea085f09670f227946eef07420176

Change code based on comments

Move set_state function into client
Add back export_key callback function in generate
application keys

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>

library/ssl_tls13_client.c

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 8644db9..c30d562 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1605,7 +1605,14 @@
  */
 static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
 {
-    return ( mbedtls_ssl_tls13_process_finished_in( ssl ) );
+    int ret;
+
+    ret = mbedtls_ssl_tls13_process_finished_in( ssl );
+    if( ret != 0 )
+        return( ret );
+
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
+    return( 0 );
 }
 
 /*

library/ssl_tls13_generic.c

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index b2e5ad0..9754395 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -983,8 +983,6 @@
 
     ssl->transform_application = transform_application;
 
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CLIENT_FINISHED );
-
 cleanup:
 
     mbedtls_platform_zeroize( &traffic_keys, sizeof(mbedtls_ssl_key_set) );

library/ssl_tls13_keys.c

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 34d8a19..b97a70f 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1189,6 +1189,26 @@
                            app_secrets->server_application_traffic_secret_N,
                            md_size );
 
+    /*
+     * Export client/server application traffic secret 0
+     */
+    if( ssl->f_export_keys != NULL )
+    {
+        ssl->f_export_keys( ssl->p_export_keys,
+                MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
+                app_secrets->client_application_traffic_secret_N, md_size,
+                ssl->handshake->randbytes + 32,
+                ssl->handshake->randbytes,
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+
+        ssl->f_export_keys( ssl->p_export_keys,
+                MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
+                app_secrets->server_application_traffic_secret_N, md_size,
+                ssl->handshake->randbytes + 32,
+                ssl->handshake->randbytes,
+                MBEDTLS_SSL_TLS_PRF_NONE /* TODO: FIX! */ );
+    }
+
     MBEDTLS_SSL_DEBUG_BUF( 4, "client application_write_key:",
                               traffic_keys->client_write_key, keylen );
     MBEDTLS_SSL_DEBUG_BUF( 4, "server application write key",