TLS1.3: Add client finish processing in client side

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>

3 files changed, 179 insertions, 5 deletions

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 6deab2a..a0f0c9c 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1618,11 +1618,9 @@ static int ssl_tls1_3_process_server_finished( mbedtls_ssl_context *ssl )
 /*
  * Handler for MBEDTLS_SSL_CLIENT_FINISHED
  */
-static int ssl_tls1_3_write_client_finished( mbedtls_ssl_context *ssl )
+static int ssl_tls13_write_client_finished( mbedtls_ssl_context *ssl )
 {
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "%s hasn't been implemented", __func__ ) );
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
-    return( 0 );
+    return ( mbedtls_ssl_tls1_3_finished_out_process( ssl ) );
 }
 
 /*
@@ -1689,7 +1687,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
             break;
 
         case MBEDTLS_SSL_CLIENT_FINISHED:
-            ret = ssl_tls1_3_write_client_finished( ssl );
+            ret = ssl_tls13_write_client_finished( ssl );
             break;
 
         case MBEDTLS_SSL_FLUSH_BUFFERS:
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index b2a70f3..a42ede1 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -29,6 +29,7 @@
 #include "mbedtls/debug.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/platform.h"
+#include <string.h>
 
 #include "ssl_misc.h"
 #include "ssl_tls13_keys.h"
@@ -1014,6 +1015,131 @@ cleanup:
     return( ret );
 }
 
+/*
+ *
+ * STATE HANDLING: Outgoing Finished
+ *
+ */
+
+/*
+ * Overview
+ */
+
+/* Main entry point: orchestrates the other functions */
+
+int mbedtls_ssl_finished_out_process( mbedtls_ssl_context *ssl );
+
+static int ssl_finished_out_prepare( mbedtls_ssl_context *ssl );
+static int ssl_finished_out_write( mbedtls_ssl_context *ssl,
+                                   unsigned char *buf,
+                                   size_t buflen,
+                                   size_t *olen );
+static int ssl_finished_out_postprocess( mbedtls_ssl_context *ssl );
+
+
+int mbedtls_ssl_tls1_3_finished_out_process( mbedtls_ssl_context *ssl )
+{
+    int ret;
+    unsigned char *buf;
+    size_t buf_len, msg_len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
+
+    if( !ssl->handshake->state_local.finished_out.preparation_done )
+    {
+        MBEDTLS_SSL_PROC_CHK( ssl_finished_out_prepare( ssl ) );
+        ssl->handshake->state_local.finished_out.preparation_done = 1;
+    }
+
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_start_handshake_msg( ssl,
+                         MBEDTLS_SSL_HS_FINISHED, &buf, &buf_len ) );
+
+    MBEDTLS_SSL_PROC_CHK( ssl_finished_out_write(
+                              ssl, buf, buf_len, &msg_len ) );
+
+    mbedtls_ssl_tls1_3_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_FINISHED,
+                                        buf, msg_len );
+
+    MBEDTLS_SSL_PROC_CHK( ssl_finished_out_postprocess( ssl ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_finish_handshake_msg( ssl,
+                                              buf_len, msg_len ) );
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) );
+
+cleanup:
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
+    return( ret );
+}
+
+static int ssl_finished_out_prepare( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    /* Compute transcript of handshake up to now. */
+    ret = mbedtls_ssl_tls1_3_calc_finished( ssl,
+                    ssl->handshake->state_local.finished_out.digest,
+                    sizeof( ssl->handshake->state_local.finished_out.digest ),
+                    &ssl->handshake->state_local.finished_out.digest_len,
+                    ssl->conf->endpoint );
+
+    if( ret != 0 )
+    {
+         MBEDTLS_SSL_DEBUG_RET( 1, "calc_finished failed", ret );
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+static int ssl_finished_out_postprocess( mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+
+#if defined(MBEDTLS_SSL_CLI_C)
+    if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+    {
+        /* Compute resumption_master_secret */
+        ret = mbedtls_ssl_tls1_3_generate_resumption_master_secret( ssl );
+        if( ret != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1,
+                    "mbedtls_ssl_tls1_3_generate_resumption_master_secret ", ret );
+            return ( ret );
+        }
+
+        mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
+    }
+    else
+#endif /* MBEDTLS_SSL_CLI_C */
+    {
+        /* Should never happen */
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    return( 0 );
+}
+
+static int ssl_finished_out_write( mbedtls_ssl_context *ssl,
+                                   unsigned char *buf,
+                                   size_t buflen,
+                                   size_t *olen )
+{
+    size_t finished_len = ssl->handshake->state_local.finished_out.digest_len;
+
+    /* Note: Even if DTLS is used, the current message writing functions
+     * write TLS headers, and it is only at sending time that the actual
+     * DTLS header is generated. That's why we unconditionally shift by
+     * 4 bytes here as opposed to mbedtls_ssl_hs_hdr_len( ssl ). */
+
+    if( buflen < finished_len )
+        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+
+    memcpy( buf, ssl->handshake->state_local.finished_out.digest,
+            ssl->handshake->state_local.finished_out.digest_len );
+
+    *olen = finished_len;
+    return( 0 );
+}
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 3ca28d5..6dc27a4 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -593,6 +593,56 @@ int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
+#if defined(MBEDTLS_SSL_NEW_SESSION_TICKET)
+int mbedtls_ssl_tls1_3_generate_resumption_master_secret(
+    mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+
+    mbedtls_md_type_t md_type;
+    mbedtls_md_info_t const *md_info;
+    size_t md_size;
+
+    unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
+    size_t transcript_len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2,
+          ( "=> mbedtls_ssl_tls1_3_generate_resumption_master_secret" ) );
+
+    md_type = ssl->handshake->ciphersuite_info->mac;
+    md_info = mbedtls_md_info_from_type( md_type );
+    md_size = mbedtls_md_get_size( md_info );
+
+    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
+                                                transcript, sizeof( transcript ),
+                                                &transcript_len );
+    if( ret != 0 )
+        return( ret );
+
+    ret = mbedtls_ssl_tls1_3_derive_resumption_master_secret( md_type,
+                              ssl->handshake->tls1_3_master_secrets.app,
+                              transcript, transcript_len,
+                              &ssl->session_negotiate->app_secrets );
+    if( ret != 0 )
+        return( ret );
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "Resumption master secret",
+             ssl->session_negotiate->app_secrets.resumption_master_secret,
+             md_size );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2,
+          ( "<= mbedtls_ssl_tls1_3_generate_resumption_master_secret" ) );
+    return( 0 );
+}
+#else /* MBEDTLS_SSL_NEW_SESSION_TICKET */
+int mbedtls_ssl_tls1_3_generate_resumption_master_secret(
+    mbedtls_ssl_context *ssl )
+{
+    ((void) ssl);
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_NEW_SESSION_TICKET */
+
 static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type,
                                           unsigned char const *base_key,
                                           unsigned char const *transcript,