go back to the old way hard-coding the prefix
diff --git a/include/picotls.h b/include/picotls.h
index 643da29..bbd9a6f 100644
--- a/include/picotls.h
+++ b/include/picotls.h
@@ -822,8 +822,7 @@
*/
size_t max_buffer_size;
/**
- * the field is obsolete; should be set to NULL for QUIC draft-17. Note also that even though everybody did, it was incorrect
- * to set the value to "quic " in the earlier versions of the draft.
+ * this field is obsolete and ignored
*/
const char *hkdf_label_prefix__obsolete;
/**
diff --git a/lib/picotls.c b/lib/picotls.c
index fc4de84..ddb56fd 100644
--- a/lib/picotls.c
+++ b/lib/picotls.c
@@ -359,7 +359,6 @@
struct st_ptls_key_schedule_t {
unsigned generation; /* early secret (1), hanshake secret (2), master secret (3) */
- const char *hkdf_label_prefix;
uint8_t secret[PTLS_MAX_DIGEST_SIZE];
size_t num_hashes;
struct {
@@ -379,8 +378,6 @@
static const uint8_t zeroes_of_max_digest_size[PTLS_MAX_DIGEST_SIZE] = {0};
-static int hkdf_expand_label(ptls_hash_algorithm_t *algo, void *output, size_t outlen, ptls_iovec_t secret, const char *label,
- ptls_iovec_t hash_value, const char *label_prefix);
static ptls_aead_context_t *new_aead(ptls_aead_algorithm_t *aead, ptls_hash_algorithm_t *hash, int is_enc, const void *secret,
ptls_iovec_t hash_value, const char *label_prefix);
@@ -935,8 +932,7 @@
free(sched);
}
-static ptls_key_schedule_t *key_schedule_new(ptls_cipher_suite_t *preferred, ptls_cipher_suite_t **offered,
- const char *hkdf_label_prefix)
+static ptls_key_schedule_t *key_schedule_new(ptls_cipher_suite_t *preferred, ptls_cipher_suite_t **offered)
{
#define FOREACH_HASH(block) \
do { \
@@ -961,15 +957,12 @@
ptls_key_schedule_t *sched;
- if (hkdf_label_prefix == NULL)
- hkdf_label_prefix = PTLS_HKDF_EXPAND_LABEL_PREFIX;
-
{ /* allocate */
size_t num_hashes = 0;
FOREACH_HASH({ ++num_hashes; });
if ((sched = malloc(offsetof(ptls_key_schedule_t, hashes) + sizeof(sched->hashes[0]) * num_hashes)) == NULL)
return NULL;
- *sched = (ptls_key_schedule_t){0, hkdf_label_prefix};
+ *sched = (ptls_key_schedule_t){0};
}
/* setup the hash algos and contexts */
@@ -996,10 +989,10 @@
ikm = ptls_iovec_init(zeroes_of_max_digest_size, sched->hashes[0].algo->digest_size);
if (sched->generation != 0 &&
- (ret = hkdf_expand_label(sched->hashes[0].algo, sched->secret, sched->hashes[0].algo->digest_size,
- ptls_iovec_init(sched->secret, sched->hashes[0].algo->digest_size), "derived",
- ptls_iovec_init(sched->hashes[0].algo->empty_digest, sched->hashes[0].algo->digest_size),
- sched->hkdf_label_prefix)) != 0)
+ (ret = ptls_hkdf_expand_label(sched->hashes[0].algo, sched->secret, sched->hashes[0].algo->digest_size,
+ ptls_iovec_init(sched->secret, sched->hashes[0].algo->digest_size), "derived",
+ ptls_iovec_init(sched->hashes[0].algo->empty_digest, sched->hashes[0].algo->digest_size),
+ NULL)) != 0)
return ret;
++sched->generation;
@@ -1076,9 +1069,9 @@
static int derive_secret_with_hash(ptls_key_schedule_t *sched, void *secret, const char *label, const uint8_t *hash)
{
- int ret = hkdf_expand_label(sched->hashes[0].algo, secret, sched->hashes[0].algo->digest_size,
- ptls_iovec_init(sched->secret, sched->hashes[0].algo->digest_size), label,
- ptls_iovec_init(hash, sched->hashes[0].algo->digest_size), sched->hkdf_label_prefix);
+ int ret = ptls_hkdf_expand_label(sched->hashes[0].algo, secret, sched->hashes[0].algo->digest_size,
+ ptls_iovec_init(sched->secret, sched->hashes[0].algo->digest_size), label,
+ ptls_iovec_init(hash, sched->hashes[0].algo->digest_size), NULL);
PTLS_DEBUGF("%s: (label=%s, hash=%02x%02x) => %02x%02x\n", __FUNCTION__, label, hash[0], hash[1], ((uint8_t *)secret)[0],
((uint8_t *)secret)[1]);
return ret;
@@ -1136,9 +1129,8 @@
if ((ret = derive_secret(sched, secret, "res master")) != 0)
goto Exit;
- if ((ret = hkdf_expand_label(sched->hashes[0].algo, secret, sched->hashes[0].algo->digest_size,
- ptls_iovec_init(secret, sched->hashes[0].algo->digest_size), "resumption", nonce,
- sched->hkdf_label_prefix)) != 0)
+ if ((ret = ptls_hkdf_expand_label(sched->hashes[0].algo, secret, sched->hashes[0].algo->digest_size,
+ ptls_iovec_init(secret, sched->hashes[0].algo->digest_size), "resumption", nonce, NULL)) != 0)
goto Exit;
Exit:
@@ -1439,9 +1431,9 @@
uint8_t digest[PTLS_MAX_DIGEST_SIZE];
int ret;
- if ((ret = hkdf_expand_label(sched->hashes[0].algo, digest, sched->hashes[0].algo->digest_size,
- ptls_iovec_init(secret, sched->hashes[0].algo->digest_size), "finished", ptls_iovec_init(NULL, 0),
- sched->hkdf_label_prefix)) != 0)
+ if ((ret = ptls_hkdf_expand_label(sched->hashes[0].algo, digest, sched->hashes[0].algo->digest_size,
+ ptls_iovec_init(secret, sched->hashes[0].algo->digest_size), "finished",
+ ptls_iovec_init(NULL, 0), NULL)) != 0)
return ret;
if ((hmac = ptls_hmac_create(sched->hashes[0].algo, digest, sched->hashes[0].algo->digest_size)) == NULL) {
ptls_clear_memory(digest, sizeof(digest));
@@ -2065,7 +2057,7 @@
tls->key_share = tls->ctx->key_exchanges[0];
if (!is_second_flight) {
- tls->key_schedule = key_schedule_new(tls->cipher_suite, tls->ctx->cipher_suites, tls->ctx->hkdf_label_prefix__obsolete);
+ tls->key_schedule = key_schedule_new(tls->cipher_suite, tls->ctx->cipher_suites);
if ((ret = key_schedule_extract(tls->key_schedule, resumption_secret)) != 0)
goto Exit;
}
@@ -3922,7 +3914,7 @@
goto Exit;
if (!is_second_flight) {
tls->cipher_suite = cs;
- tls->key_schedule = key_schedule_new(cs, NULL, tls->ctx->hkdf_label_prefix__obsolete);
+ tls->key_schedule = key_schedule_new(cs, NULL);
} else {
if (tls->cipher_suite != cs) {
ret = PTLS_ALERT_HANDSHAKE_FAILURE;
@@ -4291,8 +4283,8 @@
int ret;
ptls_hash_algorithm_t *hash = tls->key_schedule->hashes[0].algo;
- if ((ret = hkdf_expand_label(hash, secret, hash->digest_size, ptls_iovec_init(tp->secret, hash->digest_size), "traffic upd",
- ptls_iovec_init(NULL, 0), tls->key_schedule->hkdf_label_prefix)) != 0)
+ if ((ret = ptls_hkdf_expand_label(hash, secret, hash->digest_size, ptls_iovec_init(tp->secret, hash->digest_size),
+ "traffic upd", ptls_iovec_init(NULL, 0), NULL)) != 0)
goto Exit;
memcpy(tp->secret, secret, sizeof(secret));
ret = setup_traffic_protection(tls, is_enc, NULL, 3, 1);
@@ -5405,12 +5397,11 @@
if ((ret = ptls_calc_hash(algo, context_value_hash, context_value.base, context_value.len)) != 0)
return ret;
- if ((ret = hkdf_expand_label(algo, derived_secret, algo->digest_size, ptls_iovec_init(master_secret, algo->digest_size), label,
- ptls_iovec_init(algo->empty_digest, algo->digest_size), tls->key_schedule->hkdf_label_prefix)) !=
- 0)
+ if ((ret = ptls_hkdf_expand_label(algo, derived_secret, algo->digest_size, ptls_iovec_init(master_secret, algo->digest_size),
+ label, ptls_iovec_init(algo->empty_digest, algo->digest_size), NULL)) != 0)
goto Exit;
- ret = hkdf_expand_label(algo, output, outlen, ptls_iovec_init(derived_secret, algo->digest_size), "exporter",
- ptls_iovec_init(context_value_hash, algo->digest_size), tls->key_schedule->hkdf_label_prefix);
+ ret = ptls_hkdf_expand_label(algo, output, outlen, ptls_iovec_init(derived_secret, algo->digest_size), "exporter",
+ ptls_iovec_init(context_value_hash, algo->digest_size), NULL);
Exit:
ptls_clear_memory(derived_secret, sizeof(derived_secret));
@@ -5548,19 +5539,19 @@
return 0;
}
-int hkdf_expand_label(ptls_hash_algorithm_t *algo, void *output, size_t outlen, ptls_iovec_t secret, const char *label,
- ptls_iovec_t hash_value, const char *label_prefix)
+int ptls_hkdf_expand_label(ptls_hash_algorithm_t *algo, void *output, size_t outlen, ptls_iovec_t secret, const char *label,
+ ptls_iovec_t hash_value, const char *label_prefix)
{
ptls_buffer_t hkdf_label;
uint8_t hkdf_label_buf[80];
int ret;
- assert(label_prefix != NULL);
-
ptls_buffer_init(&hkdf_label, hkdf_label_buf, sizeof(hkdf_label_buf));
ptls_buffer_push16(&hkdf_label, (uint16_t)outlen);
ptls_buffer_push_block(&hkdf_label, 1, {
+ if (label_prefix == NULL)
+ label_prefix = PTLS_HKDF_EXPAND_LABEL_PREFIX;
ptls_buffer_pushv(&hkdf_label, label_prefix, strlen(label_prefix));
ptls_buffer_pushv(&hkdf_label, label, strlen(label));
});
@@ -5573,16 +5564,6 @@
return ret;
}
-int ptls_hkdf_expand_label(ptls_hash_algorithm_t *algo, void *output, size_t outlen, ptls_iovec_t secret, const char *label,
- ptls_iovec_t hash_value, const char *label_prefix)
-{
- /* the handshake layer should call hkdf_expand_label directly, always setting key_schedule->hkdf_label_prefix as the
- * argument */
- if (label_prefix == NULL)
- label_prefix = PTLS_HKDF_EXPAND_LABEL_PREFIX;
- return hkdf_expand_label(algo, output, outlen, secret, label, hash_value, label_prefix);
-}
-
int ptls_tls12_phash(ptls_hash_algorithm_t *algo, void *output, size_t outlen, ptls_iovec_t secret, const char *label,
ptls_iovec_t seed)
{